Version 220.127.116.11: Includes modified rules to exclude computer accounts. The Mobieus™ – Windows General Security Management Pack (18.104.22.168) is a simple management pack designed to Alert on specific types of logon failures:
- Logon Failure – User Account Locked Out
- Logon Failure – Account Disabled
- Logon Failure – Expired Password
- Logon Failure – Bad Password
- Logon Failure – Logon Does Not Exist
The management pack targets the Windows Server Operating System. By default the Security log on any server monitored by System Center Operations Manager will be monitored for an Audit Failure for Event ID 4625 and with a specific Sub Status code.
1. Tested on SP1 and R2 management groups.
2. The management pack only Alerts on User Accounts.
3. The Alerts are configured to capture both the Target Username and Workstation Name for easier viewing. Just be sure to Personalize your Alert view and enable Custom Field 1 and Custom Field 2.
4. Alert Suppression has also been enabled to reduce Alert storms – Target Username and Workstation Name are the default criteria.
Connect with Mobieus Solutions: