How To Audit User Activity With Remote Desktop Monitoring Software

remote desktop monitoring software - monitor RDP, Citrix, and more with CurrentWare

Use CurrentWare’s remote desktop monitoring software to audit logons, internet activity, application usage, and USB activities of your remote users.

Remote desktop solutions are becoming increasingly common with the prevalence of distributed workforces. With employees working from home now more than ever your organization needs to ensure that remote desktop activities are monitored for security, productivity, and compliance purposes.

In this article you will learn how to use CurrentWare’s remote PC monitoring software solutions to audit the activity of users that are using remote desktop, virtual machines, Citrix, and other Windows-based remote access and virtualization technologies.

Want to learn more about monitoring user activity in a Citrix environment? Check out this article on Citrix user activity monitoring with CurrentWare

Ready to Get Started?

Click here to get your free remote desktop monitoring software trial

Table of Contents

Click to Show / Collapse

Why Audit Remote User Activity?
What CurrentWare’s Remote Desktop Monitoring Software Tracks

Track Remote Employee Work Hours (Audit Logon Events)
Remote Employee Productivity
Internet and Application Usage
Bandwidth Consumption
Active vs Idle Time
Audit File Transfers to Portable Storage Devices

How Remote Desktop Monitoring Software Works
Remote Desktop Monitoring Software FAQ
Get My Free Trial

Why Audit Remote User Activity?

Thanks for checking out the latest CurrentWare Video. In this video, we’re going to cover the reasons why you should monitor employee computer activity.

If you like this or other videos we’ve produced, hit the subscribe button below. Stay tuned to the end to learn how to get a free trial of all of the software I demo today.

Employee monitoring involves understanding how your employees are using company provided technology during work hours. There are five main benefits and considerations to employee monitoring that we will cover today:

Employee Productivity management
Addressing inappropriate technology usage, legal liability, and compliance
Managing cybersecurity and data loss prevention
Understanding how remote workers / out of office users are engaging with technology
Understanding bandwidth usage and limiting exposure and costs

So let’s start off with how monitoring can help employee productivity.

44% of employees admit to being distracted by the internet at work, and employees in the US have admitted to wasting 1-2 hours a day browsing the internet.

Employees that know they’re being monitored will avoid excessive personal usage of the internet and computer applications. In addition, in the event an employee is underperforming, employee monitoring reports on their computer activity can be used to help the employee understand their actions and enhance their productivity.

The second important reason to monitor activity is to address inappropriate internet usage & avoid legal liability.

As compliance requirements increase for various businesses, industries & jurisdictions, employers have a responsibility to ensure their employees are complying with regulations such as HIPAA, CCPA, CIPAA and GDPR.

By enabling computer monitoring, you can ensure that your staff are complying with these requirements. In addition, by monitoring & setting alerts, you can instantly be notified if employees are visiting inappropriate websites such as pornography, adult or other websites.

The third reason to monitor computer activity is for cybersecurity purposes & to prevent data loss.

By knowing which websites an employee is visiting, which files are being downloaded or shared, and which external devices and endpoints are being used, company administrators can manage cyber security risks and data loss prevention efforts.

Data breaches and associated risks can cost businesses millions of dollars in damages along with reputational risk, so being aware of these risks and monitoring them can provide significant benefits for every organization. In addition, by using alerts, and setting up risk profiles for users, you can audit activities and groups for questionable employee behavior.

Due to Covid-19, the year 2020 has seen a significant shift to remote work for various companies and organizations. This brings us to our 4th reason to monitor an employee’s computer usage: remote workforce management.

52% of CIOs surveyed suspect that one or more of their mobile workers have been hacked or caused a mobile security issue in the last 12 months. Employee monitoring software can be used to monitor for high-risk activity and verify that employee activity on company networks is legitimate.

The final reason to monitor employees is for bandwidth management purposes. With CurrentWare’s BrowseReporter tool, you can determine who is hogging bandwidth by streaming videos and uploading/downloading excessively large files.

Employees who are hogging bandwidth can slow down the entire network, negatively affecting the productivity of other employees and reducing the performance of business critical operations.

That’s it for this video. If you have any thoughts on this video or other reasons why computers should be monitored, feel free to comment below.

If you’d like to give any of CurrentWare’s computer and device monitoring solutions a try, please check out our free trial at currentware.com/download or get in touch with us and we’d be happy to help!

Note: The above video showcases a legacy user interface for BrowseReporter. To see the most up-to-date features and interface please visit the BrowseReporter product page

Meet Security Compliance Requirements

security compliance audits - 7 tips to meet compliance from CurrentWare — Preparing for a security compliance audit? Check out these 7 tips.

