Previous Topic

Next Topic

Password Policy

Field

Description

Active

Check this box to have password policies enforced.

Password can not contain Username and Alias

Checking this box stops anyone creating a password equal to their username or alias.

Enable password encryption

Check this box IceWarp Server to use encryption for passwords. This setting is applied only for newly created or modified accounts.

TIP: Easy way how to apply password encryption for existing accounts is e. g. to set password expiration. This forces users to change their passwords = modify accounts.

Or use the tool command:

tool modify account *@* U_SMTP 1

This modifies all accounts by enabling SMTP (which is already enabled).

Minimal password length

Specify a minimum password length.

A value of 0 means no minimum length is required.

Number of numeric characters in password [0-9]

Specify the minimum number of numeric characters that must be present in the password.

A value of 0 means no numeric characters are required (but they can still be used).

Number of non alpha-numeric characters in password [!@#$%...]

Specify the minimum number of non alpha-numeric characters that must be present in the password.

A value of 0 means no non alpha-numeric characters are required (but they can still be used).

Number of alpha characters in password [a-z] [A-Z]

Specify the minimum number of non alpha characters that must be present in the password.

A value of 0 means no alpha characters are required (but they can still be used).

Number of uppercase alpha characters in password [A-Z]

Specify the minimum number of uppercase alpha characters that must be present in the password.

A value of 0 means no uppercase alpha characters are required (but they can still be used).

Field

Description

Active

Check this option to enable password expiration.

Passwords will expire after the specified number of days, forcing your users to regularly change them via IceWarp WebClient.

This can increase security.

NOTE: This box has to be ticked if you want to use the Expire Password Now button (Management – <Domain> – <User> – Options). In the case, you want to have this feature active, but still want passwords not to expire, set the Password expires after field to 0 (zero).

Password expires after (Days)

Specify the number of days after which the password expires.

Zero means that a password does not expire even if the Active box is checked.

Notify before expiration (Days)

Check this box to have users notified of their imminent password expiration.

Specify the number of days before expiration that the notification is to be sent.

Custom Notification Message File

Click this button to open a file where you can specify the content of the expiration notifications.

Passwords cannot be read or exported

Check this option to stop passwords being read or exported via the API or any other method.

For example, tool display account account@domain.com u_password will reveal a star instead of the password.

This is a recommended option as it can significantly increase security.

Administrator passwords cannot be read or exported

The same effect as the above option but only applies to server and domain administrators passwords.

This is a recommended option as it can significantly increase security.

See Also

Policies

Login Policy