Users and Members
This displays local and domain users, groups and group membership from accounts local to the host that is running the agent and from the domain for which it is a member (if any). The host that is running the Snare agent must be a member of the domain, and have the ability to read user and group information, for the 'domain users/group' feature to work. Each link will display any relevant details on a new page if applicable.Â
- Local Users
- Domain Users
- Local Group Members
- Domain Group Members
For example, the figure below shows the output of selecting Local Users. The output from these commands has been designed with no HTML markup to assist automated services, such as the Snare Server, to interrogate the users, groups and group membership.
In the case of Local Users or Domain Users, the output shows a number of tab delimited entries, per line. These entries should be interpreted as follows: Username; Description; SID; Attributes; Settings;Â
These attributes include items such as:
- Don't expire the password (token DONT_EXPIRE_PASSWD);
- Account Disabled (token ACCOUNTDISABLE);
- No Password (token PASSWD_NOTREQD). The settings are:
Password age in seconds since last reset : Maximum password age in seconds : Account Expiry as seconds elapsed since 00:00:00 1 January, 1970 (-1 means the account will not expire) : Last Logon
.
For Domain Users, the Last Logon field will be the latest of LastLogon and LastLogonTimestamp across all Domain Controllers on the network. The first three entries of username, description and SID will be displayed as a tab delimited list. The remaining tokens will only be shown if they exist in relation to a particular account. The settings will always appear at the end of each line.
In the case of Group Memberships, the attributes displayed are Groupname and Group Members. The group members will be displayed as a comma separated list of usernames. As stated previously, the Domain Group Members and associated membership displayed via the web browser will only be displayed if the host that is running the Snare agent is a member of a Windows domain.