UPDATE *Fixed download link 11/14/17*
In v0.2 you can now filter based on IP version by using the “-v” switch. I will add links to both version as this still requires a little bit of testing.
Finally a cool breeze and some alone time, here is a tool I wrote up because I had a need to track down and audit multiple remote servers to determine who has been logging in and from where. The tool output’s to the command prompt, you can use a “>” operator and output to file if necessary…see below for example.
The usage is fairly simple and it can be used both in interactive mode and can be ran using command line arguments.
Double click the exe and it will ask you for the target hostname or if you do not provide a hostname, tool will check the local host.
rdpaudit.exe -h dc1.uglyvpn.com -d uglyvpn -u kil0gram -p mypw
Output to file:
rdpaudit.exe -h dc1.uglyvpn.com -d uglyvpn -u kil0gram -p mypw > C:\temp\auditlog.txt
-h = Hostname or IP address of target machine
-d = Domain name (if you're using no domain, use a '.' in its place
-u = Username and -p = Password
-q = Quiet mode, tool exits after run
-v = Display filter is IPv4 by default but you may set it to '6' if you want IPv6
The tool has been tested against Server 2008/2008r2/SBS2011/Server2012/Server2012r2/Windows 7/8/8.1
RDPAuditv0.2.zip (22 downloads)