nFront Account Disabler

Never worry about dormant accounts again.

Wouldn't it be nice to automatically disable any accounts that have not logged on in three weeks?

nFront Account Disabler can automatically disable inactive and dormant accounts within your Windows Active Directory. Disabling inactive accounts is not only a security best practice but it is also part of the PCI compliance requirements and the IRS 1075 guideline.

 

A Fully Automated Solution:

Some utilities simply offer reporting and leave the work of disabling accounts up to you. nFront Account Disabler is different. If is fully automated and once configured you need only review the daily activity reports which can be emailed to you in an HTML or PDF format.

Features

  • Determines last “true logon time” for all active directory accounts. In other words, it scans across all domain controllers to get the correct last logon time for each user.
  • Can disable accounts even though all domain controllers are not available at the time of the query.
  • Can skip system accounts like IUSR_<machine-name>.
  • Do not disable the built-in Administrator account.
  • Do not disable specific groups like a group for service accounts.
  • Generates local HTML reports.
  • Can email a PDF or HTML report of the dormant accounts to an Administrator.
  • Builds a CSV file of disabled accounts.
  • Maintains a running log of all accounts that have been disabled by nFront Account Disabler. This log does not track accounts that have been disabled outside of nFront Account Disabler.
  • Smart enough to skip accounts that you created yesterday whose last logon time is “never.”

Up and Running in 5 minutes

You can install and configure the software in less than 5 minutes.

nFront Account Disabler Configuration dialog.

nFront Account Disabler Report Settings.

 


Example Report of Dormant Accounts:

nFront Security Logo


nFront AD Disabler Report


Date of Run: 4/11/2017 6:00:00 AM

Active User Accounts: 911

Settings:

Disable Old Accounts: True
Ignore unreachable domain controllers: False
Old Account Age (in days): 90
Reporting / Service Interval (in hours): 24
Report To Address
Report From Address
SMTP Server:

Users with a dormant account

Username Last Logon Time Server Name Disabled
serviceUser1 3/17/2016 4:17:18 PM DC120.lab12.nfrontlabs.local Yes
Joe Smith 11/17/2016 8:17:18 AM DC120.lab12.nfrontlabs.local Yes
Mary PoppinsNever logged on DC120.lab12.nfrontlabs.local Yes

 

Limitations of the evaluation version

  • Reports up to 3 inactive accounts
  • Does not disable any inactive accounts

System Requirements

  • Windows 2003, 2008, 2012 or 2016 server
  • 2 MB free disk space
  • Microsoft .NET Framework 2.0 or later