hi, i have been asked regarding security reports required about the
following, does nayone know how i can get this info:

1) A list of the inactive accounts (accounts not accessed in the last 90
2) Accounts with no password
3) Accounts with password length less than 6 characters
4) Accounts where password change is greater than the number of days
listed in the password policy
5) Accounts where the user is not allowed to change the password
6) Accounts where the user is not required to use an unique password

Also is it possible to apply some sort of auditing that would flag up
where failed account login attempts have reached three.

Any help would be appreciated