Learn More Download Free Trial Pricing & Buy

Archive for January, 2010


Configure Audit Logon Events for Windows Servers and TSL

We are very excited about Terminal Services Log v2.6 release because it delivers some very interesting features for our existing and new customers.

One of the most interesting features is the ability to audit failure logons and file system actions. Audit logon events can be used to detect failure logons to your server, and detect hacker attacks and former employee  failure logons. Terminal Services Log will report to you the user that is trying to logon, source IP address of the remote attacker and computer name of the attacker’s PC.

Auditing is a Windows Server feature that is configured via Group Policy. Every audit event is stored in the event log. We use the information provided in the Event Log and combine it with existing data (user activities, applications being used…) to create a central monitoring station for your Terminal Services / Remote Desktop / Citrix farms.

Here is the info on how to turn on the logon failure audit events for your server(s). In order to enable Audit Logs you need to:

  1. Configure a Group Policy
  2. Enable Audit Log collection in the Terminal Services Log


Configuring Group Policy

There are two methods how you can apply group policy. Login to your Domain Controller and check if you have Group Policy Management in the Administrative Tools.

Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. On the View menu, click Advanced Features.
  4. Right-click Domain Controllers, and then click Properties.
  5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.
  6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  7. In the right pane, right-click Audit Logon Events, and then click Properties.
  8. Click Define These Policy Settings, and then click to select Failure
  9. Click OK.
  10. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:
    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.


Configuring Group Policy for a domain WITH Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges
  2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management
  3. Click Default Domain Policy, and then click Edit (in case you have special policy only for terminal servers select that policy)
  4. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
  5. In the right pane, right-click Audit Logon Events, and then click Properties.
  6. Click Define These Policy Settings, and then click to select Failure
  7. Click OK.

The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

  • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Configuring Terminal Services Log

You need to enable collection of audit log data in the File > Preferences and you are good to go. Terminal Services Log will start to collect audit information from the event log on regular basis. Click here to check sample audit reports.

January 11th, 2010 | Tags: ,
Posted in features, terminal services log | By: Frane Borozan | 1 Comment »


Monitor Concurrent Usage for Remote Desktop Services and Citrix XenApp

When we are talking with customers about concurrent usage reports, we are usually discussing on of these two scenarios:
- Tracking concurrent usage (CCU) to ensure Citrix XenApp license compliance
- Tracking concurrent usage to ensure our servers are not under/over utilized
In January 2010 we released a new version with Concurrent Usage Reports, let’s take a look at some of these features.
Concurrent Usage report is available under User Reports. Let’s take a look at Concurrent Users per Month. It show the maximal number of users that were connected in one month. It also shows average number of concurrent users.
[]
Concurrent usage reports have the „drill-down“ ability. So let’s click on October and see what happens.
[]
Concurrent users per day shows the maximal number of concurrent in a day. It also shows average number of sessions for each day. Chart shows a regular pattern. System is heavily utilized over weekdays and slightly utilized during weekends. Let drill-down.
[]
Concurrent users per day reportsshows system utilization in a day per hour. System is most heavily used from 11AM – 4PM, a normal day in a typical office. By clicking on a desired hour you will see log of all sessions that occurred in this time period.

When we are talking with customers about concurrent usage reports, we  usually discuss one of these two scenarios:

  • Tracking concurrent usage (CCU) to ensure Citrix XenApp license compliance
  • Tracking concurrent usage to ensure our servers are not under/over utilized

In January 2010 we released a new version with Concurrent Usage Reports, let’s take a look at some of these features.

Concurrent Usage Reports are available under User Reports. Let’s take a look at Concurrent Users per Month. It shows the maximum number of users that were connected in each month. It also shows the average number of concurrent users.

1-Concurrent-Usage-Per-Month-t

Concurrent usage reports have the „drill-down“ ability. So let’s click on October and see what happens:

2-Concurrent-Usage-Per-Day-t

Concurrent Users per Day shows the maximum and average number of concurrent users in a day. On the chart above we can see a regular pattern: System is heavily utilized over weekdays and slightly utilized over the weekends. Let’s drill-down.

3-Concurrent-Usage-Per-Month-t

Concurrent Users per Day report shows system utilization in one day per hour. System is most heavily used from 11AM – 4PM, a normal day in a typical office.
By clicking on a desired hour you will see log of all sessions that occurred in this time period.

4-Hour-Details-t

Conclusion

These new concurrent usage reports will allow you to gain valuable insights into how your server or server farm is being utilized. You can use these reports to make sure you are license compliant but also to check which servers are heavily utilized and in which periods.

January 7th, 2010 | Tags: , , , ,
Posted in scenarios | By: Frane Borozan | No Comments »


We’ve just shipped Terminal Services Log 2.6

Product version: 2.6.0
Build number: 30105
Database version: 2.6.0.30105
Release date: 4th January 2010.

Features

Enhancements

  • Application Diagnostics – we are now showing the health status of Terminal Services Log Services and possible errors.
  • [Win2008] In case you are using UAC, the application will inform you that you need to run the Terminal Services Log with elevated privileges.
  • [Enterprise edition] You can filter servers in Active Directory to find the ones you want to add to the monitoring roaster.
  • Installation will automatically start the Configuration Wizard. Once configuration is completed the application will start automatically.
  • [Enterprise edition] Improved diagnostics behavior, we are now checking if the server is online by using  Terminal Services Log service identity instead of admin.
  • Improved look’n'feel of Database installation options dialog.
  • Improved look’n'feel of verify database/service credentials.
  • Improved interaction of Servers tab when new servers are being added.
  • [Enterprise edition] You could activate Enterprise edition when a service was running under LocalSystem account.
  • Improved naming for a number of reports and sections to make UI easier to use for new users.

Bug fixes

  • In case a user accessed the server from MAC OS computer, names would display as an unreadable set of characters.
  • You could not install TSL database with a name in the  following format DIGIT_DIGIT.
  • If there was no default browser exception occured.

Click here to download new release.

January 4th, 2010 | Posted in news, Release History | By: Frane Borozan | 1 Comment »


You are currently browsing the Terminal Services Log – Blog blog archives for January, 2010.

Recent Posts

  • Terminal Services Log 3.5 is out with major new features
  • We have just shipped Terminal Services Log 3.4.2
  • We’ve just shipped Terminal Services Log 3.4
  • Virtual Desktop Monitor launched, enabling monitoring of VDI environment
  • We’ve just shipped Terminal Services Log 3.3

    • Archives

  • November 2011
  • September 2011
  • August 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • September 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • November 2009
  • October 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • December 2008
  • November 2008
  • October 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008

    • Categories

  • conferences (1)
  • development (5)
  • features (5)
  • how to (5)
  • monitoring (1)
  • new-features (4)
  • news (14)
  • Outlook (1)
  • Press releases (7)
  • printing terminal services (2)
  • random (2)
  • Release History (24)
  • releases (8)
  • Remote Desktop (1)
  • remoteApp (2)
  • scenarios (6)
  • Terminal services (17)
  • Terminal Services Licensing (8)
  • terminal services log (8)
  • Third Party (1)
  • Uncategorized (2)
  • Windows Server 2008 (1)
  • Windows2008 (1)
  • XenApp (1)