We are currently running an environment with both Server 2003 and Server 2008 R2 domain controllers and would like to receive notifications of when a user's account has been locked out or unlocked. If possible, we would like to be able to run a report on these events so that we can show that to the powers that be. Is it possible to receive notifications for when the accounts are locked out or unlocked for our environment and is there a reporting tool that we can use to generate the needed reports. Thank you.
HI,
Yes, EventSentry would be able to monitor this for you. We have many predefined filters and two of them are exactly what you are looking for (User Account Locked Out & User Account Unlocked). There are 15+ actions in EventSentry one of which is email so you can receive emails events based on those lock outs/unlocks, and there is also a database action. Using the database action, you can have these events written to a database and then pull them up in the web reports to show the higher ups.
Currently I'm not sure that it is monitoring the correct events for both Server 2003 and Server 2008 domain controllers. Looking at the predefined compliance filter, it shows the event ID for the 2003, but not 2008 event ID. I'm not very familiar with web reports and running the default report for Account Management: User Account Locked Out, I did not see any of the test lockouts that we had performed this morning and have not received any email notifications when running the tests either.
HI,
You can download the latest packages in the EventSentry management console by going to Tools > Download Latest Packages. This should include the new source and event ids for your 2008 machines. After you've done that, you'll need to update the configuration on the remote machines to make sure they have the updated packages. You can do this by going to Remote > Update Configuration.
It looks like you're new here. If you want to get involved, click one of these buttons!