Starting with BigFix 8.2, you can add password policies to local console users. These instructions apply to the console users that are not using the Active Directory / LDAP integration.

To set the password policies:
  1. Open the BES Admin tool (Start->All Programs->Tivoli Endpoint Manager->TEM Administration Tool).
  2. Choose the "Advanced Options" tab.
  3. Click "Add" button to add the following Name and Value pairs to the table:

Advanced Deployment Options Password Policies

Note: The Site Administrator passwords are not affected by this complexity requirement.
  • Set to a human-readable string describing the password complexity requirement. This string will be shown to the user when a password choice fails the complexity requirements set using the 'passwordComplexity' option. An example password complexity description is "Passwords must have at least 6 characters." If this value is not set but the 'passwordComplexityRegex' is, the user will be shown the 'passwordComplexityRegex' string instead.
  • passwordsRemembered
    • introduced in 8.2
    • This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused.
    • default: 0
  • maximumPasswordAgeDays
    • introduced in 8.2
    • This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it.
    • default: 0 (no maximum)
  • minimumPasswordAgeDays
    • introduced in 8.2
    • This security setting determines the period of time (in days) that a password must be used before the user can change it.
    • default: 0
  • minimumPasswordLength
    • introduced in 8.2
    • This security setting determines the least number of characters that a password for a user account may contain.
    • default: 6
  • enforcePasswordComplexity

    • introduced in 8.2
    • If this policy is '1' or 'true', passwords must meet the following minimum requirements:
    • Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
    • Be at least six characters in length (this setting and minimumPasswordLength can both be set, the effective minimum password length will be the higher of six and the value of minimumPasswordLength)
    • Contain characters from three of the following four categories:
    • English uppercase characters (A through Z)
    • English lowercase characters (a through z)
    • Base 10 digits (0 through 9)
    • Non-alphabetic characters (for example, !, $, #, %)
    • Complexity requirements are enforced when passwords are changed or created.
    • default: 0
  • accountLockoutThreshold
    • introduced in 8.2
    • Number of incorrect log on attempts for a username before locking the account for accountLockoutDurationSeconds
    • default: 5
  • accountLockoutDurationSeconds
    • introduced in 8.2
    • Number of seconds an account gets locked for after accountLockoutThreshold failed log on attempts
    • default: 30