Logon Inactivity

Archived from groups: microsoft.public.win2000.security (More info?)

How do you run an inactivity report for Win2000 Network User accounts?
We would like to disable those network user accounts that have not been
active for a specified number of days. Any ideas how we would go about doing
this?

Thanks,
Warner.
2 answers Last reply
More about logon inactivity
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    There is a problem with Windows 2000 domain controllers in that they do not
    replicate the last logged on timestamp. If you have a Windows XP Pro
    computer in the domain you can install adminapk for Windows 2003 on it and
    use the AD command line tools such as "dsquery user -inactive" to find
    inactive accounts but you would have to do such on each domain controller to
    get final results. A user may show as never being logged on by a domain
    controller that is never used to authenticate him. There may be scripted
    solutions to do such for all domain controllers if you have more than a few.
    There is also a free tool from Somarsoft called dumpsec that you may want to
    try. Though I have not tried it myself with multiple domain controllers
    there is an option for "show true last logon time" that is supposed to make
    it check all logon servers when you select which which fields to use in
    your report for users.--- Steve

    http://www.systemtools.com/somarsoft/ --- dumpsec
    http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/WINDOWSXP/home/using/productdoc/en/dsquery_user.asp


    "Warner@nospam.postalias" <Warnernospampostalias@discussions.microsoft.com>
    wrote in message news:4301DBF1-8EC9-4758-BC53-557A94A6E23B@microsoft.com...
    > How do you run an inactivity report for Win2000 Network User accounts?
    > We would like to disable those network user accounts that have not been
    > active for a specified number of days. Any ideas how we would go about
    > doing
    > this?
    >
    > Thanks,
    > Warner.
  2. Netwrix inactive users tracker (www.netwrix.com) should work for you. The tool automatically detects, reports and deactivates all user accounts that have been inactive for a specified number of days. I know they also offer a freeware version that detects and reports on inactive accounts, but doesn’t automatically deactivate them.
Ask a new question

Read More

Security Microsoft User Accounts Windows