Table of Contents
- Getting Started
- Agent-Based Monitoring
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Windows Update Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Azure Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Executable Timeline
- Command Line Interface
- Troubleshooting
- Terminology
Account Lockout Reports
Account Lockout Reporting is the process of scanning Active Directory for currently locked out Windows accounts, scanning Windows machines for locally locked out accounts and scanning Windows Security Event Logs for Event ID 4740 (A user account was locked out.) and 4767 (A user account was unlocked.), then finally reporting the results in Corner Bowl Server Manager, through email or by saving to a file such as a CSV, HTML or PDF file.
Sever Manager includes two different account lockout reports.
Type | Description |
---|---|
Security Event Log Account Lockout Report |
Scans multiple Domain Controller Security Event Logs for domain account lockout history event IDs 4740 and 4767 and, optionally, scans multiple stand-alone Windows Security Event Logs for non-domain local account lockout history. This report is typically used for auditing and compliance. |
Account Lockout Report (Active Directory/WMI) |
Scans Active Directory Windows Domains for currently locked out domain accounts and, optionally, scans multiple Windows machines for currently locked out non-domain local accounts. LDAP is used to scan Active Directory Windows Domains and WMI is used to scan Windows machines. This report is typically used for real-time troubleshooting and network administration. |
Security Event Log Account Lockout Report
Server Manager includes a sample report that scans the Security Event Logs in the Centralized Log Database for lockout history event IDs 4740 and 4767.
![]() |
Event Log Consolidation must be enabled for each target domain controller and stand-alone server. |
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report then select Properties. The Properties View displays.
- The Properties View contains 7 configuration tabs.
The Columns Tab
Use the Columns Tab to enable and disable specific columns from the report as well as set the column order, sort order, and grouping options. For more information see: Report Columns
The Options Tab
Type | Description | ||||
---|---|---|---|---|---|
Show account lockout history |
Shows all 4740s then overlays corresponding 4767 events to show the total number of times an account has been locked out and how many times an administrator has unlocked the account.
|
||||
Show account lockouts not manually unlocked | Hides all 4740 Events that have a corresponding 4767 Event. |
Account Lockout Report (Active Directory/WMI)
Server Manager includes a sample report that scans Active Directory and stand-alone servers for accounts currently locked.
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report (Active Directory/WMI) then select Properties. The Properties View displays.
- The Properties View contains 4 configuration tabs.
The Options Tab
- Use the Scan Active Directory for locked out domain accounts check box to scan Active Directory then use the Directory Service drop-down to select the domain to monitor.
- Use the Scan assigned machines for locked out local accounts check box to scan stand-alone servers for locked out non-domain local accounts.
Host Assignment
-
Use the Assignments View to assign each target host and host group.
Only assign stand-alone servers to this report if you are generating a report of non-domain account lockouts. Do not assign any hosts if you are only monitoring domain accounts.