Uncategorized

Windows 10 – Powershell check Remote Desktop (RDP) client logs

By September 2, 2021No Comments

Get successfully initiated connection:

Get-WinEvent -logname "Microsoft-Windows-TerminalServices-RDPClient/Operational" | Where-Object {$_.id -match "1102"}

Get trying connection (failed and successfuly):

Get-WinEvent -logname "Microsoft-Windows-TerminalServices-RDPClient/Operational" | Where-Object {$_.id -match "1024"}

More informations: https://jpcertcc.github.io/ToolAnalysisResultSheet/details/mstsc.htm

https://social.technet.microsoft.com/wiki/contents/articles/37847.rdp-direct-connection-with-nla-remote-desktop-client-event-logs.aspx

Leave a Reply