Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Report Properties
- Artificial Intelligence Reports
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
- Environment Variables
- Account Lockout Monitoring and Reporting
- Merging Logs
- SSH Shell
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
Account Lockout Monitoring and Reporting
Sever Manager includes several different methods to get notified when an account is locked out.
|Real-Time Security Event Log Monitor
|Subscribes, or optionally scans on a scheduled interval, Security Event Logs for locked out accounts. Monitors Domain Controller Security Event logs for locked out domain accounts and/or monitors stand-alone server Security Event logs for local, non-domain, locked out accounts.
|Active Directory Monitor
|Scan Active Directory on a scheduled interval (e.g. Every 15 Minutes) for locked out domain accounts.
|Scan stand-alone servers on a scheduled interval (e.g. Every 15 Minutes) for local, non-domain, locked out accounts.
|Security Event Log Report
|Scan multiple Domain Controller Security Event logs for domain account lockout history and/or scan multiple stand-alone server Security Event logs for non-domain local account lockout history.
|Active Directory/WMI Report
|Scan multiple domains on a scheduled interval (e.g. Every 15 Minutes) for currently locked out domain accounts and optionally scan multiple stand-alone servers on a scheduled interval (e.g. Every 15 Minutes) for currenlty locked out non-domain local accounts.
How to get notified in real-time when an account is locked out:
Server Manager includes a sample template that monitors Security Event Logs in real-time for event ID 4740: A user account was locked out. This event generates every time a user account is locked out.
- From the Explorer View, navigate to Templates | Sample Templates | Real-Time Monitors then right click on Real-Time Account Lockout Monitor and select Template Properties. The Event Log Monitor Template Properties view displays.
- The Template Properties view contains 6 tabs.
The Options Tab
- Use the Log drop-down to select the specific log to configure. This template only monitors the Security Event Log.
- Use the Rules controls to assign the filter and actions. Double-click the existing rule. The Log Monitor Rule displays.
- Notice, the Account Locked Out filter, which searches for all 4740 Event IDs, is assigned and the Email - Account Locked Out action, which sends an email along with the account name that was locked out in the subject, is assigned.
- When monitoring domain controllers, assign a single domain controller from each domain in the forest to this template.
- When monitoring stand-alone servers, assign each stand-alone server to this template template.