Account Policy Tab - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0

Security Administrator System Technical Bulletin

Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0
Revision date
2022-08-05

The Account Policy tab controls how passwords are used by the user account, the account lockout policy, and the inactive session policy (Figure 1).

By default, the passwords for all user accounts are set to expire in 60 days, including the MetasysSysAgent account. The Maximum Password Age, Password Uniqueness, and Account Lockout properties are not configurable for Active Directory users.

Figure 1. Account Policy Tab – Metasys Local User

Table 1. Account Policy Tab Parameters – Metasys Local User

Field

Description

Default Value

Password Never Expires

When selected, the password never expires.

Unselected

Expires In (days)

When selected, the user must enter the number of days until the password expires.

Selected (60 days for Users)

Selected (90 days for MetasysSysAgent user only)

Do Not Keep Password History

When selected, the system does not remember the password history.

Unselected

Remember passwords

When selected, the system remembers the number of passwords indicated. The system does not allow the user to repeat the same password.

Selected (10 previous passwords)

Never Terminate

When selected, the session never terminates. The session does not terminate as long as the operating system hosting the Metasys system is not suspended or terminated by shutting down, sleeping, or hibernating. Make sure the options for suspending the operating system are disabled.
Note: For more information on how to set up your system so that sessions do not terminate, refer to the Network and IT Guidance Technical Bulletin (LIT-112011279).

Unselected

Terminate in (minutes)

When selected, the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user off from the Metasys system.

Selected (30 minutes)

No Account Lockout

When selected, the account does not lock out.

Unselected

Lockout after bad attempts

When selected, the account locks out after the designated number of sequential failed login attempts.
Note: Both User and MetasysSysAgent user accounts can be unlocked by an administrator. Once the number of failed login attempts have been exceeded, MetasysSysAgent users will also be presented with an opportunity to re-enter their password once every five minutes thereafter.

Selected (3 failed login attempts for Users)

Selected (10 failed login attempts for MetasysSysAgent users)

Lockout in (minutes)

When selected, the account locks out after the designated number of sequential failed login attempts within the designated time frame. Users will be presented with the opportunity to re-enter their password once every five minutes thereafter. This property also applies to the MetasysSysAgent user.
Note: Both User and MetasysSysAgent user accounts can be unlocked by an administrator.

Selected (15 minutes)

Do Not Check User Account for Dormancy

When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login.

Unselected

Dormant after (Days)

When selected, the account becomes dormant after the designated number of days after the last login.

Selected (365 days)

Create dormant user account event

When selected, an event message displays alerting the administrator that the dormant user account has not been accessed in the designated number of Dormant After (Days).
Note: For a report of all accounts dormancy settings and status, go to Query > Dormant User Account Report in SMP. Dormant user account events are also included in the Audit Viewer and the Event Viewer. On a Metasys server, you can schedule the generation of Dormant User Account Reports. For more information, refer to the product's help system.

Selected

Lock out user account when dormant

When selected, the account locks out after the designated number of Dormant After days.

Unselected

Figure 2. Account Policy Tab – Active Directory User

Table 2. Account Policy Tab Parameters – Active Directory User Account

Field

Description

Default Value

Maximum Password Age

View and control this setting within Active Directory service.

Password Uniqueness

View and control this setting within Active Directory service.

Never Terminate the Active Directory User’s Metasys Session

When selected, the session never terminates. The session does not terminate as long as the operating system hosting the SMP UI is not suspended or terminated by shutting down, sleeping, or hibernating. Make sure the options for suspending the operating system are disabled.
Note: For more information on how to set up your system so that sessions do not terminate, refer to the Network and IT Considerations for the IT Guidance Technical Bulletin (LIT-12011279).

Unselected

Terminate in (minutes)

When selected, the administrator must enter the amount of time the system allows the user to remain inactive before the session terminates and automatically logs the user out of the system.

Selected (30 minutes)

Account Lockout

This setting is viewed and controlled within Active Directory service.

Do Not Check User Account for Dormancy

When selected, the account never becomes dormant. The user has access to the account regardless of the number of days after the last login.

Unselected

Dormant after (Days)

When selected, the account becomes dormant after the designated number of days after the last login.

Selected (365 days)

Create dormant user account event

When selected, an event message displays alerting the administrator that the dormant user account has not been accessed in the designated number of Dormant after (Days).

Selected

Lock out user account when dormant

When selected, the account locks out after the designated number of Dormant after (Days).

Unselected