user account auditing
Results 1 to 9 of 9

Thread: user account auditing

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324

    user account auditing

    I've done a bit of searching... and have come up with very little.

    Are there any good utilities to find out the following information on user accounts.
    These utilities would be most likely used in a 2k Domain.

    1.) When a user account was created.
    2.) When a user last changed their password.
    3.) When the account was last active.
    4.) Where the user was last logged on.
    5.) User logon history.
    6.) List inactive accounts.
    7.) List active accounts.
    8.) Any other useful info that I've left out.

    I can find out some of this info from pulling apart logs... but you'd think that there would be a utility to find out this info.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147

    Talking

    We have not found anything, either, that provides all that information. At least, nothing that doesn't cost a lot. You can get some of that from Quest Software tools (really expensive stuff). We made a choice a while back to develop rather than purchase tools for this. Since we are an educational inst. we must process student accounts every quarter. We use login scripts, LDAP and NT commands, use SQL as the background database and Visual Studio as the development environment and did our own tools. We can query our database to determine who was logged into what machine at a specific time and date.

    Here is the Quest URL:

    http://www.quest.com/solutions/micro...astructure.asp

  3. #3
    Banned
    Join Date
    Sep 2001
    Posts
    113

    if I remember correctly

    If I remember correctly can't you set custom filters in NT so that it's logged into categories? I know it's a hassle to trudge through logs and set filters but unless you want to pay $500-$2000 on software then it's probably the easiest way






    conversion for major Antionline users' countries

    *as of 4:21 PM on 6/19/03 Courtesy of XE Universal Currency Converter

    USD = 0.852896 EUR
    1 EUR = 1.17248 USD

    1 USD = 0.595689 GBP
    1 GBP = 1.67873 USD

    1 USD = 1.34270 CAD
    1 CAD = 0.744768 USD

    1 USD = 1.48976 AUD
    1 AUD = 0.671247 USD

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    In NT, there's the userstat (NT reskit) utility that provides most of those info. If I recall correctly, it, however, doesn't work in W2k/AD. There might be an equivalent utility in the 2K reskit though... I don't quite remember...

    On the third party/commercial side, Hyena from SystemTools(.com) does cover some (edit: check the 30 day demo, I'd say it does much of what you're looking for) of those too...


    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    i am not sure about this .. but i was use separate programm to find out about what and where the user login or list active accounts or machines.
    Here i use Deft Personal System that we build for a year and it looks like a netstat. But before, i used active network directory, and wingate. But i haven't find the programm who could do all of that.

    -SD
    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    You can do alot of these tasks with DumpSec from Somarsoft.

    It can be found here under the Free Tools.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Banned
    Join Date
    Apr 2003
    Posts
    1,147

    Cool

    Checked the freebie referenced software. None of it actually answers the questions posed by phishphreek80. I recommend that you (phishphreek80) look in to Visual Studio (.NET if you are going that way) to set up your own tools for these questions. Most of the information you seek is available via LDAP queries. We've used a combination of login/logout scripts and SQL databases (along with our VB application) to gleen and store activity so that we can maintain historical/forensic information about logins, who what and where and all that.

    Also, if you are heading toward Win 2003 Server, there are new AD tools, and the new Group Policy manager (which also works for 2000), that can help answer some of those questions.

    Other than that, I think you might need to spend a whole lotta money.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Thanx for all the feedback guys/girls! I still have yet to find what I'm looking for... but did run across some cool utilities in the process. Its not critical info.. but would still be nice to know...

    rapier57: I like your suggestion... but I'm not sure I'd have time to mess with that. Although, I will look into it. I have so many other projects on my plate ATM... that one will have to wait a bit. Great idea though.

    I guess money isn't really an issue... so maybe I'll end up going that route... dunno... I'll give the options to mgt and let them decide...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    You can find some of the information you're looking for by enumerating the NetBios accounts of a PDC with an admin account.(This is assuming you're using netbios of course) Gives last logon/logoff,times used,last pw change,disabled or not, and some other stuff, enum.exe is command line tool which could be used by a script if you needed something in particular. Hope thats helps you out.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides