• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1168
  • Last Modified:

Audit account lock on Window 2003 and 2008 DC

http://community.spiceworks.com/how_to/show/11824-email-account-lock-out-notification

Follow the link to audit account lock but it doesn't work.

I have already enabled audit policy under domain password policy and Default domain controller policy to audit " account login" failure event.

We have two domain controllers, Window 2003 and Window 2008. I tried to stimulate a user login failure and find that event 4740 is not logged. Only event 675 is logged in Window 2003. This event corresponded to a stimulated login failure on a workstation.

Any idea ??
0
AXISHK
Asked:
AXISHK
  • 3
  • 3
1 Solution
 
LearnctxEngineerCommented:
4740 is the account lockout event for Server 2008 and above. 644 is the lockout event for Server 2003. You would need to trigger on 644 on Server 2003 and 4740 on Server 2008 and Server 2008 R2.

I tried to stimulate a user login failure and find that event 4740 is not logged.
4740 will trigger on a lockout not a bad password attempt.
0
 
AXISHKAuthor Commented:
HOW TO MAIL ACcount lockout on window 2003 as it does not have powershell
0
 
LearnctxEngineerCommented:
You need to install Windows Management framework 2.0 (PowerShell 2).

http://support.microsoft.com/kb/968929

It supports Windows Server 2003 with Service Pack 2 and higher. If you have a lower service pack level you will need to install Windows Management Framework 1.0 (PowerShell 1).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Detlef001Commented:
Would you be intrested in an third party application if yes please update so as to update you with this,

As this task can be easily with an third party application.

Thanks.
0
 
AXISHKAuthor Commented:
Install Powershell on Window 2003 but it seems that there is no trigger event in Window 2003 schedule. Hence, not sure whether I can still use powershell to track the event.

If there is no workaround powershell solution for Window 2003, I can consider 3rd solution. Tks
0
 
LearnctxEngineerCommented:
Oh right, haven't used Server 2003 for 1/2 a decade now. You can look at this article which describes how to setup eventtriggers in Server 2003.

http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm
0
 
AXISHKAuthor Commented:
Tks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now