"Xiaodeng" in operation and maintenance monitors user login operations in real time

It is a daily activity in any enterprise for users to log on to their domain computers . In limine , This may seem like a simple Active Directory event , But administrators assigned different roles can use this valuable data for various audits 、 Compliance and operational requirements . Enterprises need to be concerned with “AD User login log ” To meet one or more of the following operational requirements .

• Verify the given audit interval / Employee absenteeism every month / Attendance .

• Make sure you can access at a given time Active Directory Total number of users on the network .

• Locate the user who accesses the workstation or domain controller through the remote network computer .

• Determine the peak number of logins for all users in the domain .

• See who last logged on to the critical domain computer .

Determine if there are any users （ desperado ） Trying to log in to him / She doesn't have access to the computer .（ for example ：Active Directory Domain controller login in / Member server login will require elevated privileges .）

View the full login history of any user in the domain , That is, when you suspect suspicious employees and computers 、 Groups and employees manage during their tenure 、 Other user accounts accessed or modified Active Directory The domain object must have evidence .

In addition to the items listed ,Active Directory There are more practical requirements on the network that require audit information about domain account login .ADAudit Plus Account login reports can be easily used to overcome account login audit challenges . It provides many real-time preconfigured reports , These reports provide answers to login audit questions in the required format and enhance Active Directory Audit experience . Custom reporting tools make the software more popular , for example , You can define any login operation and view it as a report .

User login log

Why this machine Active Directory Considered insufficient for user login audit ？

Every ‘AD Log in ’ Will be continuously recorded in Active Directory domain controller (DC) In the security log of . This data is recorded on this computer Active Directory In the domain controller

• Expertise is required to understand , Because it involves understanding the specific event number and its association with the login operation .

• Huge Numbers of - Active Directory Each login activity on the object is continuously recorded in the domain controller , This event log data accumulates into a huge amount of data .

• Limit access to - The domain controller is Active Directory Key components of infrastructure , Access is limited to the selected administrative user .

This machine Active Directory Other limitations of include ： Auditor 、 Non administrative users such as managers and HR staff cannot track any required login operations . Some key login Events （ for example , Log in to a domain controller or member server ） Immediate alarm or continuous monitoring is required . Although this key information has been recorded , But it is not distinguished or grouped with ordinary event logs , There is a greater likelihood of being overlooked .

Active Directory

real time Active Directory Log in to audit solution

For the whole Active Directory Network tracking account login activity （ Track for one system at a time ） It's almost impossible .ADAudit Plus The real-time user login audit report of lists all user login operations in a single report . Then it takes only a little time to move from one place Web Console view . Login information is important for understanding / It is important to determine the login authenticity of user objects in the domain .

ADAudit Plus Provides information about login failures 、 Domain controller login activity 、 Member server login activity 、 Workstation login activity 、 User login activity 、 User login report of recent user login activities and last login to workstation . Besides , The login audit solution is also an indispensable tool , Make certain login events 、 Auditing of current and past login activities becomes easy , And can list all changes related to login . It is through easy to understand Web Interface , And through the chart 、 Graph and list view of built-in custom report to display statistics .

Login activity

ADAudit Plus Audit report about user login

• Login failure report
• Login activity on the domain controller
• Login activity on member servers
• Login activity on the workstation
• User login activity
• Recent user login activity
• Last login to workstation
• On the computer RADIUS Sign in

ADAudit Plus

Login failure report

The login failure report provides information about login failures during the selected period and the reason for the login failure . Multiple failed login attempts for the user account during the period selected in the report . This allows the administrator to understand " Vulnerable to intruders " Account information and possible attacks . Reports information about login failures （ for example , When a login failure occurs 、 Login failed accounts and possible reasons ）.

Reason for login failure is very important , for example , Vulnerable insecure user names and passwords . Reasons that require administrator attention include ：" Password has expired "、" Account is disabled / Has expired / Locked " or " The administrator should reset the account password ". Other reasons will also be reported , for example ：" The workstation / Login time limit "、" The new computer account has not been copied " or " The computer is pre-w2k" as well as " The time in the workstation is not synchronized with the time in the domain controller ".

A graphical representation of the number of login failures and the reasons for the failures can help administrators make decisions quickly and effectively .

Login failure report

Login activity on the domain controller

The domain controller is Active Directory Key central components in ,AD Where the change takes effect . Domain controller logins are limited to privileged or administrator users , Complete information about other users' login attempts can help administrators take sensible corrective actions .ADAudit Plus Help provides information about all users who are logged on to any selected domain controller . Report login time 、 Where the user logs in （ Equipment name ）、 Whether the login attempt succeeded or failed and the reason for the failure （ if there be ） And so on .

AD Domain user login information

Login activity on member servers and workstations

User login activities on member servers and workstations the login activities on member servers and workstations report provides information about the users logged on to the selected member server or workstation respectively . These two report functions are similar to " Log on activity report on domain controller ", Make it easier for users to use and understand the software .

User login activity

The user login report provides information about user access to the selected domain " The server " or " The workstation " Audit information for the complete login history of . User object login history is important to understand the login mode of the selected user , It can also serve as an auditor / The manager provides proof of records about any user .

Recent user login activity

The system administrator suspects / Worry about users' illegal use of the network . Failed login attempts are an indicator or a measure of violations .ADAudit Plus Of " Recent user login activity " The report lists all successful and failed login activities for the user during any selected period . Besides , The reason for the failed login will also be listed as a comment , In order to take corrective measures .

You can view a day from this report 、 List of users who successfully logged on to the network on any selected date or period .

Last login to workstation

This report lists the last time all users who successfully logged in on a given day logged in to the workstation or computer . This report can be used to determine the absence or current idle status of users in an organization .

Monitor the... On the computer RADIUS Sign in

Audit the remote authentication dial-up user service for users who are logged on to the remote computer (RADIUS) Network access . Using remote login user reports （ for example RADIUS Login failed (NPS) and RADIUS Login history (NPS)）, monitor Active Directory All in RADIUS Authentication . Please note that , At present, only network policy servers are supported (Windows Server 2008) Of RADIUS Login activity .