SGN Enterpirse 8.0: lockdown user that hasn't connected in a while to Server

Hi Jose,

It might be best to do this at user level rather than SafeGuard as I can imagine this is more of a general issue.

There's a utility called "oldcmp" which may prove useful, however this is nothing to do with Sophos and is to be used at your own risk:

http://www.joeware.net/freetools/tools/oldcmp/index.htm

To gather a list of user accounts that have not logged on in the last 30 days the command would be:

oldcmp -users -disable -age 30 -llts

The -llts switch means to use the lastLogonTimeStamp attribute if the domain is at Windows Server 2003 functional level or above. Otherwise, the utility must use pwdLastSet, which is when the password was last set. Once you have what you need you can disable the users with:

oldcmp -users -disable -age 30 -llts -unsafe -forreal

Check the usage screen on that link as it has a good few examples.

Hi Jose,

It might be best to do this at user level rather than SafeGuard as I can imagine this is more of a general issue.

There's a utility called "oldcmp" which may prove useful, however this is nothing to do with Sophos and is to be used at your own risk:

http://www.joeware.net/freetools/tools/oldcmp/index.htm

To gather a list of user accounts that have not logged on in the last 30 days the command would be:

oldcmp -users -disable -age 30 -llts

The -llts switch means to use the lastLogonTimeStamp attribute if the domain is at Windows Server 2003 functional level or above. Otherwise, the utility must use pwdLastSet, which is when the password was last set. Once you have what you need you can disable the users with:

oldcmp -users -disable -age 30 -llts -unsafe -forreal

Check the usage screen on that link as it has a good few examples.