• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1919
  • Last Modified:

Email notification when an account gets locked out?

I'm an IT administrator for a law firm and we have a strict password policy that results in people getting themselves locked out of their computers constantly. It would be helpful if I was notified immediately when a lockout occurred.

Anyone know of any way to do this?

Ideally I would like to watch only accounts in a specific OU, but if it must be AD wide that will do.

Thanks in advance!

1 Solution

found a very good tutorial: http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm

Hope this helps.

Sure, it's possible, and I could write something to do it, but....


I can't come up with one valid reason why I need to know about that every time it happens.  When the account gets locked out, the end user will call the help desk, and they'll unlock it.  If it happens repeatedly, then an email is sent to the end user's manager, and they get a talking to.

If I got an email every time an account was locked out, I would do what, presumably?  Unlock it before they call?  What if it's not them?  What if it's someone trying to break into the system using their account?  The whole PURPOSE of an account being locked out is to force the user to call in, identify themselves [hopefully with a challenge question], and then be able to access their account.  If any step in there doesn't happen, then what is the point??  You'll just unlock them right away, or worse yet, write a script to unlock them when you get an email?

Sorry if I sound like I'm going off on a rant here, it's just that end users normally think about security this way, not IT staff.  It pains me to see this kind of stuff, with PCI and HIPAA and HITECH and everything else.  Security should be more on everyone's minds, and not just because it "strict" and it might annoy the users.

Just my $.02.  YMMV.

blacksixAuthor Commented:
Well I appreciate the concern, and I'm sorry your assumptions are 'paining' you but handling lockouts in this fashion can actually INCREASE security.

You're going to need to address a lockout no matter what. How you handle the situation is up to you from there and you can choose to be neglectful or to be thorough, no matter whether you're told by an email, or by a user. Of course you need to verify the source of the lockout but ideally that info can be sent along with the email you receive and can help you get to the bottom of the lockout. Also if it happens in the middle of the night, chances are its not the user and there is something I need to look into. Certainly better then waiting until the next morning to find out from the user wouldn't you say? ugh why am I even explaining all of this?

Thanks for the find ChrisDenn I'll look into this tomorrow and see what I come up with, looks like it'll work just fine.
Receiving an email notification when a user account becomes locked out can actually help you catch unauthorized persons who may be trying to login with someone else's credentials internally. Once you're given the computername from where the lockout occurred, then immdeiately you can call or go see who is at that location.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now