MonitorWare Knowledge Base

I have a group policy set up that will lock a user out of their account if they have more than 5 failed logins within a 3 minutes period. The user will remain locked out until they contact me, and I unlock them. However, due to the sensitive nature of our domain, and securty's desire to catch anyone who attempts to logon without proper authorization, I would like to find a way to be immediately notified whenever a user is locked out. After reading the article, it seems that I would have to keep the event viewer open all the time and keep checking it for the event.

Can Windows alert me, in a more obvious way, if the event occurs on my domain?

90% of the time I am running a particular company application. Can I programmatically detect the event within the application (preferrably using C++ managed or unmanaged) ?

Of course, everything can be programmed ... in fact, we have already done so within our products. You may want to consider them before investing time to look at the APIs and nits.

Our products EventReporter http://www.eventreporter.com and MonitorWare Agent http://www.mwagent.com can do what you are looking for. In your case, it looks like EventReporter is the best fit. There are 30 day full-featured trial versions available on the web site, so you may want to give it a try.

I've also found a related article which might be of interest for you:

http://www.mwagent.com/Common/en/stepby ... -MWA12.php

It is not covering exactly your scenario, but I think it is easy to adopt to yours.

Best regards,
Rainer Gerhards
Adiscon