Audit account lock on Window 2003 and 2008 DC

Posted on 2013-12-21
Medium Priority
Last Modified: 2014-01-01

Follow the link to audit account lock but it doesn't work.

I have already enabled audit policy under domain password policy and Default domain controller policy to audit " account login" failure event.

We have two domain controllers, Window 2003 and Window 2008. I tried to stimulate a user login failure and find that event 4740 is not logged. Only event 675 is logged in Window 2003. This event corresponded to a stimulated login failure on a workstation.

Any idea ??
Question by:AXISHK
  • 3
  • 3
LVL 18

Expert Comment

ID: 39734564
4740 is the account lockout event for Server 2008 and above. 644 is the lockout event for Server 2003. You would need to trigger on 644 on Server 2003 and 4740 on Server 2008 and Server 2008 R2.

I tried to stimulate a user login failure and find that event 4740 is not logged.
4740 will trigger on a lockout not a bad password attempt.

Author Comment

ID: 39734593
HOW TO MAIL ACcount lockout on window 2003 as it does not have powershell
LVL 18

Expert Comment

ID: 39735769
You need to install Windows Management framework 2.0 (PowerShell 2).


It supports Windows Server 2003 with Service Pack 2 and higher. If you have a lower service pack level you will need to install Windows Management Framework 1.0 (PowerShell 1).
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!


Expert Comment

ID: 39736896
Would you be intrested in an third party application if yes please update so as to update you with this,

As this task can be easily with an third party application.


Author Comment

ID: 39738050
Install Powershell on Window 2003 but it seems that there is no trigger event in Window 2003 schedule. Hence, not sure whether I can still use powershell to track the event.

If there is no workaround powershell solution for Window 2003, I can consider 3rd solution. Tks
LVL 18

Accepted Solution

Learnctx earned 2000 total points
ID: 39738779
Oh right, haven't used Server 2003 for 1/2 a decade now. You can look at this article which describes how to setup eventtriggers in Server 2003.


Author Closing Comment

ID: 39750471

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question