ADAudit PlusReportes y Auditorias del Active Directory |
Monitoring User Logon Actions
Users logging on into their domain computers is a day-to-day natural action that takes place in any business enterprise. At the outset it might look a simple process but different administrators could use this information for different business needs. Organizations / Businesses require Audit Information on User Logon Actions to
- Verify the absenteeism of any selected user over a period of say 'n' days.
- Ascertain the total count of users who are presently accessing the network.
- Spot users who access through a remote network computer.
- Determine peak logon time for all users in the domain.
- See who has last logged on into critical resources in the network.
- Identify if any user(miscreant) is attempting a logon into machines that he / she does not have privileges for.
- View the complete history of logon of any user in the domain i.e.) have a complete knowledge of what all domain resources that any selected user has accessed in his life span.
The above actions are a listed few and several other businesses have other important requirements which can always be included to this list. Monitoring user logon actions or having audit information on user logon through reports are important considerations accepted for taking business critical, operation smoothening decisions which every decision maker can never forfeit.
Why Native Active Directory is considered insufficient for User Logon Auditing?
Every logon activity in Active Directory is continuously logged in the event viewer of the Active Directory Domain Controllers(DCs). This data logged in the Native Active Directory Domain Controllers
- Requires expertise to understand as it involves - understanding specific event numbers and their correlation to a logon action.
- Is huge in volume - every logon activity on / by any Active Directory object is continuously logged in the Domain Controller and this eventlog data piles up to a huge volume of data.
- Has restricted access - The Domain Controller is a critical component of the Active Directory Infrastructure and access is limited to selected administrative users.
Other limitations of the native active directory include the inability for non-admin users like auditors, managers and human resource staff to track any desired logon action. Some critical logon events like logging into a Domain Controller or Member Server or Security Groups require immediate alerts or continuous monitoring. This critical information though logged-in do not have a differentiation or grouping from a normal eventlog and has a greater possibility of being neglected.
Need for an Active Directory Logon Audit Solution like ADAudit Plus :
Tracking account logon activity one system at a time for an entire Active Directory network is next to impossible. User Logon Audit Reports from ADAudit Plus helps track and Audit all User Logon Actions from a central web console at the fraction of your time. Logon information is very important to understand / identify the authenticity of any logon of user objects in the domain.
ADAudit Plus provides User Logon Reports on Logon Failures, Domain Controller Logon Activity, Member Server Logon Activity, Workstation Logon Activity, User Logon Activity, Recent User Logon Activity, and Last Logon on WorkStations. Further, the logon audit solution acts as an indispensable tool to facilitate audit of specific logon events, current and past logon activity and lists all logon related changes. This it does through an easily understandable web interface and displays statistical information through charts, graphs and a list view of canned and customized reports.
 |
|
 |
Audit Reports from ADAudit Plus on User Logon :
Logon Failure Report provides information on the logon failures and the reason for logon failure over a selected period of time. Multiple logon failure attempts on User accounts in the selected period of time is reported. This equips administrators with information on possible attacks on "intruder attack susceptible" accounts. Information on logon failure alike when a logon failure occured, logon failed account, and possible failure reasons is reported.
 |
Logon Failure Reasons could be critical like a Bad User Name, Bad password which are susceptible to attacks. Reasons which require Administrator attention are "Password has expired", "Account disabled/expired/ locked-out" or "Administrator should reset the password on the account". Other reasons like "Workstation/Logon time restriction", "New computer account has not replicated yet" or "computer is pre-w2k" and "Time in workstation is not in sync with the time in Domain Controllers" are also reported. |
|---|
A Graphical representation on the number of logon failures against the reason of the failure assists Administrators to take quick decisions and administer effectively.
Logon Activity on Domain Controllers:Domain Controllers are the central critical components in the Active Directory from where AD changes are effected. Domain Controller logon is restricted to privileged or Admin users and complete information on logon attempts done by other users equips administrators to take informed corrective measures. ADAudit Plus helps provide information on all users who have logged on on any selected Domain Controller. Details like the time of logon, from where a user logged on(Machine Name), the success or failure of the logon attempt and the reason for failure if any is reported. |
 |
|---|
 |
Logon Activity on Member Servers and WorkStations provide information on user logon into selected Member Servers or Workstations respectively. Both the reports function similar to the "Logon activity report on Domain Controllers" making the handling and understanding of the software a breeze. |
|---|
 |
System administrator are either doubtful / concerned about the irregularities in the usage of the network by users. Failed logon attempts is an indicator or a measure to spot an irregularity. The "Recent user logon activity" report from ADAudit Plus lists all the successful and failed logon activities by users over any selected time period. Further the reason for a failed logon is also provided as a remark for taking corrective measures. List of users successfully logging into the network on a given day, any selected date or over a selected period can be viewed from this report. |
|---|
This report lists information on the time of last logon on to a Workstation or Computer, by all users who have successfully logged on a day. This report could be used determine absenteeism or current availability status of users in the organization. |
 |
|---|
- Auditorías y Compatibilidad del Active Directory
- Reportes de Auditorías del Active Directory
- Rastreo de Acciones de Gestión por los Usuarios
- Reportes de Auditoría de la Gestión de los Usuarios
- Rastreo de acciones de inicio de sesión por los usuarios
- Reportes de auditoría de Inicio de Sesión de Usuarios
- Auditorías en los cambios GPO
- Notificaciones vía Email y Alertas del Active Directory
- Programe Reportes de Cambios del Active Directory
- Reportes de los Datos Archivados
