Blog Archives

Best Practice: Group Policy for WSUS

Great article “Best Practice: Group Policy for WSUS” by  Alan Burchill. Also see his two part AD/Group Policy series: Best Practice: Active Directory Structure Guidelines – Part 1 Best Practice: Group Policy Design Guidelines – Part 2

Posted in Active Directory, Group Policy, Microsoft, Windows Server, WSUS


The one post of mine that has garnered the most hits had to do with LastLogonTimeStamp. A post from Ask the Directory Services Team entitled “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” provides a

Posted in Active Directory, Blog, Microsoft, Windows Server

Links for November 11, 2008

Veterans Day is the day set aside to thank and honor ALL those who served honorably in the military – in wartime or peacetime.  In fact, Veterans Day is largely intended to thank LIVING veterans for their service, to acknowledge

Posted in Active Directory, Blog, Information Security, IT Management, IT Security, Windows

Links for October 29, 2008

Account auditing for group membership changes Six minute video by Dana Epps will show you how to quickly configure account auditing using the domain security policy and then use free Microsoft tools like EventCombMT to quickly query across all your

Posted in Active Directory, Altiris, Auditing, Blog, Information Security, IT Security, logging, logs, Microsoft, Security, Symantec, syslog, Technology, Windows

Domain User Logon and Logoff Events

I had the need a few weeks ago to determine the logon and logoff times of users of our system. Fortunately we have the Windows server event logs captured. They are sent to a syslog server using NTsyslog and we created a basic

Posted in Active Directory, Information Security, IT Security, Log Management, logging, Microsoft, Security, syslog, Windows

Windows Encrypted File System (EFS)

Two recent editions of TechNet Magazine included excellent articles on Deploying EFS. Part 1 is here and Part 2 is here. I recently came across the article Prevent data theft with Windows Vista’s Encrypted File System (EFS) and BitLocker which

Posted in Active Directory, BitLocker, Blog, encryption, Security, Vista, Windows

UserAccountControl Flags

Many of the scripts I use to produce reports on active directory accounts utilize the UserAccountControl flag. Microsoft KB article 305144 documents how to use the UserAccountControl flags to manipulate user account propertiess to manipulate user account properties. You can

Posted in Active Directory, Blog, Microsoft, Security, Server 2003, Vista, Windows


My research that lead me to the lastLogonTimestamp attribute also lead me to and the OldCmp utility. There are a number of potentially useful utilities but I’ve just used OldCmp ( Using the utility I found a number of

Posted in Active Directory, Blog, IT Management, LDAP, Microsoft, Security, Software, Technology, Windows


While doing some research on determining the last time a user logged in to a domain, I came across the lastLogonTimestamp attribute: Prior to Windows Server 2003, determining the last time a user logged on to the domain was somewhat

Posted in Active Directory, Blog, LDAP, Microsoft, Security, Technology, Windows

Active Directory LDAP Searches

I have had occasion recently to run scripts to query Microsoft Server 2003 Active Directory to determine which accounts have “password never expires”, “user can’t change password”, and the like. I dabble in scripting off and on and tend to

Posted in Active Directory, Blog, LDAP, Microsoft, Security, Windows
September 2020