With Native AD Auditing
With ADAudit Plus
To obtain the report,
Login to ADAudit Plus web console as an administrator.
Navigate to the Reports tab and from the Local Logon-Logoff section in the left pane, select Remote Desktop Services Activity report.
Select the domain and click Generate.
Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
ADAudit Plus provides remote desktop activities report of users in a particular workstation and displays it in a simple and intuitively designed UI.
Step 1: Enable 'Audit Logon' policy
Launch the Group Policy Management console (Run --> gpedit.msc)
Create a new GPO and link it to the domain containing the file server or edit the existing GPO that is linked to the relevant domain.
Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon Logoff access.
Under Audit Policy, select 'Audit Logon' and turn auditing on for success.
Step 2: View remote desktop activity logs in Event Viewer
Every time a user successfully connects remotely, an event log will be recorded in the Event Viewer. To view this remote desktop activity log, go to the Event Viewer. Under Applications and Services Logs -> Microsoft -> Windows -> Terminal-Services-RemoteConnectionManager > Operational.
Enable the log filter for this event (right-click the log -> Filter Current Log -> EventId 1149).
Native auditing becoming a little too much?
Simplify Active Directory auditing and reporting with ADAudit Plus.Get Your Free Trial Fully functional 30-day trial