The Unlock account option is always available. (4321704)

STATUS

Enhancement Request TF00380078 has been submitted to the product team for consideration in a future release

WORKAROUND

If there is a desire to have the Unlock Account available in the Self-Service or Helpdesk sites only when the account is locked please complete the following: 

1. Open Shared.storage with Notepad. The file is located either in:
   C:\ProgramData\Quest Software\Password Manager OR C:\ProgramData\Dell\Password Manager
2. Find the "Unlock Account" scenario (you may search by "Unlock").
   An example would be: <scenario shortname="HelpdeskUnlockAccount" .... >
   
   NOTE: If a scenario is not in the file you may have to either enable the "Unlock Account" option or change something in the scenario within the Workflow via the Admin site. Save the changes and Password Manager will update the Shared.storage file.
3. Add the following line (bolded) to <DisabledReasons> group which is right under the above scenario tag. Save the changes
   Example:
                       <disabledReasons>
                        <reason name="accountExpired" value="DisableIfTrue" />
                        <reason name="accountLocked" value="DisableIfFalse" />
                      </disabledReasons>
4. Immediately after that open General Settings tab on Admin site and click Save to update the timestamp of the file which will ensure Password Manager reads and applies the changes
5. Open Shared.storage file again to ensure your changes are still set
6. Search for a user that is not locked to confirm the Unlock Account option is in the Disabled Tasks section 
7. You may also lock a User account and search for that user to confirm the Unlock Account option is properly displayed in the list of available actions