When managing any type of system, it’s really helpful to be able to generate a solid list of who has been traversing through your machines at any point and time. Windows does this inherently but obfuscates the goodness deep in various systems logs. Thankfully I’ve found this script to unearth all that logging goodness.
This is not a script written by me, but that doesn’t stop me from enjoying it. It’s powershell, which comes with it’s own restrictions, so run it from any computer which you have full powershell privileges on and direct the script to reach out to the remote server. This means you can log multiple servers simultaneously. 🙂
For a painfully detailed step by step:
1> Open a PowerShell terminal as Administrator.
2> Move to the folder where you've saved this script
3> Run the script setting the start date "Month Day"
.\RDPConnectionParser.ps1 -ServersToQuery Windows10.localhost.com -StartTime "October 1"
Wield this power wisely.