Event ID 33 — Remote Desktop Protocol will use the RemoteFX guest mode module to connect to the client computer.

Provider: Microsoft-Windows-RemoteDesktopServices-RdpCoreTS
Channel: Operational
Level: Informational
Task: RemoteFXmodule_4
Opcode: Initialize

Description

Remote Desktop Protocol will use the RemoteFX guest mode module to connect to the client computer.

Message #

Remote Desktop Protocol will use the RemoteFX guest mode module to connect to the client computer.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS",
    "guid": "1139C61B-B549-4251-8ED3-27250A1EDEC8",
    "event_source_name": "",
    "event_id": 33,
    "version": 0,
    "level": 4,
    "task": 4,
    "opcode": 11,
    "keywords": 4611686018427387904,
    "time_created": "2019-08-27T17:17:46.553439Z",
    "event_record_id": 898,
    "correlation": {
      "#attributes": {
        "ActivityID": "F420C5E0-91BA-4CF1-97FF-34CCD7200000"
      }
    },
    "execution": {
      "process_id": 636,
      "thread_id": 6776
    },
    "channel": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational",
    "computer": "MSEDGEWIN10",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {}
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline