Getting Started
- System Requirements
- Installation
- Assign Service Logon As Credentials
- Registration
- Version Support Policy
Agent-Based Management
Common Tasks
- Account Lockout Monitoring and Reporting
- Event Log Archiving for JSIG and CMMC Compliance
- Exporting and Importing Configuration Objects
- RDP Session Monitoring and Reporting
- Merging Logs
- Amazon S3 Bucket Support
- Azure File Share Support
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
- Password Expiry Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
  - AI Anomaly Detection Report (Template Triggers)
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Disconnect RPD Session Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
- Logging Settings
SNMP
- SNMP Browser
SSH Shell
Syslog
System Reset
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Windows Account Templates

The Windows Account Templates enable users to scan both Domain Controllers and Stand-Alone Servers for enabled accounts, active accounts and inactive accounts. These Templates are typically used by both network administrators and ISSMs to generate reports of enabled, active and inactive accounts. These Templates can also be used to automatically disable or remove accounts after a period of inactivity.

Sample Templates

The Windows Account Templates are Sample Templates that are implementations of either the PowerShell or Active Directory User Monitor Templates. These Template can be found in the Explorer View in the following location:

Templates | Sample Templates | Windows | Accounts

Important

By default, all of the Local Templates are configured to run on the Management Server. To use these Templates on remotely managed Windows Hosts, the Agent Enabled option must be set. Once set, the Agent must be installed on each remotely managed host.

For more information see: Agent-Based Management

Enabled Local Accounts

The Enabled Local Accounts Template returns a list of all local enabled accounts.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	Microsoft.PowerShell.LocalAccounts
Command	Get-LocalUser
Arguments	Select Name, FullName, Enabled, LastLogon \| Where-Object { $_.Enabled }

Enabled Local Windows Accounts Template Properties View

Active Local Accounts (90 Days)

The Active Local Accounts Template returns a list of all accounts that have interactively logged in within 90 days.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	Microsoft.PowerShell.LocalAccounts
Command	Get-LocalUser
Arguments	Select Name, FullName, Enabled, LastLogon \| Where-Object {$_.Lastlogon -ge (Get-Date).AddDays(-90)}

Active Local Windows Accounts Template Properties View

Inactive Local Accounts

The Inactive Local Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	Microsoft.PowerShell.LocalAccounts
Command	Get-LocalUser
Arguments	Select Name, FullName, Enabled, Lastlogon
Warning Trigger	Enabled = true True and LastLogon > 30 Days
Critical Trigger	Enabled = true True and LastLogon > 90 Days

Inactive Local Windows Accounts Template Properties View

Enabled Domain Accounts

The Enabled Domain Accounts Template returns a list of all enabled domain accounts.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	ActiveDirectory
Command	Get-ADUser
Parameters	Filter: Enabled -eq $true Properties: lastLogon
Arguments	Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} \| Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}}

Enabled Domain Windows Accounts Template Properties View

Active Domain Accounts (90 Days)

The Active Domain Accounts Template returns a list of all accounts that have interactively logged in within 90 days.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	ActiveDirectory
Command	Get-ADUser
Parameters	Filter: * Properties: lastLogon
Arguments	Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} \| Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}} \| Where-Object {$_.lastLogon -ge (Get-Date).AddDays(-90)}

Active Domain Windows Accounts Template Properties View

Inactive Domain Accounts

The Inactive Domain Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the PowerShell Template.

Property	Description
Type	Command
Module	ActiveDirectory
Command	Get-ADUser
Parameters	Filter: * Properties: lastLogon
Arguments	Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} \| Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}}
Warning Trigger	Enabled = true True and LastLogon > 30 Days
Critical Trigger	Enabled = true True and LastLogon > 90 Days

Inactive Domain Windows Accounts Template Properties View

Inactive Domain Accounts (AD)

The Inactive Domain Accounts (AD) Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.

This Template is an implementation of the Active Directory User Monitor Template.

Note

Use the Directory Service drop-down to select a specific organization unit (OU) to scan. Once selected the scan limits results to users contained with the selected OU.

For more information see: Directory Services

Property	Description
Warning Trigger	LastLogon > 30 Days
Critical Trigger	LastLogon > 90 Days

Inactive Domain Windows Accounts (AD) Template Properties View

Table of Contents

Windows Account Templates

In this Topic

Sample Templates

Enabled Local Accounts

Active Local Accounts (90 Days)

Inactive Local Accounts

Enabled Domain Accounts

Active Domain Accounts (90 Days)

Inactive Domain Accounts

Inactive Domain Accounts (AD)