Something like this might be a better tool for your needs: SSA - Security System Analyzer 2.0 http://code.google.com/p/ssa/
You could tie it into OSSEC with the full_command option. If all you need to t o determine the Admin account status, then use a PowerShell command in full_command. Scott On Nov 27, 2012, at 4:02 AM, Michiel van Es <vanesmich...@gmail.com> wrote: > Hi, > > We want to check for hardening and one of our Windows hardening rules is to > rename the Administrator account and create a decoy Administrator account, > not part of any group and disabled. > One of the things we want to check is to see if the Administrator account is > enabled on Windows machines. > > Is there a check of simple script how I can establish this on the Windows > machines? > > Regards, > > Michiel