Computer Last Logon Reporting for Mac, Windows, & Linux

To help clean up inactive directory objects, strengthen security, and meet compliance requirements, you may need to pull a report of the last logon times for each system in your environment. Computer last logon reports help you discover unused local accounts, which become a security liability when left stagnant. And if your organization’s dev workflow involves constant provisioning and deprovisioning of cloud servers and VMs, these reports help keep your directory current and organized.

When most people think about pulling last logon reports, they think of writing a quick script in PowerShell to query Active Directory® (AD). This solution works well in a traditional Windows®-only environment, but because it’s difficult to reliably bind Mac® and Linux® systems to AD, it’s unusual to pull a single last logon report from AD for all the systems in a mixed-OS environment. Below, we’ll address some of the nuances of the AD approach and then explore a solution that remotely manages and reports on all three major operating systems at once.   

Why Last Logon Reports Matter 

Computer last logon reports are essential for security and regulatory compliance, and they help keep your environment in order. These reports can provide two similar-but-distinct pieces of information: an individual system user account’s last logon time and the last logon time of any user account to a given machine. Let’s look more closely at some of the situations that require these reports. 

Organizing Your Directory 

Your approach to IT asset management probably accounts for replacing aging laptops and deprovisioning those systems at the local level. But what happens to the directory objects that used to represent them? With a report that tells you the last time a system contacted your directory, you can quickly identify and eliminate any dormant computer objects, keeping the directory current and organized. This is especially useful if you need to manage large numbers of cloud VMs and servers as part of a DevOps workflow.

Additionally, inactive user accounts may exist on active systems. These accounts may be disabled or locked due to password expiration, stalled updates, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Mike Ranellone. Read the original post at: