Special group logon tracking

US 20070136798A1
Filed: 12/12/2005
Published: 06/14/2007
Est. Priority Date: 12/12/2005
Status: Active Grant

First Claim

Patent Images

1. A method of generating a computer user activity log, the method comprising:

receiving a user login, verifying user account credentials, and creating a login session;

identifying the user as a member of at least one group;

creating a token, the token comprising data representing group membership of the user;

determining if the group membership data includes a group to be monitored; and

creating an audit record for the login session if the user is a member of a group to be monitored.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of generating a computer user activity log for a user belonging to a specially monitored group includes allowing a user to logon to a local computer. The local computer verifying the user account credentials and creating a user logon session. A token is created by the local computer for identification of any group membership with which the user associated and also having the user access privileges. The group information in the token is compared with a specially monitored group list. The specially monitored group list may be obtained from a domain server or may be configured locally. If the user has membership in the specially monitored group, then a special logon session is created and activities of the user are recorded.

Citations

20 Claims

1. A method of generating a computer user activity log, the method comprising:
- receiving a user login, verifying user account credentials, and creating a login session;
  
  identifying the user as a member of at least one group;
  
  creating a token, the token comprising data representing group membership of the user;
  
  determining if the group membership data includes a group to be monitored; and
  
  creating an audit record for the login session if the user is a member of a group to be monitored.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein identifying the user as a member of at least one group comprises correlating the user with a list of groups stored in an audit policy.
  - 3. The method of claim 2, wherein the audit policy is stored locally on the computer.
  - 4. The method of claim 1, wherein creating a token further comprises creating a data structure that lists computer resource access privileges of the user.
  - 5. The method of claim 4, wherein the token further comprises a locally unique identifier for the login session.
  - 6. The method of claim 1, wherein determining if the group membership data includes a group to be monitored comprises checking token group data against a list of groups to be specially monitored.
  - 7. The method of claim 6, wherein the list of groups to be specially monitored is derived from an audit policy, wherein the audit policy is editable by a system administrator.
  - 8. The method of claim 1, wherein determining if the group membership data includes a group to be monitored comprises:
    - accessing a domain server having an audit policy comprising a list of groups to be specially monitored; and
      
      comparing the token group membership data against the list of groups associated with an audit policy, wherein the list and audit policy are editable by a system administrator.
  - 9. The method of claim 1, wherein creating an audit record for the login session if the user is a member of a group to be monitored comprises creating an audit record comprising user identification data, the group to be monitored, a locally unique identifier for the login session and login session activities.

10. A computer system to monitor computer activities of a user having membership to a specially monitored group, the system comprising:
- a CPU responsive to a request by a user to create a login session;
  
  a local data storage device, the local storage device having a first list of users, the first list of users comprising associations of users with at least one group;
  
  an interface to a domain server, the domain server having a second list, the second list comprising a list of groups to be specially monitored;
  
  wherein the CPU executes a login software program that associates the user with one or more groups using the first list, communicates with the domain server to determine if the associated group is identified for monitoring using the second list, and creates an audit record of the login session of the user if the associated group is identified as a specially monitored group.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, further comprising a token created upon login of a user, the token comprising data associated with membership of the user in the one or more groups from the first list and data associated with access control of computer resources corresponding to user privileges.
  - 12. The system of claim 10, wherein the interface to the domain server is used to initially load the local storage device with the first list.
  - 13. The system of claim 10, wherein the first list comprises one of a registry, a file, or a database.
  - 14. The system of claim 10, wherein the audit record of the user session comprises user identification data, the group to be monitored, a locally unique identifier for the login session and login session activities.
  - 15. The system of claim 14, wherein the locally unique identifier allows later correlation with other records associated with the user.

16. A computer-readable medium having computer-executable instructions for performing a method of generating a computer user activity log, the method comprising:
- receiving a user login, verifying user account credentials, and creating a login session;
  
  identifying the user as a member of at least one group;
  
  creating a token, the token comprising data representing group membership of the user;
  
  determining if the group membership data includes a group to be monitored; and
  
  creating an audit record for the login session if the user is a member of a group to be monitored, wherein the audit record comprises a locally unique identifier useful to correlate other records with activities of the user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16, wherein the step of identifying the user as a member of at least one group comprises correlating the user with a list of groups stored in an audit policy.
  - 18. The computer-readable medium of claim 16, wherein the step of creating a token further comprises creating a data structure that lists computer resource access privileges of the user.
  - 19. The computer-readable medium of claim 16, wherein the step of determining if the group membership data includes a group to be monitored comprises checking the token group against a specially monitored group identified using an audit policy, wherein the audit policy is editable by a system administrator.
  - 20. The computer-readable medium of claim 16, wherein the step of determining if the group membership data includes a group to be monitored comprises:
    - accessing a domain server having an audit policy comprising a list of groups to be specially monitored; and
      
      comparing the token group membership data against the list of groups associated with an audit policy, wherein the list and audit policy are editable by a system administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malpani, Raghavendra, Fitzgerald, Eric

Granted Patent

US 7,690,036 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/316 by observing the pattern of...

Special group logon tracking

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Special group logon tracking

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links