Starting with BigFix 8.2, you can add password policies to local console users. These instructions apply to the console users that are not using the Active Directory / LDAP integration.
To set the password policies:
-
Open the BES Admin tool (Start->All Programs->Tivoli Endpoint Manager->TEM Administration Tool).
-
Choose the "Advanced Options" tab.
-
Click "Add" button to add the following Name and Value pairs to the table:
Advanced Deployment Options Password Policies
Note: The Site Administrator passwords are not affected by this complexity requirement.
passwordComplexityDescription
-
Set to a human-readable string describing the password complexity requirement. This string will be shown to the user when a password choice fails the complexity requirements set using the 'passwordComplexity' option. An example password complexity description is "Passwords must have at least 6 characters." If this value is not set but the 'passwordComplexityRegex' is, the user will be shown the 'passwordComplexityRegex' string instead.
-
passwordsRemembered
-
introduced in 8.2
-
This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.
-
default: 0
-
maximumPasswordAgeDays
-
introduced in 8.2
-
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.
-
default: 0 (no maximum)
-
minimumPasswordAgeDays
-
introduced in 8.2
-
This security setting determines the period of time (in days) that a password must be used before the user can change it.
-
default: 0
-
minimumPasswordLength
-
introduced in 8.2
-
This security setting determines the least number of characters that a password for a user account may contain.
-
default: 6
-
enforcePasswordComplexity
-
introduced in 8.2
-
If this policy is '1' or 'true', passwords must meet the following minimum requirements:
-
Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
-
-
Be at least six characters in length (this setting and minimumPasswordLength can both be set, the effective minimum password length will be the higher of six and the value of minimumPasswordLength)
-
Contain characters from three of the following four categories:
-
English uppercase characters (A through Z)
-
English lowercase characters (a through z)
-
Base 10 digits (0 through 9)
-
Non-alphabetic characters (for example, !, $, #, %)
-
Complexity requirements are enforced when passwords are changed or created.
-
default: 0
-
accountLockoutThreshold
-
introduced in 8.2
-
Number of incorrect log on attempts for a username before locking the account for accountLockoutDurationSeconds
-
default: 5
-
accountLockoutDurationSeconds
-
introduced in 8.2
-
Number of seconds an account gets locked for after accountLockoutThreshold failed log on attempts
-
default: 30