however, like others have suggested you may need to do more digging/research for other artifacts on the target system.ĭon't forget to check the Terminal Services MRU key in the NTUser.dat file for the source account in question for successful outbound RDP sessions as well. I've read that third party remote viewer software like VNC software can record events in the Local Terminal Services log and record them as a local logon, so that could be tricky to sort out but you might be able to correlate with evidence on source system. For the Local Terminal Servicea you can look for event ID's 21-24 and for Remote Terminal Services you want event ID 1149. In the Security log you want to look for 46 events (logon/logoff respectively), and then correlate these events with each other and possibly other events with the Logon ID stored for the event. If the target system was accessed via RDP you can check three logs: Security, Local Terminal Services Operational and Remote Terminal Services Operational. To conduct a TeamViewer session, the TeamViewer application requires the following Privacy permissions on a remote computer. remote desktop access and support TeamViewer connects people, places and things around the world on the widest array of platforms and technologies For more information about TeamViewer for Business, Contact us today at +603-9226 2979.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |