Lock user accounts
You can lock users accounts after a number of unsuccessful logons so that someone cannot guess a user name and password combination.
account.lockout= | Modifiable field | account.lockout |
| Field Description | Lock a user account after a consecutive number of failed logons. Set to 0 to disable the function. The default value is 0. |
| Possible Values | User defined. |
| Value Definition | User-defined integer. |
account.lockout.timeout= | Modifiable field | account.lockout.timeout |
| Field Description | If user account is locked due to consecutive failed logons, re-enable the
account after this time. The period can be MIN,HOUR,DAY,MONTH. Note: This property is valid
only when account.lockout is enabled. |
| Possible Values | User-defined |
| Value Definition | User-defined. MIN,HOUR,DAY,MONTH. For example, set to 5MIN means that the
account is locked for 5 minutes. Set to 2DAY, means that the account is locked for 2 days.
Note: If left blank the account is locked until manually set. |
account.lockout.allowlogonfrom= | Modifiable field | account.lockout.allowlogonfrom |
| Field Description | You can use this property to allow users to log on from this host even if
their account is locked due to consecutive failed logons. If your account is locked, you can
log on to the BigFix® Remote Control
Server from
the computer or computers whose IP addresses are listed here.For example :
192.0.2.1;192.0.2.2;
Note: You must end each host name with a semi-colon. |
| Possible Values | User-defined |
| Value Definition | User-defined semi-colon separated list of IP addresses that ends with a semi-colon. |
- Example 1:
-
account.lockout = 0.
account.lockout.timeout = X.
The account is not locked after unsuccessful logon attempts because account.lockout=0.
- Example 2:
-
account.lockout = 3.
account.lockout.timeout =
After three successive failed logons for an account, the account is locked, and requires a reset. The reset can be made by an administrator account by editing the database or by using the server UI. This reset is a manual reset because account.lockout.timeout is not assigned a value.
- Example 3:
-
account.lockout = 3.
account.lockout.timeout = 1HOUR .
After three successive failed logons for an account, the account is locked for a duration of 1hour. However, it can be reset in the database or the serverUI by using an administrator account.
- Example 4:
-
account.lockout = 3
account.lockout.timeout =
account.lockout.allowlogonfrom=1.1.1.1;
After three successive failed logons for an account, the account is locked, and requires a reset in the database or the server UI by using an administrator account. The user can also log on from a computer with the IP address set in account.lockout.allowlogonfrom and the lockout is ignored.
When a user account is locked, you can unlock the account by using the Unlock locked userid menu item. For more information, see Unlocking user accounts.
When a user uses the forgotten password option on the logon page, a password is emailed to the registered user for the account. However, if the account is locked, it remains locked as a security precaution so that an attacker cannot have unlimited attempts to guess a password. You can use the property account.lockout.reset.onemailpassword to automatically unlock an account in this scenario.
account.lockout.reset.on.emailpassword= | Modifiable field | account.lockout.reset.on.emailpassword |
| Field Description | Determines whether a locked account is reset when the user selects the forgotten password check box on the logon screen. |
| Possible Values | True / False |
| Value Definition |
Note: This property works with the forgotten password feature, therefore, email must be enabled in
the system. |