This doesn't need to be a real time solution, but are there some log files or system messages that could be read to identify periods of time where someone was connected via RDP to a Windows 7 machine?
I'm building a watchdog script for a computer which will be deployed in a remote place and would like to add this metric to a daily status update.
Run with os.system or subprocess module
C:\> netstat -n | find ":3389 "
TCP x.x.x.x:3389 y.y.y.y:zzz ESTABLISHED
Where, x.x.x.x is own IP and y.y.y.y is remote IP, and zzz is remote port.
If you look at the Event viewer and the tab Security you can find when people login/logout there. Not sure if it gets logged if the session is just disconnected though.
This seems to be a Python library to access the event log: http://timgolden.me.uk/python/winsys/event_logs.html#module-event_logs
Disclaimer: I'm looking at a Windows 2003 server and not Windows 7, so mileage might vary :)