This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Windows/Linux Windows view the log of connecting via Remote Desktop
View: 23628|Reply: 2

[windows] Windows view the log of connecting via Remote Desktop

[Copy link]
Posted on 5/7/2018 3:44:05 PM | | | |
Under Windows 2008:

Control Panel - >View Event Logs - > Event Viewer (Local) - >Windows Logs - > Security, the list on the right will show all the security information, and then you can find itThe incident ID is 4776After clicking on it, "Source Workstation:" is followed by the hostname of the Windows client that logs in to the machine.



Other than that:

windows2003
The place to view the remote login logs is basically similar to the one above, butThe event ID is not the same as in Windows 2008Windows 2003 is the view event ID is 528The IP address after "Source Network Address" is the IP address of the Windows client that logs on to the machine.

The common Windows event IDs are as follows

Audit directory service access
4934 - Properties of Active Directory objects are copied
4935 - Copying fails to start
4936 - Replication failed to end
5136 - The directory service object has been modified
5137 - The directory service object has been created
5138 - The directory service object has been deleted
5139 - The directory service object has been moved
5141 - Directory Service Object Deleted
4932 - Replica synchronization of AD for named context has started
4933 - Copy synchronization of AD for named context has ended
Audit login events
4634 - Account is canceled
4647 - User initiates logout
4624 - The account has been successfully logged in
4625 - Account login failed
4648 - Attempt to log in with explicit credentials
4675 - SID is filtered
4649 - Replay attacks found
4778 - The session is reconnected to Window Station
4779 - Session disconnects from Window Station
4800 – Workstation is locked
4801 - Workstation is unlocked
4802 - Screen saver enabled
4803 - Screen saver is disabled
The certificate representative required by 5378 is not allowed by policy
5632 Requires validation of wireless networks
5633 Requires validation of wired networks
Audit object access
5140 - A network share object is accessed
4664 - Attempting to create a hard link
4985 - The transaction status has changed
5051 - The file has been virtualized
5031 - Windows Firewall Service prevents an application from receiving inbound connections from the network
4698 - A scheduled task has been created
4699 - Scheduled task deleted
4700 - Scheduled Tasks are enabled
4701 - Scheduled task is deactivated
4702 - Scheduled Tasks Updated
4657 - Registry values are modified
5039 - Registry keys are virtualized
4660 - Object deleted
4663 - Attempting to access an object
Audit policy changes
4715 - The Audit Policy (SACL) on an object has changed
4719 - System Audit Policy Changed
4902 - Per-user audit policy form has been created
4906 - CrashOnAuditFail value has changed
4907 - Audit settings for an object have been changed
4706 - New trust created to a domain
4707 - Trust to a domain has been removed
4713 - Kerberos policy has changed
4716 - Trust domain information has been modified
4717 - System Secure Access Granted Account
4718 - System Security Access is removed from account
4864 – Namespace collisions have been removed
4865 - Trust Forest Information Entry added
4866 - Trusted Forest Information Entry deleted
4867 - Trust Forest Information Entry Cancelled
4704 - User permissions assigned
4705 - User permissions have been removed
4714 - Encrypted Data Recovery Policy Cancelled
4944 - The following policy is enabled when Windows Firewall is turned on
4945 - Include a rule when Windows Firewall is turned on
4946 - Modification to Windows Firewall Exception List to Add Rules
4947 - Windows Firewall Exception List modified with Rule Modification
4948 - Windows Firewall exception list modified with rule removed
4949 - Windows Firewall settings have been restored to default
4950 - Windows Firewall settings have been changed
4951 - The rule has been ignored because the major version number is not recognized by Windows Firewall
4952 - Because the major version number is not recognized by Windows Firewall, some of the rules have been ignored and the rest of the rules will be enforced
4953 - Rules are ignored because Windows Firewall cannot resolve rules
4954 - Windows Firewall Group Policy Settings have been changed and will use the new settings
4956 - Windows Firewall has changed active profiles
4957 - Windows Firewall does not apply to the following rules
4958 - Because the entries involved in this rule are not configured, the following rules will not apply to Windows Firewall:
6144 - Security policy in Group Policy object has been successfully enforced
6145 - One or more errors occur when processing a security policy in a Group Policy object
4670 - Permissions on an object have been changed
Audit privilege use
4672 - Assign privileges to new logins
4673 - Request for privileged services
4674 - Attempting to attempt an operation on a privileged object
Audit system events
5024 - The Windows Firewall service has started successfully
5025 - Windows Firewall Services Has Been Stopped
5027 - The Windows Firewall service is unable to retrieve security policies from local storage, and the service will continue to enforce the current policy
5028 - A new security policy that the Windows Firewall service cannot resolve and will continue to enforce the current policy
5029 - The Windows Firewall service fails to initialize drivers, which will continue to enforce the current policy
5030 - Windows Firewall Service Fails to Start
5032 - Windows Firewall fails to notify the user that it is blocking an application that receives an inbound connection
5033 - Windows Firewall driver started successfully
5034 - Windows Firewall driver has stopped
5035 - Windows Firewall driver fails to start
5037 - Windows Firewall Driver Detects Critical Running Error, Terminates.
4608 - Windows is starting
4609 - Windows is shutting down
4616 - System time is altered
4621 - Administrator reclaims system from CrashOnAuditFail, non-admin users can now log in, some audit activity may not be logged
4697 - Installing a server in the system
4618 - Monitor Security Event Pattern Has Occurred





Previous:Firefox enables the Java virtual machine in Firefox
Next:The MySQL database displays information about the number of connections and concurrency

Related Posts
Posted on 5/8/2018 11:39:53 AM |
Learned, thank you
Posted on 5/8/2018 2:23:53 PM |
Information sharing
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com