Terminal Server Logging on Workstations

When discussing Terminal Server logging, we are interested in monitoring user sessions connecting from a workstation. There is always a need for detailed reporting and keeping track of user activity and sessions when someone is running Remote Desktop Services session from a workstation.

Many popular Terminal Server monitoring applications on the market today offer exhaustive reports on all user activity on Terminal Server. However, they carry the burden of being way too intrusive, and are in fact a serious breach of privacy, such as by monitoring keystrokes or even capturing screenshots and video footage of everything a user did while they were connected to the server. This doesn’t necessarily mean that user activity shouldn’t be monitored. The IT department should keep an eye only on the metrics and data about the company’s users that really matter.

Monitoring Terminal Server logging on workstations is particularly important because your employees can work from anywhere and anytime that suits them best. And that’s awesome, since most people work better once they get home, have a bite to eat and relax. Now the question that poses itself is: Can you really tell if they are really spending time working or just logging in and letting the computer run idly?” Tough one, but we have come up with an answer.

SysKit is the solution to your problem. On one hand it monitors all user activity on Terminal Servers, and on the other, it’s not an intrusive spy mechanism that leads to employees despising the work they do.

How does Syskit monitor Terminal Server logging on workstations?

SysKit analyzes Terminal Server log data and users in real time and as well as it keeps history records, which you can use to check who was logged on, where and for how long. Ok, great! And what else can you do with SysKit?

  • Detect users connecting from their homes or other remote locations.
  • Generate reports showing the time spent in different states (e.g., active, idle, remote control, and disconnected).
  • Validate remote access, check connections by IP address or client name, and pinpoint the exact location from where a specific user connected. It can also detect a client’s public IP address.
  • Detect the most active and idle users with the User Activities reports.
  • Drill down the reports on each user per day, per server, and per state or check the activity timeline to get more details on users.

The most common use cases for Terminal Server logging

Let’s go over some of the most common use cases for Terminal Server Logging on workstations that our clients are using.

Take Jane for instance. She has permission from her manager to work from home. Working from home has grown very popular and there are employees like Jane in every organization. As we’ve mentioned before, the IT department needs to audit when users are connecting, to which servers, from where, and whether they are connecting from a secure device. For security reasons, one cannot take their word that they are indeed connecting from a secure office device instead of their PC.

Syskit User reports - Session log summary

Another example where you need to take caution with Terminal Server logging is the HIPAA-related health-care access. In the health care industry, you are always required to monitor who is connecting from outside the organization. You also need to make sure that you have reliable data to provide to auditors if they start questioning your use of logging records and accesses of sensitive medical information. That’s why you are required to track each client who has access to sensitive and confidential data, as well as to check if any changes were made on the system and by whom.

For large corporations with thousands of computers, the IT department needs to be able to detect clients that are using older Windows versions. The thing is that you don’t know which users are connecting to your servers. You also can’t tell which type of Windows device is being used. SysKit can report back to you which Windows version or any other operating system someone is using to connect to your Remote Desktop Services infrastructure. For example, Tom needs to align all his client infrastructure to the latest Windows client. Tom can do this with SysKit. The tool will show him all Windows clients with older OSs so they could be upgraded easily.

Do you still have machines running Windows XP connecting to your SBC infrastructure? Don’t worry. SysKit will detect them, so you can upgrade those older systems.

Now, let’s get back to the servers.

You need to be able to perform regular maintenance of your servers, for example, to restart them to apply the latest Windows patches. SysKit notifies you when you have the lowest number of users connected. That way, you can plan and schedule your maintenance without interrupting your users, for example, by scheduling it late at night or over the weekend.

SysKit also monitors addresses. You can see if users are connecting to your infrastructure at odd hours and using different IP addresses, since you may have trouble heading your way if someone has stolen an employee’s identity.

SysKit User reports - IP addresses and clients

The trial version is free and fully featured for 30 days! For any additional information or questions, feel free to reach out to our Support team.