The RDPSoft Approach to Remote Desktop User Activity Monitoring
Most corporate networks these days are hybrid, meaning some employee workstations are hosted in the cloud (e.g. Windows Virtual Desktop, DaaS, Remote Desktop Session Hosts / Citrix XenDesktop Hosts in Azure) and some are hosted on premises (physical desktops, on-premises virtual desktops, and Remote Desktop Session Hosts / Citrix XenDesktop Hosts).
Therefore, we designed our solution’s architecture to support user activity monitoring in such heterogeneous networks. How so? Let’s dig deeper into our unique approach to monitoring user activity.
Terminal Server User Activity Monitoring – Soft Audit
In this use case, an organization uses Remote Desktop Session Hosts or Citrix XenDesktop Session Hosts to provide session-based workspaces for its employees. Management simply desires a “soft audit” of routine teleworker activity on a daily and weekly basis to correlate remote work with the hours that employees self-report when working offsite.
In this scenario, our Remote Desktop Commander Suite can be deployed without installing its optional agent service. User session data is collected remotely over the network, and aggregated into user time tracking reports like so:
Note that we offer even more helpful information related to performing these kinds of “soft audits” in another article on viewing Remote Desktop sessions.
Remote Desktop User Activity Monitoring – Hard Audit
Of course, for more highly regulated industries, or special HR scenarios, more intensive user activity monitoring may be warranted – going well beyond the basic need to simply view Remote Desktop sessions. In this case, the Remote Desktop Reporter agent can be deployed on all Remote Desktop Session Hosts, Citrix XenDesktop Session Hosts, or Windows Virtual Desktop hosts, and Group Policy can be employed to launch a special in-session process that does periodic screen captures, as well as capture detailed information regarding program window captions and websites visited, inbound/outbound UDP/TCP activity, and program use, as shown below:
Live RDP Session Monitoring
In some cases, managers may need the ability to do “live” or “spot check” RDP session monitoring of multiple user sessions from different terminal servers, Windows Virtual Desktops, or on-premises physical workstations all at once. Fortunately, the newer shadowing and remote assistance architecture in Windows Server 2012, Server 2016, Server 2019, and Windows 10 makes this possible. With a few clicks, a manager can keep an eye on multiple user sessions at once, no matter the system they are connected to, and zoom in/out to observe user activity tacitly in the background.
Virtual Desktop User Activity Monitoring
Of course, all of the above scenarios can be replicated if you also need to monitor virtual desktops or physical workstations. The Remote Desktop Commander agent can be deployed in the exact same manner, and once it has been so deployed, you can conduct both soft audits and hard audits of user activity in these environments as well, including the recently announced Windows Virtual Desktop platform in Azure.
Don’t Break the Bank To Monitor User Sessions
The assumption is that this kind of capability is costly. Many companies that specialize in user activity monitoring price their tools between $500 and $1000 a server, which is cost prohibitive for most organizations.
Fortunately, we’ve made it far more cost effective to start auditing user sessions in your organization.
Updated: June 2022.