[Video] Webinar – User activity monitoring with SysKit

The goal of this webinar was to help our users master the most popular SysKit feature: User Activity Monitoring. During the demo, we show which SysKit reports you should be using to detect idle users, track remote connections, and create automated payroll reports. Also, we demonstrate how to audit applications started by users and quantify the load they are producing on your system’s resources.

Table of contents

00:21 About Acceleratio Ltd.
03:50 Introduction to SysKit
05:42 User activity monitoring overview
10:26 Demo: How to monitor user activity
26:49 Q&A

The webinar was led by Silvio Rahle, our product marketing manager, and questions were answered by Frane Borozan, the SysKit product owner.


Webinar Summary

Remote user sessions

Monitoring user sessions on your system is very important, because it provides you with information on who is doing what on your servers and where is he or she is doing it from. With SysKit, you can pinpoint the users connecting via RDP or ICS from various remote locations such as school or home. You can then validate remote access, sort connections by IP addresses, and use those IP addresses to detect the location from which a certain user connected.

For a quick overview of user activities, you can use the Session Log Summary report. In many ways, it is the most conclusive report regarding user activities on your system, and it enables you to visualize user activities within any time frame. You can simply filter the data and configure it to show you only the information you need. For the demo example, we configured the filter to show us only the data for specific test users that connected remotely within a week.

Drilling down on each user in the report switches you to the Session Log report in the Detailed Reports group, where you can see each session start and end and the total time on the system in a specific session state.

Employee monitoring

In the real world, your remote users will often be employees working from home or some other remote location. What you should be interested in, then, is the time users spend in different activity states. With that information, you can check whether remote users are actively working on something or are simply being idle. Those numbers can also show you the actual work rate and working hours for each employee.

In the User Activity by State report, you can see the user activities divided by different states, such as idle, active, or disconnected. This report can give you overall insight into employee efficiency in terms of their real work hours and activity.

To find out who are the most active users on your servers, just open the Most Active Users by State report, and you can use filter to see who spent the most time actively working and who spent the most time in the idle state.

Syskit can also help your Human Resources department by calculating the payroll for all employees using the Resources Cost Overview report. The payroll is based on their actual working hours and is easily presentable to everyone in the company. To demonstrate this feature in the demo, we analyzed the activity states of two users with the most hours spent in remote sessions and then calculated their payroll.

Remote session performance and security

With SysKit, you can conclude more than just who your users are and how active they are on the servers.

Under the Network Traffic reports, you can pinpoint IP Addresses and Client Names for all users connecting remotely to your servers. With the Client Versions report, you can detect the versions of clients from which your users are connecting. This is good for enforcing security measures, since older client versions often have security flaws and therefore don’t meet the security standards of your system.

In older environments such as Windows Server 2008 and earlier, or during long-distance internet connections, the high-color depth setting affects session performance, so using the Color Depth report you can track the clients that might need to use a lower-color depth setting. The same can be said about the Screen Resolutions report, since a higher screen resolution can also affect session performance over long distances.

Application usage

For each user on your server, SysKit enables you to track all information about the applications that remote users are running on your servers. That information can be found in the Application Reports.

The Application Usage History report shows you the application usage by each user and the state of that application at a selected time. This includes the particular time when the user started and shut down a particular application, and the user activity state while that application was running. You can easily filter data by user, application, or state.

In the Application Reports, you can also find out which application a particular user runs the most and other information related to the usage of published applications.

User performance

There’s also the question of system resources, since having many remote users will put a strain on system performance. For each user and each process started by that user, you can track CPU usage, memory usage, hard disk reads and writes, and the number of input/output operations.

To get the details, go to Performance Reports and select the User Performance report. This reports enable you to track the performance values of all the processes run by remote users, in real time and historically. Upon selecting the user, you can see the most important resource usage factors and visualize them in separate graphs. That way, you know who is hogging your resources, and with which process.


Q: Where should the SysKit software be installed, and what database is required?
A: For environments larger than 30 computers, we recommend a dedicated server with at least two virtual CPUs and 8GB of RAM. For the evaluation period, you can use the embedded database that comes with the software. But if you decide to move forward with the software, we recommend using an SQL server. The size of the SQL server depends on the number of computers you plan to monitor, since all data is processed on the dedicated SysKit server.

Q: How is the data captured from the remote servers?
A: The application is installed on the dedicated server, which than connects to the domain controller and loads the list of servers from the Domain Controller, from which you can pick the servers to monitor. We use WMI and RDP/ICA to capture the data, and nothing gets installed on remote servers.

Q: Can SysKit track GPU performance?
A: The SysKit application monitors all performance counters for all monitored servers—and if you have a GPU that can be shared among remote users, SysKit will capture those performance counters as well.

Q: What permissions are required on the remote servers?
A: We don’t install any kind of third-party software on remote computers, so we need to have local administrator permissions on the remote server. Only the local administrator is able to extract all the required data and access all the users logged onto the remote servers. In particular situations where you want to extract only user activities, you at least need the remote desktop user’s security group account.

Q: What is defined by active and idle states?
A: “Active state” is when a user is actually in a session, moving the mouse, generating keystrokes, or performing some activity. “Idle state” means there is no activity in a session at all. RDP and ICA protocols back this up by default. After one minute of inactivity, RDP/ICA will mark a user as idle, but in SysKit you can set up the time after which a user will be reported as idle.

Q: Can SysKit handle multiple domains?
A:  Yes, we added this feature in one of the latest software versions. SysKit supports multiple domains, but if you have untrusted multiple domains, you need to manually add them using the fully qualified domain name or the IP address of their domain controller and the user credentials for accessing the servers in untrusted domain

Q: Can you schedule a report to be sent to email?
A: Yes, you can schedule all SysKit reports to be delivered to selected email addresses.

If you’re interested in finding out more about SysKit, contact us and schedule a personalized demo. We’d be happy to provide more details about how your server environment can be easily monitored and audited with SysKit.