Disabled/expired/locked accounts (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports accounts that have been disabled, expired, or locked for longer than the amount of time specified in your policy. Because Windows does not keep track of the date when an account is disabled, the module uses the date that it first detects a disabled account to compute how long the account has been disabled. When this check is not enabled, no disabled, expired, or locked accounts are examined by other checks in this module. You can use the name list to include or exclude users or security groups that are not already included or excluded by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Disabled/expired/locked accounts

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_DISABLED

Category: Policy Compliance

  • Windows 2000 (105929)

  • Windows 2003 (205929)

  • Windows 2008 (248929)

  • Windows Vista (228926)

  • Windows XP (200926)

Title: Disabled, expired, or locked account

Description:The account has been disabled, expired, or locked for the number of days that is reported in the Information field. Activate the account or remove it if it is not required for normal business operations.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Disabled, expired, or locked for: %s days]