SIEM, Vulnerability Scanning, Server Monitoring and Compliance Training for IT Professionals
Table of Contents

Windows Account Templates

The Windows Account Templates enable users to scan both Domain Controllers and Stand-Alone Servers for enabled accounts, active accounts and inactive accounts. These Templates are typically used by both network administrators and ISSMs to generate reports of enabled, active and inactive accounts. These Templates can also be used to automatically disable or remove accounts after a period of inactivity.

Active and Inactive Winodws Accounts Tutorial

In this Topic

Sample Templates

The Windows Account Templates are Sample Templates that are implementations of either the PowerShell or Active Directory User Monitor Templates. These Template can be found in the Explorer View in the following location:

Templates | Sample Templates | Windows | Accounts

Important
By default, all of the Local Templates are configured to run on the Management Server. To use these Templates on remotely managed Windows Hosts, the Agent Enabled option must be set. Once set, the Agent must be installed on each remotely managed host.
For more information see: Agent-Based Management

Enabled Local Accounts

The Enabled Local Accounts Template returns a list of all local enabled accounts.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleMicrosoft.PowerShell.LocalAccounts
CommandGet-LocalUser
ArgumentsSelect Name, FullName, Enabled, LastLogon | Where-Object { $_.Enabled }
Enabled Local Windows Accounts Template Properties View
Enabled Local Windows Accounts Template Properties View

Active Local Accounts (90 Days)

The Active Local Accounts Template returns a list of all accounts that have interactively logged in within 90 days.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleMicrosoft.PowerShell.LocalAccounts
CommandGet-LocalUser
ArgumentsSelect Name, FullName, Enabled, LastLogon | Where-Object {$_.Lastlogon -ge (Get-Date).AddDays(-90)}
Active Local Windows Accounts Template Properties View
Active Local Windows Accounts Template Properties View

Inactive Local Accounts

The Inactive Local Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleMicrosoft.PowerShell.LocalAccounts
CommandGet-LocalUser
ArgumentsSelect Name, FullName, Enabled, Lastlogon
Warning TriggerEnabled = true True and LastLogon > 30 Days
Critical TriggerEnabled = true True and LastLogon > 90 Days
Inactive Local Windows Accounts Template Properties View
Inactive Local Windows Accounts Template Properties View

Enabled Domain Accounts

The Enabled Domain Accounts Template returns a list of all enabled domain accounts.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleActiveDirectory
CommandGet-ADUser
Parameters
  • Filter: Enabled -eq $true
  • Properties: lastLogon
ArgumentsSelect samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}}
Enabled Domain Windows Accounts Template Properties View
Enabled Domain Windows Accounts Template Properties View

Active Domain Accounts (90 Days)

The Active Domain Accounts Template returns a list of all accounts that have interactively logged in within 90 days.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleActiveDirectory
CommandGet-ADUser
Parameters
  • Filter: *
  • Properties: lastLogon
ArgumentsSelect samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}} | Where-Object {$_.lastLogon -ge (Get-Date).AddDays(-90)}
Active Domain Windows Accounts Template Properties View
Active Domain Windows Accounts Template Properties View

Inactive Domain Accounts

The Inactive Domain Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the PowerShell Template.

PropertyDescription
TypeCommand
ModuleActiveDirectory
CommandGet-ADUser
Parameters
  • Filter: *
  • Properties: lastLogon
ArgumentsSelect samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}}
Warning TriggerEnabled = true True and LastLogon > 30 Days
Critical TriggerEnabled = true True and LastLogon > 90 Days
Inactive Domain Windows Accounts Template Properties View
Inactive Domain Windows Accounts Template Properties View

Inactive Domain Accounts (AD)

The Inactive Domain Accounts (AD) Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the Active Directory User Monitor Template.

Note
Use the Directory Service drop-down to select a specific organization unit (OU) to scan. Once selected the scan limits results to users contained with the selected OU.
For more information see: Directory Services
PropertyDescription
Warning TriggerLastLogon > 30 Days
Critical TriggerLastLogon > 90 Days
Inactive Domain Windows Accounts (AD) Template Properties View
Inactive Domain Windows Accounts (AD) Template Properties View

Related Topics

Templates