Security Audit account issues after an ESX install (1025565)
There are a number of default users that are created during a default installation of an ESX host. Security Audit may take issue with these accounts (especially Sync, Shutdown, and News) because they do not have the NoLogin value set in the etc/passwd file.
When viewing the /etc/shadow, file you can see that the 3 users are in the same format. For example:
The * in the /etc/shadow file indicates that account has been disabled.