IS Decisions developed a software solution named UserLock, whose main goal is to protect Windows networks from careless and/or fraudulent users, thus mitigating insider threat.

More than 700,000 UserLock licenses are already in use by worldwide security-demanding organizations including:
BAE Systems, Banco de Costa Rica, Barclays Bank, BMW, Computer Sciences Corporation, Frito-Lay, Lockheed Martin, Mitsubishi, National Bank of Kuwait, South Wales Police, Telcel, United Nations Organization, US Department of Justice, US Department of Veterans Affairs, US Navy Marine Corps, TimeWarner, …

UserLock indeed allows IT Security teams to:

- prevent or limit simultaneous logon (same ID, same password), per user or user group

- record all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL,…) for future reference

- monitor user sessions in realtime (who is connected, from which workstation(s), for how long…)

- remotely lock, unlock, logoff and reset all interactive sessions

- define working hours and/or maximum session time for protected users and automatically disconnect users with prior warning outside of the defined timeframe(s) and/or when time is up

- restrict user group’s network access per workstation or IP range

- notify all users prior to gaining access to a system with a tailor-made warning message (legal disclaimer, etc.)

- …

You will find detailed information about UserLock on our website (as well as a free, 180-day fully-functional trial version), and this whitepaper will provide you with further details about holes in Windows native login controls and how UserLock fills them in and helps organizations to comply with major regulatory constraints (HIPAA, SOX, PCI, NISPOM, DCID 6/3 - ICD 503, GLBA, US Patriot Act, FISMA …).

Logon session monitoring is being able to say, in real time, who is logged on at which computers and to answer two questions:

- What are all the computers that a given user is currently logged on at?
- Who are the users currently logged on at this particular computer?

There is no way to do that with native Windows functionality, although that would empower System Administrators to efficiently mitigate insider threats.

Instead, what you have to do is figure that out one server at a time.

You can go to a given single Windows server, go to Computer Management > Shared Folders > Sessions, and you can look it up that way.

Think about how difficult that is if you have to check each server individually …

Read more about login sessions monitoring

There is no way in Windows to get a report saying “John logged on at 8:00 and he logged off at 11:00.”

It is therefore a precious information that gives System Administrators the ability to answer crucial questions when it comes to investigations following an incident. Who was really logged on? Where were they logged on? When did they log on? How long did they remain logged on? When did they log off? At any given time, which people were actually logged on at their Windows systems?

Read more about logon/logoff reporting for Windows networks

When did you change your administrator password for the last time? How much time does it take to modify password settings on hundreds or thousands of Windows systems?

You remind (or force) your users to regularly change their passwords, but one of the most tedious and commonly overlooked administrative tasks is changing the local administrator account on workstations and servers.

Fortunately enough, you can do this very easily with RemoteExec.

Just define the “Local Account Maintenance” action in the Action Tab, and remotely replace the local administrator password on as many computers as you want, in one pass. You can also disable all other local accounts.

Check out how