Tuesday, August 21, 2012

Windows Server 2008: E-MAIL AD Account Lockout Notification

today I want to show you one way for Account Lockout Notification, with a schedule task on a event, starting a batch file thats send a mail via blat.exe.

-Download the blat.exe

-Set the Mail server settings with the blat.exe on your server. For help type in blat.exe /?

-Create the LockoutALL.bat and copy the blat.exe to "c:\EventLogs" on your DC.
del c:\EventLogs\4740.txt
wevtutil.exe qe Security /q:*[System[EventID=4740]] /rd:true /c:1 /f:text >> c:\EventLogs\4740.txt
c:\EventLogs\blat.exe c:\EventLogs\4740.txt -to Tim@companyX.com -subject "Account Lockout Company X"

-Create a schedule New task and set Run whether user is logged on or not

-Go to the "Trigger" tab and Select "New", choose "Begin the task: On an event" Event details -> Log: Security,Source Microsoft-Windows-Security-Auditing,Event ID: 4740

-In the "Actions" tab choose the "LockoutALL.bat".

-Save the task.

1 comment:

  1. Please continue this great work and I look forward to more of your awesome blog posts.
    Labyrintoom Berlin