There are several scanning tools that will perform compliance checks, vulnerability scans, missing patches…and so on – But what if you just need to a quick solution to meet PCI compliance for requirement 8.5.5 – Remove/disable inactive user accounts at least every 90 days.
I came across a free command line utility offered by System Tools, called Password Age that does the trick:
http://www.systemtools.com/free.htm
Run the tool with the following switches and you can easily identify inactive user accounts (as determined by the password age)
C:\>netpwage /computer”<computername> /users
Shelina Samji, PCI QSA
Senior Consultant, PCI Compliance Services