You will need to grant them the necessary permissions to read the event logs,
which is covered in the following article:
http://support.microsoft.com/kb/323076.

I do not suggest you grant them read access to the security log on domain
controllers in order to grant them the ability to use eventcomb to search
event logs for lockouts. Although this is only read access, you need to
factor in the additional load eventcomb places on a server. You will be
granting the helpdesk the ability to run inefficient queries against your
domain controllers. They will also be able to target event viewer to a DC and
search the security log directly.

You can use System Center Operations Manager to capture event log entries
and build a view so that the helpdesk can view the account lockouts. If your
company does not have System Center Operations Manager or MOM installed,
consider scheduling a task yourself that runs when you need it to and that
dumps the events you need to a file. Then have the helpdesk query the file.

You will need to grant them the necessary permissions to read the event logs,
which is covered in the following article:
http://support.microsoft.com/kb/323076.

I do not suggest you grant them read access to the security log on domain
controllers in order to grant them the ability to use eventcomb to search
event logs for lockouts. Although this is only read access, you need to
factor in the additional load eventcomb places on a server. You will be
granting the helpdesk the ability to run inefficient queries against your
domain controllers. They will also be able to target event viewer to a DC and
search the security log directly.

You can use System Center Operations Manager to capture event log entries
and build a view so that the helpdesk can view the account lockouts. If your
company does not have System Center Operations Manager or MOM installed,
consider scheduling a task yourself that runs when you need it to and that
dumps the events you need to a file. Then have the helpdesk query the file.