Is there any way to create a lock out policy on purpose to deactivate users who haven't been logging in within last 6 months?
Automatically and built-in ? No. However, you can run a report 'Users with days since last login using specific token' and export that result as CSV, then reformat it to become a CSV input file for Authentication Manager Bulk Admin scripting tool, and that could then disable the users who fit the parameters of the report timeframe.
We are planing to do this by a powershell script on behalf of windows AD.
What about internal system users, which don't have an AD account?
I've moved your question to the RSA SecurID Access space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.
Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to RSA SecurID Access and click Ask A Question. That way your question will appear in the correct space.
Retrieving data ...