How Do I Create A Rule To Look For Locked Out Accounts?
The Argent for Compliance product can easily be used to accomplish a task such as this
The steps to do this are shown below:
-
Select ‘Control Information‘ tab on the left pane
-
Create a ‘New Windows Event Log Rule‘
-
Please enter a Name for the Rule and click “OK” button
- Click the ‘Add Item‘ button on Optional Event Log Filter tab
-
Enter the details for the Event such as Event Id in this screen and then click “OK” button
-
Enter the Logic to be checked, Event text, Event description etc in ‘Event Text‘ tab
-
An Event is created with fields like Event ID, Event Text etc
-
Create a new Relator, call it ‘ACCOUNT_LOCKOUT_CHECK‘ or something similar, then add the new Rule to it and a Monitoring Group that contains the servers you want to monitor for this condition
-
Setup your schedule as needed through the ‘When To Run‘ tab
-
If you do not want the data to be stored or archived, just check the option ‘Just Monitor‘
