This might not be the best way but still can be tried if compliance rules are needed. Root permission is needed to do step number 1 as lastlog file which logs these datails is owned by root.
1. As /var/log/lastlog file may contain details prior to 90 days, create a temp file (say /var/tmp/temp.txt) from the /var/log/lastlog file that contains 90 days data. This can be done by writing a shell script and executing it via BL on all the target hosts.
2. Create a Component Template:
In General tab, check the compliance check box also
In Parts tab, add /var/tmp/temp.txt
In Compliance tab, create a new rule with basic condition rules. Under "Configuration Objects" -> File:/var/tmp/temp.txt, select Contents. The rule should like this:
File:/var/tmp/temp.txt.Contents contains user1
File:/var/tmp/temp.txt.Contents contains user2
FIle:/var/tmp/temp.txt.Contents contains userN
3. Create a Discovery job by right clicking the newly created component template and add the target hosts.
4. Execute the discovery job. This will create components of the target hosts.
5. Create a Compliance job by right clicking the component template and add the newly created components.
6. Execute the complaince job.
7. Check the results of the executed compliance job in server view. All the users in the red marked rules are non-compliant.
Again, this might not be the best way (it is just one of the ways).
Isn’t most of this available from the ‘last’ command ? you should be able to do a one-liner EO that dumps the users > 90 days or whatever.
Here comes a better suggestion . I did not know about this. Checked it out, it provides the details. And I agree, using last command is better than using lastlog (no need to be a root user as well).
this would not show users who had accounts but never logged in...
How would you normally get this information from the os ?