The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,867 other followers

Windows events for Remote Desktop connections

Posted by jpluimers on 2021/01/25

Some notes and links, as eventually I want to react on Windows events raised for successful Remote Desktop connections.


  • Name Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
  • Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
  • Name Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
  • Path %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

EventID 25:

<Event xmlns="">
<Provider Name="Microsoft-Windows-TerminalServices-LocalSessionManager" Guid="{5D896912-022D-40AA-A3A8-4FA5515C76D7}" /> 
<TimeCreated SystemTime="2019-02-06T13:48:02.978377900Z" /> 
<Correlation ActivityID="{F4203346-1BFB-421E-8668-C7503D590000}" /> 
<Execution ProcessID="308" ThreadID="12552" /> 
<Security UserID="S-1-5-18" /> 
<EventXML xmlns="Event_NS">

Links on the events:

Links on triggers and scripts running because of events:





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: