How Do I Create A Rule To Look For Locked Out Accounts?

The Argent for Compliance product can easily be used to accomplish a task such as this

The steps to do this are shown below:

  1. Select ‘Control Information‘ tab on the left pane

  2. Create a ‘New Windows Event Log Rule

  3. Please enter a Name for the Rule and click “OK” button

  4. Click the ‘Add Item‘ button on Optional Event Log Filter tab
  5. Enter the details for the Event such as Event Id in this screen and then click “OK” button

  6. Enter the Logic to be checked, Event text, Event description etc in ‘Event Text‘ tab

  7. An Event is created with fields like Event ID, Event Text etc

  8. Create a new Relator, call it ‘ACCOUNT_LOCKOUT_CHECK‘ or something similar, then add the new Rule to it and a Monitoring Group that contains the servers you want to monitor for this condition

  9. Setup your schedule as needed through the ‘When To Run‘ tab

  10. If you do not want the data to be stored or archived, just check the option ‘Just Monitor