Is there a way to monitor locked NT accounts besides security event logs?. Example query a value somewhere type of thing. My event log runs at least 100 secuirty events per minute so it difficult to use that as a method of monitoring.
Thanks
Monitor Locked accounts
I wrote a batch script to call a DOS utility called "unlock.exe" by joeware.net and redirect results to a text file every minute.
This is the syntax I use - "unlock . <account name> -view > file" this instructs the program to query DC and send the results to file. By default if the program doesn't find any lock accounts the result is "No objects found" which is written to a text file and has a file size of 19 bytes.
If the account queried is locked then the file size is greater than 19 bytes because more data is written to the file.
Using HM I ran two tests. 1) External Test to run batch file to query lock acounts every minute 2) File size greater 19 bytes which ran every 5 minutes.
My domain policy for reseting locked accounts is 1/2 hour which gives me enough time to look through the secuirty logs and trace the culprit who locked my admin or imperative accounts.
<font size=-1>[ This Message was edited by: hamoja on 2003-07-10 23:05 ]</font>
This is the syntax I use - "unlock . <account name> -view > file" this instructs the program to query DC and send the results to file. By default if the program doesn't find any lock accounts the result is "No objects found" which is written to a text file and has a file size of 19 bytes.
If the account queried is locked then the file size is greater than 19 bytes because more data is written to the file.
Using HM I ran two tests. 1) External Test to run batch file to query lock acounts every minute 2) File size greater 19 bytes which ran every 5 minutes.
My domain policy for reseting locked accounts is 1/2 hour which gives me enough time to look through the secuirty logs and trace the culprit who locked my admin or imperative accounts.
<font size=-1>[ This Message was edited by: hamoja on 2003-07-10 23:05 ]</font>