...
Because these accounts have high levels of privilege, we manage them with entries in the post-clone script. Post-Clone Procedure
Local admin user accounts
Before trying to access local accounts, read the Caveat for all local accounts.
...
These are non-login accounts. These accounts do default to Active. At times we may want to toggle them to in-Active. Doing so will prevent them from ingressing new Incidents via email. This is a useful feature if particular email addresses are sending spam into ServiceNow.
Local Service accounts
These are local accounts, and they're pretty useless unless they are toggled Active. If we toggle them inActive, or we take away Roles / Group associations, we may also render the account useless for the purpose it was created for. Don't disable these unless we've already spoken to the group that manages the application they were created for.
Local named non-admin user accounts
These are local accounts, and there are only a handful of them. Generally, if these accounts exist, it's because the user does not have admin in that environment. Once we trust a user enough to grant them admin, we should probably take away their non-admin local account.
Taking away a local non-admin account requires editing post-clone. See Post-Clone Procedure
It's safe to delete these accounts when we no longer need them. It's unlikely we would ever re-grant a non-admin local account.