Remote Desktop Connections Monitoring – How and Why?
- Published in: Windows Server & Citrix
This blog post focuses on Remote Desktop Gateway monitoring. We discuss what Remote Desktop Gateway is, why you should be monitoring it, and the best ways to audit RD Gateway connections.
Let’s start with the definition.
Monitor connected remote clients for activity and status
- Article
- 07/29/2021
- 2 minutes to read
- 9 contributors
Is this page helpful?
Yes No
Any additional feedback?
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.
Submit
Thank you.
In this article
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
Note: Windows Server 2012 combines DirectAccess and Remote Access Service [RAS] into a single Remote Access role.
You can use the management console on the Remote Access server to monitor remote client activity and status.
Note
You must be signed in as a member of the Domain Admins group or a member of the Administrators group on each computer to complete the tasks described in this topic. If you cannot complete a task while you are signed in with an account that is a member of the Administrators group, try performing the task while you are signed in with an account that is a member of the Domain Admins group.
To monitor remote client activity and status
In Server Manager, click Tools, and then click Remote Access Management.
Click REPORTING to navigate to Remote Access Reporting in the Remote Access Management Console.
Click Remote Client Status to navigate to the remote client activity and status user interface in the Remote Access Management Console.
You will see the list of users who are connected to the Remote Access server and detailed statistics about them. Click the first row in the list that corresponds to a client. When you select a row, the remote user activity is shown in the preview pane.
The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.
PS> Get-RemoteAccessConnectionStatisticsThe user statistics can be filtered, based on criteria selections, by using the fields in the following table.
| Username | The user name or alias of the remote user. Wildcard characters can be used to select a group of users, such as contoso\* or *\administrator. |
| Hostname | The computer account name of the remote user. An IPv4 or IPv6 address also can be specified. |
| Type | DirectAccess or VPN. If DirectAccess is selected, all remote users who are connected by using DirectAccess are listed. If VPN is selected, all remote users who are connected by using VPN are listed. |
| ISP address | The IPv4 or IPv6 address of the remote user. |
| IPv4 address | The inner IPv4 address of the tunnel that connect the remote user to the corporate network. |
| IPv6 address | The inner IPv6 address of the tunnel that connects the remote user to the corporate network. |
| Protocol/Tunnel | The transitioning technology that is used by the remote client. This is Teredo, 6to4, or IP-HTTPS for DirectAccess users, and it is PPTP, L2TP, SSTP, or IKEv2 for VPN users. |
| Resource Accessed | All users who are accessing a particular corporate resource or an endpoint. The value that corresponds to this field is the hostname/IP address of the server. |
| Server | The Remote Access server to which clients are connected. This is relevant only for cluster and multisite deployments. |
How secure is Windows Remote Desktop?
Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.
Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7, Windows 8, Windows 10 and Windows Server 2003/2008/2012/2016. *Some systems listed are no longer supported by Microsoft and therefore do not meet Campus security standards. If unsupported systems are still in use, a security exception is required.
While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks. The following tips will help to secure Remote Desktop access to both desktops and servers that you support.
collapse all expand all
Connect to a Windows computer or server via RDP [Remote Desktop Protocol]
On this page:
Introduction RDP without VPN
In order to make remote working more secure and flexible, the implementation of a Remote Desktop Gateway is very useful.
One of the big advantages over VPN is the ability to lock file copy and clipboard access. In addition, setting up a VPN gateway can be insecure. Indeed, in the case of a Trojan horse attack, the latter can reach the internal network, unlike RDP.
The purpose of this documentation is to detail the installation and configuration of this gateway. We will therefore see :
The installation of the server role
The configuration of this role with in particular :
- The installation of the safety certificate
- The configuration of local accounts
- The configuration of the gateway itself
Firewall configuration to best secure the gateway
The configuration required to add additional security features
Configuring the Windows RDP Client to use the Gateway