RE: RDP Question

2009-01-31 Thread Kelsay, Mark 
Thanks for the reply.  After reading it looks like this will not work
for me.  I have a dual-monitor setup at work.  At home I am using a
laptop to remote into our network.  I only have one screen to work with.
When I remote in, if I open an application that is setup to open up on
my second monitor I cannot see it at home.  With Dameware I can click a
button and it will show the output of my second monitor.  I am looking
for a way to do this for free.  If that is possible.

 

 

 

Thanks,

 

Mark

 

 

 

From: Johonn2 [mailto:joho...@gmail.com] 
Sent: 31 January 2009 13:32
To: NT System Admin Issues
Subject: RE: RDP Question

 

http://support.microsoft.com/kb/925876

 

Monitor spanning

Remote Desktop Connection supports high-resolution displays that can be
spanned across multiple monitors. However, the total resolution on all
monitors must be under 4096 x 2048 pixels. The monitors must have the
same resolution. Additionally, the monitors must be aligned
side-by-side.

 

To have the desktop of the remote computer span multiple monitors, type
Mstsc /span at a command prompt

 

 

You will run it from the command line.

 

mstc.msc /v: /span  or

mstc.msc /v: /w: /h:

 

Bob

 

From: Kelsay, Mark [mailto:mark.kel...@confused.com] 
Sent: Saturday, January 31, 2009 6:05 AM
To: NT System Admin Issues
Subject: RDP Question

 

I have a dual-monitor setup at work.  When I remote in from home and RDP
to my computer at work I cannot see anything on my second screen.
Dameware has the ability to do this but cannot convince my boss to buy
it yet.  Is there a way to make RDP support this?  By either a command
line switch or some free plug-in?  I could use VNC is there is a version
that will do what I need.  Anyone else have this problem?

 

 

TIA,

 

 

Mark

 

** This email is sent for and on behalf of Inspop.com Limited **


Authorised and regulated by the Financial Services Authority.
Registration no. 310635.

Inspop.com Limited [also trading as "Confused.com"] is registered in
England and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff,
CF10 3AE [Reg. No. 03857130]. Any opinions expressed in this email are
those of the individual and not necessarily the company. This email and
any files transmitted with it, including replies and forwarded copies
[which may contain alterations] subsequently transmitted from the
Company, are confidential and solely for the use of the intended
recipient. It may contain material protected by attorney-client
privilege. If you are not the intended recipient or the person
responsible for delivering to the intended recipient, be advised that
you have received this email in error and that any use is strictly
prohibited. 

If you have received this email in error please notify the Information
Security Officer by telephone on +44 [0] 29 2043 4252. Please then
delete this email and destroy any copies of it. This email has been
swept for viruses before leaving our system.

Security Warning: Please note that this email has been created in the
knowledge that Internet email is not a 100% secure communications
medium. We advise that you understand and accept this lack of security
when emailing us.

Viruses: Although we have taken steps to ensure that this email and any
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus
free.

We may monitor the content of E-mails sent and received via our network
for viruses or unauthorised use and for other lawful business purposes.



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs.


 

 

 

 

 


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: RDP Question

2009-01-31 Thread Johonn2 
http://support.microsoft.com/kb/925876

 

Monitor spanning

Remote Desktop Connection supports high-resolution displays that can be
spanned across multiple monitors. However, the total resolution on all
monitors must be under 4096 x 2048 pixels. The monitors must have the same
resolution. Additionally, the monitors must be aligned side-by-side.

 

To have the desktop of the remote computer span multiple monitors, type
Mstsc /span at a command prompt

 

 

You will run it from the command line.

 

mstc.msc /v: /span  or

mstc.msc /v: /w: /h:

 

Bob

 

From: Kelsay, Mark [mailto:mark.kel...@confused.com] 
Sent: Saturday, January 31, 2009 6:05 AM
To: NT System Admin Issues
Subject: RDP Question

 

I have a dual-monitor setup at work.  When I remote in from home and RDP to
my computer at work I cannot see anything on my second screen.  Dameware has
the ability to do this but cannot convince my boss to buy it yet.  Is there
a way to make RDP support this?  By either a command line switch or some
free plug-in?  I could use VNC is there is a version that will do what I
need.  Anyone else have this problem?

 

 

TIA,

 

 

Mark

 

** This email is sent for and on behalf of Inspop.com Limited ** 

Authorised and regulated by the Financial Services Authority. Registration
no. 310635.

