KBI 311152 How To Check If A Domain User Is Locked Out
Version
Argent Advanced Technology all versions
Date
Wednesday, 14 Jan 2015
Summary
Steps to configure a Rule in Argent for Compliance to check if the specified domain user is locked out
Technical Background
User accounts may get locked out due to invalid login attempts or any other reasons
A Rule can be configured in Argent for Compliance to check if the specified user is locked out
Steps To Configure The Rule
- Create a new Rule EVT_SECURITY_LOG_ACCOUNT_LOCKOUT in Argent for Compliance under:
General Best Practices -> Server Log Rules -> Windows Event Log Rules -> Security - Select the ‘Security Log’ option in the Event Log section
- Select the ‘Audit Success’ option in the Event Severity section
- Set the Rule breaking criteria by specifying the Event ID equal to 4740
- Add another criteria by specifying the Event Text with the domain account to be checked, as shown in the below screenshot
Once configured, the screen looks as below:
The Rule checks the Event Viewer detailed description and breaks if the specified domain user account (eg. John) is locked out
Resolution
N/A