I should have bloged about this topic, bit earlier.. before discussing about the new Group Policy settings improvements in 2003 and Vista. Here are the some important and useful links to know about Group Policy technology and trends.
| Quote: |
| 1. Group Policy Frequently Asked Questions (FAQ)2. Core Group Policy Technical Reference3. Windows Server 2003 Group Policy |
Please add in any other useful GP technology related sites, forums and blogs.
Help others find this article:
| 
| 
| 
Windows XP Professional Service Pack 2 added lot of settings to Group Policy. Windows Vista is coming in with even more new settings to Group Policy. The number of Group Policy settings has increased from approximately 1,700 in Windows Server 2003 with Service Pack 1 (SP1) to approximately 2,400 in Windows Vista and Windows Server “Longhorn”.
There are lot to say about policy, but i thought i can blog on the policies on Removable storage devices. I believe every enterprise administrator would agree with me that how hectic is to protect the network from this removable storage devices. What not they can cause? introducing worms or viruses on the network or even worser thing which you can’t imagine.
The following statistics on Removable storage settings were taken from Mike Stephens, Group Policy Blog.
Mike is a Technical Writer in Group Policy technology.
| Quote: |
| - Vista provides 32 policy settings to control removable storage. 16 computer settings and 16 equivalent user settings provide the ability to control removable storage.- The device categories include: CD and DVD, Floppy Drives, Removable Disks (such as key drives), Tape Drives, PAP Devices (such as media player devices), and WPD Devices (includes cell phone, auxiliary displays, and WinCE devices).- In addition, there is a policy setting to control classes of custom devices as well as a policy to control ALL removable devices. Each device category may restrict read access, write access or both.
- These policy settings are Windows Vista policy settings and apply only to computers running Windows Vista. Have no fear, these policy settings can co-exist in policies that apply to clients earlier than Windows Vista. Operating systems other than Windows Vista will ignore the settings. |
Desktop Central also has plans to support these policies which are needed for securing the network from removable storage devices.
Help others find this article:
| | |
Here i’ll discuss various methodologies available or i’ve used for user login tracking.
The Lazy man’s way…
I love Kevin Weilbacher’s simple script which is available in his blog. It can say logon/logoff, machine name and date/time stamp. He has titled the blog as Lazy man’s way to track user logon/logoff, you can follow the link for more improvization on the script.
| Quote: |
| ——logon.cmd—-echo logon %username% %computername% %date% %time% >> \\sbs\share\logon.log—–logoff.cmd—–
echo logoff %username% %computername% %date% %time% >> \\sbs\share\logon.log |
Event IDs Log the details..
Enabling the Audit Logon Events on the domain contollers can do this. (group policy on the domain controller’s OU - Computer Configuration - Windows Settings - Security Settings - Local Policies - Audit Policy - ‘Audit Account Logon Events’.)
By having this setting on domain controllers, user logon attempts will be recorded in the domain controller security event log. The event log entry will indicate whether the user was successful or not at logging in.
| Quote: |
| The successful event IDs are672 - granting of an authentication ticket .673 - Indicates the granting of a service ticket.
680 - NTLM protocol used to successfully log on a user. The Falure event IDs are: 675 - Failure code 24 — bad password. 676 - Failure code 6 - invalid user name; failure code 12 - workstation restrictions in place; failure code 18 - account is locked out; failure code 23 - expired password. 681 - NTLM protocol logon failure. |
LimitLogin utility from Microsoft
There is a utility called Limitlogin from Microsoft.
While the main purpose of LimitLogin is to enforce concurrent login quotas, it can also be used purely as a login data capture solution that lets you manage your Active Directory environment more effectively. To me its a tedious process to setup the environment, but its a useful tool.
| Quote: |
| LimitLogin’s architecture is built around three main elements: * A Web service that handles the back-end processing on the server* An application directory partition that holds the login information
* Login and logoff VBS scripts |
User Logon Reports from Desktop Central
Desktop Central has a reports category called User logon Reports. It gives all the necessary information that an administrator wants to know.
| Quote: |
| - Currently Logged on Users- Users Frequently Logged On to the Domain
- Users Rarely Logged On the Domain - Inactive Users - Computers with Frequent User Logon - Computers with Rare User Logon - Computers with No User Logon - User Logon History - User Logon History by Computers - User Logon History on Domain Controller - Logon Servers with their Reported Users |
The above mentioned other tools gave primitive information about user login. But Desktop Central gives exclusive and extensive reports for Active Directory and User login tracking. Please go through the reports and send in your valuable feedbacks.
If you need any additional reports in this specific area please feel free to contact me or send your requirements to support@desktopcentral.com
Help others find this article:
| | |