Inspop.com Limited [also trading as "Confused.com"] is registered in England
and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE
[Reg. No. 03857130]. Any opinions expressed in this email are those of the
individual and not necessarily the company. This email and any files
transmitted with it, including replies and forwarded copies [which may
contain alterations] subsequently transmitted from the Company, are
confidential and solely for the use of the intended recipient. It may
contain material protected by attorney-client privilege. If you are not the
intended recipient or the person responsible for delivering to the intended
recipient, be advised that you have received this email in error and that
any use is strictly prohibited. 

If you have received this email in error please notify the Information
Security Officer by telephone on +44 [0] 29 2043 4252. Please then delete
this email and destroy any copies of it. This email has been swept for
viruses before leaving our system.

Security Warning: Please note that this email has been created in the
knowledge that Internet email is not a 100% secure communications medium. We
advise that you understand and accept this lack of security when emailing
us.

Viruses: Although we have taken steps to ensure that this email and any
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.

We may monitor the content of E-mails sent and received via our network for
viruses or unauthorised use and for other lawful business purposes.



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs.


 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RDP Question

2009-01-31 Thread Kelsay, Mark 
I have a dual-monitor setup at work.  When I remote in from home and RDP
to my computer at work I cannot see anything on my second screen.
Dameware has the ability to do this but cannot convince my boss to buy
it yet.  Is there a way to make RDP support this?  By either a command
line switch or some free plug-in?  I could use VNC is there is a version
that will do what I need.  Anyone else have this problem?

 

 

TIA,

 

 

Mark

 


** This email is sent for and on behalf of Inspop.com Limited ** 
Authorised and regulated by the Financial Services Authority.  Registration no. 
310635.
Inspop.com Limited [also trading as "Confused.com"] is registered in England 
and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE [Reg. 
No. 03857130].  Any opinions expressed in this email are those of the 
individual and not necessarily the  company. This email and any files 
transmitted with it, including replies and forwarded copies  [which may contain 
alterations] subsequently transmitted from the Company, are confidential  and 
solely for the use of the intended recipient. It may contain material protected 
by  attorney-client privilege. If you are not the intended recipient or the 
person responsible for  delivering to the intended recipient, be advised that 
you have received this email in error  and that any use is strictly prohibited. 
If you have received this email in error please notify the Information Security 
Officer by  telephone on +44 [0] 29 2043 4252. Please then delete this email 
and destroy any copies of it.   This email has been swept for viruses before 
leaving our system.
Security Warning: Please note that this email has been created in the knowledge 
that Internet  email is not a 100% secure communications medium.  We advise 
that you understand and accept  this lack of security when emailing us.
Viruses: Although we have taken steps to ensure that this email and any 
attachments are free  from any virus, we advise that in keeping with good 
computing practice the recipient should  ensure they are actually virus free.
We may monitor the content of E-mails sent and received via our network for 
viruses or  unauthorised use and for other lawful business purposes.


This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RDP question

2008-06-12 Thread Free, Bob 
Hopefully everyone is also strictly limiting the systems a service
account can logon to whenever possible ..right?

 

Also a very good idea to be auditing any changes to the userWorkstations
attribute of such accounts.

 

From: James Rankin [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2008 3:40 PM
To: NT System Admin Issues
Subject: Re: RDP question

 

We have our service accounts set via GPO so that they can't log on
interactively or via RDP. However some (admittedly poor) software goes
belly-up without the Interactive Logon right

On 11/06/2008, James Winzenz <[EMAIL PROTECTED]> wrote: 

We do have that set up in our audit policy, and the logon was indeed a
528; the problem was that the guy didn't use his own account.  He also
had no business doing what he did.  Luckily the terminal services logon
event provided the ip address that connected, so we were able to track
it down to the person who did it and report them.  As to what happens
now, anyone's guess.  I highly doubt he will be fired, although if it
were me, that is what I would recommend, due to the nature of the
account he used and the actions he took.  At least we are going to be
able to get rid of another generic account . . .

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

 

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

 

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-12 Thread James Winzenz 
That is actually something that we should look into - I am going to
mention that to our infrastructure group.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: James Rankin [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, June 11, 2008 3:40 PM
Posted To: NTSysadmin
Conversation: RDP question
Subject: Re: RDP question 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: RDP question

2008-06-12 Thread James Winzenz 
Oh, nothing real serious, he was just exploiting an account that has
been around for a very long time - which happens to have *domain admin*
rights . . .

 

(I was being sarcastic about the serious part . . .)

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Posted At: Wednesday, June 11, 2008 3:35 PM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

James,

 

This kind of stuff intrigues me.  Without giving up details can you tell
us what he was doing and what type of account he was exploiting?

 

Many times I have found issues in my own setup listening to what is
vulnerable on other networks.

