Security Basics mailing list archives
Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Thu, 23 Feb 2006 10:29:58 -0800
For auditing purposes, I'm tasked with suspending accounts for users who have not logged on to AD / NT4 within the past 90 days and deleting accounts for users who have not logged on to AD / NT4 within the past 180 days. I already know I can use logon attribs like lastLogon attrib, lastLogonTimestamp, etc. in AD / NT4 to decipher when a user last logged on. HOWEVER, if a user ftp's or maps to a network drive in AD / NT4, since that is techincally not a true logon and does not change the flag or value of any logon attrib, how can I keep track and audit these types of users? Cheers! -- Alexander Bolante | Alexander.Bolante () gmail com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains Alexander Bolante (Feb 24)
- <Possible follow-ups>
- Re: Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains keydet89 (Feb 24)
- Re: Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains Alexander Bolante (Feb 28)