One of the most interesting features is the ability to audit failure logons and file system actions. Audit logon events you can use to detect failure logons to your server, and detect hacker attacks and former employees failure logons. Terminal Services Log will report you user that is trying to logon, source IP address of the remote attacker and computer name of the attackers PC.

Auditing is a Windows Server feature that is being configured via Group Policy. Every audit event is being stored to the event log. We are using the information provided in the Event Log and combining it with existing data (user activities, applications being used…) to create a central monitoring station for your Terminal Services / Remote Desktop / Citrix farms.

Here is the info on how to turn on the logon failure audit events for your server(s). In order to enable Audit Logs you need to:

1. Configure a Group Policy
2. Enable Audit Log collection in the Terminal Services Log

Configuring Group Policy

There are two methods how you can apply group policy. Login to your Domain Controller and check if you have Group Policy Management in the Administrative Tools.

Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

1. Login to you Domain Controller with an account that has Domain Administrator privileges
2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
3. On the View menu, click Advanced Features.
4. Right-click Domain Controllers, and then click Properties.
5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.
6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
7. In the right pane, right-click Audit Logon Events, and then click Properties.
8. Click Define These Policy Settings, and then click to select Failure
9. Click OK.
10. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:
    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.
    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Configuring Group Policy for a domain WITH Group Policy Management feature:

1. Login to you Domain Controller with an account that has Domain Administrator privileges
2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management
3. Click Default Domain Policy, and then click Edit (in case you have special policy only for terminal servers select that policy)
4. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.
5. In the right pane, right-click Audit Logon Events, and then click Properties.
6. Click Define These Policy Settings, and then click to select Failure
7. Click OK.

The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

• Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Configuring Terminal Services Log

You need to enable collection of audit log data in the File > Preferences and you are good to go. Terminal Services Log will start to collect audit information from the event log on regular basis. Click here to check sample audit reports.

Compatibility with the latest Microsoft Windows 2008 R2 platform, 64bit architecture and Hyper-V confirms our dedication for continuous improvement of the solution for our customers.

We also support Windows Server 2003 x32/x64 and Windows Server 2008 x32/x64.

I am happy to inform you that we have a public beta of the TSL 2.5. Why is it so interesting? Because it now allows agentless monitoring of your TS / Citrix servers; no you only have to install TSL on one dedicated server in your domain. By using our product administrators with mission critical systems don’t need to worry about application compatibility of their servers, and less software installed on the TS/Citrix means more stable and reliable systems.

If you would like to receive TSL Enterprise (That is how we call it ) please send us an email to sales@terminalserviceslog.com with Terminal Services Log 2.5 agent less – public beta in the subject. Our support team will contact you ASAP and help you with TSL Enterprise installation.

Requirements for opening hosted application are Windows XP SP3, Windows Vista SP1 or Windows Server 2008.

If you have Windows XP SP 2 download latest RDP 6.1 client from: http://www.microsoft.com/downloads/details.aspx?familyid=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en

If you have Windows 2003 server:

• Download RDP 6.1 client from above
• After you downloaded this small 1,6MB package go to the folder where you downloaded it to and Right Click on the File, Choose “Compatibility” Tab and select “Windows XP”, click on Apply and OK.
• Now you can start the installation without Windows saying it wasn’t meant for this OS.
• After installation you will have RDP 6.1 on your Windows 2003 server.
• Run Terminal Services Log Live DEMO

We would like to hear you opinions about our product! Any feedback would be much appreciated.