The Policies tab lets you enable or disable selected services for the user. Administrator can setup policies for login and password.

Figure. Login policy and Password policy sections.

Login policy

Set the login policy to prevent uncontrolled access to the system.

  1. Enable Block user login for accounts that exceed a number of failed login attempts to limit the number of unsuccessful login attempts.

  2. Set the number of attempts and specify time period during which all future login attempts are blocked. After the specified time period is ended, the authentication procedure can be carried out again.

  3. In the Login policy mode, you can also select Do not block but delay... In this case the authentication procedure is not blocked but delayed for 20 seconds. After 20 seconds the authentication procedure can be carried out again.

  4. Enable Require administration authentication to access the system settings to ask for administrator's credentials every time upon entering WebAdmin.

  5. In Users login with their... , check Username to allow users to login with both username and email address or Email address to allow login only with email.

  6. Enable Convert % and / to @ in usernames to allow symbols "@", "%", "/" in the email addresses.

  7. Enable Use account login IP restriction to ensure that particular accounts can access the server from particular IP addresses. Click Login Restriction to select or add a restriction rule.

  8. Click Manage to manage Outlook Sync. See Outlook Sync.

Password policy

Set the password policy to enhance computer security and urge users to create strong passwords and apply them properly.

  1. Enable Active to activate the password policy. If it is disabled, all fields for password format are also disabled.

  2. To be sure that the password does not contain username and alias, as well as is encrypted, enable the corresponding toggles.

  3. Set the password format in the Password format section .

  4. Activate the password expiration and set the number of days before expiration when the user should receive a notification.

Note: In case that password expiration option is active and password is expired for a user, this user is immediately prompted for password change when logging to WebAdminor WebClient.

Note: Domain administrators are not able to ignore password policy when password violates it. Only the server administrators can ignore the password policy, so that the passwords are set to a high standard.