How To Check Who Has Rdp Access To a Server?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
1. Check logs of remote access If you have an audit trail of remote access, check the logs. Windows Server has built–in auditing tools that will track who attempts to log in to the server. You can look in the system log or security log to find out who has tried to connect to the server via Remote Desktop Protocol (RDP).
2. Use MMC snap–
ins You can use the Microsoft Management Console (MMC) snap–ins to check who is currently logged in and what user accounts have been recently used for RDP access. Go to the Start menu, type “mmc” and press Enter. On the File menu, click “Add/Remove Snap–in…” and select “Users and Groups”. Select the local computer from the list and then click the add button. After the snap–in has been added, double–click “Users” and you can see a list of users that have been used for RDP access to your server.
3. Use Netstat command The netstat command can be used to view active TCP connections. You can open up a command prompt window and type “netstat –a” to view all active network connections. This will show you the IP addresses that are currently connected to your server with RDP.
4. Use PowerShell cmdlet If you have PowerShell installed on your server, you can use the Get–CimInstance cmdlet to view active RDP sessions. To view a list of active sessions, type this command at the prompt:
Get–CimInstance –ClassName Win32_TerminalServiceSetting | Select–Object –Property *
This will list out the current active users and their IP addresses.