A user account was locked out Event ID 4740

The indicated user account was locked out after repeated logon failures due to a bad password.

See event ID 4767 for account unlocked.

This event is logged both for local SAM accounts and domain accounts.

Example 4740

A user account was locked out.

Subject:

   Security ID:  SYSTEM

   Account Name:  WIN-R9H529RIO4Y$

   Account Domain:  WORKGROUP

   Logon ID:  0x3e7

Account That Was Locked Out:

   Security ID:  WIN-R9H529RIO4Y\John

   Account Name:  John

Additional Information:

   Caller Computer Name: WIN-R9H529RIO4Y

Solution :

To unlock a user’s account, find AD user object, open the properties, go to the Account tab, check “Unlock account.

This account is currently locked out on this Active Directory Domain Controller” and press OK.

Using Command

Check Status:

Check that the user account is locked. To do this, run the following PowerShell one-liner:

Get-ADUser -Identity bjackson -Properties LockedOut | Select-Object samaccountName,Lockedout| ft -AutoSize

The account is locked (Lockedout=True).

To unlock a user account, you can use the cmdlet:

Unlock-ADAccount bjackson –Confirm

To confirm unlock account press Y, then Enter.

Now the user can login to the domain computer or server under his account. To Unlock Bulk Users Account Download Bulk AD Users Software For Free

Events List:

4720(S): A user account was created.

4722(S): A user account was enabled.

4723(S, F): An attempt was made to change an account’s password.

4724(S, F): An attempt was made to reset an account’s password.

4725(S): A user account was disabled.

4726(S): A user account was deleted.

4738(S): A user account was changed.

4740(S): A user account was locked out.

4765(S): SID History was added to an account.

4766(F): An attempt to add SID History to an account failed.

4767(S): A user account was unlocked.

4780(S): The ACL was set on accounts which are members of administrators groups.

4781(S): The name of an account was changed.

4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.

4798(S): A user’s local group membership was enumerated.

5376(S): Credential Manager credentials were backed up.

5377(S): Credential Manager credentials were restored from a backup.

Security Monitoring Recommendations

Is It Helpful ? Yes/NO Reply in comment box !

Nagios Open Source Network Monitoring System(NMS)

 

Nagios -network monitoring system offers complete monitoring and alerting for servers, switches, applications, and services.

Installation

Web server

Decide which web server will be to used and set it up:

  • Apache with PHP
  • Lighttpd with PHP
  • Nginx with PHP and fcgiwrap

Once finished return here to and continue reading.

USE flags

Set the proper USE flags for Nagios before it emerging it:

USE flags for net-analyzer/nagios-core  Nagios core – monitoring daemon, web GUI, and documentation

apache2Add Apache2 support
classicuiuse the classic web theme
lighttpdinstall www-servers/lighttpd config
perlAdd optional support/bindings for the Perl language
vim-syntaxPulls in related vim syntax scripts
webenable web interface

Data provided by the Gentoo Package Database · Last update: 2020-01-15 03:54More information about USE flags

Do not forget to enable the right USE flags for Nagios plugins (net-analyzer/nagios-plugins).

Emerge

Finally install net-analyzer/nagios:root #emerge --ask net-analyzer/nagios

Configuration

Apache

Enable the Nagios module for Apache: FILE /etc/conf.d/apache2

'"`UNIQ--pre-00000001-QINU`"'

Since Nagios requires PHP for its web interface, it may needed to be enabled as well if it has not been previously. One way is to simply add -D PHP5 to APACHE2_OPTS and edit /etc/php/apache2-php<YOUR_PHP_VERSION>/php.ini This should be fine unless PHP is needed for purposes other than hosting Nagios.

If using Apache 2.4 (which is still marked unstable as of April 2015) the /etc/apache2/modules.d/99_nagios3.conf file may need to be modified to fit the new authorization directives of Apache 2.4.

Remember to add the apache user to group nagios:root #usermod -a -G nagios apache

Restart the Apache service to have it recognize the group change:root #rc-service apache2 restart

Lighttpd

Enable the Nagios configuration for Lighttpd: FILE /etc/lighttpd/lighttpd.conf

include "nagios.conf"

Configure authentication. More information on how to set this up can be found in the Lighttpd documentation. FILE /etc/lighttpd/nagios.conf

$HTTP["url"] =~ "nagios" {
    auth.backend ="plain"    # The password is stored as plain text as user:password in...
    auth.backend.plain.userfile = "/etc/nagios/passwd"  # this file
    auth.require = ( "" => (
        "method" => "digest",
        "realm" => "nagios",
        "require" => "user=nagiosadmin"
        )
    )
    setenv.add-environment = ( "REMOTE_USER" => "user" )
}

Restart the Lighttpd service:root #rc-service lighttpd restart

Nginx

See the Nginx guide before continuing if you don’t have it already setup.

Emerge www-servers/spawn-fcgi and www-misc/fcgiwrap:root #emerge --ask www-servers/spawn-fcgi www-misc/fcgiwrap

Next, create an init script for a spawn-fcgi instance dedicated to nagios:root #ln -s /etc/init.d/spawn-fcgi /etc/init.d/spawn-fcgi.nagiosroot #cp /etc/conf.d/spawn-fcgi /etc/conf.d/spawn-fcgi.nagios

Then, configure our spawn-fcgi instance to launch fcgiwrap and listen on a unix socket: FILE /etc/conf.d/spawn-fcgi.nagios

# edit these variables:
FCGI_SOCKET=/run/fcgiwrap.nagios.socket
FCGI_USER=nagios
FCGI_GROUP=nginx
FCGI_EXTRA_OPTIONS="-M 0660"
FCGI_PORT= # must be empty for the socket to work
FCGI_PROGRAM=/usr/sbin/fcgiwrap

Don’t forget to add spawn-fcgi.nagios to the default runlevel and start it:root #rc-update add spawn-fcgi.nagios defaultroot #rc-service spawn-fcgi.nagios start

You may need to change the owner of the /var/nagios folder, so fcgiwrap can access it:root #chown nagios:nagios /var/nagios

Nginx can now be configured to serve our nagios instance. Here’s an example configuration snippet for nginx, assuming you have defined a php upstream: FILE /etc/nginx/nginx.conf

location /nagios {
        alias /usr/share/nagios/htdocs;

        location ~ \.php$ {
                # Filter out arbitrary code execution
                location ~ \..*/.*\.php$ {return 404;}
                fastcgi_pass php;
                include fastcgi.conf;
                fastcgi_param SCRIPT_FILENAME $request_filename;
        }

        location /nagios/cgi-bin/ {
                root /usr/lib/;
                include /etc/nginx/fastcgi_params;
                fastcgi_param  AUTH_USER nagiosadmin;
                fastcgi_param  REMOTE_USER nagiosadmin;
                if ($uri ~ "\.cgi$"){
                        fastcgi_pass unix:/run/fcgiwrap.nagios.socket-1;
                }
        }
}

Permissions

Add the user name(s) to the nagios group, whom are allowed access to the Nagios service:root #gpasswd -a <USER_NAME> nagios

Once done, completely sign out from all shells and re-login for the update to apply.

Boot service

Start Nagios:root #rc-service nagios start

To start Nagios at boot time, add it the default runlevel:root #rc-update add nagios default

Testing

Open a browser and navigate to http://localhost/nagios

Troubleshooting

See also

TAGS | Fully Automated Nagios | DLIGHT

post your views on comment box !