Table of Contents
- Introduction
- System Requirements
- Assign Service Logon As Credentials
- Server Configuration
- Agent-Based Monitoring
- Data Providers
- Directory Services
- Audit Work Items
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Script Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- SNMP
- SSH Shell
- Exporting and Importing Configuration Objects
- Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Azure Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Executable Timeline
- Command Line Interface
- Troubleshooting
- Terminology
Account Lockout Monitor Template
Sever Manager includes several different methods to get notified when an account is locked out.
| Type | Description |
|---|---|
| Real-Time Security Event Log Monitor | Subscribes, or optionally scans on a scheduled interval, Security Event Logs for locked out accounts. Monitors Domain Controller Security Event logs for locked out domain accounts and/or monitors stand-alone server Security Event logs for local, non-domain, locked out accounts. |
| Active Directory Monitor | Scan Active Directory on a scheduled interval (e.g. Every 15 Minutes) for locked out domain accounts. |
| WMI Monitor | Scan stand-alone servers on a scheduled interval (e.g. Every 15 Minutes) for local, non-domain, locked out accounts. |
| Security Event Log Report | Scan multiple Domain Controller Security Event logs for domain account lockout history and/or scan multiple stand-alone server Security Event logs for non-domain local account lockout history. |
| Active Directory/WMI Report | Scan multiple domains on a scheduled interval (e.g. Every 15 Minutes) for currently locked out domain accounts and optionally scan multiple stand-alone servers on a scheduled interval (e.g. Every 15 Minutes) for currenlty locked out non-domain local accounts. |
How to get notified in real-time when an account is locked out:
For more information see Account Lockout Monitoring and Reporting
How to scan Active Directory for locked out domain accounts:
Server Manager includes a sample template that scans Active Directory for locked out accounts.
- From the Explorer View, navigate to Templates | Sample Templates | Account Lockout Monitors then right click on Domain Account Lockout Monitor and select Template Properties. The Account Lockout Monitor Template Properties view displays.
- The Template Properties view contains 4 tabs.
The Options Tab
- Select the Monitor Active Directory option to monitor Active Directory only.
- Use the Directory Service drop-down to select the domain to monitor.
Host Assignment
-
Assign the template to either of one your domain controllers or the localhost.
Assigning this template to multiple hosts will result in duplicate Active Directory scans and duplicate triggers.
How to scan stand-alone servers for local, non-domain, locked out accounts with WMI:
- From the Explorer View, navigate to Templates | Sample Templates | Account Lockout Monitors then right click on Server Account Lockout Monitor and select Template Properties. The Account Lockout Monitor Template Properties view displays.
-
The Template Properties view contains 4 tabs.
- General
- Options
- User Filters
- Actions
The Options Tab
- Select the Monitor assigned machines option to monitor servers and workstations for local accounts that have been locked out.
Host Assignment
-
Assign each server and workstation you want to monitor local accounts on.
Assigning this template to a domain controller only results in local account triggers. Domain accounts will not be included in the triggers.