Remote desktop monitoring software keeps a detailed history of users who have connected to the corporate network, along with their usage details. These reports are valuable security tools for compliance and auditing purposes. In the event of a data breach the activity of users can be audited for high-risk, anomalous, and suspicious activity.

CurrentWare’s central console ensures that you have the most important user activity data accessible from one place, allowing you to generate user activity reports easily. Reports can be generated on-demand, at a set schedule, or when specific activities occur.

Detect Insider Threats

Insider threats - how to protect your data. CurrentWare

User activity monitoring is an essential part of mitigating insider threat risks. This is especially true when users are allowed to access internal resources from outside of the network.

By auditing remote user activity you can detect high-risk and anomalous activities such as large file transfers to USB storage devices, inappropriate internet usage, and the use of unsanctioned applications.

With CurrentWare’s monitoring software you can leverage detailed user activity monitoring reports to enhance your insider threat detection strategy.

Monitor Remote Employee Productivity

Image with text: Managing productivity and security of remote workers

When employees work from home (or other remote locations) there is far less visibility into their work habits than when they work in the office.

Remote desktop monitoring software tracks the activity of these employees to ensure that working hours are being used efficiently. Depending on the needs of your environment you can monitor employee productivity while they are connected to a Windows terminal server, a remote workstation, or their local device.

Dedicated monitoring software keeps all internet browsing data intact so that users cannot hide their internet usage by deleting their history.

If excessive unproductive web browsing and application usage is detected, you can address this productivity concern before it escalates.

Enforce Acceptable Use Policies

Paper document that says "Internet Usage Policy"

Company policies are valuable tools for communicating security, decency, and productivity standards to end-users. Monitoring computer activity with remote desktop monitoring software ensures that these policies are being followed.

With the monitoring software in place you will be alerted to any instances of misuse, allowing you to provide remote employees with appropriate corrective actions.

Track Software License Usage

Application Tracking - Save Money on Unused Software

Did you know that underutilized software cost businesses a staggering $34 billion per year? Monitoring employee application usage allows you to track the utilization rate of software so you can avoid paying for software that isn’t being used.

Get My FREE Trial

Back to Table of Contents

What CurrentWare’s Remote Desktop Monitoring Software Tracks

laptop with currentware's remote employee monitoring software on screen

CurrentWare audits user activity on local or cloud-based desktop computers, virtual machines (VMs), and servers running the Windows operating system.

When monitoring and managing your end-users in Citrix with CurrentWare you can track and control computer activities with PC Mode to manage the individual virtual machine or with User Mode to track and control the activities of specific users across multiple devices and/or virtual machines.

Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; when you run a report from PC mode it will give you a report on all the users’ profiles in a single report.

For monitoring RDP sessions CurrentWare meets your company’s monitoring and auditing needs for Windows desktop and Windows Server by tracking both local and RDP user sessions on all endpoints.

The CurrentWare Suite provides dozens of remote desktop activity reports for auditing how end-users interact with endpoint devices.

These reports include

User logon session duration
Internet activity reports (search queries, bandwidth consumption, sites visited, browsing time)
Application usage reports
Active vs idle time tracking
USB file operations reports (files copied/created/deleted/renamed to portable storage)

Many of these reports can be configured as alerts to notify you when specific actions occur on monitored endpoints.

In addition to remote user activity reports, the CurrentWare Suite includes solutions for peripheral device control, web content filtering, and remote PC power management

Track Remote Employee Work Hours (Audit Logon Events)

Tracking user activity on a daily and weekly basis allows you to correlate time spent working remotely with the hours that employees self-report.

Using enPowerManager’s User Logon History report you can audit logon events on remote computers.

enpowermanager's user logon history report with timestamps of when employees log in and out each day

This report shows you

The user that logged in (local or domain)
Which users connected to a certain server or computer and when
Their logon time and date
Their logoff time and date
The duration of their logon session (logon-logoff time)

enPowerManager also includes a Startup and Shutdown History report to track each time a remote user alters the power state of their computer or the computer that they remotely connect to.

enpowermanager startup and shutdown history report

This report shows you

Startup Events
Sleep/Shutdown Events
Hibernate/Standby Events

Using these reports you can track how long users have been connected to their local computers, remote workstations, and/or virtual machines.

This allows you to

Verify that employees are starting and stopping their work days at expected times.
Audit remote connections for off-hours access (potential insider threat risk)
Compare logon times to BrowseReporter’s computer activity reports to see how they spend their time during work hours

To prevent users from simply logging into their workstation via remote desktop, leaving for the day, and logging in at the end of the workday, you can track idle time with BrowseReporter. BrowseReporter’s time tracking features will show you whether the employee was actively using their computer during the day.

Get My FREE Trial

Start auditing user logons with enPowerManager

Remote Employee Productivity

Using BrowseReporter’s user activity reports you can monitor RDP sessions of your employees to track their productivity levels. BrowseReporter audits the internet and application usage of users that connect to remote computers using remote desktop and similar technologies.

