Get answers to your security-related Win2K questions

\[Editor's Note: Do you have a security-related question about Windows 2000? Send it to rsmith@montereytechgroup.com, and you might see the answer in this column!\]

I want to be notified by email daily about suspicious security events, such as event ID 644 (User account locked out). How can I set up this notification?

To set up notification, you need to use the Schedule service, the Dumpel (dumpel.exe) tool from the Windows 2000 Server Resource Kit, and a freeware utility named Blat, which you can download from http://www.interlog .com/~tcharron/blat.html. First, create a batch file that uses dumpel.exe to record all occurrences of event ID 644 in a given day. Add a command to the batch file that uses Blat to email the file to your Inbox. Use the format

dumpel -e 517 -l security -m
   security -format Idts -f
        event.txt
blat event.txt -t
yourname@yourcompany.com -s
"Yesterday's Account Lockouts"
-f yourname@yourcompany.com -i
someserver -server
smtp.yourcompany.com

Then, choose Start, Accessories, System Tools, Scheduled Tasks to schedule your batch file's daily execution.