How to automatically disable inactive accounts when AD is not used

windows-server-2008

Need a way to automatically identify and disable accounts after 90 days of inactivity. The environment is Windows Server 2008 and Active Directory is not used. I find scripts to doing this when AD is used but nothing otherwise.


There is no built-in mechanism to do this with local accounts.

If I wanted to do something like this without using AD, I would build some kind of script to check for the user popping up in the security event log in the last 90 days.


There is a powershell module in the technet repository for local user mgmt. I have not worked with it, but it appears to do what you need. It can be found here: http://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b.
This snippet might get you started:

get-localuser mypc\greg |select name,lastlogin  

Name                LastLogin                                                
----                ---------                                                
Greg                6/13/2012 6:35:56 PM

Related

bonding-rr vs single 10G for NFS NAS - pros and cons?
Server upload bandwidth testing
Iptables port forwarding on OpenVZ CEntOS container
DNS - spam recursion queries
Multicast doesn't seem to be working on RHEL 5.5
Can't login using ssh as root
Issues disabling SSL 2.0 in IIS 6
Windows fileserver and ABE
Windows Filtering Platform dropping SQL Server connections
Is delayed restarting a security issue after updating a Windows Production Webserver?
Reset Search Index in Exchange 2013
Copying large file to remote server causes it to run out of physical memory