If you have employees who work from home you can use the activity reports to verify that they were productive during work hours.

BrowseReporter even includes a pre-built employee productivity report that provides a high-level overview of how much time your remote employees spend on websites that are productive, unproductive, or neutral. These classifications can be customized to match what is considered productive for your employees.

You can even use the productivity by location report to compare productivity levels between time spent in-office vs time spent working remotely. This report tracks how much time was spent working from IP addresses that are associated with your local network and how much time was spent working from other IP addresses.

BrowseReporter's work from home employee productivity report — BrowseReporter’s **productivity by location report**

Get My FREE Trial

Start monitoring employee productivity with BrowseReporter

Back to Table of Contents

Internet and Application Usage

Monitoring internet and application usage is essential for ensuring that your remote users are in compliance with acceptable use policies.

When your remote users browse the internet or use Windows applications, their activity data will be collected by the CurrentWare client.

Samples of BrowseReporter’s computer activity reports

BrowseReporter specific application usage dashboard

Search engine query report with queries related to insider data theft

Application activity log with app titles

Get My FREE Trial

Start monitoring internet use over RDP today

Bandwidth Consumption

Reducing bandwidth consumption is critical if you have several remote users connecting to your network over a VPN. Excessive bandwidth use will severely impact latency and reduce the reliability of the remote session.

BrowseReporter’s bandwidth usage reports identify the websites that consume the most bandwidth. If unproductive websites are becoming a bandwidth hog in your network you can use BrowseControl’s web filtering features to block them.

Get My FREE Trial

Start monitoring RDP bandwidth use today

Active vs Idle Time

Two bar charts with employee computer usage data: top 5 active time and top 5 idle time

BrowseReporter measures the Idle Time of remote users to see how long they are away from their computers. Using the email alerts feature you can get notified when an employee is away from their computer for a predetermined period of time.

The distinction between Active Time and Idle Time is based on the end-user’s mouse and keyboard activity. When there is no input from their mouse or keyboard for a designated period of time, BrowseReporter will shift tracking from Active Time to Idle Time.

By default, the amount of time that the end-user must be inactive before BrowseReporter switches from Active Time to Idle Time is 20 minutes. This threshold can be customized to better suit your environment.

BrowseReporter's idle time tracking limit setting

BrowseReporter’s integrated system idle time tracker sorts remote user activity into three categories based on their usage:

Active Time is how long the employee was actively using their computer. A computer is considered active when mouse and keyboard inputs are detected.
Idle Time is how long a given website was left open but was not actively being used.
Total Time is the full length of time that a given websites was open (active time + idle time)

Learn More: Track the Idle Time of Employees

Get My FREE Trial

Start tracking remote employee idle time

Audit File Transfers to Portable Storage Devices

With AccessPatrol’s device control features you can prevent data exfiltration when employees work from home.

With the CurrentWare Client installed on the devices you would like to monitor you can detect when USB devices are plugged into domain controllers, servers, or workstations.

You can also configure alerts that notify you when files are transferred to portable storage devices or when certain peripheral devices are inserted into monitored endpoints.

Sample USB Device Reports

File Operations

Allowed vs Denied USB Devices History

Graph of an hourly timeline showing blocked vs allowed USB devices

AccessPatrol Allowed vs Denied report with 13 different devices listed. — All Peripheral Devices Report – Allowed vs Denied Devices

Get My FREE Trial

Protect sensitive data against theft with AccessPatrol

Back to Table of Contents

How Remote Desktop Monitoring Software Works

CurrentWare console main screen with AccessPatrol, BrowseControl, BrowseReporter, and enPowerManager

CurrentWare’s remote desktop monitoring software is supported on local or cloud based desktop computers, virtual machines (VMs) and servers running the Windows operating system.

So long as the underlying operating system is a version of Windows that is supported by CurrentWare, your remote users can be monitored.

This means that you can audit user activity on Desktop as a Service (DaaS) providers such as Amazon Workspaces and Citrix, self-hosted Virtual Desktop Infrastructure (VDI), or standard endpoints that are being accessed through remote desktop, DirectAccess, or a VPN.

All CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS). If you have users remotely connecting to a terminal server or a Remote Desktop service, you can use CurrentWare’s remote desktop monitoring software to control and track their computer activity.

Learn more about monitoring user activity in Citrix with CurrentWare

CurrentWare is known to be compatible with the following virtual machines:

VMware
Parallels
VirtualBox
Oracle VM
Virtual-PC
Hyper-V

Remote Monitoring Software Agent

Screenshot of the CurrentWare installation window

CurrentWare’s remote desktop monitoring software tracks the computer activity of remote users using a software agent that is installed on each endpoint that you would like to monitor. The CurrentWare client agent is responsible for receiving the policies from your CurrentWare server and triggering them locally on the remote computer.

