I have two questions about the RDPhint plugin from regripper.
1) Does it log failed login attempts?
I believe it only logs successful login attempts. I found this older forum post that states someone had tested it. http//
2) Do the last write times provide the time of the last successful RDP login or the first login?
In the
If that is the case then when the first RDP connection is made to a system it writes to the reg key. When the second connection is made it already sees the regkey and therefore doesn't change the LAST WRITE time. However it will update the username creds used.
Has anyone else have any experience with RDPHint?
Thanks.