How to configure real-time alert on the User Lockout events

Configure Real-time Alert User Lockout Events
Email It to Me Print this Page
Question How to configure a real-time alert on the User Lockout events?
Answer

To configure a real-time alert on the User Lockout event, do the following:

  • For Windows 2003 domain controllers:
  1. In NetWrix Enterprise Management Console left pane, navigate to <your managed object> / Event Log Manager and right-click the Real-time Alerts folder.
  2. In the New Real-Time Alert Wizard first screen, specify the alert name (for example, User Lockout 2003) and click Next
  3. On the next step, click Add in the Event filters grid. The Event Filters dialog will open.
  4. On the Event tab, select Security from the Event Log drop-down menu.
  5. On the Event Fields tab, specify the Event ID: 644
  6. Click OK in the Event Filters dialog. 
  7. If necessary, specify recipients of this alert other than the Event Summary recipients.
  8. Click the Edit button next to the Customize alert notification template label.
  9. In the Edit Notification Template dialog, remove the last 3 strings from the bottom of the template and add the following strings:
<br>
-------------------
<br>
<b>Account That Was Locked Out:</b> %String4%\%String0%<br>
<b>Caller Computer Name:</b> %String1%<br>
  1. Click OK to save the template, and then Next on the wizard screen.
  2. Review your new alert settings and click Finish.
  • For Windows 2008 domain controllers:
  1. In NetWrix Enterprise Management Console left pane, navigate to <your managed object> / Event Log Manager and right-click the Real-time Alerts folder.
  2. In the New Real-Time Alert wizard first screen, specify the alert name (for example, User Lockout 2008) and click Next
  3. On the next step, click Add in the Event filters grid. The Event Filters dialog will open.
  4. On the Event tab, select Security from the Event Log drop-down menu.
  5. On the Event Fields tab, specify the Event ID: 4740
  6. Click OK in the Event Filters dialog. 
  7. If necessary, specify recipients of this alert other than the Event Summary recipients.
  8. Click the Edit button next to the Customize alert notification template label.
  9. In the Edit Notification Template dialog, remove the last 3 strings from the bottom of the template and add the following strings:
<br>
-------------------
<br>
<b>Account That Was Locked Out:</b> %String5%\%String0%<br>
<b>Caller Computer Name:</b> %String1%<br>
  1. Click OK to save the template, and then Next on the wizard screen.
  2. Review your new alert settings and click Finish.
Was this information helpful?