Solved

Audit user account: locking and unlocking

Posted on 2013-12-27
5
898 Views
Last Modified: 2014-08-02
Hello,

I am trying to find the best way to audit not only login/logoff, but all instances of locking and unlocking per user group.

Any suggestions?

Thank you.
0
Comment
Question by:exhuser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 12

Accepted Solution

by:
piattnd earned 167 total points
ID: 39742911
This link explains the auditing features within server 2008, but it also applies to 2003.

http://technet.microsoft.com/en-us/library/cc787567(v=ws.10).aspx

The article explains the logon events and also the logon types, to know whether the user was at the actual PC, unlocking the PC, or perhaps logging in to a machine via RDP.

If you have multiple domain controllers, your GDC should have all authentication events, but depending on how fast your logs fill up, you may not get the date range you wish for.

Let us know if you have any other questions!
0
 

Author Comment

by:exhuser
ID: 39742941
This is for  Windows Server 2003, and workstations pre-Vista...
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 167 total points
ID: 39743095
There is no real efficent ways (natively) to audit active directory besides going through the Security Logs. This can be a pain when you have multiple DC's in your environment because the log on statistics are local to the DC that user is authenticating to.

You can use something like Account Lockout Status to monitor this but you need to enter in the users names manually to check the status. Not a very efficent way but it can be done.

Account Lockout Status Help - http://technet.microsoft.com/en-us/library/cc738772(v=ws.10).aspx
Accoutn Lockout Status DL - http://www.microsoft.com/en-ca/download/confirmation.aspx?id=15201

Personally if you have money in the budget for this I would highly recommend getting something like AD Audit Plus which audit everything in your environment and displays this info in a web based fasion. Its not free but not expensive and they do have a 30 day free trial.

AD Audit Plus - http://www.manageengine.com/products/active-directory-audit/

Will.
0
 
LVL 20

Assisted Solution

by:compdigit44
compdigit44 earned 166 total points
ID: 39750287
In windows 2003 you could use EventTrigger.exe to "trigger" on evenit 671 "unlock" and 644 "locked" you might be able to use this in Windows 2008 to to the following.

Use EventTrigger to write the event to a text file then use use Windows 2008 ability to email the text file when the event it detected... Hope this makes sense....


http://social.technet.microsoft.com/Forums/scriptcenter/en-US/8ce49282-8b5a-49d3-aadc-1075436f1c82/script-to-generate-alert-when-event-id-triggers-in-windows-server-2003-r2?forum=ITCG
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question