Want to know what user or process that is using all the CPU or memory on a terminal server? Kaseya Network Monitor can monitor session processes and set an alarm if a user/process hits the set threshold value for CPU or memory. You can either monitor all users and processes created by RDP sessions or monitor a specified process or user. We have created two Lua scripts that will handle this.
The first script (WMI_RDP_Session_Perf_Process.lua) lets you choose between CPU or memory and set a threshold. Optionally, you can set a process name. Important here is that you check the “No account logon” checkbox since it’s using authenticated WMI sessions to the monitored server.
The second script (WMI_RDP_Session_Perf_User.lua) will let you choose CPU/memory, set a threshold and specify an optional username that you would like to monitor. The syntax is DOMAIN\User but for non-domain connected computers, you will need to specify the local computer name (ie. COMPUTERNAME\User).
Normally you would use the default account for the object but you can specify a specific account for the monitor if needed. The credentials will be passed on to the script for authentication. The statistics will save the CPU or memory usage for RDP sessions. The uniqueness with these scripts is that they will only record RDP sessions. No other sessions like console logons or Windows services will be recorded or checked.
Both scripts will show “Test OK” if nothing hits the threshold. If an alarm is set, a message telling that the CPU or memory usage is high will be presented, along with a list of processes with their data, such as CPU/memory usage and owner (the user that created the process).
Check the KB article at https://community.kaseya.com/kb/w/wiki/monitoring-rdp-sessions.aspx for information on how to download the scripts.