How to run a Search to see all Logon Activity Results related to "Remote Interactive" regardless of the event class?
説明
When looking at Logon activities events, is there a way to only see the data that is related only to RDP sessions?
対策
To run a Search and show events only related to "Remote Interactive" logons, regardless of the class type, do the following:
Create a new Search and in the "What" tab, go to Add > Subsystem > "Logons..."
Choose "Remote Interactive" and click on "Add", then click "OK"
Search results should now show only events related to interactive remote logons. Change the "When" tab information if you need to see events from a specific time frame.
追加情報
It is a requirement to have the Change Auditor Logon Activity license to see this type of event data:
https://support.quest.com/technical-documents/change-auditor-for-logon-activity/user-guide
