When Commander creates a file it can be saved in one of a few places depending on how Commander is being run and what options were used.
Default Commander File Locations
If you are using the application version of Commander, files are saved to your user directory be default. That is C:\users\username for Windows and /Users/username for MacOS.
If you are using Commander from the command line/terminal then files will be saved in the current directory by default.
Setting Specific Locations
When creating a file with Commander, if you provide a path before the filename, Commander will add the file in the specified location. Paths can be relative or specific.
e.g. [...] --output "/reports/report.csv" will put the file in a folder called "reports" relative to the default location (so /Users/username/reports/ on Application version and current directory/reports/ if using the command line)
[...] --output "C:\reports\report.csv" will place the file in a folder named "reports" in the C directory (if on Windows)
Report Types
Learn more about the reports that Commander can run. Click an option from this list to see the command documentation.
Command
Explanation
Show users that haven't performed a specific action in a given number of days
Display a report of password changes and search for records that have NOT been changed
Export the enterprise audit and event logs
Show a customized report of audit events
See information about records in vaults of users across the enterprise
Display information on managed company plans and available licenses
Show report of password security strength for each user in the enterprise
Display information about shared records
Show a report of shared records in the logged-in Keeper vault
Show a report of user logins
Common Reports in Detail
Find Users that have not Logged in
Requires the ARAM add-on
action-report --target no-logon
By default this looks back 30 days (results are all users that have not logged in in 30 days). The number of days to look back for can be changed with the flag: --days X where "X" is the number of days to use.
Example
My Vault> action-report --target no-logon
Admin Action Taken:
COMMAND: None
STATUS: n/a
SERVER MESSAGE: n/a
AFFECTED: 0
3 Users With "no-logon" Status Older Than 30 Day(s):
username
-----------------------------------------
john.smith@examplecorp.com
jane.doe@examplecorp.com
chris.apple@examplecorp.com
See the last time each user logged in
user-report --last-login
To include more details, such as the user's team(s) and Node run user-report without --last-login
Example
My Vault> user-report --last-login
Querying latest login for the last 365 days
Email Name Status Transfer Status Last Login
----------------------------------------- ----------------------------------------- -------- ----------------- -------------------------
john.smith@examplecorp.com John Smith Active 2022-08-22 12:33:03-05:00
chris.apple@examplecorp.com Chris Apple Invited
sam.strong@examplecorp.com Samantha Strong Active 2022-08-09 13:03:31-05:00
jane.doe@examplecorp.com Jane Doe Active 2022-10-10 09:07:34-05:00
admin+comms@examplecorp.com Communication Admin Active
Find users that have not created or updated any records
Requires the ARAM add-on
action-report --target no-update
By default this looks back 30 days (results are all users that have not created or updated records in 30 days). The number of days to look back for can be changed with the flag: --days X where "X" is the number of days to use.
Example
My Vault> action-report --target no-update
Admin Action Taken:
COMMAND: None
STATUS: n/a
SERVER MESSAGE: n/a
AFFECTED: 0
3 Users With "no-update" Status Older Than 30 Day(s):
username
-----------------------------------------
john.smith@examplecorp.com
jane.doe@examplecorp.com
chris.apple@examplecorp.com
See all records accessed by a user
Requires ARAM add-on and Compliance Reports add-on
compliance record-access-report <USERNAME>
Replace <USERNAME> with the username or email address of the user to see access history of.
Example
My Vault> compliance record-access-report john.smith@examplecorp.com
Loading record information.....
Record UID Record Title Record URL Record Owner IP Address Device Last Access
---------------------- --------------------------------- --------------------------------- ------------------------- --------------- ----------------- -------------------
x4AOxLwR5tSA7u5R9Bwplw wifi details john.smith@examplecorp.com 11.00.001.001 Web App 16.7.3 2022-10-13 12:38:33
xrnnK1HWSLMVh_irjIGAJw SAP Connect john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-13 12:12:46
xB36NT_lPxestkuCCg_35w 11.00.001.001 Web App 16.8.0 2022-10-07 09:39:10
U7YOaZv4pmLXGfTHPXuvaA 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:43
a9TshEIoSluKXAccdJhHIQ Dropbox dropbox.com/login sam.strong@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:31
6wSYfG9UeHTzDDSIGeuiyg Twitter https://www.twitter.com john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:25
o6BJUKCGLa7mmMApzPjw4A KCM Connect SSH 127.0.0.1 john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:14
See What Shared Folders Teams Have Access To
Requires Compliance Reports add-on
compliance team-report
Example
My Vault> compliance team-report
Loading compliance data....:...:...:...:...:...:...:...:...:...:...:...:...:
Team Name Shared Folder Name Shared Folder UID Permissions
----------- -------------------- ---------------------- -------------
Comms-Team Comms Team Logins 8-2gk4cde5hWN5q7ENwpCA read-only
Engineering Deployment Credentials 3kf9kd4e5hWdN5q7Ed9fS0 can-edit
Management Finances Logins dO9S0cMQ_kPYAsUYILVlSA can-share
Determine which record passwords have NOT been changed