 

Thanks

 

Troy

 

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: RDP question

 

We do have that set up in our audit policy, and the logon was indeed a
528; the problem was that the guy didn't use his own account.  He also
had no business doing what he did.  Luckily the terminal services logon
event provided the ip address that connected, so we were able to track
it down to the person who did it and report them.  As to what happens
now, anyone's guess.  I highly doubt he will be fired, although if it
were me, that is what I would recommend, due to the nature of the
account he used and the actions he took.  At least we are going to be
able to get rid of another generic account . . .

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

 

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

Re: RDP question

2008-06-11 Thread James Rankin 
We have our service accounts set via GPO so that they can't log on
interactively or via RDP. However some (admittedly poor) software goes
belly-up without the Interactive Logon right

On 11/06/2008, James Winzenz <[EMAIL PROTECTED]> wrote:
>
>   We do have that set up in our audit policy, and the logon was indeed a
> 528; the problem was that the guy didn't use his own account.  He also had
> no business doing what he did.  Luckily the terminal services logon event
> provided the ip address that connected, so we were able to track it down to
> the person who did it and report them.  As to what happens now, anyone's
> guess.  I highly doubt he will be fired, although if it were me, that is
> what I would recommend, due to the nature of the account he used and the
> actions he took.  At least we are going to be able to get rid of another
> generic account . . .
>
>
>
> James Winzenz
>
> Infrastructure Systems Engineer II - Security
>
> Pulte Homes Information Services
>
>
>  --
>
> *From:* Bob Fronk [mailto:[EMAIL PROTECTED]
> *Posted At:* Monday, June 09, 2008 10:40 AM
> *Posted To:* NTSysadmin
> *Conversation:* RDP question
> *Subject:* RE: RDP question
>
>
> The default.rdp will help, but for future, you probably need to set a GPO
> to audit logon events.  If this already exists, just look on the security
> log for the event.  (I think it is 528, but from memory so not positive)
>
>
>
> Bob Fronk
>
> [EMAIL PROTECTED]
>
>
>
> *From:* James Winzenz [mailto:[EMAIL PROTECTED]
> *Sent:* Monday, June 09, 2008 1:07 PM
> *To:* NT System Admin Issues
> *Subject:* RDP question
>
>
>
> RDP question for everyone – is there a file on the client (log or other
> file type) that shows a client's most recent rdp sessions?  When I click on
> my remote desktop connection, it always shows me my the name of the last
> server I RDP'd into, but I am looking to see if that is stored somewhere on
> the local computer.  We had some inappropriate activity using a service
> account and don't yet have enough information to prove that a certain person
> did something they should not have.  The more information I can obtain, the
> better.  The client was XP Pro SP2, if that helps any.  I have viewed the
> event logs on the server they logged into, and it unfortunately does not
> provide the computer name that connected to it, just the IP address.  I want
> irrefutable proof, and this, in combination with the DHCP logs, does not
> quite provide that.  I have been unable to find anything yet in Google using
> multiple different search strings.
>
>
>
> Thanks,
>
>
>
> James Winzenz
>
> Infrastructure Systems Engineer II - Security
>
> Pulte Homes Information Services
>
> Telefax: (602) 797-5823
>
> * *
>
>
>
>
> CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged
> material for the sole use of the intended recipient(s).  Any review, use,
> distribution or disclosure by others is strictly prohibited.  If you have
> received this communication in error, please notify the sender immediately
> by email and delete the message and any file attachments from your
> computer.  Thank you.
>
>
>
>
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged
> material for the sole use of the intended recipient(s).  Any review, use,
> distribution or disclosure by others is strictly prohibited.  If you have
> received this communication in error, please notify the sender immediately
> by email and delete the message and any file attachments from your
> computer.  Thank you.
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-11 Thread Troy Meyer 
James,

This kind of stuff intrigues me.  Without giving up details can you tell us 
what he was doing and what type of account he was exploiting?

Many times I have found issues in my own setup listening to what is vulnerable 
on other networks.

Thanks

Troy


From: James Winzenz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: RDP question

We do have that set up in our audit policy, and the logon was indeed a 528; the 
problem was that the guy didn't use his own account.  He also had no business 
doing what he did.  Luckily the terminal services logon event provided the ip 
address that connected, so we were able to track it down to the person who did 
it and report them.  As to what happens now, anyone's guess.  I highly doubt he 
will be fired, although if it were me, that is what I would recommend, due to 
the nature of the account he used and the actions he took.  At least we are 
going to be able to get rid of another generic account . . .


