provide-last-login
This stanza entry specifies whether to report information about the last login instance of a user.
Syntax
provide-last-login = {yes|true|no|false}
Description
Use the provide-last-login
option
for reporting information about the last login instance
of a user.
To record the last login information for LDAP-based
registries, set [ldap] enable-last-login
to yes
.
For Microsoft Active Directory
registry, Security Verify Access uses
the Active Directory user attribute lastLogonTimestamp
to
report the last login time of the user. This attribute is a system
attribute and is updated automatically by Active Directory. Security Verify Access has
no control over this attribute except reporting the value when required.
This attribute is not updated every time a user logs in successfully.
When a user logs in successfully, this attribute is only updated if
its current value is older than the current time minus the value of
the msDS-LogonTimeSyncInterval
attribute.
The
value that Security Verify Access reports
for the last login of a user might not be the exact time that a user
last logged in. The reported time might be the actual last login time
minus the configurable value of msDS-LogonTimeSyncInterval
.
You can configure the default value of msDS-LogonTimeSyncInterval
to
suit the user domain policy.
To use the lastLogonTimestamp
attribute,
the Active Directory domains must be at or greater than Microsoft Windows 2003 domain functional level. For more information
about lastLogonTimestamp
and msDS-LogonTimeSyncInterval
,
visit the Microsoft support
website.
Options
- yes|true
- Set the provide-last-login option to yes, to specify that the policy server reports the time of last login of a user.
- no|false
- Set the provide-last-login option to no, to disable reporting of the last login information about a user.