Skip navigation
Menu
End-User Platforms>Windows 7/8

Access Denied: Tracking Users Who Use Telnet to Connect to Your Computers

How can I track network users who use the Telnet service to remotely log on to my computer?

You need to first enable auditing for Audit logon events and Audit process tracking. Then, look in your event log for event ID 592 (a new process has been created) where the image base filename is tlntsess.exe, which Figure 2, page 7, shows. Note the Logon ID and scan the event log for an event ID 528 (successful logon) with the same Logon ID that Figure 3 shows. The User Name in event ID 528 identifies who logged on using the Telnet service.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019