Setting Security Policies for a Local Windows Authentication User

Security policies for a local Windows authentication user contain password and login policies. Proper settings of the security policies improve system security.

Procedure

  1. Choose Resources > Access > Authentication User > Windows Users > Local Authentication User.
  2. Select the desired account from the Account drop-down list in the upper left corner.
  3. Click Set Security Policy.

    The Set Security Policy page is displayed on the right.

  4. Configure the user name policy for local Windows authentication users.

    Set Min. Length of user names to prevent you from setting overly short user names.

    The value is an integer ranging from 1 to 20.

  5. Configure the password policy for local Windows authentication users.

    Table 1 describes related parameters.
    Table 1 Password policy parameters

    Parameter

    Description

    Password Length

    Indicates the length of the user password. Do not set a too simple or too long password.

    [Value range]

    The value is an integer ranging from 6 to 32.

    Password Complexity

    Indicates the complexity of a password, preventing you from setting overly simple passwords. Possible values are:

    • A password must contain at least two of the following types: special characters, uppercase letters, lowercase letters, and digits. Special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
    • A password must contain special characters and at least two of the following types: uppercase letters, lowercase letters, and digits. Special characters include ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ ` { _ | } ~ and spaces.

    Duplicate Characters

    Indicates the maximum number of consecutive duplicate characters allowed in a password. 0 indicates unlimited.

    [Value range]

    The value is an integer ranging from 0 to 9.

    Password Validity Period

    Indicates the password validity period, in days. 0 indicates unlimited. After the validity period of a password expires, the system prompts you to change the password.

    [Value range]

    The value is an integer ranging from 0 to 999.

    Password Change Interval

    Indicates the minimum interval for changing a password. 0 indicates unlimited.

    [Value range]

    The value is an integer ranging from 0 to 9999.

  6. Set the login policy for local Windows authentication users.

    Table 2 describes related parameters.
    Table 2 Login policy parameters

    Parameter

    Description

    Incorrect Password Attempts

    Indicates the maximum number of consecutive incorrect password attempts allowed during login. 0 indicates unlimited.

    If the number of consecutive incorrect password attempts for a single node in 1 minute exceeds the value, the system automatically locks the user. The user will be unlocked after 1 minute.

    [Value range]

    The value is an integer ranging from 0 to 9.

    Idle Time Before Lockout

    If a user account has not been used to log in to the system for more than the specified number of days, the account will be locked. You need to manually enable the account. 0 indicates unlimited.

    [Value range]

    The value is an integer ranging from 0 to 999.

  7. Click OK.
Parent topic: Managing Local Windows Authentication Users