\[Editor's Note: Do you have a security-related question about Windows 2000? Send it to firstname.lastname@example.org, and you might see the answer in this column!\]
I want to be notified by email daily about suspicious security events, such as event ID 644 (User account locked out). How can I set up this notification?
To set up notification, you need to use the Schedule service, the Dumpel (dumpel.exe) tool from the Windows 2000 Server Resource Kit, and a freeware utility named Blat, which you can download from http://www.interlog .com/~tcharron/blat.html. First, create a batch file that uses dumpel.exe to record all occurrences of event ID 644 in a given day. Add a command to the batch file that uses Blat to email the file to your Inbox. Use the format
security -format Idts -f
blat event.txt -t
"Yesterday's Account Lockouts"
-f email@example.com -i
Then, choose Start, Accessories, System Tools, Scheduled Tasks to schedule your batch file's daily execution.