How can I track network users who use the Telnet service to remotely log on to my computer?
You need to first enable auditing for Audit logon events and Audit process tracking. Then, look in your event log for event ID 592 (a new process has been created) where the image base filename is tlntsess.exe, which Figure 2, page 7, shows. Note the Logon ID and scan the event log for an event ID 528 (successful logon) with the same Logon ID that Figure 3 shows. The User Name in event ID 528 identifies who logged on using the Telnet service.