With the GDPR (General Data Protection Regulation) now in full force, businesses must protect confidential data from unauthorized access. Strict administration of Active Directory (AD) user accounts is essential and although Group Policy is the tool of choice, processes such as logon and access policies can be tedious to configure and particularly so for SMBs with limited on-site IT expertise.
UserLock from IS Decisions simplifies these processes by providing real-time management of user logons for multiple session types, workstation access restrictions, session monitoring and detailed auditing.
Granular Controls for User and Administrator Accounts
With UserLock, connection rules and restrictions can be applied to AD user and administrator accounts, groups and OUs and you can create temporary time-limited accounts for guests and contractors.
Rules are extremely versatile as you can set the number of initial access points to control points of entry into the network and concurrent user account logins. This is something AD and Group Policy are notoriously lacking in. The elderly LoginLimit tool was updated recently to support Windows 2012 R2 AD servers but is only capable of blocking all concurrent sessions.
Rules provide granular controls as they can be applied at AD group levels for general protection of large user bases and augmented with individual user rules which take precedence.
To further help improve user security behavior, awareness and stop password sharing in the workplace, is the option to warn users if their account is being used to logon to another computer. If this occurs, they’ll receive a pop-up message showing the computer in use and advising them to contact their administrator who will also have received an email alert from UserLock.
Remote Session Management
UserLock administrators can also interact with selected sessions by clicking on them in the console and logging users off, locking the workstations and resetting them. The blocking feature means you can instantly block a user and stop them reconnecting to any system while we investigated their activities.
Detailed reports are available for logon and logoff activities, logons denied by AD and UserLock, failed logons and concurrent session history. They can be scheduled to run at regular intervals or triggered by an event and exported to a range of formats including PDF, XLS, CSV and HTML. Reporting is easily good enough to satisfy GDPR compliance and external auditors.
UserLock takes the strain out of administering AD user logon access. Agent deployment is a breeze and with a pricing structure based on maximum simultaneous user sessions, it’s affordable for SMBs and enterprises alike. An important differentiator of UserLock is it complements AD and requires no modifications to its schema. Add in the extensive session auditing and reporting features and you have the perfect access security partner for Windows Active Directory environments.
The post Beyond Group Policy to Control Active Directory Accounts appeared first on Enterprise Network Security Blog from ISDecisions.
*** This is a Security Bloggers Network syndicated blog from Enterprise Network Security Blog from ISDecisions authored by Chris Bunn. Read the original post at: https://www.isdecisions.com/blog/it-security/beyond-group-policy-to-control-active-directory-accounts/