NetWrix Account Lockout Examiner

Version 4.0

User Guide

NetWrix Account Lockout Examiner

Table of Contents
Introduction ........................................................................................................................................... 1 Product Architecture .......................................................................................................................... 1 About Security Roles .......................................................................................................................... 2 Default Installation Folders, Virtual Directory, and Startup Shortcuts .............................................. 2 Using Product ......................................................................................................................................... 3 Using Admin Console ......................................................................................................................... 3 Overview......................................................................................................................................... 3 Examining Account Lockout Reasons ............................................................................................. 4 Unlocking Accounts and Resetting Passwords ............................................................................... 5 Using Help Desk Portal ....................................................................................................................... 5 Accessing Help Desk Portal ............................................................................................................ 5 Overview......................................................................................................................................... 6 Examining Account Lockout Reasons ............................................................................................. 6 Unlocking Accounts and Resetting Passwords ............................................................................... 6

Contacting NetWrix Support If you have any questions please feel free to contact the NetWrix support team. NetWrix provides unlimited phone and email support for customers who purchase the commercial version (including evaluation). In addition, on the NetWrix Support Forum, a limited support is provided for customers who use the freeware version. Disclaimer The information in this publication is furnished for information use only, does not constitute a commitment from NetWrix Corporation of any features or functions discussed and is subject to change without notice. NetWrix Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. 2011 NetWrix Corporation. All rights reserved. www.netwrix.com

Page | ii

NetWrix Account Lockout Examiner

Introduction
NetWrix Account Lockout Examiner (also known as Account Lockout Examiner or ALE) is a clientserver application that allows you to efficiently handle account lockout issues and automate all related routine operations. Account Lockout Examiner can do the following:

Monitor Security Event Logs on specific domain controllers in your network, and basing on this information, detect account lockouts in real-time. Automatically notify you about account lockouts before business critical services go down. Automatically scan system services, scheduled tasks, mapped network drives, and other places where user accounts can be used. Unlock account on domain controller where it was locked as soon as you fixed the lockout reason (e.g. if you have updated service account or remapped network drive), and let Active Directory replicate this change to other domain controllers.

This guide is intended to assist you to use the product.

Product Architecture
Account Lockout Examiner is made up of one server component (NetWrix Framework Service) and two client components (Lockout Examiner Console and Help Desk Portal): 1. Lockout Examiner Console (hereafter Admin Console) A snap-in that allows you to configure the product and perform operations on accounts. 2. Help Desk Portal A Web service that allows the help desk representatives to remotely perform operations on accounts. 3. NetWrix Account Lockout Examiner Service (hereafter ALE Service) A service that processes requests sent by Help Desk Portal or Admin Console.

In this guide, the computer running NetWrix Account Lockout Examiner Service is referred to as management server.

Page | 1

NetWrix Account Lockout Examiner

About Security Roles

The product uses the role-based security model that allows administrators to assign access permissions to users based on their roles rather than on their individual identities. A role is a category of users who share the same security privileges. There are two security roles in ALE: Security Role Administrator Description Provides complete and unrestricted access to all features and permission to configure the product settings. Allows the role members to unlock accounts and reset passwords using Admin Console or Help Desk Portal. Predefined Members Local Administrators on the computer where ALE is installed. The NetWrix Account Help Desk group in the domain where ALE is installed.

Help Desk Operator

This guide describes only operations available for members of the Help Desk Operator role.

Default Installation Folders, Virtual Directory, and Startup Shortcuts

The product and related components are installed in the following folders:

On the management server: %ProgramFiles%\NetWrix\Account Lockout Examiner. Commonly, the default value of %ProgramFiles% is set to C:\Program Files on 32-bit systems, and to C:\Program Files (x86) on 64-bit systems.

Help Desk Portal is installed in the ALE virtual directory (Default Web site) in Internet Information Services running on the local computer. The related files are installed into the %ProgramFiles%\NetWrix\Account Lockout Examiner\Web folder. The product installation adds the following shortcuts to the Start menu on the management server, that let you run Admin Console and Help Desk Portal:

Start > All Programs > NetWrix > Account Lockout Examiner > Account Lockout Examiner for Admin Console. Start > All Programs > NetWrix Freeware > Account Lockout Examiner > Help Desk Portal for Help Desk Portal.

