Windows 2003 terminal service logging

Inherit on the terminal server the maximum time after which disconnected sessions are ended from another source. Inherit the setting on the terminal server whether a new connection can be made only from the same client from another source. Inherit the setting on the terminal server, whether the session is ended upon reaching a session limit or upon disconnection from another source. If you do not set this flag, the session will be simply disconnected.

You can reconnect from the same client only as you did previously. This value becomes effective only if you set the fInheritReconnectSame flag. The session ends when a session limit is reached or the connection is broken. If this flag is not set, the session is simply disconnected.

This value becomes effective only if you set the fInheritResetBroken flag. These are often directly related to one of the flags listed in the preceding table. Set modem callback. This value becomes effective only if you set the fInheritCallback flag to 0. Maximum session time in seconds. This value becomes effective only if you set the fInheritMaxSessionTime flag to 0. Maximum time in seconds after which disconnected sessions are ended. This value becomes effective only if you set the fInheritMaxDisconnectionTime flag to 0.

Maximum idle time in seconds for user sessions. This value becomes effective only if you set the fInheritMaxIdleTime flag to 0. Remote control configuration. This value becomes effective only if you set the fInheritShadow flag to 0. Set a phone number for modem callback. This value becomes effective only if you set the fInheritCallbackNumber flag to 0. Initial program that is started when a user logs on. This value becomes effective only if you set the fInheritInitialProgram flag.

Set a default password when logging on to a user session. The password is encrypted and saved here. However, do not change these attributes. The keys you find there include, for example, the display name, description, complete path, or start options as also listed under services administration. The subkeys show license settings and parameters for the performance indicator object of the system monitor. Windows Server no longer needs this key. It remains in the registry for compatibility reasons only.

If you log registry access in a focused manner during logon of a user session, you will gain interesting insights into the corresponding initialization processes. For example, which areas relevant for terminal servers does the Winlogon. One piece of information needed during logon concerns creating or loading the user profile. These keys contain the default paths for a default user DefaultUser , general user AllUsers , and individual user profiles.

Furthermore, you can find a list of all users who have logged on to the system here. If a user logs on to the terminal server for the first time, he or she inherits both the normal default user settings and the default values for the terminal server session. It includes the AppSetup key that defines a special script file called UsrLogon. This script file is executed along with a possible logon script on startup of each terminal server session.

See Chapter 7. The same location also contains the WinStationDisabled key that either denies 0 or allows 1 new terminal server users to log on, regardless of the protocol. It defines a specific logic as a response to system events. When a user logs on, even driver configuration is accessed. First, why could I not log on as a member of the Administrators group when the Default Domain Policy had been changed, and second; why was it not enough to add the TSUsers group to the Remote Desktop Users group to allow them to log on through Terminal Service?

By default, the Allow log on through Terminal Services right is controlled through the Local Computer Policy, the one you can edit with gpedit. The default setting for Windows Server is to grant this right to the Administrators and Remote Desktop Users local groups. You must be a member of the Administrators group in the domain.

That is probably what confused the person who had set up the server. That answered my second question. To solve this problem he edited the Default Domain Policy and gave the right to his domain group.

But in doing so he overrode the Local Computer Policy, which gives members of the Administrators group access. This was what made me unable to log on to the server, and the answer to my first question. Interestingly enough the text in the Remote tab on a Domain Controller does not change, even if Remote Desktop Users no longer can log on through Terminal Services.

It still says that members of the group has access. To solve my immediate problem I added the Enterprise Admins group to the Default Domain Policy in the child domain and was able to log on and do my Exchange preparation. You won't see the client's internal ip address in the log, but you can see it on the information tab when viewing a users connection in TS manager.

More information from Microsoft: technet. As far as RDP connections are concerned, there's no specific logging for that. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown.

The Overflow Blog. Stack Gives Back Safety in numbers: crowdsourcing data on nefarious IP addresses. Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually. Linked 3. Related 0. Hot Network Questions.