Windows hole 3 : No logon session monitoring

Logon session monitoring is different than logon session reporting.

Logon session monitoring is being able to say, in real time, who is logged on at which computers and to answer two questions:

• what are all the computers that a given user is currently logged on at?
• who are the users currently logged on at this particular computer?

And for the same reasons, there is no way to do that with your native Windows functionality.

Instead, what you have to do is figure that out one server at a time. You can go to a given single server, go to Computer Management > Shared Folders > Sessions, and you can look it up that way.

Think about how difficult that is if you have to check each computer individually …

But this is even more important in some ways (for instance, with job terminations) when you need to determine immediately where is this specific user, what are all the computers where this user is potentially logged on, and you have to get him off your network.

It can also be about a resource contention issue: if a resource is currently locked by a user but that user is not at his usual workstation, a System Administrator cannot raise him on the phone or whatever to get him off.

Logon session monitoring is nevertheless required for an Information System to comply with major regulatory constraints, including:

• FISMA / NIST 800-53 / FIPS PUB 200 («Access control» domain)
• GLBA (Gramm-Leach-Bliley Act - «Access control» section)
• HIPAA (Health Insurance Portability and Accountability Act – «Medical data protection» domain)
• US Patriot Act («User monitoring and management» section)

UserLock allows real time session surveillance and monitoring; at all times the administrator knows who is connected, from what workstation(s), since when…