Proactive Inactive Account Cleanup with Cayosoft Administrator

Inactive Account Cleanup – Critical for Security & Compliance

Technical Solution OverviewFeatures & BenefitsUnified On-Going Maintenance

Improve Security & Sustain Compliance Goals

In today’s networked environments, Inactive User Accounts are a favorite target of  compliance and security Auditors. Inactive AD accounts pose a security threat since they could be used to compromise business systems, data or falsify attestation. Compliance requirements like SOX 404, PCI, SSAE 16 and HIPAA require software controls be in place to identify and securely deactivate inactive accounts so they are not misused.

Disabling Inactive Accounts is Not Enough

While detecting inactive accounts is important it is critical to secure the account so that it is not left in a still-vulnerable state. Simply disabling inactive accounts put security and compliance goals in danger because the accounts are only one check-box away from disaster. To properly secure unused accounts up to (9) separate properties and settings should be considered and possibly updated. These attributes include cleanup of group membership, updating attributes and possibly changing the object’s location. Because there are many options when securing an account, providing administrators and help desk a solution like Cayosoft Suspend ensures that the procedure is performed properly.

Last Logon, Last Password Reset and Creation Date must be considered

A popular approach to figuring out if an AD account is inactive is to inspect the attribute that is supposed to hold the user’s last logon details. Unfortunately, reading this attribute simply doesn’t work due to the default way this Active Directory attribute is replicated. Some vendors will insist that calling every AD Domain Controller for a user’s last logon is necessary, however making thousands of queries simply isn’t efficient and can return false positives and negatives. By considering more than just last logon attribute a complete picture of the account can be formed. This complete picture is requried, so non-interactive logons, newly provisioned accounts and users who are on long-term leave are not mistakenly suspended.

Automatically Find Inactive Users & Inactive User Cleanup

Admin Assistant proactively notifies admins when an inactive account is detected and can optionally Suspend those accounts, eliminating security and compliance issues while optimizing license use and cost. Continuous monitoring means administrators and help desk staff can spend time on more important matters.

  • Email alerts to Admins or Help Desk when inactive users are detected
  • Optional automatic disabling of inactive accounts
  • Weekly Inactive Account Reports
  • Avoids false positives when accounts are pre-created
  • Sustains SOX 404, HIPAA and PCI compliance goals by serving as a required IT control

Automatically Secure Inactive User Accounts

Cayosoft’s Suspend for Active Directory adds new capabilities to Active Directory Users and Computers allowing administrators to automate deprovisioning tasks needed to correctly secure inactive user and group objects. These tasks are demanded by proactive IT and Auditors to sustain security, compliance and efficiency goals.

  • Prevent User Authentication
  • Prevent Group Use as a Security or Distribution List
  • Update or Clear User Attributes
  • Record and Clear Group Memberships
  • Relocate Object to a holding OU
  • Set Permanent Deletion Date/Time

Single Console Maintenance

Cayosoft Administrator addresses many on-going maintenance issues well beyond Inactive User Cleanup. From one console, Cayosoft Administrator gives you a broader on-going

  • Find Inactive Users
  • Inactive Groups & Empty Groups
  • User Deprovisioning
  • Detect users with Passwords that do not expire
  • Account Expiration Notification

Next Steps:

Get a Demo

Live or Recorded

Ask a Question

Get Answers!

Learn More...

More Information!

Your Email is safe here.