Auditing User Policies
Use the Audit Policies option to check existing user policies against the default, recommended settings.
The Audit Policies option is available in System Security on the User Policies page under Wizards. You can use this option to check how the settings in the user policies relate to the default settings that are in the system as recommended settings for optimal security. For example, you can validate whether the minimum and maximum length of passwords is shorter than what's recommended. The validations are based on the default settings set out in the table below.
|
Default, recommended settings |
Validation message |
Explanation |
|---|---|---|
|
Minimum Password Length = 6 |
Minimum Password Length too short |
The minimum length specified for the password is less than the recommended setting. |
|
Maximum Password Length = 15 |
Maximum Password Length too short |
The maximum length specified for the password is less than the recommended setting. |
|
Password Complexity = On |
Password Complexity does not match |
The password complexity option is not enabled for the policy. |
|
Password Reset PIN <user specified PIN> |
"No Password Reset PIN" |
No password reset PIN is set up. |
|
Keep Password History = 10 |
"Password History is too short" |
The number of passwords retained is less than the recommended setting which might make it easy to reuse previously used passwords. |
|
Password Expires After = 90 days |
"Password Expires After is too long" |
The expiration period for the password is longer than the recommended period. |
|
Lock Account After Inactivity = 120 days |
"Lock Account After Inactivity is too long" |
The inactivity period is longer than the recommended period. |
|
Lock Account After Invalid Logon = 3 |
"Lock Account After Invalid Logon Attempts is too long" |
The number of invalid login attempts is higher than the recommended setting. |
|
Lockout Within Minutes = 30 |
"Lockout Within Minutes is too short" |
The period for invalid login attempts is shorter than the recommended setting. |
|
Lockout For Minutes = 30 |
"Lockout for Minutes is too short" |
The lockout period is shorter than the recommended setting. |