James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services


From: Bob Fronk [mailto:[EMAIL PROTECTED]
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question

The default.rdp will help, but for future, you probably need to set a GPO to 
audit logon events.  If this already exists, just look on the security log for 
the event.  (I think it is 528, but from memory so not positive)

Bob Fronk
[EMAIL PROTECTED]

From: James Winzenz [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

RDP question for everyone - is there a file on the client (log or other file 
type) that shows a client's most recent rdp sessions?  When I click on my 
remote desktop connection, it always shows me my the name of the last server I 
RDP'd into, but I am looking to see if that is stored somewhere on the local 
computer.  We had some inappropriate activity using a service account and don't 
yet have enough information to prove that a certain person did something they 
should not have.  The more information I can obtain, the better.  The client 
was XP Pro SP2, if that helps any.  I have viewed the event logs on the server 
they logged into, and it unfortunately does not provide the computer name that 
connected to it, just the IP address.  I want irrefutable proof, and this, in 
combination with the DHCP logs, does not quite provide that.  I have been 
unable to find anything yet in Google using multiple different search strings.


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823



[cid:image001.gif@01C8CBD8.C03125C0]


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.







CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-11 Thread James Winzenz 
We do have that set up in our audit policy, and the logon was indeed a
528; the problem was that the guy didn't use his own account.  He also
had no business doing what he did.  Luckily the terminal services logon
event provided the ip address that connected, so we were able to track
it down to the person who did it and report them.  As to what happens
now, anyone's guess.  I highly doubt he will be fired, although if it
were me, that is what I would recommend, due to the nature of the
account he used and the actions he took.  At least we are going to be
able to get rid of another generic account . . .

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

 



From: Bob Fronk [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:40 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-11 Thread Bob Fronk 
The default.rdp will help, but for future, you probably need to set a
GPO to audit logon events.  If this already exists, just look on the
security log for the event.  (I think it is 528, but from memory so not
positive)

 

Bob Fronk

[EMAIL PROTECTED]

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

Re: RDP question

2008-06-09 Thread Klint Price - ArizonaITPro 




is launched from the RUN line, it would be stored in the registry as
well.

Klint

Steve Ens wrote:
I think there might be a listing in the registry as
well...can't seem to remember which key though.
  
  On Mon, Jun 9, 2008 at 12:06 PM, James
Winzenz <[EMAIL PROTECTED]>
wrote:
  

    
    
RDP
question for everyone – is there a file on
the client (log or other file type) that shows a client's most recent
rdp
sessions?  When I click on my remote desktop connection, it always
shows
me my the name of the last server I RDP'd into, but I am looking to see
if that is stored somewhere on the local computer.  We had some
inappropriate
activity using a service account and don't yet have enough information
to
prove that a certain person did something they should not have.  The
more
information I can obtain, the better.  The client was XP Pro SP2, if
that
helps any.  I have viewed the event logs on the server they logged
into,
and it unfortunately does not provide the computer name that connected
to it,
just the IP address.  I want irrefutable proof, and this, in
combination
with the DHCP logs, does not quite provide that.  I have been unable to
find anything yet in Google using multiple different search strings.
 




Thanks,
 
James Winzenz
Infrastructure
Systems
Engineer II - Security
Pulte Homes
Information Services
Telefax: (602)
797-5823
 





 



CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you.

Re: RDP question

2008-06-09 Thread Steve Ens 
I think there might be a listing in the registry as well...can't seem to
remember which key though.

On Mon, Jun 9, 2008 at 12:06 PM, James Winzenz <[EMAIL PROTECTED]>
wrote:

>   RDP question for everyone – is there a file on the client (log or other
> file type) that shows a client's most recent rdp sessions?  When I click on
> my remote desktop connection, it always shows me my the name of the last
> server I RDP'd into, but I am looking to see if that is stored somewhere on
> the local computer.  We had some inappropriate activity using a service
> account and don't yet have enough information to prove that a certain person
> did something they should not have.  The more information I can obtain, the
> better.  The client was XP Pro SP2, if that helps any.  I have viewed the
> event logs on the server they logged into, and it unfortunately does not
> provide the computer name that connected to it, just the IP address.  I want
> irrefutable proof, and this, in combination with the DHCP logs, does not
> quite provide that.  I have been unable to find anything yet in Google using
> multiple different search strings.
>
>
>
> Thanks,
>
>
>
> James Winzenz
>
> Infrastructure Systems Engineer II - Security
>
> Pulte Homes Information Services
>
> Telefax: (602) 797-5823
>
> * *
>
>
>
> CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged
> material for the sole use of the intended recipient(s).  Any review, use,
> distribution or disclosure by others is strictly prohibited.  If you have
> received this communication in error, please notify the sender immediately
> by email and delete the message and any file attachments from your
> computer.  Thank you.
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-09 Thread Kennedy, Jim 
I think it does. Compare it's last modified time to the time of the server 
attack. My Documents is unique to the user



From: James Winzenz [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 1:21 PM
To: NT System Admin Issues
Subject: RE: RDP question

That does appear to contain the information on the most recent server that was 
connected to.  When I double-clicked that file on the client in question, it 
asked me for credentials to the server that was connected to when the dirty 
deed was done . . . still not sure if that would count as irrefutable proof, 
but it's definitely a start . . .


