Local accounts (Windows)

Module: Object Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check lists all local accounts (users and groups) that exist on Windows systems that are capable of being configured as primary or backup domain controllers, but are not. Since all accounts created on a domain controller are domain accounts, this check is not meant to be used on domain controllers. Accounts should be served by your domain server. Use the name list to exclude accounts such as Guest and Administrator.

The following table lists the error message for the check.

Table: Error message for Local accounts

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_NOLOCAL

Category: Policy Compliance

  • Windows 2000 (106230)

  • Windows 2003 (206230)

  • Windows 2008 (249230)

  • Windows Vista (229230)

  • Windows XP (201230)

Title: User or group defined on local system

Description:The user or group is defined locally on your system. In a domain, you may want to restrict users and groups to those defined on the domain server. This allows tighter control over who has access to your system. Use the name list to exclude any authorized local users or groups from the check.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]