Re: Auditing ftp users and mapped network drive users in Active Directory and NT4 Domains

[Raoul Armfield <armfield () amnh org>]

or you could have some system in place where users automatically get 
deprovisioned based on whether HR or some other authority ends their 
employment.  MIIS (Microsoft Identity integration service) does this nicely.

Raoul

Alexander Bolante wrote:
> Aside from ftp and security event logs, it doesn't seem like there is
> any other place to look for that type of user activity.
>
> At this juncture, it seems the best thing to do would be to require
> all users to login to their respective AD Domains so that their true
> lastLogon will be logged and can be audited.
>
> Cheers.
>
> On 24 Feb 2006 18:40:31 -0000, keydet89 () yahoo com <keydet89 () yahoo com> wrote:
> > I would think that you could track the FTP users via the FTP logs, and the folks who map shares via the Security Event 
> > Logs.


--
Raoul Armfield
rarmfield at amnh dot org

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------