I'm testing password aging in ACS 5.1, and I've found out that one can have only one global setting for the password lifetime for all internal accounts. Is there a possibility to exclude some internal accounts from this global password aging policy? I would like to have certain number of accounts, whose passwords shouldn't be aged at all...
Second question: when i was testing password aging, i've set password lifetime to 4 days with warning after 2 days. All accounts in my test ACS setup are now disabled, because 4 days passed from when i've changed this. Is there a possibility to enable multiple accouns at one time, or do i have to enable 500 internal accounts manually, one by one ?
thanks in advance
I am not aware of any way to mark internal users as having passwords that enver expire. This is done for admins to ensure there is always one admin that can access the system
In order to change multiple/all records for the internal users the following approach can be taken:
- Go to internal users list and press "Export" then "Start Export" and "Save File" to export the user records to a csv file
- Edit the file. In column with title "enabled" change "FALSE" to "TRUE" for all records. Save the updated file
- For internal user list page, press "File Options", select "Update" and then next to get to "Import File" section of wizard. Select the file saved in step 2) and press Finish
Afetr imort completes, all the internal user records should now show as "Enabled"