Report and Audit on all Windows Active Directory Access Sessions

Previously we have looked at how UserLock let’s organizations lock down users on a Windows network. With restrictions set and enforced UserLock then empowers IT teams to track and record all user activity and gives network administrators a way to remotely control user sessions.

Logging all User Access Events for reporting

UserLock monitors and records all Windows Active Directory sessions in real time, providing a log of access information for audit and forensics. Comprehensive reports and detailed insights on who was connected, from which system(s), since what time, for how long, etc…

UserLock enables this auditing by writing user session history to a ODBC Database (Microsoft Access, SQL Server, MySQL) for reporting. This is a necessary feature for many compliance regulations.

Windows Session Logon Auditing – Database Reporting

One such report in UserLock is ‘Session History’. Highlighted in the accompanying video tutorial, this offers detailed connection details of all user logon, lock, logoff instances for users, domains, workstations etc…

For all reports, different sections can be personalized to show the results that are most pertinent to the organization. The ‘Configuration Section’ groups the specific criteria available for the selected report. Filters can be defined on the nature of sessions, specific characteristics of each session and their types.

With the ‘Protected group filter’ UserLock can display only the history for users that are members of a specific protected account rule.

The Time Section permits a defined time range for the report. This parameter is important on reports and it directly impacts the readability and relevance of any result – particularly for organizations with a large number of users or a substantial history achieved in the database. The number of generated pages in a report can be a real barrier to performing the best analysis.

Reports will be generated on either the current data source or any archived database.

Two style options for design allow the report construction to be adjusted according to the file type needed for exporting the results.

Once configured, the report is launched. The time necessary to generate the report will depend on the different criteria selected and the time range chose. Reports can then be printed or exported on a different format.

Regularly viewed reports can be scheduled (e.g. the session history for the past week) and sent on email.

Windows Session Logon Auditing – Server Reporting

This type of server report uses the service real-time information. This gives an instant result of the User Sessions view, the Agent distribution view or the dashboard.

Similar to database reporting, sections can be personalized and filters set through the ‘Configuration Section’.

Also, as previously seen with the Database reporting, reports can be launched directly, exported or scheduled if needed.