Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2002
    Farnborough, Hampshire, England
    Thanked 0 Times in 0 Posts

    Locked User Account Notification (Windows 2003)

    Our network's security policy is to lock user accounts after 5 unsuccessful logon attempts. Although it creates a bit of admin work and user frustration, it generally works well. However, some "process" accounts (i.e. ones created for a particular purpose rather than a person) also get locked out sometimes, and these locks often go unnoticed until something's gone badly wrong.

    Is there a way of being notified when an account becomes locked?

    I've thought of one possible solution (a batch file running a VB script, that populates a database with locked accounts, that is then interrogated by a reporting system that can send out alerts), but it seems a bit cumbersome, and I wonder if there's a better way. Are there any tools that might help, either built in to Windows or available to buy?

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Quedgeley, Gloucester, England
    Thanked 1 Time in 1 Post

    Re: Locked User Account Notification (Windows 2003

    You may be able to improve on the following BATch file for NT4 from a little time ago...<pre>@echo off
    :: +----------+ test status of GRAJ03 every so often
    :: I UNLOCKME I and unlock the account if found locked
    :: +----------+ John Gray 10FEB1999
    echo %~n0 is intended to run continuously ...
    echo GRAJ03 was unlocked at the following times:
    :: is our account locked out?
    net user graj03 /domain | find "Locked" >nul
    :: if not locked, just wait for a time interval to expire
    if errorlevel 1 goto waitabit
    :: put a time message on the screen
    for /f %%a in ('time /t') do echo GRAJ03 unlocked at %%a
    :: and set the account active again
    net user graj03 /active /domain >nul
    :: then go immediately to test the status
    goto start
    :: wait time where value is[ number of seconds waited + 1]
    ping -n 58 > nul
    goto start</pre>

    This has to be run in a Domain Admins-type account on another machine.

    Note that I write better BATch files 8
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts