|
Posted by Paul Bergson on September 21, 2006, 12:22 pm
Please log in for more thread options Thanks, I misread.
--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
>> Check out oldcmp from joeware.net, this is what exactly you are looking
>> for.
>>
>> http://joeware.net/win/free/index.htm
>>
>
> Not meaning to discount the value of Joe's utility, but poster
> has already located and disabled the computer objects.
> The issue is one of event monitoring.
>
>>> We are currently trying to remove old computer accounts from our Active
>>> Directory domain. We used a third party utility to find all of the
>>> computer accounts on the domain that did not have their password changed
>>> in 90 days or more. We then disabled all of these accounts.
>>>
>>> What I am curious about is whether there is an event that will be
>>> recorded in our domain controller security logs for any computers that
>>> have been disabled, but may still be logged on (for example, if a user
>>> doesn't log off at the end of the day but instead locks their
>>> workstation, they may be able to unlock it the next day and keep
>>> working, in fact this is true because we have tested it). We want to
>>> make sure no one is actually using a computer that had their account
>>> locked out.
>>>
>>> So, if we could search our event logs for a specific Event ID pertaining
>>> to the computer being locked out, we could figure out if some of the
>>> accounts we disabled are actually online and just hadn't updated the
>>> computer account password in the normal 30 days for XP and 2000
>>> desktops.
>>>
>>> -Tim Nichols
>>> MCP
>>>
>>
>>
>
>
| 
XML Sitemap