堆栈内存溢出
  简体   繁体   English

在RDP会话Windows Server 2012中查找用户断开连接时间

[英]find user disconnection time in RDP session Windows server 2012

 原文  2015-08-24 08:29:09       windows/ powershell/ cmd/ taskmanager

问题描述

We have a pool of develop machines where developers log in through RDP and usually they doesn't log off but just disconnect. 我们有一个开发机器池,开发人员通过RDP登录,通常他们不会注销但只是断开连接。 As local administrator I can force the log off but I would like to check when the user disconnected. 作为本地管理员,我可以强制注销,但我想检查用户何时断开连接。

From task manager I can see only the user name and its status 从任务管理器,我只能看到用户名及其状态

在此输入图像描述

Is there a way to discover when the user disconnected using task manager, powershell, cmd or whatever? 有没有办法发现用户在使用任务管理器,PowerShell,cmd或其他什么时断开连接?

4 个解决方案

解决方案1
 5  2017-04-11 16:59:53

You can use windows command query user UserName /server: ServerName or you can just enter query user /server: ServerName to find out all active or disconnected sessions. 您可以使用Windows命令查询用户UserName / server: ServerName ,也可以只输入查询用户/服务器: ServerName以查找所有活动或断开连接的会话。

Below is the sample output, I have blurred out my info for privacy: 下面是示例输出,我已经模糊了我的隐私信息:

在此输入图像描述

I have also created a PowerShell script to do this task automatically, here is the link Powershell to find out disconnected RDP session and log off at the same time 我还创建了一个自动执行此任务的PowerShell脚本,这里是链接Powershell以找出断开连接的RDP会话并同时注销

解决方案2
 1  2015-08-24 08:41:27

You can start the Windows Event Viewer and check under Windows logs --> Security . 您可以启动Windows事件查看器并在Windows logs --> Security下进行检查。 Filter by 'Task Category = Logoff' . 'Task Category = Logoff'过滤。

You can export it to xml for easier reading. 您可以将其导出到xml以便于阅读。

在此输入图像描述

解决方案3
 1 已采纳  2015-08-24 12:06:21

As far as I know this is not in the security logs. 据我所知,这不在安全日志中。 The correct place to look for is in Microsoft Event Viewer under Applications and Services Logs => Microsoft => Windows => TerminalServices-LocalSessionManager => Operational and then under the Operational logs. 要查找的正确位置是在Microsoft Event Viewer Applications and Services Logs => Microsoft => Windows => TerminalServices-LocalSessionManager => Operational ,然后在Operational logs下。

The eventID to look for is ID24 (disconnected user session). 要查找的eventID是ID24(断开连接的用户会话)。 EventID 25 is a reconnect. EventID 25是重新连接。

解决方案4
 0  2015-08-24 08:34:23

Start-->Run-->Eventvwr-->Windows logs-->Security. 开始 - >运行 - > Eventvwr - > Windows日志 - >安全性。 Filter by 'Task Category = Logoff' 按'任务类别=注销'过滤

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用批处理脚本的RDP会话断开连接 - RDP Session Disconnection using Batch Script Windows 7 RDP 不适用于特定服务器 - Windows 7 RDP not working for a specific server 以编程方式识别Windows RDP会话当前正在进行中 - Programatically recognizing that a windows RDP session is currently in progress 从Windows中的其他会话在RDP会话中启动GUI应用程序 - Start GUI application in an RDP session from a different session in Windows Windows RDP将数据从服务器发送到客户端? - windows RDP send data from server to client? 如何在 windows 服务器 2012 的日期范围之间查找特定文件, - How to find a specific file between a date range in windows server 2012, 在Windows Server 2012R2中找不到密码保护的共享 - Can not find password protected sharing in Windows Server 2012R2 网络服务用户无法读取证书Windows Server 2012 - NETWORK SERVICE user cannot read certificate windows server 2012 使用Windows管理访问权限解密SQL Server 2012用户密码吗? - Decrypting SQL Server 2012 user password with windows administrative access? MediaPlayer Windows Server 2012 - MediaPlayer Windows Server 2012
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM