\[Editor's Note: Do you have a security-related question about Windows 2000? Send it to [email protected], and you might see the answer in this column!\]
I want to be notified by email daily about suspicious security events, such as event ID 644 (User account locked out). How can I set up this notification?
To set up notification, you need to use the Schedule service, the Dumpel (dumpel.exe) tool from the Windows 2000 Server Resource Kit, and a freeware utility named Blat, which you can download from http://www.interlog .com/~tcharron/blat.html. First, create a batch file that uses dumpel.exe to record all occurrences of event ID 644 in a given day. Add a command to the batch file that uses Blat to email the file to your Inbox. Use the format
dumpel -e 517 -l security -m security -format Idts -f event.txt blat event.txt -t [email protected] -s "Yesterday's Account Lockouts" -f [email protected] -i someserver -server smtp.yourcompany.com
Then, choose Start, Accessories, System Tools, Scheduled Tasks to schedule your batch file's daily execution.