I would like a log of everyone with who I have connected in the past with RDP. I know this is possible as when I go to the start menu and type RDP there is a list of "Recent Connections" but I would like everyone who I have connected to.
Asked
Active
Viewed 214 times
0
-
1For standard Windows client mstsc.exe trace registry hive "**HKCU\SOFTWARE\Microsoft\Terminal Server Client\Servers**" – Daemon-5 Oct 24 '22 at 02:57
-
Thank you. It worked. Put it as a proper suggestion so I can tick you. – Adam Khattab Oct 24 '22 at 09:28
1 Answers
2
To log process activity you can use Windows Audit Service. Enable process tracking, object access then search for proper event records. But this service doesn't track network traffic. If client OS is Windows Server you could use Windows Filtering Platform.
Standard "Microsoft Remote Desktop client" creates registry subkeys in HKCU\SOFTWARE\Microsoft\Terminal Server Client\Servers while connecting to remote servers.
So just read subkeys to get server list (Powershell):
dir -recurse "HKCU:\SOFTWARE\Microsoft\Terminal Server Client\Servers"
To get last connection time value read proper subkey's timestamp using RegQueryInfoKey.
Daemon-5
- 241
- 1
- 6