![]() So, I decided to leave those out for now, but perhaps I will add them in the future. The Windows Event ID’s in the XP days were different than those in Vista+ Operating Systems. So, I decided to create a blog post that I hope can serve as a succinct one-stop shop for understanding and identifying the most commonly encountered and empirically useful* RDP-related Windows Event Log ID’s/entries for tracking and investigating RDP usage on a Windows Vista+ endpoint. At any rate, as they say, necessity is the mother of invention. I will say JPCERTCC did an awesome job capturing a ton of information here, I just can’t quite decipher or discern the clear order of events and some appear out of order (at least how I have encountered them, but maybe I’m reading it wrong…). Though I’ve found parts of the answer in posts here and there, each of them were missing parts of the puzzle (either missing ID’s, descriptions, explanations, and/or overall how they fit together in a chronological fashion). hopefully find a single website to point to with all this information). As such, I recently set out to try and find an easy route to the solution for this problem (i.e. However, it seems the community continues to encounter the same struggle in identifying and understanding RDP-related Windows Event Log ID’s, where each is located, and even what some of them mean (no thanks to some of Microsoft’s very confusing documentation and descriptions). From that point on, as I sporadically encountered related questions/confusion from others in the community, I would simply refer to my cheat sheet to provide an immediate response or clarification – saving them from the hours of repeated questioning and research I had already done. That is until one day I finally got tired of repeating the same questions/research and just made a cheat sheet laying out the most common RDP-related Event ID’s that I’d encountered along with their relevance and descriptions. I would read a few things here and there, think I understood it, then move on to the next case – repeating the same loop over and over again and never really acquiring full comprehension. It works, it's easy, and it is free for all.Early in my DFIR career, I struggled with understanding how exactly to identify and understand all the RDP-related Windows Event Logs. Since it was introduced to the public, it has served its purpose, and many people are very happy with its use. The most obvious thing as it relates to Remote Desktop Connection Manager is that it has always been convenient. Some people wish for this software to be a bit more complex, but in this case, it allows everyone to get the hang of it with little to no trouble. It allows people to feel comfortable and confident that they are adequate at their jobs. These are high level IT professionals who are very adept at using this kind of software. Nobody has any issues trying to get the hang of the software. It all depends on what type of system your business/company uses, but if this software was more compatible with all of them, it would be better for everyone involved.Īnother great thing about this particular software is the ease of use. As time has gone on, there are a lot of other operating systems that people use on a daily basis. Being that Windows used to be the main system for all information technology professionals, this software was perfect. Other professionals knock the software for not being compatible with any operating system other than Windows. There is simply a lack of integrations that would help professionals save a lot of time. Helpful for IT admins who want to organize connections to manage multiple desktop screensĪt the moment, there are a lot of rumors about the integrations that come with this product. However, many people will tell you that there is now better software out there that can simply do more. As more and more businesses have integrated software into their daily lives, this product has remained relevant. It solved a lot of problems, and to this day, it is still very useful. When this software was initially released, many people in the industry embraced it. Great for groups who need access to many computers at one particular moment.It is able to consolidate more than one RDP connection in one window.Maintain multiple connections in one location.Ability to manage multiple desktops at one moment. ![]() Initially, it was created by the Windows Live Experience group as they wanted it for their own use. The idea is that they will then be able to control multiple desktops at a time. Software that creates one location of IT admins and professionals who can maintain/manage connections. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |