user account auditing
I've done a bit of searching... and have come up with very little.
Are there any good utilities to find out the following information on user accounts.
These utilities would be most likely used in a 2k Domain.
1.) When a user account was created.
2.) When a user last changed their password.
3.) When the account was last active.
4.) Where the user was last logged on.
5.) User logon history.
6.) List inactive accounts.
7.) List active accounts.
8.) Any other useful info that I've left out.
I can find out some of this info from pulling apart logs... but you'd think that there would be a utility to find out this info.
We have not found anything, either, that provides all that information. At least, nothing that doesn't cost a lot. You can get some of that from Quest Software tools (really expensive stuff). We made a choice a while back to develop rather than purchase tools for this. Since we are an educational inst. we must process student accounts every quarter. We use login scripts, LDAP and NT commands, use SQL as the background database and Visual Studio as the development environment and did our own tools. We can query our database to determine who was logged into what machine at a specific time and date.
Here is the Quest URL:
if I remember correctly
If I remember correctly can't you set custom filters in NT so that it's logged into categories? I know it's a hassle to trudge through logs and set filters but unless you want to pay $500-$2000 on software then it's probably the easiest way
conversion for major Antionline users' countries
*as of 4:21 PM on 6/19/03 Courtesy of XE Universal Currency Converter
USD = 0.852896 EUR
1 EUR = 1.17248 USD
1 USD = 0.595689 GBP
1 GBP = 1.67873 USD
1 USD = 1.34270 CAD
1 CAD = 0.744768 USD
1 USD = 1.48976 AUD
1 AUD = 0.671247 USD
In NT, there's the userstat (NT reskit) utility that provides most of those info. If I recall correctly, it, however, doesn't work in W2k/AD. There might be an equivalent utility in the 2K reskit though... I don't quite remember...
On the third party/commercial side, Hyena from SystemTools(.com) does cover some (edit: check the 30 day demo, I'd say it does much of what you're looking for) of those too...
i am not sure about this .. but i was use separate programm to find out about what and where the user login or list active accounts or machines.
Here i use Deft Personal System that we build for a year and it looks like a netstat. But before, i used active network directory, and wingate. But i haven't find the programm who could do all of that.
You can do alot of these tasks with DumpSec from Somarsoft.
It can be found here under the Free Tools.
Checked the freebie referenced software. None of it actually answers the questions posed by phishphreek80. I recommend that you (phishphreek80) look in to Visual Studio (.NET if you are going that way) to set up your own tools for these questions. Most of the information you seek is available via LDAP queries. We've used a combination of login/logout scripts and SQL databases (along with our VB application) to gleen and store activity so that we can maintain historical/forensic information about logins, who what and where and all that.
Also, if you are heading toward Win 2003 Server, there are new AD tools, and the new Group Policy manager (which also works for 2000), that can help answer some of those questions.
Other than that, I think you might need to spend a whole lotta money.
Thanx for all the feedback guys/girls! I still have yet to find what I'm looking for... but did run across some cool utilities in the process. Its not critical info.. but would still be nice to know...
rapier57: I like your suggestion... but I'm not sure I'd have time to mess with that. Although, I will look into it. I have so many other projects on my plate ATM... that one will have to wait a bit. Great idea though.
I guess money isn't really an issue... so maybe I'll end up going that route... dunno... I'll give the options to mgt and let them decide... ;)
You can find some of the information you're looking for by enumerating the NetBios accounts of a PDC with an admin account.(This is assuming you're using netbios of course) Gives last logon/logoff,times used,last pw change,disabled or not, and some other stuff, enum.exe is command line tool which could be used by a script if you needed something in particular. Hope thats helps you out.