Direct Inward Dialing: +1 408 916 9892
Remote Desktop Services (RDS) enables users to connect to a remote computer or a virtual machine over the network. With RDS, users can control a remote computer, just like they do their own. From another perspective, RDS allows a server to host multiple, simultaneous client sessions. In a PC-based environment, every user in an organization will have different applications installed in their machines. However, in a RDS-based environment, users can be provided with "thin clients" that merely connect to a terminal server. The terminal server can then connect to other servers to access data.
Adopting RDS within the organization reduces cost, increases mobility, and provides scalability. It also reduces time and effort for the set-up of end user workstations. On the flip side, there is a big security challenge—implementing RDS increases the number of vulnerable endpoints, and cyber attackers can now have one more way of orchestrating a data breach. Therefore, IT administrators must monitor RDS sessions continuously and make sure no malicious actions are performed.
In this article, we'll first look at how organizations can deploy RDS using PowerShell. We'll then see how ADAudit Plus, a comprehensive Active Directory auditing solution, can help keep remote desktop connections secure.
The PowerShell cmdlet New-SessionDeployment is used to deploy RDS. Three compulsory RDS components that need to be installed at the time of deployment are: 1) Connection broker, 2) Session host, and 3) Web access. These components define how users can use the RDS once deployed.
Here's how you can deploy RDS:
New-SessionDeployment -ConnectionBroker server1.manageengine.com -WebAccessServer server1.manageengine.com -SessionHost server1.manageengine.com
After deployment, to audit the activities happening in RDS, administrators can use PowerShell. For instance to get the list of events related to successful RDP authentication (EventID 4624), IT administrators can use this PowerShell cmdlet:
Get-EventLog security -after (Get-date -hour 0 -minute 0 -second 0) | ?{$_.eventid -eq 4624 -and $_.Message -match 'logon type:\s+(10)\s'} | Out-GridView
However, the easier way to audit RDS activities is to use ManageEngine ADAudit Plus