Hi guys,

Some of our users starts complaining that sometimes people starting remote control on there dsktops and then disconnecting the session (maybe it's by mistake).

How can i know which user done that, where is the specific log with the user name.?

I looked at the log RemoteControl.log but nothing is appearing there, and further more i looked in the windows security event log, nothing there also.

Is it possible that sccm dosen't have the specific log that i'm looking for?

Hav a great day,

Nahum

Israel

• Moved by Eric MattoonMicrosoft employee Tuesday, December 07, 2010 3:07 PM Remote Control is not technically part of Software Distribution - moving post to General forum (From:Configuration Manager Software Distribution)

Hello you have the log of remote control in status message, you could find a pre defined query in status message queries node in console.

all queries start by "Remote Tools activity ..."

Julien

Hi julian

I'm new in sccm....can you please explain in more detail....how do i find the remote tools activity?

Thank you.

In the SCCM console go to site database -> system status ->status message queries then  in the right pane you should have a list of query, run the query that name start by Remote tools activity (right click on the query -> show message).

Julien

Hi jd

First of all hank yu very much for explaining to me how to find the query you were talking about.

Unfortunattly i have'nt found any results,but i found an article with this information how to view the remote control logs in theevent viewer, here is a  part of it:

client log activity
Log activity is generated at the client computer when the Remote Tools Client Agent is installed or when it is updated.

1. Open the SMS Administrator console.

2. Expand the Collection folder.

3. Select the collection which holds the client you want to work with.

4. Right-click the client and select All Tasks and then select Start Event Viewer from the shortcut menu.

5. The Event Viewer window is displayed.

6. The System log from the client computer is displayed.

7. Click the Log menu and then select Security.

8. The Security log is displayed.

9. The Remote Tools session events recorded in the Security log are listed here:

1. • EventID 1; Remote Reboot

   • EventID 2; Remote Chat

   • EventID 3; Remote File Transfer

   • EventID 4; Remote Execute

   • EventID 5; Remote Control Session Start

   • EventID 6; Remote Control Session End

   • EventID 7; Local User Granted Permission For Remote Session

   • EventID 8; Local User Denied Permission For Remote Session

I followed the instructions step by step, by i got no events....how can it be?

am i missing something here?

 

How is your company generally initiating remote control?

Are you using the configmgr admin console?

Status messages are not send if the command line tools rc.exe or remote.exe are used from a machine that doesn't have the console installed.

I think they start Remote desktop session and not a remote tools session, that the reason users are disconected and there is no status message (remote desktop doesn"t log in status message, you can have only one user connected during a remote desktop session).

Julien

 

Hi,

All the remote sessions can be viewed from the console by going to SYSTEM STATUS ->Status Message Queries->Remote Tools Activity Initiated at a Specific Site

Then right click and specify your SITE CODE name: and TIME then press OK. All the logs for remote tool sessions should be displayed with the timestamp.

Hope this will help!

Regards,

MC

Hi,

All the remote sessions can be viewed from the console by going to SYSTEM STATUS ->Status Message Queries->Remote Tools Activity Initiated at a Specific Site

Then right click and specify your SITE CODE name: and TIME then press OK. All the logs for remote tool sessions should be displayed with the timestamp.

Hope this will help!

Regards,

MC

It works, but you must know the data and time. Is there other way to check user activity ( to monitor specific user activity ).