Access Denied: Email Notification About Security Events

Get answers to your security-related Win2K questions

[Editor's Note: Do you have a security-related question about Windows 2000? Send it to [email protected], and you might see the answer in this column!]

I want to be notified by email daily about suspicious security events, such as event ID 644 (User account locked out). How can I set up this notification?

To set up notification, you need to use the Schedule service, the Dumpel (dumpel.exe) tool from the Windows 2000 Server Resource Kit, and a freeware utility named Blat, which you can download from http://www.interlog .com/~tcharron/blat.html. First, create a batch file that uses dumpel.exe to record all occurrences of event ID 644 in a given day. Add a command to the batch file that uses Blat to email the file to your Inbox. Use the format

dumpel -e 517 -l security -m   security -format Idts -fevent.txtblat event.txt [email protected] -s"Yesterday's Account Lockouts"-f [email protected] -isomeserver -serversmtp.yourcompany.com

Then, choose Start, Accessories, System Tools, Scheduled Tasks to schedule your batch file's daily execution.