I am not sure if the entries at 8:49 pm is what I saw as the "remote session active". Also, I am not sure if this LocalSessionManager is the right place to look.
Your post prompted me to check my own Even Viewer. After some frenzied searching for the meaning of "Remote Desktop Services" entries in my own logs I figured that alarm seems to stem only from unfortunate naming of events that LocalSessionManager drops. As this document describes[0] and after confirming with another account the events are generated when one account wishes to run a processes under another account ("Run as administrator/different user" functionality). It might be that Windows Update triggered this on your computer, consider also that Windows Update sometimes updates third party drivers and one wouldn't expect they follow all best practices.
