You can configure the User Account Control Check interval value in Virtual Services > Manage SSO > Modify for certain authentication protocols. If the UAC check interval value is set to 0 minutes (default value), then UAC is not performed periodically for users after successful login.

When you specify an interval value in the range of 1 to 300 minutes, the periodic UAC check is performed per user for the requests received after the interval expiry.

The UAC detects:

  • Unknown users

  • Disabled accounts

  • Locked accounts

  • Expired passwords on accounts

Extended ESP user logs provide the results of the UAC check. Additional information is logged for the user such as start session time, total duration, protocol information, KCD information, and blocked user events.

The check may occur on new connection establishment or as part of existing sessions. The msDS-User-Account-Control-Computed and userAccountControl attributes are used to determine the UAC status.