Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Best Practices
- Terminology
Account Lockout Reports
Account Lockout Reporting is the process of scanning Active Directory for currently locked out Windows accounts, scanning Windows machines for locally locked out accounts and scanning Windows Security Event Logs for Event ID 4740 (A user account was locked out.) and 4767 (A user account was unlocked.), then finally reporting the results in Corner Bowl Server Manager, through email or by saving to a file such as a CSV, HTML or PDF file.
Sever Manager includes two different account lockout reports.
| Type | Description |
|---|---|
| Security Event Log Account Lockout Summary Report | Scans multiple Domain Controller Security Event Logs for domain account lockout history event IDs 4740 and 4767 and, optionally, scans multiple stand-alone Windows Security Event Logs for non-domain local account lockout history. This report is typically used for auditing and compliance. |
| Security Event Log Account Lockout History Report | Scans all assigned Security Event Logs for event ID 4740. This report is typically used for auditing and compliance. |
| Account Lockout Report (Active Directory/WMI) | Scans Active Directory Windows Domains for currently locked out domain accounts and, optionally, scans multiple Windows machines for currently locked out non-domain local accounts. LDAP is used to scan Active Directory Windows Domains and WMI is used to scan Windows machines. This report is typically used for real-time troubleshooting and network administration. |
Security Event Log Account Lockout Summary Report
Server Manager includes a sample report that scans the Security Event Logs in the Centralized Log Database for lockout history event IDs 4740 and 4767.
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report then select Properties. The Properties View displays.
- The Properties View contains 7 configuration tabs.
The Columns Tab
Use the Columns Tab to enable and disable specific columns from the report as well as set the column order, sort order, and grouping options. For more information see: Report Columns
The Options Tab
| Type | Description |
|---|---|
| Show account lockout history | Shows all 4740s then overlays corresponding 4767 events to show the total number of times an account has been locked out and how many times an administrator has unlocked the account. Important Windows only logs 4767 account unlock events when an Administrator manually unlocks an account. Windows does not log a 4767 account unlock event each time an account is automatically unlocked. Note When this option is selected, the last administrator to unlock the account is listed. |
| Show account lockouts not manually unlocked | Hides all 4740 Events that have a corresponding 4767 Event. |
Security Event Log Account Lockout History Report
Server Manager includes a pre-built generic Event Log Report that uses regular expressions to parse event ID 4740.
To view the sample Template:
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout History then select Properties. The Properties View displays.
Account Lockout Report (Active Directory/WMI)
Server Manager includes a sample report that scans Active Directory and stand-alone servers for accounts currently locked.
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report (Active Directory/WMI) then select Properties. The Properties View displays.
- The Properties View contains 4 configuration tabs.
The Options Tab
- Use the Scan Active Directory for locked out domain accounts check box to scan Active Directory then use the Directory Service drop-down to select the domain to monitor.
- Use the Scan assigned machines for locked out local accounts check box to scan stand-alone servers for locked out non-domain local accounts.
Host Assignment
- Use the Assignments View to assign each target host and host group.