Current Version: 2.7.0

nFront AD Disabler

Download Trial
Watch Video Demo

nFront AD Disabler

Never worry about dormant accounts again.

Wouldn't it be nice to automatically disable any accounts that have not logged on in three weeks?

nFront AD Disabler can automatically disable inactive and dormant accounts within your Windows Active Directory. Disabling inactive accounts is not only a security best practice but it is also part of the PCI compliance requirements and the IRS 1075 guideline.

 

A Fully Automated Solution:

Some utilities simply offer reporting and leave the work of disabling accounts up to you. nFront AD Disabler is different. If is fully automated and once configured you need only review the daily activity reports which can be emailed to you in an HTML or PDF format.

Features

  • Determines last “true logon time” for all active directory accounts. In other words, it scans across all domain controllers to get the correct last logon time for each user.
  • Can disable accounts even though all domain controllers are not available at the time of the query.
  • Can skip system accounts like IUSR_<machine-name>.
  • Do not disable the built-in Administrator account.
  • Do not disable specific groups like a group for service accounts.
  • Generates local HTML reports.
  • Can email a PDF or HTML report of the dormant accounts to an Administrator.
  • Builds a CSV file of disabled accounts.
  • Maintains a running log of all accounts that have been disabled by nFront AD Disabler. This log does not track accounts that have been disabled outside of nFront AD Disabler.
  • Smart enough to skip accounts that you created yesterday whose last logon time is “never.”

Up and Running in 5 minutes

You can install and configure the software in less than 5 minutes.

nFront AD Disabler Configuration dialog.

nFront AD Disabler Configuration report settings.

 


Example Report of Dormant Accounts:


nFront AD Disabler Report

Date of Run: 10/23/2008 1:09:48 PM

Active User Accounts: 910

Settings:

Disable Old Accounts: True
Ignore unreachable domain controllers:False
Old Account Age (in days):90
Reporting / Service Interval (in hours):24
Report To Address joe.admin@nfrontsecurity.com
Report From Addressinfo@nfrontsecurity.com
SMTP Server: 10.10.50.100

Users with dormant account

Username Last Logon Time Server Name Disabled
test201 3/17/2008 4:17:18 PM dc50.lab5.nfrontlabs.local Yes
test202 6/3/2008 2:03:36 PM dc50.lab5.nfrontlabs.local Yes
test203 Never logged on dc50.lab5.nfrontlabs.local Yes

 

Limitations of the evaluation version

  • Reports up to 3 inactive accounts
  • Does not disable any inactive accounts

System Requirements

  • Windows 2000, 2003, 2003R2, or 2008 server
  • 2 MB free disk space
  • Microsoft .NET Framework 2.0 or later