- Limit the number of concurrent users. Microsoft has always had problems doing what we took for granted years ago with Novell. Now we can limit one student to one ID at one time.
- Limit where an ID can be used by:
- Explicit username
- Group membership
- TCP/IP Address or range
- OU
- Time and how long you can be logged on.
- Report on how you are logging in (i.e. VPN, RDP, IIS, etc)
- Report on user ID activity.
- Report directly from the workstation to the UserLock server to avoid the normal slowdowns associated with auditing.
UserLock – A Better Way to Improve Active Directory Security and Reporting – Recording Available
I have been talking over the past year about "Hardening Active Directory". In those discussions, we have been talking about implementing a granular password policy so that you K-2 students have a lower password requirement than your financial and guidance users.
We have talked about eliminating domain admins from logging into workstations in your buildings to do anything due to the increased risks of trojans and malware seizing those rights to do bad things to your network.
With many of you, we have talked about turning on increased auditing, but there is a cost for that in terms of performance and login times.
There had to be a better way to secure your Windows network centrally while not destroying network performance.
I believe UserLock from IS Decisions is that better way. By overlaying UserLock over your existing Microsoft Active Directory network we can so some very exciting things: