There are five different remote sessions that are grouped under the session category. These session events require more time for completion as apposed to the non-session events which are instant. For remote sessions, audit events are logged after the session is terminated or when the maximum limit is reached for audit log size.
Remote Control audit event is logged when a remote operator launches Remote Control session on a Windows managed device.
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration > Audit Management >Events Configuration.
In the Events Configuration page, Click the Agent Events tab >Add.
In the Add Agent Events dialog box, select the Remote Control check box under Remote Management > Session.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the Remote Control audit event, then click Apply.
Click OK to add the Remote Control audit event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices > Workstations
Select a Windows device and click Remote Control to remotely manage that device.
Close the Remote Control session. The Remote Control audit event is logged on the device.
If you launch Remote Execute and File Transfer through remote control, then the session ID is common to all three sessions.
On the other hand if you launch Remote View and Remote Control in collaborate mode, then the collaborate id is common to both of these events.
Thus remote control audit event logs basic session information such as session ID, session start time, session end time and specific information such as collaborate ID in case of collaboration. If both session ID and collaborate ID are same then the session is master collaborate session.
Files transferred or commands executed in the Remote Control session are logged as respective file transfer and remote execute events with same session ID as remote control audit event.
NOTE:Abnormal Termination Detected event is possible only in Remote Control session.
Remote View audit event is logged when a remote operator launches a Remote View session to view the desktop of a Windows managed device. This event logs basic session information such as session ID, session start time, session end time and also specific information such as collaborate ID in case of collaboration.
Enable a Remote View audit event while remotely managing a device:
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration >Audit Management >Events Configuration.
In the Events Configuration page, click the Agent Events tab > Add.
In the Add Agent Events dialog box, select the Remote View check box under Remote Management > Session.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the Remote View audit event, then click Apply.
Click OK to add the Remote View audit event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices > Workstations.
Select a Windows device, then click Remote Control.
In the Operation list, select Remote View to launch a Remote View session.
Close the Remote View session. The Remote View audit event is logged on the device.
Remote Execute audit event is logged when a remote operator launches a Remote Execute session to run an executable with system privileges on a Windows managed device. The specific details that are audited for this event include commands executed, time of execution and result of the operation.
Enable a Remote Execute audit event while remotely managing a device:
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration > Audit Management >Events Configuration.
In the Events Configuration page, Click the Agent Events tab > Add.
In the Add Agent Events dialog box, under Remote Management > Session, select the Remote Execute check box.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth for the Remote Execute audit event, then click Apply.
Click OK to add the Remote Execute audit event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices > Workstations
Select a Windows device, then click Remote Control.
In the Operation list, select Remote Execute to launch a Remote Execute session.
Execute at least one command and then close the Remote Execute session. The Remote Execute audit event is logged on the device.
It is also possible to generate a remote execute event when you launch a Remote Execute session through a Remote Control session.
Remote Diagnostics audit event is logged when a remote operator launches a Remote Diagnostics session to remotely diagnose and analyze the problems on a Windows managed device. This audit event gives more information regarding the applications launched, path of the application and launch time of the session.
Enable Remote Diagnostics audit event while remotely managing a device
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration > Audit Management >Events Configuration.
In the Events Configuration page, Click the Agent Events tab > Add.
In the Add Agent Events dialog box, select the Remote Diagnostics check box under Remote Management > Session.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the Remote Diagnostics audit event, then click Apply.
Click OK to add the Remote Diagnostics audit event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices > Workstations
Select a Windows device, then click Remote Diagnostics to launch a Remote Diagnostics session.
Close the Remote Diagnostics session. The Remote Diagnostics audit event is logged on the device.
File Transfer audit event is logged when a remote operator launches a File Transfer session to transfer files between the management console and the Windows managed device.
Log in to ZENworks Control Center on a server that has Windows devices
Click Configuration > Audit Management >Events Configuration.
In the Events Configuration page, click the Agent Events tab > Add.
In the Add Agent Events dialog box, under Remote Management > Session, select the File Transfer check box.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the File Transfer audit event, then click Apply.
Click OK to add the File Transfer audit event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices > Workstations.
Select a Windows device, then click File Transfer to launch a File Transfer session.
Launch at least one file operation, then Close the File Transfer session. The File Transfer audit event is logged on the device.
NOTE:An empty file transfer event is logged with no extra information of files transferred, if File Transfer is launched as an internal operation either from Remote Control or Remote Diagnostics session. This helps to indicate that the file transfer is initiated in the parent session and the session might take long time before logging a file transfer event.
In a File Transfer session when you are in the process of downloading files from the managed device on to a local device and the session fails with the access denied to create file error, then the failure of file downloads is not recorded in the File Transfer audit log. As failure occurs even before the data is requested from the managed device, there is no communication to the managed device about the failure of file download.
NOTE:You cannot transfer or copy internal operating system files which are not visible in Windows Explorer or in remote management File Transfer dialog, though the folder size indicates the existence of system files in this folder.