Terminal Server Logging on Workstations Is Important Too (Part 2)

In our previous post, Terminal Server Logging on Workstations Is Important Too, we discussed why the monitoring of Remote Desktop Sessions on workstations should not be neglected.  Now, let’s take a look at some of the reports built into Remote Desktop Reporter that can track that sort of activity.

The Terminal Server User Sessions Hourly Activity Report (click to view sample) is a wonderful way to track the hours of the day when a user is active in a particular Remote Desktop session on a particular workstation.  Paired with a filter that restricts the report data to a particular user, and a particular hour range in the day (e.g. normal business hours versus after hours, for instance), it’s easy to spot activity that is out of the ordinary.

Next, The Terminal Server Performance User Bandwidth Report (click again to view sample) provides you with RDP traffic statistics by user and server for each user session.  Both the total bytes transferred and the average number of bytes/sec over the Remote Desktop Protocol are displayed, so it is easy to pinpoint users who are consuming the most bandwidth in their sessions, and/or highlight a particular user session that used a much greater amount of bandwidth then most.

Finally, The Terminal Server Client Workstations and Addresses Report (click to view sample) displays all of the remote workstation names and IP addresses each Remote Desktop User is associated with.  Utilizing this report, you can quickly find out if your users are using non-corporate issued devices, or connecting from a previously unrecognized IP address.


Terminal Server Logging on Workstations Is Important Too

The traditional use case for reporting on Remote Desktop activity is to track the multitude of user sessions running simultaneously on a dedicated Terminal Server.  However, monitoring and tracking Remote Desktop activity on a workstation in many ways is just as important.

In the modern workplace, more and more companies allow their employees and contractors to access their work computers from home and other locations.  While there are numerous commercial solutions designed to allow employees to “take their desktop anywhere” – (Citrix’s XenDesktop immediately comes to mind) – not every organization has the extra budget to purchase additional software, so they instead rely on Microsoft’s built-in implementation of Remote Desktop on Windows workstations, paired up with a Firewall/VPN combo already protecting the corporate network.

In a typical setup, Worker X may need to work remotely for whatever reason (travel, flex time policies, etc), so they first connect into the corporate network using the a VPN connection across the firewall, and then fire up a Remote Desktop Client on their laptop or tablet to connect to their corporate workstation.

From here, an organization is very much in the dark unless they use a Terminal Services Logging and Reporting utility such as our Remote Desktop Reporter.  For instance…

1.)  What client device is Worker X using to connect to her corporate workstation?  Is it the company approved laptop with approved endpoint security solutions and encryption in place, or is it a personal laptop or tablet that happens to have an aftermarket RDP client installed…  Do you have any way of knowing?

2.)  How much bandwidth is Worker X using during the Remote Desktop session?  Is she streaming video across limited bandwidth over the firewall, using the highest quality color depth possible?  Is she transferring large files to or from her machine?  Does this jive with the network’s AUP (Acceptable Use Policy)?

3.)  Are these remote work sessions fruitful for Worker X?  Does the company have any way to audit or estimate the amount of time Worker X is actively working inside her session?  More importantly, is it fair to force high performing employees to work in the office when they could be more productive working from home, solely because your organization doesn’t have a way to audit their level of productivity?

4.)  Conversely, do you have employees who typically work 9-5 now suddenly accessing their systems outside of normal working hours (say between 12am and 3am at night)?  Are these sessions coupled with larger than normal amounts of data transfer over the RDP protocol?  Do you have an employee transferring sensitive data outside your network?

The above scenarios are just a few of the reasons why collecting and reporting on Remote Desktop session data from workstations is so vitally important.  In our next blog post, we’ll discuss a few of the reports found in Remote Desktop Reporter that can track the activity mentioned above.

RDPSoft Remote Desktop Reporter Version 1.1 Is Now Available

Update: There have been subsequent releases of Remote Desktop Reporter since this announcement. For the latest information, visit the Remote Desktop Reporter product page.

RDPSoft is proud to announce the introduction of Version 1.1 of its Remote Desktop and Terminal Server Reporting utility, RDPSoft Remote Desktop Reporter! Here are a few of the feature highlights found in this release:

The RDPSoft Remote Desktop Reporter is a specially designed Windows utility that:

  • Polls and collects information about Remote Desktop sessions from one or more computers on your network.
  • Provides a reporting engine so that you can produce both on-demand and scheduled reports covering a wide variety of user and server activity.
  • Provides a rich filtering interface that you can use to reduce the volume of information in your reports.

After installation, you start by telling it which servers and workstations on your network you would like to poll for Remote Desktop / Terminal Server information. You can control how frequently this polling is done – the default is every 2 minutes. The RDPSoft Remote Desktop Reporter Service actually conducts the polling in an agentless fashion – you simply assign this service an account that has rights to poll this information from computers over the network. There is no need to deploy agent services on each polled computer.

By default, RDPSoft Remote Desktop Reporter’s installation package installs a separate, special instance of Microsoft SQL Server Express. For most networks, this should provide plenty of storage for periodic reporting. However, you can also specify a separate, non-local Microsoft SQL Server if you already have a dedicated database server on your network when you first setup the software.

Version 1.1 of RDPSoft Remote Desktop Reporter contains over 15 reports across the following categories:

  • User Session Activity (Who is logging on where, how long they are logged on, their ratio of active to idle time in their sessions, etc).
  • Program Tracking (What programs each user is running, how frequently they run the programs, the most frequently run programs, etc).
  • Hourly User Activity (See a breakdown, hour by hour, of when your Remote Desktop users are active, idle, or disconnected.)
  • User Productivity (Quickly build a robust estimate of each user’s productivity across all Remote Desktop sessions they are connected to).
  • Client Workstations and Addresses (Track the client workstation names and IP addresses your users are connecting from).
  • Display Metrics (Determine the most frequently used screen resolutions and color depth your users utilize).
  • Bandwidth Metrics (Find out, by server and by user, which users are consuming the most bandwidth in their RDP sessions).
  • Load Factors (For each server, evaluate the biggest performance constraint for a given time period – such as CPU utilization, memory utilization, etc).
  • Performance Metrics (Track things like – Average Number of Sessions Per Day, Average Number of Sessions Per Hour, Average Number of Disconnected Sessions, Average Capacity for Additional Sessions, etc).

All reports can be scheduled, on a daily, weekly, or monthly basis. In addition, you can optionally choose a filter to limit the data contained in the report. Furthermore, all Remote Desktop Reporter reports can be produced in Microsoft Word, Microsoft Excel, or PDF format – and – you can schedule the same report to be produced in multiple formats.

Should you wish to have your scheduled reports automatically emailed, simply supply the address of an SMTP server to relay mail through and the email address(es) of the parties who should receive the reports.

Listing of Reports on Terminal Server Activity
Manual and Scheduled Reports