| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: BD6278244192424F9751ED5FC0ED5A6ABF394023 ~~~~~ Failed accounts: --------------------- Name: Alexandra.M.Perl SID: S-1-5-21-4163428051-2768110797-3591193048-1017 Enabled: True Last Logon: 07/26/2023 17:40:36 [875 days] Name: AMPerl.IAAdmin SID: S-1-5-21-4163428051-2768110797-3591193048-1018 Enabled: True Last Logon: Never Name: Joshua.J.Jordan SID: S-1-5-21-4163428051-2768110797-3591193048-1019 Enabled: True Last Logon: Never Name: jtbegarek.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1024 Enabled: True Last Logon: 09/09/2025 15:25:28 [99 days] Name: Ronald.W.Bunch SID: S-1-5-21-4163428051-2768110797-3591193048-1020 Enabled: True Last Logon: Never Name: Ryan.W.Arnold SID: S-1-5-21-4163428051-2768110797-3591193048-1021 Enabled: True Last Logon: Never Name: Thomas.L.Jones SID: S-1-5-21-4163428051-2768110797-3591193048-1022 Enabled: True Last Logon: Never Name: tljones.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1023 Enabled: True Last Logon: Never Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 100D50DA00AC9D15565FF2A46FDBBF78EFC00B0D ~~~~~ Failed accounts: --------------------- Name: Alexandra.M.Perl SID: S-1-5-21-4004422625-1934610219-1178763574-1016 Enabled: True Last Logon: 04/12/2024 17:51:05 [614 days] Name: AMPerl.IAAdmin SID: S-1-5-21-4004422625-1934610219-1178763574-1021 Enabled: True Last Logon: 08/13/2023 16:24:24 [857 days] Name: Jason.T.Davis SID: S-1-5-21-4004422625-1934610219-1178763574-1025 Enabled: True Last Logon: 01/28/2025 15:51:00 [323 days] Name: Joshua.J.Jordan SID: S-1-5-21-4004422625-1934610219-1178763574-1017 Enabled: True Last Logon: 08/07/2024 13:39:41 [497 days] Name: jtbegarek.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1026 Enabled: True Last Logon: 10/16/2025 16:49:04 [62 days] Name: Ryan.W.Arnold SID: S-1-5-21-4004422625-1934610219-1178763574-1019 Enabled: True Last Logon: 05/28/2025 12:18:16 [203 days] Name: Thomas.L.Jones SID: S-1-5-21-4004422625-1934610219-1178763574-1020 Enabled: True Last Logon: 11/06/2025 14:13:44 [41 days] Name: tljones.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1024 Enabled: True Last Logon: Never Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 578927A0E4EC2A3AFF257E82B2D49C0A580FAC3B ~~~~~ No enabled accounts found that have not logged on within 35 days. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 578927A0E4EC2A3AFF257E82B2D49C0A580FAC3B ~~~~~ No enabled accounts found that have not logged on within 35 days. Comments |
|||||
Check Text
Run "PowerShell". Copy the lines below to the PowerShell window and enter. "([ADSI]('WinNT://{0}' -f $env:COMPUTERNAME)).Children | Where { $_.SchemaClassName -eq 'user' } | ForEach { $user = ([ADSI]$_.Path) $lastLogin = $user.Properties.LastLogin.Value $enabled = ($user.Properties.UserFlags.Value -band 0x2) -ne 0x2 if ($lastLogin -eq $null) { $lastLogin = 'Never' } Write-Host $user.Name $lastLogin $enabled }" This will return a list of local accounts with the account name, last logon, and if the account is enabled (True/False). For example: User1 10/31/2015 5:49:56 AM True Review the list to determine the finding validity for each account reported. Exclude the following accounts: Built-in administrator account (Disabled, SID ending in 500) Built-in guest account (Disabled, SID ending in 501) Built-in DefaultAccount (Disabled, SID ending in 503) Local administrator account If any enabled accounts have not been logged on to within the past 35 days, this is a finding. Inactive accounts that have been reviewed and deemed to be required must be documented with the information system security officer (ISSO).
Fix Text
Regularly review local accounts and verify their necessity. Disable or delete any active accounts that have not been used in the last 35 days.