LogLogic Open Source Windows Log Collection Tool

February 20, 2007 at 10:32 am | Posted in Blog, logging, logs, syslog, Windows | Leave a comment

Eric Fitzgerald posted information that LogLogic has made available an open-source log collection tool called Lasso for Windows logs. According to the LogLogic web site:

Responding to customer feedback, LogLogic architected and implemented Project Lasso to provide centralized log management, eliminating the need to manage individual agents, and, greatly reducing the impact on monitored servers in terms of storage and processing.

LogLogic also incorporated improved and reliable transport of log data in the form of TCP Syslog. In addition to the standard Windows event logs, Project Lasso can also capture application-specific and custom Windows event logs.. LogLogic anticipates releasing similar community initiatives for enterprise software applications that produce non-ASCII local log files over the course of the next twelve months and invites interested developers and partners to participate in the project.

Sharepoint Portal Services Auditing Tool

February 20, 2007 at 10:22 am | Posted in Blog, Microsoft, SharePoint, Windows | Leave a comment

Eric Fitzgerald references a post by Roberto D’Angelo on a Sharepoint Portal Services auditing tool. When we fully implement Sharepoint this year this is a tool we’ll be looking at.

IT Security Awareness Training

February 12, 2007 at 2:39 pm | Posted in Blog, Security, training | 3 Comments

Andy, ITGuy recently blogged about the need for better Security Awareness Training. That’s one of my focus areas this year for my company. My first bi-month newsletter goes out this week. I’ve received approval to put on mandatory IT security training this year; whether the budget will be there is another story. I want to do something web or intranet based and customizable to meet our needs. I’ll be looking forward to whatever Andy has up his sleeve. Mike Rothman stated that:

And maybe someday we’ll see a company emerge that focuses on user awareness training in a more leveraged fashion. Now that would be a novel idea.

Hopefully …

UserAccountControl Flags

February 7, 2007 at 5:31 pm | Posted in Active Directory, Blog, Microsoft, Security, Server 2003, Vista, Windows | 1 Comment

Many of the scripts I use to produce reports on active directory accounts utilize the UserAccountControl flag. Microsoft KB article 305144 documents how to use the UserAccountControl flags to manipulate user account propertiess to manipulate user account properties. You can view and edit these attributes by using either the Ldp.exe tool or the Adsiedit.msc snap-in.

JOEWARE

February 7, 2007 at 9:17 am | Posted in Active Directory, Blog, IT Management, LDAP, Microsoft, Security, Software, Technology, Windows | Leave a comment

My research that lead me to the lastLogonTimestamp attribute also lead me to http://www.joeware.net/win/free/all.htm and the OldCmp utility. There are a number of potentially useful utilities but I’ve just used OldCmp (http://www.joeware.net/win/free/tools/oldcmp.htm). Using the utility I found a number of accounts that had not been used in the last 90 days and also found two expired accounts.

lastLogonTimestamp

February 7, 2007 at 9:14 am | Posted in Active Directory, Blog, LDAP, Microsoft, Security, Technology, Windows | 2 Comments

While doing some research on determining the last time a user logged in to a domain, I came across the lastLogonTimestamp attribute:

Prior to Windows Server 2003, determining the last time a user logged on to the domain was somewhat difficult. The lastLogon attribute is not replicated from one domain controller to another. For example, suppose a new user logs on to domain controller A. You now write a script that requests the last logon time for our new user, and the script happens to connect to domain controller B. Oddly enough, the script will tell you that the user has never logged on, even though you know for a fact that the user is logged on right now.

Windows Server 2003 introduced the lastLogonTimestamp. The lastLogon attribute is still present in the Active Directory schema for Windows 2003 and this attribute still isn’t replicated from one domain controller to another. The lastLogonTimestamp attribute also keeps track of the last time a user logged on to the domain, but is replicated from one domain controller to another. If you want to know the last time a user logged on, just write a script and connect to any domain controller; the value will be the same on each one.

It’s important to note that the last logon timestamp will typically not report the user’s true last logon time. Since replicating the log on and log off of a group of users who do this several times a day throughout the entire domain could generate a large amount of replication traffic, and for little purpose since we typically care about only the so-called “stale” accounts,” users who haven’t logged on in the last few weeks. To reduce this replication traffic, the lastLogonTimestamp is replicated only once every 14 days. This helps limit replication traffic, although it also means that the lastLogonTimestamp for any given user could be off by as much as 14 days.

NOTE: If the lastLogonTimestamp attribute has never been updated, it has a null value.

Reference: http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx

Virus and Malware Reference Guide

February 2, 2007 at 9:15 am | Posted in antivirus, Blog, Malware, Microsoft, Secunia, Security, Windows | Leave a comment

The February 1, 2007 issue of Windows Secrets (you can subscribe here)included an article on antimalware tools by Fred Langa. The article references the Secunia web site:

One of the best references I know for finding malware-removal tools is Secunia. This security company aggregates what each of several antivirus vendors have to say about it a given threat. Secunia’s pages also offer links to each AV vendor’s site (and free removal tools, if any). For example, Secunia’s page on W32.Netsky.AB@mm offers links to seven different AV vendors regarding that particular worm. Very handy

Active Directory LDAP Searches

February 2, 2007 at 9:07 am | Posted in Active Directory, Blog, LDAP, Microsoft, Security, Windows | Leave a comment

I have had occasion recently to run scripts to query Microsoft Server 2003 Active Directory to determine which accounts have “password never expires”, “user can’t change password”, and the like. I dabble in scripting off and on and tend to use samples I find on the net as a starting place. I took a course in VBScript a few years ago which has helped. I’m no stranger to programming having programmed in IBM assembler and PL/1 on IBM mainframes back in the dark ages. I’ve stumbled across a number of good reference web sites for Active Directory LDAP queries:

First and foremost are the Microsoft Script Center and the Microsoft Scripting Guys

Yesterday I stumbled across the ADSI Scripting for Administering Windows 2000/2003 Networks

Daniel Petri’s site LDAP search strings samples has lots good examples

The sample chapter from the book Managing Enterprise Active Directory With Lightweight Directory Access Protocol (LDAP) was helpful. I might even buy the book.

I’ll update this post with additional links in the future.

Internet Explorer 7 Phishing Filter Performance Update

February 2, 2007 at 8:50 am | Posted in Blog, Internet, Internet Exploer, Microsoft, Vista, Windows | Leave a comment

This week the IE Blog posted an entry about an update to IE 7 to rectify a performance issue with the IE 7 Phishing filter:

This update addresses an issue experienced by some users where CPU usage is high when they are navigating a page that contains multiple frames or when multiple frames are navigated simultaneously. This occurs when the phishing filter evaluates the page for each navigation, resulting in multiple simultaneous evaluations for the same page.

I haven’t experienced the problem, but if you have you should download and install this update which is available on Windows Update for Windows Vista users and will be made available in February for Windows XP and Windows Server 2003 users. IF you can’t wait for patch Tuesday, when I assume it’ll be released for XP and Server 2003, you can download it now going to the KB article 928089.

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.

Follow

Get every new post delivered to your Inbox.