Security Basics mailing list archives

Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains

From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Thu, 23 Feb 2006 10:29:58 -0800

For auditing purposes, I'm tasked with suspending accounts for users
who have not logged on to AD / NT4 within the past 90 days and
deleting accounts for users who have not logged on to AD / NT4 within
the past 180 days.

I already know I can use logon attribs like lastLogon attrib,
lastLogonTimestamp, etc. in AD / NT4 to decipher when a user last
logged on.

HOWEVER, if a user ftp's or maps to a network drive in AD / NT4, since
that is techincally not a true logon and does not change the flag or
value of any logon attrib, how can I keep track and audit these types
of users?

Cheers!

--
Alexander Bolante | Alexander.Bolante () gmail com

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains Alexander Bolante (Feb 24)
- <Possible follow-ups>
- Re: Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains keydet89 (Feb 24)
  - Re: Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains Alexander Bolante (Feb 28)