account locked mail information

In a DC windows server 2003 how can I configure an automatic mail that is sent when a user account is locked out?
Thank you
Matteo BordignonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alexandre MichelManager; IT ConsultantCommented:
Uses Eventtriggers.exe . It is part of Windows 2003 & XP
Use bmail.exe from http://retired.beyondlogic.org/solutions/cmdlinemail/cmdlinemail.htm

You find find detailed description here

Create a batch file that will call the BMAIL.exe with the following syntax:
BMAIL.exe -s ExchangeServerName -p 25 -t <a href="mailto:mail@domain.com">mail@domain.com</a> -f <a href="mailto:Event576@domain.com">Event576@domain.com</a> -m msg.txt -a "Disk is nearly full!!!"

Open in new window

Replace ExchangeServerName with the name of your Exchange server.

Replace the e-mail addresses in the above batch file to those that fit your organizations and needs.

Duh note: “Disk is nearly full!!!” is just an example…

Use bmail.exe /? To get the complete syntax of the BMAIL.exe use.

The text file will contain the e-mail body. You can safely skip this stage and only create an e-mail subject in the batch file mentioned above. Here is an example of such a file. Save it as msg.txt in the working folder from step 1:
"The disk is at or near capacity. You may need to delete some files. Please take care of this before things stop working."

Open in new window

Open a Command Prompt window by clicking on Start > Run, typing CMD and pressing Enter.
To create a new event ID (in this case event ID 2013 – alerting us whenever a disk is ) we‘ll use the following syntax:
eventtriggers /create /eid 2013 /tr EventID2013 /ru domainuser /rp password /tk C:Systembmailtrigger.bat

Open in new window

Replace C:Systembmailtrigger.bat with your path and file name. Also, replace /eid 2013. with whatever event number you need to monitor, as well as /tr EventID2013.

The /RU and /RP parameters hold the credentials you‘re going to use. Replace them with your own.

Type eventtriggers /create /? In order to get the complete syntax of the commands.
Once the above Eventtriggers command is run, you can use eventtriggers /query to see if your trigger is ready.

You now need to tweak this to match the event ID number for Account lock out in Windows 2003 which you can Google / check in your event logs

Looks like 644 (as per https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=644)
Matteo BordignonAuthor Commented:
Ok thank you I configure all but there is a problem.
On the Event Viewer - Security : there is no event with code 644. And today I tried a lot of time to lock a user domain account.
Another question is: the creation of eventtriggers will lost if I reboot the server?
Alexandre MichelManager; IT ConsultantCommented:
I don't have a Windows server 2003 to play with.
You should be able to find the Event ID number in the Security Logs of your server . Try 539, 552. Look for any events of interest and use it for a trigger with above process

It is a long time since I used EventTrigger but from memory, EventTriggers runs under the account name of the logged on user.

Here are more example here: http://www.computerperformance.co.uk/Logon/VBScript/eventtriggers.htm 

Have also a look at Account Lockout Tools from Microsoft.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Alexandre MichelManager; IT ConsultantCommented:
Caution: Do not use this tool (MS Lockout Tools) on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
Matteo BordignonAuthor Commented:
Ok it  work but in the mail I have to know the details of which account is locked,date,time. With bmail.exe I can only set a default body or subject.
Alexandre MichelManager; IT ConsultantCommented:
Matteo

Did you try to run the script in http://www.computerperformance.co.uk/Logon/VBScript/eventtriggers.htm ?

Part of the code is as follow

For Each objEvent in colLoggedEvents
txt = txt & objEvent.TimeWritten & vbCRLF & objEvent.ComputerName & vbCRLF & objEvent.Type & vbCRLF & _
objEvent.EventCode & vbCRLF & objEvent.Message & "http://eventid.net/display.asp?eventid" & _
vbCRLF & objEvent.User & vbCRLF & vbCRLF
 
That looks like it will include a lot of details from the error message???

Syntax of EventTrigger: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490901(v=technet.10) 

Sorry, I don't have a Windows 2003 server to test for you, but hopefully you are on the right track with the info above

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alexandre MichelManager; IT ConsultantCommented:
Proposed solution answers the query
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.