Banks, credit unions, insurance companies,
The Account Lockout Examiner service account
|If you do not want to grant domain admin rights to the service account, you can create a less priviledged one. To create an account which has all required rights please perfrom the following steps.
On any Domain Controller that has Group policy management:
Step 1. Enable Manage auditing and security log user rights for this account:
Step 3. Enable WMI access
Step 4. Configure DCOM settings
NOTE: steps 3 and 4 might require a reboot to apply new settings
On all machines that need to be examined by Account Lockout Exmainer:
Step 6: Grant the local administrator rights to the service account.
This can be done manually or by means of Group policy. Local admin rights are also necessary to find the root proocess causing invalid logons.