Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
The Account Lockout Examiner service account
Rights and permissions required for the Account Lockout Examiner service account. If you do not want to grant the service account a domian admin
KB1396 | Last review: Sep 07, 2017 | Netwrix Account Lockout Examiner | All versions
|If you do not want to grant domain admin rights to the service account, you can create a less priviledged one. To create an account which has all required rights please perfrom the following steps.
On any Domain Controller that has Group policy management:
Step 1. Enable Manage auditing and security log user rights for this account:
Step 3. Enable WMI access
Step 4. Configure DCOM settings
NOTE: steps 3 and 4 might require a reboot to apply new settings
On all machines that need to be examined by Account Lockout Exmainer:
Step 6: Grant the local administrator rights to the service account.
This can be done manually or by means of Group policy. Local admin rights are also necessary to find the root proocess causing invalid logons.
Was this information helpful?