Tuesday, August 21, 2012

Windows Server 2008: E-MAIL AD Account Lockout Notification

Hi,
today I want to show you one way for Account Lockout Notification, with a schedule task on a event, starting a batch file thats send a mail via blat.exe.

-Download the blat.exe

-Set the Mail server settings with the blat.exe on your server. For help type in blat.exe /?

-Create the LockoutALL.bat and copy the blat.exe to "c:\EventLogs" on your DC.
AccountLockoutSend.bat
del c:\EventLogs\4740.txt
wevtutil.exe qe Security /q:*[System[EventID=4740]] /rd:true /c:1 /f:text >> c:\EventLogs\4740.txt
c:\EventLogs\blat.exe c:\EventLogs\4740.txt -to Tim@companyX.com -subject "Account Lockout Company X"

-Create a schedule New task and set Run whether user is logged on or not




















-Go to the "Trigger" tab and Select "New", choose "Begin the task: On an event" Event details -> Log: Security,Source Microsoft-Windows-Security-Auditing,Event ID: 4740























-In the "Actions" tab choose the "LockoutALL.bat".



















-Save the task.