| Summary_list | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
| Info |
|---|
After changing any of the following settings, you will need to restart the TIM Enterprise service before for the changes will to take effect. |
| HTML |
|---|
<a id="Blocking invalid login attempts"></a> |
Blocking invalid
...
login attempts
The system can blacklist the source IP address of a would-be attacker if a number of unsuccessful access attempts are made within a specified period of time. The following two Registry entries determine how many invalid login attempts are permissible before the source IP is blacklisted and, if so, for how long the blacklist will remain in place until further attempts are entertained:-
| Registry String data value | Description |
|---|---|
| FloodFailCount = 0 | Number of attempts |
| FloodLockTime = 60 | Lockout duration |
...
If you would like to change the default port used for web traffic, you can edit the WWWServerPort Registry key.
...
Within the Windows Registry, right click and select New ? -> String Value and name it HighSecurity.
ThenNext, double-click on it and enter the Value of True, as shown below:
...
You can change the type of connection that TIM will respond to, by adding the Registry String Value WWWSSLProtocol.
Note that this this is a case-insensitive string value with one of the following data values:
...
Each part of the complexity string is defined by a pair of characters, a single character denoting the type of policy, immediately followed by a numeric character (0-9) stipulating how many characters of that type are required to satisfy the password policy.
The Type characters are as follows:-
- A: Upper- or lower-case characters
- a: Lower-case characters
- !: Symbol characters
- #: Numeric characters
...
| Code Block |
|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Tri-Line\TIM Enterprise\Main\PasswordComplexity = "A6a0!0#2" |
| Info |
|---|
The value of PasswordComplexity must always be 8 characters, otherwise the policy will not be implemented. The order of each Type pair ( Type character and amount character) is not important. |
...
The server running TIM Enterprise will email the web user advising that a password change is required. The web user must have an email address configured, for notification to take place.
If the password is not changed by the expiry date then , the account is automatically disabled.
| Registry String data value | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PasswordExpiryTimeUnits | Determines the time units that the related expiry entries (below) will use. Valid values are "minutes", "hours", "days", "weekdays"
| ||||||||||||||||
| PasswordExpiryReminder | A value, in the units described by the PasswordExpiryTimeUnits entry, after which an email is sent to the web user to remind them to change their password. | ||||||||||||||||
| PasswordExpiryDisable | A value, in the units described by the PasswordExpiryTimeUnits entry, which specifies how long after the reminder email (above) is sent, that a web user's account will be disabled if it hasn't been updated. |
...
Therefore, using the default settings, a web user will receive an email reminder after 7 days . The and the account will be disabled after 14 days (7 plus 7).
If the PasswordExpiryReminder value is zero then password reminder functionality is disabled and neither a reminder email will be sent, nor will a web user's account be disabled. Since this value has a default of "7", this value must be explicitly set to zero to disable password reminder functionality.
...
| <%%> variable | Description |
|---|---|
| <%product%> | The name of the product eg, e.g. TIM Enterprise |
| <%expiryunits%> | The value of PasswordExpiryTimeUnits |
| <%expirydate%> | A computed date of the above values relative to the date that the email was sent at, in local date/time format. |