Identify and Disable Stale Computer Accounts
Stale computer accounts exist in most large organizations. But the existence of these accounts is not simply an IT nuisance. Left unmanaged, these accounts are potential security threats that can be exploited to gain unauthorized access into the network.
Computer Accounts Report
User Manager Pro Suite can remedy this threat with its Computer Accounts Report. Computer accounts exist on domain controllers and there is one account for each machine on the domain. Computer accounts are just like user accounts in that they have passwords, rights and permissions, and must be authenticated to gain network access.
The management of the passwords is automatically handled by the computer and the domain. In an Active Directory domain with default security settings, computer account passwords are automatically changed every 30 days.
Removing Stale Accounts
The security threat arises when domain controllers have old computer accounts that are still valid. Just because a machine has been removed from its domain does not mean that the computer accounts are automatically removed. Therefore you may have valid, unmanaged domain accounts that can be used to access your network. These stale accounts should be disabled for security integrity and to help maintain compliance with regulatory mandates.
User Manager Pro Suite's Computer Accounts Report will show you all of the computer accounts in your domain, as well as their password ages. If an account has a password that is 90 days or older, it is typically an indication of a stale account which may become a security concern. Just remember that it is always best to validate that the computer no longer exists, or is no longer a part of your domain, prior to deleting its account.
To access the Computer Accounts Report in User Manager Pro select the domain controller and then click the Get Info button from the center left of the system set dialog. In the open accounts dialog, expand accounts, then select Computer Accounts Report.