Page | 2

NetWrix Account Lockout Examiner

Using Product
This chapter is intended for Help Desk operators using ALE. It describes how to efficiently troubleshoot the account lockout problems using Admin Console and Help Desk Portal.

Using Admin Console

This section describes the Admin Console main window and explains how to use it to monitor the state of accounts, examine possible reasons of account lockouts and resolve these issues.

Overview
You can start Admin Console on the management server using its startup shortcut (see Default Installation Folders, Virtual Directory, and Startup Shortcuts). The Admin Console main window is shown in the following screenshot:

Using this window, you can:

Unlock accounts and reset passwords. Under All accounts, view list of locked accounts and accounts that have been recently unlocked. Under Monitored Domain Controllers, view list of managed domain controllers and their audit and connection statuses. These lists are automatically refreshed every minute. Optionally, you can manually modify the accounts list using Add/Find and Remove.

Examine information on possible reasons of account lockouts.

Page | 3

NetWrix Account Lockout Examiner

Examining Account Lockout Reasons

Before unlocking an account, it is recommended to examine possible reasons that might cause the account to lock. To view information about account lockout, perform the following steps: 1. From the All accounts list, select the account of interest. 2. On the Action menu, click one of the following commands:

Examine: Displays information on all sessions with operations on this account. Examine on: Displays the same information on all sessions on specific computer.

Information about work sessions for each account is displayed in a dedicated tab:

This tab provides the following elements:

Sessions: Lists registered work sessions. Detailed information on the currently selected session is displayed in the lower pane. Examine: Refreshes the Sessions list. Unlock: Unlocks this account. Reset Password: Resets the account password. Close: Closes this tab.
Page | 4

NetWrix Account Lockout Examiner

Unlocking Accounts and Resetting Passwords

Once you have determined the account lockout reason and fixed the problem, you can unlock account and optionally reset its password. To unlock account

In the product main window, select account, and on the Action menu, click Unlock.

To reset password In the product main window, select account, and on the Action menu, click Reset Password.

You can also perform these operations by clicking the Unlock or Reset Password buttons beneath the main window.

Using Help Desk Portal

This section describes the Help Desk Portal main window and explains how to use it to monitor the state of accounts, examine possible reasons of account lockouts and resolve these issues.

Accessing Help Desk Portal

You can access Help Desk Portal from any network computer that meets the following minimum system requirements:

Silverlight-compatible operating system and browser, such as Internet Explorer 6.0 or later Microsoft Silverlight 3.0 or later

To open Help Desk Portal, perform these steps: 1. In Web browser, open the page at http://%Help Desk Portal% for example, http://ale.mycompany.com/ALE (for more information, see Default Installation Folders, Virtual Directory, and Startup Shortcuts). 2. When prompted, specify a user account used to access the portal.

This account must be a member of the product security roles.

Page | 5

NetWrix Account Lockout Examiner

Overview
The Help Desk Portal main window is shown in the following screenshot:

Using this window, you can: Unlock accounts and reset passwords. View list of currently locked accounts and accounts that have been already unlocked. Examine information on possible reasons of account lockouts.

The accounts list is refreshed every minute. Optionally, you can manually modify this list using Add/Find and Remove, or filter it using elements in the Filer area.

Examining Account Lockout Reasons

Before unlocking an account, it is recommended to examine possible reasons that might cause the account to lock. To view information about account lockout

In the Accounts area, click Examine next to account of interest.

Information about the most recent work session for selected account is displayed in the same window. To view information on all work sessions, in the newly opened window, click All Operations.

Unlocking Accounts and Resetting Passwords

Once you have determined the account lockout reason and fixed the problem, you can unlock account and optionally reset its password. To unlock account or reset its password

In the portal main window, click Unlock or Reset Password, respectively (next to the account of interest).
Page | 6