RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide
23-24 Polycom, Inc.
Forcing Password Change
When the system is in Ultra Secure Mode the user is forced to change his/her password as
follows:
• After modifying the value of the ULTRA_SECURE_MODE System Flag to YES, all
Collaboration Server users are forced to change their Login passwords.
• When an administrator creates a new user, the user is forced to change his/her
password on first Login.
• If an administrator changes a users User ID name, that user is forced to change his/her
password on his/her next Login.
• If a user logs in using his/her old or default password, the Login attempt will fail. An
error, User must change password, is displayed.
• Changes made by the administrator to any of the Strong Password enforcement System
Flags render users’ passwords invalid.
Example: A user is logged in with a fifteen character password. The administrator changes
the value of the MIN_PASSWORD_LENGTH System Flag to 20.
The next time the user tries to log in, he/she is forced to change his/her password to meet
the updated Strong Password requirements.
Temporary User Lockout
When the ULTRA_SECURE_MODE System Flag is set to YES, Temporary User Lockout is
implemented as a defense against Denial of Service Attacks or Brutal Attacks. Such attacks
usually take the form of automated rapid Login attempts with the aim of gaining access to or
rendering the target system (any network entity) unable to respond to users.
If a user tries to log in to the system and the Login is unsuccessful, the user’s next Login
attempt only receives a response from the Collaboration Server after 4 seconds.
User Lockout
User Lockout can be enabled to lock a user out of the system after three consecutive Login
failures with same User Name. The user is disabled and only the administrator can enable the
user within the system. User Lockout is enabled when the USER_LOCKOUT System Flag is
set to YES.
If the user tries to login while the account is locked, an error message, Account is disabled, is
displayed.
User Lockout is an Audit Event.
A system reset does not reset the Login attempts counter.
The time period during which the three consecutive Login failures occur is determined by
the value of the USER_LOCKOUT_WINDOW_IN_MINUTES System Flag. A flag value of
0 means that three consecutive Login failures in any time period will result in User Lockout.
Value can be between 0 and 45000.
The duration of the Lockout of the user is determined by the value of the
USER_LOCKOUT_DURATION_IN_MINUTES System Flag. A flag value of 0 means
permanent User Lockout until the administrator re-enables the user within the system. Value
can be between 0 and 480.