The Account Policy tab controls how passwords are used by the user account, the account lockout policy, and the inactive session policy (Figure 1).
By default, the passwords for all user accounts are set to expire in 60 days, including the MetasysSysAgent account. The Maximum Password Age, Password Uniqueness, and Account Lockout properties are not configurable for Active Directory and RADIUS users.
|
Field |
Description |
Default Value |
|---|---|---|
|
Password Never Expires |
When selected, the password never expires. |
Unselected |
|
Expires In (days) |
When selected, the user must enter the number of days until the password expires. |
Selected (60 days for Users) Selected (90 days for MetasysSysAgent user only) |
|
Do Not Keep Password History |
When selected, the system does not remember the password history. |
Unselected |
|
Remember passwords |
When selected, the system remembers the number of passwords indicated. The system does not allow the user to repeat the same password. |
Selected (10 previous passwords) |
|
Never Terminate |
When selected, the session never terminates. The session does not
terminate as long as the operating system hosting the
Metasys system is not suspended or terminated by
shutting down, sleeping, or hibernating. Make sure the options
for suspending the operating system are disabled.
Note: For more
information on how to set up your system so that sessions do
not terminate, refer to the Network and IT Guidance
Technical Bulletin (LIT-112011279).
|
Unselected |
|
Terminate in (minutes) |
When selected, the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user off from the Metasys system. |
Selected (30 minutes) |
|
No Account Lockout |
When selected, the account does not lock out. |
Unselected |
|
Lockout after bad attempts |
When selected, the account locks out after the designated number
of sequential failed login attempts.
Note: Both User and
MetasysSysAgent user accounts can be unlocked by an
administrator. Once the number of failed login attempts have
been exceeded, MetasysSysAgent users will also be presented
with an opportunity to re-enter their password once every
five minutes thereafter.
|
Selected (3 failed login attempts for Users) Selected (10 failed login attempts for MetasysSysAgent users) |
|
Lockout in (minutes) |
When selected, the account locks out after the designated number
of sequential failed login attempts within the designated time
frame. Users will be presented with the opportunity to re-enter
their password once every five minutes thereafter. This property
also applies to the MetasysSysAgent user.
Note: Both User and
MetasysSysAgent user accounts can be unlocked by an
administrator.
|
Selected (15 minutes) |
|
Do Not Check User Account for Dormancy |
When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login. |
Unselected |
|
Dormant after (Days) |
When selected, the account becomes dormant after the designated number of days after the last login. |
Selected (365 days) |
|
Create dormant user account event |
When selected, an event message displays alerting
the administrator that the dormant user account has not been
accessed in the designated number of Dormant After (Days).
Note: For a report of all accounts dormancy
settings and status, go to in SMP. Dormant user account events are also
included in the Audit Viewer and the Event Viewer. On a
Metasys server, you can schedule the generation
of Dormant User Account Reports. For more information, refer
to the product's help system.
|
Selected |
|
Lock out user account when dormant |
When selected, the account locks out after the designated number of Dormant After days. |
Unselected |
|
Field |
Description |
Default Value |
|---|---|---|
|
Maximum Password Age |
View and control this setting within Active Directory service or RADIUS server. |
— |
|
Password Uniqueness |
View and control this setting within Active Directory service or RADIUS server. |
— |
|
Never Terminate the Active Directory User’s Metasys Session or Never Terminate the Radius User's Metasys Session |
When selected, the session never terminates. The session does not
terminate as long as the operating system hosting the SMP UI is
not suspended or terminated by shutting down, sleeping, or
hibernating. Make sure the options for suspending the operating
system are disabled.
Note: For more information on how to set up
your system so that sessions do not terminate, refer to the
Network and IT Considerations for the IT Guidance
Technical Bulletin (LIT-12011279).
|
Unselected |
|
Terminate in (minutes) |
When selected, the administrator must enter the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user out of the system. |
Selected (30 minutes) |
|
Account Lockout |
This setting is viewed and controlled within Active Directory service or RADIUS server. |
— |
|
Do Not Check User Account for Dormancy |
When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login. |
Unselected |
|
Dormant after (Days) |
When selected, the account becomes dormant after the designated number of days after the last login. |
Selected (365 days) |
|
Create dormant user account event |
When selected, an event message displays alerting the administrator that the dormant user account has not been accessed in the designated number of Dormant after (Days). |
Selected |
|
Lock out user account when dormant |
When selected, the account locks out after the designated number of Dormant after (Days). |
Unselected |