Direct Access User Activity

CL 21 Reputation points
2020-08-06T01:32:22.427+00:00

Hello all, I currently have an implementation of Direct Access to allow remote users to connect to my corporate network. I am trying to find a way to track user activity beyond basic logons. I'm interested in network activity and internet browsing history For example, at the moment when someone connected via DA accesses the internet I cannot tell which user that is, I can just tell that the request came from the DA server. I've done some googling and found some others asking much the same question and some posts pointing to this URL https://video2.skills-academy.com/en-us/archive/blogs/martin_j_solis/additional-way-to-monitor-directaccess-machine-user-activity-on-windows-2012-and-2012r2-directaccess-with-component-even-logging Problem is that I can't access that page anymore. Thanks

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
526 questions
Accepted answer
  1. Candy Luo 12,686 Reputation points Microsoft Vendor
    2020-08-06T06:10:37.387+00:00

    Hi ,

    To monitor remote client activity and status, please refer to the following steps:

    1.In Server Manager, click Tools, and then click Remote Access Management.

    2.Click REPORTING to navigate to Remote Access Reporting in the Remote Access Management Console.

    3.Click Remote Client Status to navigate to the remote client activity and status user interface in the Remote Access Management Console.

    4.You will see the list of users who are connected to the Remote Access server and detailed statistics about them. Click the first row in the list that corresponds to a client. When you select a row, the remote user activity is shown in the preview pane.

    For your reference:

    https://video2.skills-academy.com/en-us/windows-server/remote/remote-access/ras/monitoring-and-accounting/monitor-connected-remote-clients-for-activity-and-status

    >> I've done some googling and found some others asking much the same question and some posts pointing to this URL https://video2.skills-academy.com/en-us/archive/blogs/martin_j\_solis/additional-way-to-monitor-directaccess-machine-user-activity-on-windows-2012-and-2012r2-directaccess-with-component-even-logging Problem is that I can't access that page anymore.

    It seems the link you posted have gone from the source, but the following link has a copy:

    https://web.archive.org/web/20160413172523/http://blogs.technet.com/b/martin_j\_solis/archive/2015/03/20/additional-way-to-monitor-directaccess-machine-user-activity-on-windows-2012-and-2012r2-directaccess-with-component-even-logging.aspx

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    ---Please Accept as answer if the reply is helpful---

    Best Regards,
    Candy

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CL 21 Reputation points
    2020-08-11T01:27:51.897+00:00

    Thank you - the link contained the information I required.

    I was able to use the Source Port, which I had on the firewall, to match to the Nat logs, which gave me the IPv6 address, and then use the other logs to translate to a computer name