Learn More Download Free Trial Pricing & Buy

Archive for January, 2010


Configure Audit Logon Events for Windows Servers and TSL

We are very excited about Terminal Services Log v2.6 release because it delivers some very interesting features for our existing and new customers.

One of the most interesting features is the ability to audit failure logons and file system actions. Audit logon events you can use to detect failure logons to your server, and detect hacker attacks and former employees failure logons. Terminal Services Log will report you user that is trying to logon, source IP address of the remote attacker and computer name of the attackers PC.

Auditing is a Windows Server feature that is being configured via Group Policy. Every audit event is being stored to the event log. We are using the information provided in the Event Log and combining it with existing data (user activities, applications being used…) to create a central monitoring station for your Terminal Services / Remote Desktop / Citrix farms.

Here is the info on how to turn on the logon failure audit events for your server(s). In order to enable Audit Logs you need to:

  1. Configure a Group Policy
  2. Enable Audit Log collection in the Terminal Services Log


Configuring Group Policy

There are two methods how you can apply group policy. Login to your Domain Controller and check if you have Group Policy Management in the Administrative Tools.

Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. On the View menu, click Advanced Features.
  4. Right-click Domain Controllers, and then click Properties.
  5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.
  6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  7. In the right pane, right-click Audit Logon Events, and then click Properties.
  8. Click Define These Policy Settings, and then click to select Failure
  9. Click OK.
  10. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:
    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.


Configuring Group Policy for a domain WITH Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management
  3. Click Default Domain Policy, and then click Edit (in case you have special policy only for terminal servers select that policy)
  4. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  5. In the right pane, right-click Audit Logon Events, and then click Properties.
  6. Click Define These Policy Settings, and then click to select Failure
  7. Click OK.

The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

  • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Configuring Terminal Services Log

You need to enable collection of audit log data in the File > Preferences and you are good to go. Terminal Services Log will start to collect audit information from the event log on regular basis. Click here to check sample audit reports.

January 11th, 2010 | Tags: ,
Posted in features, terminal services log | By: Frane Borozan | 1 Comment »


Monitor Concurrent Usage for Remote Desktop Services and Citrix XenApp

When we are talking with customers about concurrent usage reports, we are usually discussing on of these two scenarios:
- Tracking concurrent usage (CCU) to ensure Citrix XenApp license compliance
- Tracking concurrent usage to ensure our servers are not under/over utilized
In January 2010 we released a new version with Concurrent Usage Reports, let’s take a look at some of these features.
Concurrent Usage report is available under User Reports. Let’s take a look at Concurrent Users per Month. It show the maximal number of users that were connected in one month. It also shows average number of concurrent users.
[]
Concurrent usage reports have the „drill-down“ ability. So let’s click on October and see what happens.
[]
Concurrent users per day shows the maximal number of conncurrent in a day. It also shows average number of sessions for each day. Chart shows a regular pattern. System is heavily utilized over weekdays and slightly utilized during weekends. Let drill-down.
[]
Concurrent users per day reportsshows system utilization in a day per hour. System is most heavily used from 11AM – 4PM, a normal day in a typical office. By clicking on a desired hour you will see log of all sessions that occured in this time period.

When we are talking with customers about concurrent usage reports, we are usually discussing on of these two scenarios:

  • Tracking concurrent usage (CCU) to ensure Citrix XenApp license compliance
  • Tracking concurrent usage to ensure our servers are not under/over utilized

In January 2010 we released a new version with Concurrent Usage Reports, let’s take a look at some of these features.

Concurrent Usage Reports are available under User Reports. Let’s take a look at Concurrent Users per Month. It shows the maximal number of users that were connected in each month. It also shows the average number of concurrent users.

1-Concurrent-Usage-Per-Month-t

Concurrent usage reports have the „drill-down“ ability. So let’s click on October and see what happens:

2-Concurrent-Usage-Per-Day-t

Concurrent Users per Day shows the maximal and average number of concurrent in a day. On the chart above we can see the regular pattern: System is heavily utilized over weekdays and slightly utilized during weekends. Let’s drill-down.

3-Concurrent-Usage-Per-Month-t

Concurrent Users per Day report shows system utilization in one day per hour. System is most heavily used from 11AM – 4PM, a normal day in a typical office.
By clicking on a desired hour you will see log of all sessions that occurred in this time period.

4-Hour-Details-t

Conslusion

These new concurrent usage reports will allow you to gain valuable insights on how your server or server farm is being utilized. You can use these reports to make sure you are license compliant but also to check which servers are heavily utilized and in which periods.

January 7th, 2010 | Tags: , , , ,
Posted in scenarios | By: Frane Borozan | No Comments »


We’ve just shipped Terminal Services Log 2.6

Product version: 2.6.0
Build number: 30105
Database version: 2.6.0.30105
Release date: 4th January 2010.

Features

Enhancements

  • Application Diagnostics – we are now showing health status of Terminal Services Log Services and possible errors
  • [Win2008] In case you are using UAC application will inform you that you need to run Terminal Services Log with elevated privileges
  • [Enterprise edition] You can filter servers in Active Directory to find the ones you want to add to monitoring roaster
  • Installation will automatically start Configuration Wizard. Once configuration is completed application will start automatically
  • [Enterprise edition] Improved diagnostics behavior, we are now checking if server is online using by Terminal Services Log service identity instead of admin
  • Improved look’n'feel of Database installation options dialog
  • Improved look’n'feel of verify database/service credentials
  • Improved interaction of Servers tab when new servers are being added
  • [Enterprise edition] You could activate Enterprise edition when service was running under LocalSystem account
  • Improved naming for a number of reports and sections to make UI easier to use for new users

Bug fixes

  • In case user accessed server from MAC OS computer names would display as unreadable set of characters
  • You could not install TSL database with name in following format DIGIT_DIGIT
  • If there is not default browser exception occurs

Click here to download new release.

January 4th, 2010 | Posted in Release History, news | By: Frane Borozan | 1 Comment »


You are currently browsing the Terminal Services Log – Blog blog archives for January, 2010.

Recent Posts

  • Get ready for Terminal Services Log 3.0!
  • We’ve just shipped Terminal Services Log 2.6.7
  • Terminal Services Log – ISV solution of the year for category: best value-added solution
  • Terminal Services Log supports Citrix XenApp 6
  • Which licensing model should I choose for my environment?

    • Archives

  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • November 2009
  • October 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • December 2008
  • November 2008
  • October 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008

    • Categories

  • conferences (1)
  • development (5)
  • features (1)
  • how to (4)
  • news (8)
  • Outlook (1)
  • Press releases (3)
  • printing terminal services (2)
  • random (2)
  • Release History (14)
  • releases (1)
  • Remote Desktop (1)
  • remoteApp (2)
  • scenarios (6)
  • Terminal services (17)
  • Terminal Services Licensing (8)
  • terminal services log (5)
  • Third Party (2)
  • Uncategorized (1)
  • Windows Server 2008 (1)
  • Windows2008 (1)
  • XenApp (1)