How to automatically disable inactive accounts when AD is not used

Need a way to automatically identify and disable accounts after 90 days of inactivity. The environment is Windows Server 2008 and Active Directory is not used. I find scripts to doing this when AD is used but nothing otherwise.


There is no built-in mechanism to do this with local accounts.

If I wanted to do something like this without using AD, I would build some kind of script to check for the user popping up in the security event log in the last 90 days.


There is a powershell module in the technet repository for local user mgmt. I have not worked with it, but it appears to do what you need. It can be found here: http://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b.
This snippet might get you started:

get-localuser mypc\greg |select name,lastlogin  

Name                LastLogin                                                
----                ---------                                                
Greg                6/13/2012 6:35:56 PM