Users often want to log in to many computers, without logging out of any. Microsoft and Active Directory allow this without hesitation. Of course, this can cause issues for the user account, as well as for the computers where the user has not logged out. When a user account is being used to attack the network, it’s important to know which computer the user is logged into, especially if they’re logged on to more than one at the same time.
Whether you want to know which users are logged on to multiple computers currently, or at a specific time in the past, you can get the information you need to track down an issue or attack. But how? With the right tool, it’s just a simple click!
ADAudit Plus comes with a built-in report that includes this information. By default, the report shows you all users logged into multiple computers in the past 24 hours, but you can change the time range easily. To view this report in ADAudit Plus, click on Reports, User Logon Reports, and then Users logged into multiple computers. As you can see in figure 1, the list of users and the computers they were logged into concurrently is clear and understandable.
Figure 1. Report indicating when users are logged into multiple computers.
Without a report like this, you have to track down which computers a user was logged into manually, which can take hours, if it’s even possible . With this information, though, you can track down issues, determine which computers were used during an attack, or just monitor which computers users utilize at the same time.