Setting the manager password configuration

Symantec ESM lets you set the configuration requirements for the passwords on manager accounts. This option helps secure Symantec ESM by ensuring that the passwords that are used to access managers meet the proper security requirements.

To modify the password configuration requirements on a manager, you must connect to the manager using an account with the following rights:

Any changes to password settings apply only to subsequent user accounts. The existing user accounts are not automatically updated.

To set the manager password configuration

  1. On the enterprise tree, right-click the manager and click Properties.

  2. Click the Password Configuration tab.

  3. Click one of the following options:

    Minimum length

    This option requires the password to contain a user-determined minimum number of characters.

    The password should have at least six characters. Manager account passwords can contain up to eight characters.

    History length

    This option determines the number of passwords that Symantec ESM stores before letting you reuse old passwords.

    Require non-alphabetical character

    This option requires the password to contain at least one non-alphabetical character.

    Check against word lists

    This option directs Symantec ESM to check the password against its word lists to ensure that it cannot be easily guessed.

    Maximum password age

    This option determines how long a user can keep the same password.

    Number of invalid logon attempts before lockout

    This option determines how many times a user can try to log on and fail before Symantec ESM locks the account.

    Reset lockout counter

    This option specifies the time span within which the number of invalid logon tries must occur.

    For example, set the number of invalid logon tries to 3 and the reset counter to 30 minutes. 3 invalid logon tries within 30 minutes locks out the account. However, 3 invalid tries in a two-hour period do not lock out the account.

    Reset lockout counter duration

    This option lets you specify the length of time that can elapse before Symantec ESM resets a locked account. The lockout duration starts from the time of the last failed logon try.