|
You might want to have a look at the
newly released LimitLogin tool from MS. Quote from the help: LimitLogin v1.0
LimitLogin is an application that adds the ability to limit
concurrent user logins in an Active Directory domain. It can also keep track of all logins information in Active
Directory domains. LimitLogin capabilities include: ·
Limiting the number
of logins per user from any machine in the domain, including Terminal Server
sessions. ·
Displaying the
logins information of any user in the domain according to a specific criterion
(e.g. all the logged-on sessions to a specific client machine or Domain
Controller, or all the machines a certain user is currently logged on to). ·
Easy management and
configuration by integrating to the Active Directory MMC snap-ins. ·
Ability to delete
and log off user session remotely straight from the Active Directory Users and
Computers MMC snap-in. ·
Generating Login
information reports in CSV (Excel) and XML formats. LimitLogin grants System Administrators, Help Desk staff or
any other IT-related personnel the ability to quickly query for any user logged
on to the domain and view the machines they’re currently logged on to,
while enabling the above list of features and management tasks to be performed
on those user sessions http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe The only requirement is having one W2K3
DC in order to be able to create application partition needed for the
tool. Guy From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gideon Ashcraft Some fool mentioned to our HR department that we can track
our employee’s work routines by auditing the login events to our
DC’s instead of their supervisors actually doing work and tracking the
work habits of their charges. So now I need to present reports to our
illustrious HR department in terms they can understand (pretty pictures and
colors with all the details washed out so they can grasp the picture). I
started by enabling login successes in the default DC policy and was
overwhelmed by a flood of events from login attempts and the constant flood of
logins (20,000 security events/day) from our LANutil inventory (don’t
ever use PC-Duo) software (originally setup wrong by helpdesk staff and
currently locking the accounts of anyone associated with that deployment
(I’m letting them suffer for the moment because they did it without
asking for Domain Admin support). Currently I am using a 60 day trial of GFI’s SELM log
monitor to archive events (until my UNIX admin has the time to learn enough
PROLOG to get Tivoli to mine our logs, or I learn how to use the free MS Log
Parser to mine our DC’s) and I did a test login and logout on a test user
account (all events associated with that user were cleaned prior to testing)
and I found that logging in created 28 mixed login and logout events (including
538, 540, 673 events) on login but only 1 540 logON event during logOFF and 2
538 logoff events 12 and 41 minutes after logging out!!! What I would really like to do is tell HR to &[EMAIL PROTECTED]
Themselves and tell the supervisors to do a better job tracking their employees
and spend my valuable time tracking events for critical System and application
events instead of babysitting the incompetents. But unfortunately the powers
that be wish to appease the HR beast rather than put it in its place, so I have
to clean up the flood of login events into a form that they can understand. Does anyone recommend any software suited to this purpose or
can does anyone know of a simple query of events to pinpoint domain activity? Gideon Ashcraft Network Administrator Screen Actors Guild |
