Audit Reports from ADAudit Plus on User Logon:
Logon Failure Report:
Logon Failure Report provides information on the logon failures and the reason for logon failure over a selected period of time. Multiple logon failure attempts (bad logon attempts) on User accounts in the selected period of time is reported. This equips administrators with information on possible attacks on "intruder attack susceptible" accounts. Information on logon failure alike when a logon failure occured, logon failed account, and possible failure reasons is reported.
Logon Failure Reasons could be critical like a Bad User Name, Bad password which are susceptible to attacks. Reasons which require Administrator attention are "Password has expired", "Account disabled/expired/ locked-out" or "Administrator should reset the password on the account". Other reasons like "Workstation/Logon time restriction", "New computer account has not replicated yet" or "computer is pre-w2k" and "Time in workstation is not in sync with the time in Domain Controllers" are also reported.
A Graphical representation on the number of logon failures against the reason of the failure assists Administrators to take quick decisions and administer effectively.
Logon Activity on Domain Controllers:
Domain Controllers are the central critical components in the Active Directory from where AD changes are effected. Domain Controller logon is restricted to privileged or Admin users and complete information on logon attempts done by other users equips administrators to take informed corrective measures. ADAudit Plus helps provide information on all users who have logged on on any selected Domain Controller. Details like the time of logon, from where a user logged on(Machine Name), the success or failure of the logon attempt and the reason for failure if any is reported.
Logon Activity on Member Servers and Workstations:
Logon Activity on Member Servers and WorkStations provide information on user logon into selected Member Servers or Workstations respectively. Both these reports function similar to the "Logon activity report on Domain Controllers" making the handling and understanding of the software a breeze.
User Logon Activity:
User logon report provides audit information on the complete
logon history on the "Servers" or "Workstations" accessed by a selected Domain User. User object Logon history is very important to understand the logon pattern for a selected user and in other instances to provided a recorded proof to auditors / managers on any User.
Recent User Logon Activity:
System administrator are either doubtful / concerned about the irregularities in the usage of the network by users. Failed logon attempts is an indicator or a measure to spot an irregularity. The "Recent user logon activity" report from ADAudit Plus lists all the successful and failed logon activities by users over any selected time period. Further the reason for a failed logon is also provided as a remark for taking corrective measures.
List of users successfully logging into the network on a given day, any selected date or over a selected period can be viewed from this report.
Last Logon on WorkStation:
This report lists information on the time of last logon on to a Workstation or Computer, by all users who have successfully logged on a day. This report could be used determine absenteeism or current availability status of users in the organization. Last bad logon on a workstation can also be determined.
Users Logged into Multiple Computers:
Windows Active Directory allows its domain users to login into multiple computers at any given instant. Administrators, auditors and managers require advanced tools to track these logons to ensure that resources are used as desired.
Users logged into multiple computers report provides the last logon data of a user/users into multiple computers within a given time frame. This report acts as an index in auditing users who logon into multiple computers.
Audit RADIUS Logon on Computers:
Audit the Remote Authentication Dial-In User Service (RADIUS) network access by user logged on remote computer. With reports on remote logged users like RADIUS Logon Failures (NPS) and RADIUS Logon History (NPS), monitor all RADIUS authentication in Active Directory. Please note that currently RADIUS logon activities via Network Policy Server (Windows Server 2008) is only supported.