I think it does. Compare it's last modified time to the time of the server attack. My Documents is unique to the user........
From: James Winzenz [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 1:21 PM To: NT System Admin Issues Subject: RE: RDP question That does appear to contain the information on the most recent server that was connected to. When I double-clicked that file on the client in question, it asked me for credentials to the server that was connected to when the dirty deed was done . . . still not sure if that would count as irrefutable proof, but it's definitely a start . . . Thanks, James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services ________________________________ From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Posted At: Monday, June 09, 2008 10:09 AM Posted To: NTSysadmin Conversation: RDP question Subject: RE: RDP question Default.rdp in my documents might be what you are looking for. It is a hidden file. From: James Winzenz [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 1:07 PM To: NT System Admin Issues Subject: RDP question RDP question for everyone - is there a file on the client (log or other file type) that shows a client's most recent rdp sessions? When I click on my remote desktop connection, it always shows me my the name of the last server I RDP'd into, but I am looking to see if that is stored somewhere on the local computer. We had some inappropriate activity using a service account and don't yet have enough information to prove that a certain person did something they should not have. The more information I can obtain, the better. The client was XP Pro SP2, if that helps any. I have viewed the event logs on the server they logged into, and it unfortunately does not provide the computer name that connected to it, just the IP address. I want irrefutable proof, and this, in combination with the DHCP logs, does not quite provide that. I have been unable to find anything yet in Google using multiple different search strings. Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services Telefax: (602) 797-5823 [cid:[email protected]] CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
<<inline: image001.gif>>