The client agent is able to differentiate between each user that is logged into the remote desktop servers. This allows you to apply unique security policies for different groups of endpoints or users. You can separate your users/endpoints into logical groupings and run reports on their computer activities.

Integrity: The Windows user activity monitoring software offered by CurrentWare is protected from any end-user attempts to stop or uninstall the agent.
Connectivity: The CurrentWare Suite includes continuous Windows desktop and Windows Server employee monitoring software. Even if the connection to the CurrentWare Server is temporarily lost, the CurrentWare Client will continue to monitor the user’s during their RDP and local sessions. The user activity data will be stored locally until a connection to the server is re-established.
Visibility: The CurrentWare Client can be deployed in stealth mode or with optional privacy-enhancing features enabled.

Get My Free Trial

Chat With CurrentWare

Monitoring Local vs Remote Devices

Employee monitoring: How to Monitor Remote Workers - CurrentWare

How you will deploy CurrentWare’s remote desktop monitoring software depends entirely on the needs of your environment.

If you would like to monitor the desktops that the end-users remotely connect to, you will install the CurrentWare client on that endpoint/virtual machine, or use terminal services to provide the remote employee with a desktop that has the CurrentWare client installed.

If you would like to remotely monitor the end-user’s computer, you will need to install the CurrentWare Client on their computer. To reduce potential privacy concerns the best practice is to provide the remote user with a company-owned device and have them sign a written notice that alerts them of the monitoring.

Learn More:

Back to Table of Contents

Remote Desktop Monitoring Software FAQ

1) Can Remote Desktop (RDP) Be Monitored?

Yes. Using CurrentWare’s remote desktop monitoring software you can monitor the computer activities of your end-users. This includes logon/logoff events, internet history, and application usage. Alongside monitoring remote desktop protocol (RDP) sessions the monitoring software can also track activities on local sessions.

2) How Do I Monitor Remote Desktop Activity?

You can start monitoring remote desktop activity by downloading a free trial of CurrentWare’s remote desktop monitoring software and following these installation instructions.

3) How Do I Monitor Remote Users?

Remote users can be monitored with a few different methods

Installing monitoring software on a computer or virtual desktop that they remotely connect to over VPN, RDP, or other remote access method.
Installing monitoring software on the workstation that they use to work from home

So long as the monitoring software agent is installed on the device you would like to monitor and the agent has a connection to a database, you can monitor your remote users.

The types of data that you collect when monitoring remote users depends on the remote employee monitoring software that you use. CurrentWare’s monitoring software solutions allow you to track websites visited, applications used, productivity levels, logon/logoff times, and more.

4) Does CurrentWare’s Remote Desktop Monitoring Software Support Citrix?

Yes, CurrentWare is supported on Citrix. You can install the CurrentWare Clients on your Citrix Workspace so long as they are running compatible versions of Windows. | Learn More

Get My Free Trial

Ready to start monitoring remote desktop sessions? Get started today with a FREE trial of CurrentWare’s remote desktop monitoring software solutions.

Need help getting started? Our technical support team is here to assist you through your evaluation over phone, live chat, or email.

Get My FREE Trial

Click here to start monitoring remote workers today

Sai Kit Chu

Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description

How To Audit User Activity With Remote Desktop Monitoring Software

Ready to Get Started?

Why Audit Remote User Activity?

Meet Security Compliance Requirements

Detect Insider Threats

Monitor Remote Employee Productivity

Enforce Acceptable Use Policies

Track Software License Usage

Get My FREE Trial

What CurrentWare’s Remote Desktop Monitoring Software Tracks

Track Remote Employee Work Hours (Audit Logon Events)

Get My FREE Trial

Remote Employee Productivity

Get My FREE Trial

Internet and Application Usage

Get My FREE Trial

Bandwidth Consumption

Get My FREE Trial

Active vs Idle Time

Get My FREE Trial

Audit File Transfers to Portable Storage Devices

Sample USB Device Reports

Get My FREE Trial

How Remote Desktop Monitoring Software Works

Remote Monitoring Software Agent

Monitoring Local vs Remote Devices

Remote Desktop Monitoring Software FAQ

1) Can Remote Desktop (RDP) Be Monitored?

2) How Do I Monitor Remote Desktop Activity?

3) How Do I Monitor Remote Users?

4) Does CurrentWare’s Remote Desktop Monitoring Software Support Citrix?

Get My Free Trial

Get My FREE Trial

Sai Kit Chu

Related posts

🆕New DLP Tools, Location Insights, Track Network Drives, and More! (v9.0)

🆕Improved Tracking, Report/Alert Delivery System & More! (v8.0.1)