New Free RDS Log Viewer Tool Released!

For those who may have missed it, RDPSoft released a new FREE RDS Log Viewer tool at the end of March.

RDSLogViewer

This tool (currently in beta) displays both logon failures and successful logons from RDS session hosts. It has many features to assist you in finding the user account of an logon failure and then locating the attacker’s source IP, including:

-displaying traditional “security log only” RDS failures when the Security Layer is RDP
-correlating logon failures with NLA when the Security Layer is TLS/SSL

In addition, there are other features such as:

-showing all successful RDS authentifications
-the ability to export the results to comma-delimited text
-the ability to geolocate the attacker’s IP address

You can read more and download the tool for FREE HERE

Remote Desktop User Activity Monitoring

The RDPSoft Approach to Remote Desktop User Activity Monitoring

Today we’re going to discuss our unique approach to user activity monitoring on the modern network. Most corporate networks these days are hybrid, meaning some employee workstations are hosted in the cloud (e.g. virtual desktops, DaaS, Remote Desktop Session Hosts / Citrix XenDesktop Hosts) and some are hosted on premise (physical desktops, on-premise virtual desktops, and Remote Desktop Session Hosts / Citrix XenDesktop Hosts).

Because of this, we have designed our solution’s architecture to support user activity monitoring in such heterogeneous networks. How so? Let’s dig deeper.

Terminal Server User Activity Monitoring – Soft Audit

In this use case, an organization uses Remote Desktop Session Hosts or Citrix XenDesktop Session Hosts to provide session-based workspaces for its employees. Management simply desires a “soft audit” of routine teleworker activity on a daily and weekly basis to correlate remote work with the hours that employees self-report when working offsite.

In this scenario, our Remote Desktop Commander Suite can be deployed without installing its optional agent service. User session data is collected remotely over the network, and aggregated into user time tracking reports like so:

Terminal Server User Activity Monitoring (Detailed)
You can monitor Terminal Server User Activity in a detailed fashion…

 

Terminal Server User Activity (Executive)
Or you can monitor Terminal Server Users at a higher, executive level.

Remote Desktop User Activity Monitoring – Hard Audit

Of course, for more highly regulated industries, or special HR scenarios, more intensive user activity monitoring may be warranted. In this case, the Remote Desktop Reporter agent can be deployed on all Remote Desktop Session Hosts and Citrix XenDesktop Session Hosts, and Group Policy can be employed to launch a special in-session process that does periodic screen captures, as well as capture detailed information regarding program window captions, inbound/outbound UDP/TCP activity, and program use, as shown below:

Reviewing Remote Desktop User Screen Captures
During a hard audit of user activity, administrators can step through screen captures

 

Reviewing Remote Desktop User Network Connections and Window Captions
When stepping through a full session recording, administrators can review all network connections and program window captions during the session.

 

Remote Desktop User Activity Monitoring - Programs and Performance
Administrators can also review what programs were running at given times in the user session.

 

User Activity Monitoring - Session Recording Search
In order to find recorded sessions with specific activity, Remote Desktop Commander provides a search tool that can query by window title, port use, or program use.

Virtual Desktop User Activity Monitoring

Of course, all of the above scenarios can be replicated if you also need to monitor virtual desktops or physical workstations. The Remote Desktop Commander agent can be deployed in the exact same manner, and once it has been so deployed, you can conduct both soft audits and hard audits of user activity in these environments as well.

Don’t Break the Bank To Monitor User Sessions

Many companies that specialize in user activity monitoring price their tools between $500 and $1000 a server. We feel this is extremely expensive, and is cost prohibitive for most organizations. Fortunately, for only $9 per server per month, and $1 per workstation per month, you can start auditing user sessions in your organization. Click here to read more and to start a monthly subscription.