The Account Policy tab controls how passwords are used by the user account, the account lockout policy, and the inactive session policy (Figure 1).
By default, the passwords for all user accounts are set to expire in 60 days, including the MetasysSysAgent account. The Maximum Password Age, Password Uniqueness, and Account Lockout properties are not configurable for Active Directory users.
Field |
Description |
Default Value |
---|---|---|
Password Never Expires |
When selected, the password never expires. |
Unselected |
Expires In (days) |
When selected, the user must enter the number of days until the password expires. |
Selected (60 days for Users) Selected (60 days for MetasysSysAgent user only) |
Do Not Keep Password History |
When selected, the system does not remember the password history. |
Unselected |
Remember passwords |
When selected, the system remembers the number of passwords indicated. The system does not allow the user to repeat the same password. |
Selected (10 previous passwords) |
Never Terminate |
When selected, the session never terminates. The
session does not terminate as long as the operating system
hosting the Metasys system is not suspended or terminated by
shutting down, sleeping, or hibernating. Make sure the options
for suspending the operating system are disabled.
Note: For more information on how to set up your
system so that sessions do not terminate, refer to the Network and IT Guidance Technical
Bulletin (LIT-112011279).
|
Unselected |
Terminate in (minutes) |
When selected, the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user off from the Metasys system. |
Selected (30 minutes) |
No Account Lockout |
When selected, the account does not lock out. |
Unselected |
Lockout after bad attempts |
When selected, the account locks out after the
designated number of sequential failed login attempts.
Note: Both User and MetasysSysAgent user accounts
can be unlocked by an administrator. Once the number of
failed login attempts have been exceeded, MetasysSysAgent
users will also be presented with an opportunity to re-enter
their password once every five minutes
thereafter.
|
Selected (3 failed login attempts for Users) Selected (10 failed login attempts for MetasysSysAgent users) |
Lockout in (minutes) |
When selected, the account locks out after the
designated number of sequential failed login attempts within the
designated time frame. Users will be presented with the
opportunity to re-enter their password once every five minutes
thereafter. This property also applies to the MetasysSysAgent
user.
Note: Both User and MetasysSysAgent user accounts
can be unlocked by an administrator.
|
Selected (15 minutes) |
Do Not Check User Account for Dormancy |
When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login. |
Unselected |
Dormant after (Days) |
When selected, the account becomes dormant after the designated number of days after the last login. |
Selected (365 days) |
Create dormant user account event |
When selected, an event message displays alerting
the administrator that the dormant user account has not been
accessed in the designated number of Dormant After (Days).
Note: For a report of all accounts dormancy
settings and status, go to in SMP. Dormant user account events are also
included in the Audit Viewer and the Event Viewer. On a
Metasys server, you can schedule the generation of Dormant
User Account Reports. For more information, refer to the
product's help system.
|
Selected |
Lock out user account when dormant |
When selected, the account locks out after the designated number of Dormant After days. |
Unselected |
Field |
Description |
Default Value |
---|---|---|
Maximum Password Age |
View and control this setting within Active Directory service. |
— |
Password Uniqueness |
View and control this setting within Active Directory service. |
— |
Never Terminate the Active Directory User’s Metasys Session |
When selected, the session never terminates. The session does not
terminate as long as the operating system hosting the SMP UI is
not suspended or terminated by shutting down, sleeping, or
hibernating. Make sure the options for suspending the operating
system are disabled.
Note: For more information on how to set up
your system so that sessions do not terminate, refer to the
Network and IT Considerations for the IT Guidance
Technical Bulletin (LIT-12011279).
|
Unselected |
Terminate in (minutes) |
When selected, the administrator must enter the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user out of the system. |
Selected (30 minutes) |
Account Lockout |
This setting is viewed and controlled within Active Directory service. |
— |
Do Not Check User Account for Dormancy |
When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login. |
Unselected |
Dormant after (Days) |
When selected, the account becomes dormant after the designated number of days after the last login. |
Selected (365 days) |
Create dormant user account event |
When selected, an event message displays alerting the administrator that the dormant user account has not been accessed in the designated number of Dormant after (Days). |
Selected |
Lock out user account when dormant |
When selected, the account locks out after the designated number of Dormant after (Days). |
Unselected |