The “lock” option to sp_locklogin, when used with a value for “number of inactive days,” locks inactive accounts that have not authenticated within that period. The following example locks all login accounts that have not authenticated within the past 60 days:
sp_locklogin 'all', 'lock', NULL, 60
The privileged role sso_role is required to lock logins.
This command has no effect if the sp_passwordpolicy option “enable last login updates” is set to “0”.
The value for “number of inactive days” can be 1 to 32767 days.
The new syslogins columns lockdate, locksuid and lockreason are updated at time of locking/unlocking a login.
