Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Windows Account Templates
The Windows Account Templates enable users to scan both Domain Controllers and Stand-Alone Servers for enabled accounts, active accounts and inactive accounts. These Templates are typically used by both network administrators and ISSMs to generate reports of enabled, active and inactive accounts. These Templates can also be used to automatically disable or remove accounts after a period of inactivity.
In this Topic
- Sample Templates
- Enabled Local Accounts
- Active Local Accounts (90 Days)
- Inactive Local Accounts
- Enabled Domain Accounts
- Active Domain Accounts (90 Days)
- Inactive Domain Accounts
- Inactive Domain Accounts (AD)
Sample Templates
The Windows Account Templates are Sample Templates that are implementations of either the PowerShell or Active Directory User Monitor Templates. These Template can be found in the Explorer View in the following location:
Templates | Sample Templates | Windows | Accounts
Enabled Local Accounts
The Enabled Local Accounts Template returns a list of all local enabled accounts.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | Microsoft.PowerShell.LocalAccounts |
| Command | Get-LocalUser |
| Arguments | Select Name, FullName, Enabled, LastLogon | Where-Object { $_.Enabled } |
Active Local Accounts (90 Days)
The Active Local Accounts Template returns a list of all accounts that have interactively logged in within 90 days.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | Microsoft.PowerShell.LocalAccounts |
| Command | Get-LocalUser |
| Arguments | Select Name, FullName, Enabled, LastLogon | Where-Object {$_.Lastlogon -ge (Get-Date).AddDays(-90)} |
Inactive Local Accounts
The Inactive Local Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | Microsoft.PowerShell.LocalAccounts |
| Command | Get-LocalUser |
| Arguments | Select Name, FullName, Enabled, Lastlogon |
| Warning Trigger | Enabled = true True and LastLogon > 30 Days |
| Critical Trigger | Enabled = true True and LastLogon > 90 Days |
Enabled Domain Accounts
The Enabled Domain Accounts Template returns a list of all enabled domain accounts.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | ActiveDirectory |
| Command | Get-ADUser |
| Parameters |
|
| Arguments | Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}} |
Active Domain Accounts (90 Days)
The Active Domain Accounts Template returns a list of all accounts that have interactively logged in within 90 days.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | ActiveDirectory |
| Command | Get-ADUser |
| Parameters |
|
| Arguments | Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}} | Where-Object {$_.lastLogon -ge (Get-Date).AddDays(-90)} |
Inactive Domain Accounts
The Inactive Domain Accounts Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.
This Template is an implementation of the PowerShell Template.
| Property | Description |
|---|---|
| Type | Command |
| Module | ActiveDirectory |
| Command | Get-ADUser |
| Parameters |
|
| Arguments | Select samaccountname, Name, Enabled, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}} | Select-Object @{Name="Name";Expression={$_.samaccountname}},@{Name="FullName";Expression={$_.Name}},@{Name="Enabled";Expression={$_.Enabled}},@{Name="LastLogon";Expression={$_.lastLogon}} |
| Warning Trigger | Enabled = true True and LastLogon > 30 Days |
| Critical Trigger | Enabled = true True and LastLogon > 90 Days |
Inactive Domain Accounts (AD)
The Inactive Domain Accounts (AD) Template generates warning and critical triggers when an account has not been logged in within 30/90 Days respectively.
This Template is an implementation of the Active Directory User Monitor Template.
| Property | Description |
|---|---|
| Warning Trigger | LastLogon > 30 Days |
| Critical Trigger | LastLogon > 90 Days |
