sunhux
asked on
Last logon date/time of disabled Windows & Linux accounts
For our User accounts audit, audit requested for last logon / used
date and time of disabled accounts (for both local & domain accounts).
We have mainly Windows 2008 R2 & Linux (RHEL 5.x/6.x and Suse).
Without enabling back the accounts, I can't get the last logon date/time
of disabled accounts using Windows wmic and Linux "last" & "lastlog"
commands.
Q1:
Is there any other way to get this last logon information?
Q2:
For accounts that are used by services/apps like Oracle
& VMWare SA converter as well as Linux accounts that
we 'sudo' only, I also can't get last logon/used info?
Any way to get it?
date and time of disabled accounts (for both local & domain accounts).
We have mainly Windows 2008 R2 & Linux (RHEL 5.x/6.x and Suse).
Without enabling back the accounts, I can't get the last logon date/time
of disabled accounts using Windows wmic and Linux "last" & "lastlog"
commands.
Q1:
Is there any other way to get this last logon information?
Q2:
For accounts that are used by services/apps like Oracle
& VMWare SA converter as well as Linux accounts that
we 'sudo' only, I also can't get last logon/used info?
Any way to get it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It just says "*** Logon information not available ***"
(even when issued using sudo or root)
(even when issued using sudo or root)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To the Linux experts, do reply on Linux accounts, thanks