Author: Shavlik
Category: Information
Inputs: None
Minimum ITScripts engine version required: 8.0.0.0
Modifies the target machine: No
Name: Get GPO Account Lockout Settings
Outputs: GPO account lockout settings are written to a CSV file
Purpose: This script queries the target machine(s) for GPO-based account lockout settings.
Script Version: 1.0.0.5
Target Type: Any
Technical Description:
The script will output the following information:
- Machine Name
- Setting name: Possible values are:
Account lockout duration (Time in minutes - If 0 requires the admin to unlock the account)
Account lockout threshhold (Number of invalid attempts)
Reset account lockout counter after (Time)
- Setting Value: Shows the setting and the units. For special cases (for example, if duration is set to 0) the script will provide an explanation of the setting.
The script will provide descriptive errors if it fails to connect to a machine or fails to get account lockout settings.
Note: To manually monitor a target machine, open Microsoft Management Console (MMC) and go to: local computer policywindows setttingssecurity settingsaccount policies.
Possible Operations Monitor results include:
"WMI connection to the target machine failed. Access is denied."
"WMI connection to the target machine failed. The machine may be offline or firewalled."
"Unable to get GPO lockout settings from a computer in a workgroup"
"Success"