Jerrod_W
asked on
Emails when a user gets locked out
Simply put, I'd like to receive an email anytime one of my users gets locked out on our SBS 2003 system. I normally only see this when I sift through event viewer. Is there a program or option somewhere that I can accomplish this.
You can use eventriggers.exe and blat to do this:
Eventtriggers
http://technet.microsoft.com/en-us/library/bb490901.aspx
happy mailing : Blat online
http://www.blat.net/
Eventtriggers
http://technet.microsoft.com/en-us/library/bb490901.aspx
happy mailing : Blat online
http://www.blat.net/
@echo off
set From=lockout@domain.com
set To=me@domain.com
set SMTP=smtp.domain.com
set Subject=User locked out
set EmailFile=%Temp%\%~n0.eml
>"%EmailFile%" echo A user was locked out at %Date% %Time% on %ComputerName%
"C:\Program Files\blat\blat.exe" "%EmailFile%\%LogFile%" -f %From% -to %To% -server %SMTP% -subject "%Subject%"
Slight correction: remove the "\%LogFile%" in the last line ...
We use NetWrix Account Lockout Examiner.
http://www.netwrix.com/account_lockout_examiner.html
It works well for us because it has the option to unlock accounts either via a website (for helpdesk personnel) or email remote control (good for blackberries).
http://www.netwrix.com/account_lockout_examiner.html
It works well for us because it has the option to unlock accounts either via a website (for helpdesk personnel) or email remote control (good for blackberries).
And it was bugging me that the user who was locked out was not reported.
You should be able to combine this with PsLogList to retrieve the event.
PsLogList v2.7
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
The new script assumes that the script and the external tools are in the same folder (untested):
You should be able to combine this with PsLogList to retrieve the event.
PsLogList v2.7
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
The new script assumes that the script and the external tools are in the same folder (untested):
@echo off
set From=lockout@domain.com
set To=me@domain.com
set SMTP=smtp.domain.com
set Subject=User locked out
set EmailFile=%Temp%\%~n0.eml
:: *** set the event id of the lockout event eventtriggers is monitoring:
set EventID=
>"%EmailFile%" echo A user was locked out at %Date% %Time% on %ComputerName%; event log entry as follows:
"%~dp0psloglist.exe" -m 1 -i %EventID% security >>"%EmailFile%" 2>&1
"%~dp0blat.exe" "%EmailFile%" -f %From% -to %To% -server %SMTP% -subject "%Subject%"
I have used Eventtrigers along with Blat. It works fine for a free tool.
You may also take a look at this free tool as well http://www.poweradmin.com/ServerMonitor/features.aspx?show=actions
You may also take a look at this free tool as well http://www.poweradmin.com/ServerMonitor/features.aspx?show=actions
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This seems to be working great. Thanks.
You may want to check out event triggers
http://technet.microsoft.c
http://windowsitpro.com/ar
http://blogs.msdn.com/kric
Those links should get you going. I haven't tested this fully but it is worth trying out I think.
Thanks
Mike