Thanks,



James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services


From: Kennedy, Jim [mailto:[EMAIL PROTECTED]
Posted At: Monday, June 09, 2008 10:09 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question

Default.rdp in my documents might be what you are looking for. It is a hidden 
file.



From: James Winzenz [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

RDP question for everyone - is there a file on the client (log or other file 
type) that shows a client's most recent rdp sessions?  When I click on my 
remote desktop connection, it always shows me my the name of the last server I 
RDP'd into, but I am looking to see if that is stored somewhere on the local 
computer.  We had some inappropriate activity using a service account and don't 
yet have enough information to prove that a certain person did something they 
should not have.  The more information I can obtain, the better.  The client 
was XP Pro SP2, if that helps any.  I have viewed the event logs on the server 
they logged into, and it unfortunately does not provide the computer name that 
connected to it, just the IP address.  I want irrefutable proof, and this, in 
combination with the DHCP logs, does not quite provide that.  I have been 
unable to find anything yet in Google using multiple different search strings.


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823



[cid:image001.gif@01C8CA33.C2A84690]


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.







CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-09 Thread James Winzenz 
That does appear to contain the information on the most recent server
that was connected to.  When I double-clicked that file on the client in
question, it asked me for credentials to the server that was connected
to when the dirty deed was done . . . still not sure if that would count
as irrefutable proof, but it's definitely a start . . .

 

Thanks,

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 



From: Kennedy, Jim [mailto:[EMAIL PROTECTED] 
Posted At: Monday, June 09, 2008 10:09 AM
Posted To: NTSysadmin
Conversation: RDP question
Subject: RE: RDP question
  

Default.rdp in my documents might be what you are looking for. It is a
hidden file.

 

 

 

From: James Winzenz [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

 

RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823

 

 

 


CONFIDENTIALITY NOTICE:  This email may contain confidential and
privileged material for the sole use of the intended recipient(s).  Any
review, use, distribution or disclosure by others is strictly
prohibited.  If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer.  Thank you. 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RE: RDP question

2008-06-09 Thread Kennedy, Jim 
Default.rdp in my documents might be what you are looking for. It is a hidden 
file.



From: James Winzenz [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 1:07 PM
To: NT System Admin Issues
Subject: RDP question

RDP question for everyone - is there a file on the client (log or other file 
type) that shows a client's most recent rdp sessions?  When I click on my 
remote desktop connection, it always shows me my the name of the last server I 
RDP'd into, but I am looking to see if that is stored somewhere on the local 
computer.  We had some inappropriate activity using a service account and don't 
yet have enough information to prove that a certain person did something they 
should not have.  The more information I can obtain, the better.  The client 
was XP Pro SP2, if that helps any.  I have viewed the event logs on the server 
they logged into, and it unfortunately does not provide the computer name that 
connected to it, just the IP address.  I want irrefutable proof, and this, in 
combination with the DHCP logs, does not quite provide that.  I have been 
unable to find anything yet in Google using multiple different search strings.


Thanks,



James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823



[cid:image001.gif@01C8CA31.FAE21D30]


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>

RDP question

2008-06-09 Thread James Winzenz 
RDP question for everyone - is there a file on the client (log or other
file type) that shows a client's most recent rdp sessions?  When I click
on my remote desktop connection, it always shows me my the name of the
last server I RDP'd into, but I am looking to see if that is stored
somewhere on the local computer.  We had some inappropriate activity
using a service account and don't yet have enough information to prove
that a certain person did something they should not have.  The more
information I can obtain, the better.  The client was XP Pro SP2, if
that helps any.  I have viewed the event logs on the server they logged
into, and it unfortunately does not provide the computer name that
connected to it, just the IP address.  I want irrefutable proof, and
this, in combination with the DHCP logs, does not quite provide that.  I
have been unable to find anything yet in Google using multiple different
search strings.

 

Thanks,

 

James Winzenz

Infrastructure Systems Engineer II - Security

Pulte Homes Information Services

Telefax: (602) 797-5823 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~<>