How to Set up Template if Users Work via Remote Desktop
If employees in your organization use Remote Desktop or its web client to access the organization's remote resources (apps and desktops), it is recommended to configure a template so that one user's activities are written to the same log, no matter whether they interact with their work computer directly, or via Remote Desktop. However, it is important to properly configure the list of excluded applications to avoid recording needless events. For example, any application that users work with via Remote Desktop is logged as the mstsc.exe application. This application creates connections session to Remote Desktop Host servers or other remote computers. A log entry containing information about this application may be useless.
To record user interaction with applications on both their PC and via Remote Desktop and its web client, follow these steps:
- Install Recorder on the computer hosting remote resources.
This Recorder instance will log user activities in applications that are installed on the remote computer, whether the user connects to them via Remote Desktop or Remote Desktop web client. - Install Recorder on the user's computer.
This Recorder instance will log user activities performed on the user's computer. - Make sure both Recorder instances are displayed on the Recorders tab.
In the Host column, you can see a computer name visible on the network within the Active Directory domain. - Go to the Templates tab and configure a template to be used.
You can click Add template in the top right corner of the window. OR click a template name you plan to use.
In the template settings window that opens, perform the following: - Toggle on Merge data from multiple hosts
This option allows logging user activities in one log if a user works on multiple computers. - In the Application list, toggle on EXCLUDED LIST and add the following items:
- *\mstsc.exe
This allows disabling the recording of user activity via the Remote Desktop on users' computers. But all these actions will be logged by the Recorder instance installed on the remote computer. - Remote Desktop web client URL
Follow the rules in the Excluding and Including Applications section.
Example: https://mycompary.inside.com/RDWeb/*
This allows disabling the recording of user activity via the Remote Desktop web client on user's computer. But all these actions will be logged by the Recorder instance installed on the remote computer. - Assign the template you configured to each Recorder instance mentioned in steps 1 and 2.
Note. If you changed the template after the start of the recording session, then when you change the template or assign a new one, user actions automatically begin to be recorded in a new log.
This template configuration will result in recording only real user activity and the applications responsible for the Remote Desktop Connection session will be represented in the logs as the FocusToExcludedApplication event.
9/5/2024 4:23:54 PM