some security requirements - how to comply

From: Juan Carlos (jcsc_at_adinet.com.uy)
Date: 02/21/05

• Next message: Cary Shultz [A.D. MVP]: "Re: Unlock acct permissions"
• Previous message: Brian: "Re: Unlock acct permissions"
• Next in thread: barry: "Re: some security requirements - how to comply"
• Reply: barry: "Re: some security requirements - how to comply"
• Reply: Dmitry Korolyov [MVP]: "Re: some security requirements - how to comply"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 21 Feb 2005 11:45:12 -0200

Hi:

I have some requirements for a software and I don't know how to
use/configure Active Directory (or whatever) to comply them or the best way
to do it. I have no experience with Active Directory.

The following are the requirements:
1) Configure a maximum "idle" status of a session: if a user logs in and
does not use the PC for a certain time the user must be logged off
automatically.
2) Make the system users "expire" automatically when a certain
(configurable) time has passed since the last time the user logged in.
3) Audit the user management (creation/deletion/modification) by
administrators to record all modifications and authors of those
modifications.

For 1) a way may be using a screen saver configured to auto log-off after a
certain time, but I don't know how to configure a default screen saver for a
group of users (and make those users unable to modify it) . May be using
logon scripts and some registry stuff?
For 2) I've seen out there that the "LastLogonTime" or something like that
is recorded for all users, but I don't know a good way to automatically make
this.
For 3) there is a way (policy) that windows "events" are generated when
Active Directory objects are modified. Is that a good way?

I'd really appreciate your help.

Juan Carlos

---

• Next message: Cary Shultz [A.D. MVP]: "Re: Unlock acct permissions"
• Previous message: Brian: "Re: Unlock acct permissions"
• Next in thread: barry: "Re: some security requirements - how to comply"
• Reply: barry: "Re: some security requirements - how to comply"
• Reply: Dmitry Korolyov [MVP]: "Re: some security requirements - how to comply"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Distrubute a Corporate Screensaver ... >I have a screen saver which I want to run on all PC's in ... >Is there a way of doing this using Active Directory ... Providing all the machines are numbered sequentially (or ... Another way would be to look at WinInstallLE - run the ... (microsoft.public.win2000.active_directory) Configurable Screen Saver Managed by Active Directory ... This could entail a single screen saver image our ... My firm uses Active Directory - Windows 2003 Server flavor. ... groups Active Directory settings. ... and maintain software images and those that manage Active Directory. ... (microsoft.public.windows.group_policy) Re: Automatically locking desktop after a certain period of time ... Since you're on Active Directory, force the use of a screen saver and a ... timeout and password requirement via Group Policies. ... MS-MVP Windows Media Center\Windows Powered Smart ... wouldn't that obviate the screen saver from getting used? ... (microsoft.public.windowsxp.security_admin) some security requirements - how to comply ... use/configure Active Directory to comply them or the best way ... I have no experience with Active Directory. ... Audit the user management by ... For 1) a way may be using a screen saver configured to auto log-off after a ... (microsoft.public.windows.server.active_directory) Re: Printer Disapear and Strange Admin Objects ... Printers disappearing from Active Directory: ... This module describes how to set different settings that apply to auditing. ... It also provides an example of audit events created by several common tasks. ... Microsoft Windows XP - Audit Policy ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)