NetVision Company Blog

A Discussion on Effective Audit of User Access

Active Directory Last Logoff

Tags: ,

If you’re trying to audit the Last Logoff time of users in Active Directory or to programmaticly confirm whether someone is still logged on, your intuition might tell you to monitor the lastLogoff attribute. Unfortunately, you’d be wrong.

Active Directory does provide a User object attribute named lastLogoff where logoff Information should theoretically be stored. However, Microsoft currently does NOT utilize this attribute to store logoff information.  [more info on that]

In order to monitor User logoff activity on your own, you would need to watch the Security Event Log at every DC.  And you’d need to configure the Security Event Log policy on each relevant server to monitor logoff events. You would also also need to ensure that the event logs aren’t being overwritten before you capture the information (which can be tricky in large environments if you’re capturing all logon and logoff activity).  And you would have no ability to filter the events so that you’re getting only relevant information.

Because Microsoft doesn’t update Active Directory information during a logoff event, NetVision also monitors the event logs to capture logoff events.  But, because we’re already installed, there’s nothing else you need to do.  And we give you the ability to filter events based on what’s important to you (such as limiting Logoff events to a particular subset of Users).  The resulting reports are easy to read, exportable, and stored independent of logs so they’ll never get overwritten.

Note: Monitoring Logoff events is never 100% reliable. This blog entry from the Windows auditing team explains why.

PCI Compliance for Active Directory

Tags: , , ,

Are you focused on Active Directory? And being asked to provide your end of a PCI audit? Figuring out how AD relates to PCI-DSS (Payment Card Industry Data Security Standards) can be quite complicated. If you’re interested in getting help or learning more, go to:

PCI Compliance for Active Directory Administrators

NetVision Advertisements


NetVision is running a new ad campaign focused on the common need of Active Directory administrators to get real-world answers.

Gets the answers you need


Prior to this campaign, we ran a Security Ninja campaign that was pretty fun. Readers had a chance to win a Samurai sword that was a replica of the Kill Bill bride sword.

Security Ninja

eDirectory and Netware Audit

Tags: , ,

NetVision was founded in 1995 by former Novell engineers who had tremendous knowledge of NDS (which became eDirectory) and Netware.  That knowledge became the core of NetVision’s solution offerings as they introduced solutions for audit and monitoring of Netware and NDS.  One of NetVision’s early products was a syncronization tool that sync’ed data between Netware/NDS and Windows NT environments.

As the market for Netware grew smaller and the market for Micorosft Windows grew larger, NetVision made the obvious moves.  They took their knowledge of directory and file system access rights and applied it to Microsoft’s Active Directory and Windows.  They also followed Novell’s moves to Linux and built a solution for eDirectory on Linux. Today, NetVision provides a complete solution that works across both Novell and Microsoft environments for audit, monitoring, and reporting.

You may have seen us at Brainshare where we host an annual party and spend time with many customers that we’ve built strong relationships with over the years.  Many of them tell us stories about how NetVision has made their lives easier, which is nice to hear.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.