Monitoring a user or group login

To the Ipswitch web site

Ipswitch Forums
Home   
Search
   Members   Calendar   Who's On
Welcome Guest ( Login | Register )
    
Recent Posts
  
Popular Topics

Home » Network Management » WhatsUp Gold » Monitoring a user or group login


Monitoring a user or group loginExpand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
curtishinson
Posted 6/22/2009 5:34:34 PM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Forum Members
Last Login: 8/12/2009 3:48:02 PM
Posts: 18, Visits: 64
I have an OU in Active Directory called "Former Employees". I would like to get an email if anyone in that group even attempts to login; even if their account is disabled, since they shouldn't be on premises to begin with. I have pumped up audit settings to include all login events but so far I haven't seen a way in the event logs to see if an employee is in that OU.

Anybody got an ActiveScript or something that accomplishes this?
Post #54189
Bill Farinella
Posted 6/23/2009 9:01:49 AM
Forum Guru

Forum GuruForum GuruForum GuruForum GuruForum GuruForum GuruForum GuruForum Guru

Group: Forum Members
Last Login: 10/2/2009 6:52:27 PM
Posts: 72, Visits: 9,166
You can do this with a passive monitor, just create a new one choose Windows event log then choose a passive monitor (you will need to create it - Here is a link to use for a video on Event log monitors [url=http://www.youtube.com/watch?v=KL4bklLyybc&feature=player_embedded][/url]) then choose an action (This is where you can setup the email to send to yourself) then click finish.
Post #54203
curtishinson
Posted 6/24/2009 3:26:20 PM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Forum Members
Last Login: 8/12/2009 3:48:02 PM
Posts: 18, Visits: 64
Bill Farinella (6/23/2009)
You can do this with a passive monitor, just create a new one choose Windows event log then choose a passive monitor (you will need to create it - Here is a link to use for a video on Event log monitors [url=http://www.youtube.com/watch?v=KL4bklLyybc&feature=player_embedded][/url]) then choose an action (This is where you can setup the email to send to yourself) then click finish.


Thanks much Bill. However, my problem is not creating a passive monitor -- I know how to do those easily. My problem is only detecting users who are in a specific AD group. I''ve got a couple hundred accounts in a Former Employees group, and I'd like to get an email if any of them attempt to login. (They couldn't, they're disabled, but it'd let us know they're onsite trying to get in.)

It is not doable for me to go in and code 200 account names in a regex to run against all logins. I hoped someone had an ActiveScript or something that could check the group membership of each login before deciding whether to notify.
Post #54255
« Prev Topic | Next Topic »


Reading This TopicExpand / Collapse
Active Users: 1 (1 guest, 0 members, 0 anonymous members)
No members currently viewing this topic.
Forum Moderators: Dave, Mark Singh, kevin r gillis, Jason Benton, Christian Lawson, Brandon Felger, Tripp Allen, Will Sansbury, Jason Williams, Hush, FTPplanet.com, Hugh Garber, WUP-PM, mmulryan@ipswitch.com, mswimm

PermissionsExpand / Collapse

All times are GMT -5:00, Time now is 5:39am

Powered By InstantForum.NET v4.1.4 © 2010
Execution: 0.109. 8 queries. Compression Enabled.