Reporting on DirectAccess and VPN connections

One of the big benefits that Microsoft brought to the table in these newer versions of the remote access role is reporting. In the past, it was difficult to tell who was connected and even harder to find out what they were doing or when they had been connected previously. Historical reporting on remote sessions was kind of absent. All of that changes in the newer editions, as we now have a nice interface to show us who is connecting, how often they are connecting, and even some information on what things they are doing while they are connected. Here, we'll take a look into those interfaces and explore some of the information that is available to consume. We will also make sure you know how to turn on the historical reporting, as it is not enabled by default.

Getting ready

All work with this recipe will be accomplished from our Windows Server 2016 Remote Access server that is servicing both DirectAccess and VPN clients.

How to do it…

Follow these steps to get familiar with the remote access reporting options available in Server 2016:

  1. Open Remote Access Management Console from the Tools menu inside Server Manager.
  2. In the left window pane, browse to Remote Client Status. Here, you will see a list of all currently connected devices and users. This shows both DirectAccess connections and VPN connections.
  3. If you click on a particular connection, you will see some additional data displayed below. You can easily find out whether the user is connected using DirectAccess or VPN, and some more specific information about their connection.

    How to do it…

  4. Look over toward the left a little where is says Access Details and you can even see what internal resources have been accessed by the user and computer.

    How to do it…

  5. Once your environment is large enough that this screen becomes filled with connections, the Search box at the top comes in very handy. You simply type in any information you want to search for, and the results in the window will filter down to your search criteria.
  6. If you would like to display more data on the screen, you can right-click on any of the existing column names and select additional columns to show or hide.

    How to do it…
  7. All of this information is great! But what if we want to look back and view this data historically? Maybe you want to view connections from the past day, or week. Maybe you need to come up with some kind of report on how many connections happened over the past month. In the left window pane, click on Reporting to get started with that.
  8. Since reporting is not enabled by default, we don't have any data here yet. Instead, you will see a message indicating that you need to configure accounting. Go ahead and click on this link.

    How to do it…
  9. Now you have options for Use RADIUS accounting, Use inbox accounting, or both. RADIUS accounting implies that you have a RADIUS server set up and ready to accept this kind of data. I don't see many customers using this option. Instead, most select Use inbox accounting, which writes all of the data right to the Windows Internal Database (WID) on the DirectAccess server itself.

    How to do it…
  10. Once you have made your selection, click Apply. You will see that the Reporting screen now looks a lot more like the Remote Client Status screen, except that inside Reporting, you have additional options to select date ranges and pull historical information.

How it works…

The reporting of user connection data is critical to most remote access systems. The inclusion of this data, particularly for historical connections, is a great feature addition that I am sure every remote access administrator is going to make use of. With a simple configuration change, we set up our Windows Remote Access server to keep track of these DirectAccess and VPN connections so that we can run and save reports on that data in the future.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.122.210