Logon Policy
System > Logon Policy
The Logon Policy page sets logon policies that apply to all administrators and users. Logon policies prevent a brute force break-in to the system. By limiting the successive number of bad logon attempts and disabling rogue accounts for a set amount of time, you can prevent unauthorized access achieved by repeatedly entering random passwords.
To Set Logon Policy
- Specify the number of consecutive bad logons an administrator or user is allowed before their account is disabled in the Number of consecutive failed logon attempts allowed before disabling account field. The count is reset to zero after a successful logon.
- Specify the amount of time, in hours or days, that the account is disabled in the Length of time to disable account after max logon failures exceeded field.
- Specify the time period of administrator or user inactivity before the administrator is automatically logged out. Set the number of minutes of inactivity in the Minutes of inactivity before an administrator session expires field.
Note: To activate the account manually before the lockout time elapses, another master administrator must enable the account using the System > Enable/Disable page.
- Prevent anyone from changing their logon name by checking the box beside Prevent anyone from changing their logon.
- Hide the Domain field on the logon page by checking the box beside Do not show domain on logon page.
- Hide the Remember my username and domain (if any) on this computer checkbox on the logon page by checking the box beside Do not show remember me checkbox on logon.
- Specify a password strength policy by checking the boxes beside the following:
- Require password change every N days
- Enforce minimum password length
- Prohibit password reuse for N passwords
- Require upper and lower case alpha characters
- Require both alpha and numeric characters
- Require non-alphanumeric characters
- Press Update to apply the settings
|