The Policy Configuration Window
The Policy Configuration window can be found from the OpenInsight IDE at Settings, Users, Policy Setup.
This screen is used to define and enable or disable the enhanced security policy. The prompts of the window are:
Policy Name – The name of the policy. The default policy used is “CFG_POLICY”.
Policy Description – A text description of the policy defined.
Use STANDARD rules – If selected, the policy will default to: minimum password length of 8; at least 1 upper case character (if password is less than 20 characters), at least 1 numeric character (if password is less than 16 characters), and at least 1 non alphanumeric character (if password is less than 12 characters), are required; password will expire in 30 days; passwords will be checked against prior 2 passwords for “repeats”; and users will be locked for 1 hour after 5 failed attempts.
Minimum password length – The minimum password length required by this policy. Enter a numeric value or use the up and down arrows to scroll through the possible values.
Minimum number of upper case characters required – The minimum number of upper case characters in the password required by this policy. Enter a numeric value or use the up and down arrows to scroll through the possible values. If password length is greater than the specified length, then the minimum number of upper case characters is NOT required.
Minimum number of numeric characters required – The minimum number of numeric characters in the password required by this policy. Enter a numeric value or use the up and down arrows to scroll through the possible values. If password length is greater than the specified length, then the minimum number of numeric characters is NOT required.
Minimum number of non-alphanumeric characters required – The minimum number of non-alphanumeric characters (including symbols and punctuation) in the password required by this policy. Enter a numeric value or use the up and down arrows to scroll through the possible values. If password length is greater than the specified length, then the minimum number of non-alphanumeric characters is NOT required.
Number of days until password expires – Set the number of days until the password expires. If the password never expires, click on the “Never expires” checkbox. Clicking on the “Never expires” checkbox will disable the up and down arrows used to scroll through values. The word “Never” will be inserted into the text box. If the checkbox is unchecked, enter a numeric value or use the up and down arrows to scroll through the possible values.
Number of entries to check for “REPEATS” – Enter the number of values to check to see if a password has been used previously. Enter a numeric value or use the up and down arrows to scroll through the possible values.
Complexity check enabled? – Check this box to enforce complexity checking. If checked, the password cannot contain three or more characters from the user’s account name. If password length is greater than the specified length, then complexity check is NOT performed.
Invalid passwords table – Enter the name of a table that contains the easily guessed and hacked passwords to be excluded even if they meet the configuration policy rules in force. Examples of these passwords to exclude would be passwords such as “Password123”, “ILOVEYOU”, “LetsGoMets”, etc. These should be the keys in the specified table.
User defined stored procedure to validate passwords – Enter the name of a user defined stored procedure to be used in addition to the Policy Configuration Settings to further validate passwords. The user defined stored procedure must be a function, returning 0 if the password does NOT pass the validation process, or 1 if it does pass the validation process and should be accepted. The parameters for the stored procedure are the user name (parameter #1), the proposed password (parameter #2), and an @FM delimited array of errors which the stored procedure can update or append to (parameter #3).
Failed Attempts
Number of failed attempts to lock users after – Lock users out after how many failed attempts. Enter a numeric value or use the up and down arrows to scroll through the possible values.
Lock users for how long? - Used in conjunction with the “Units” radio buttons directly below the label. Lock users out for how long? Enter a numeric value or use the up and down arrows to scroll through the possible values, and then select the units to use. For example, if you entered “10” for the length of time, did you mean 10 minutes, 10 hours or 10 days? Select minutes, hours, or days. You can also lock them out permanently using these radio buttons.
Log File Settings
Auto clear the log – Check the box to allow the log file to be automatically cleared of entries, when it exceeds a certain number of records and/or a certain number of days.
Maximum log size (# of entries) – Enter the maximum number of entries to keep in the log file (if auto clear is enabled).
Maximum age of log entry (# of days) – Enter the maximum age of log entries, in days, to keep in the log file (if auto clear is enabled)
Force password reset for all users – Check the box to require all users to reset their passwords at next log in.
System Deployment Preparation – Check the box to prepare an OpenInsight 10 system for deployment.
OK Button – Save the record and update the policy.
Cancel Button – Close the window.