Security

Hello team!
I need a help on how I can archive the below;

  1. Disable Epicor user accounts that have been dormant for 90 days.

  2. Disable epicor user accounts whose blank password is not updated after 5 days of account creation or reset to blank password.

What version are you on @rosesway?

In 10.2, use Password Policy Maintenance to take care of those pesky blank passwords since they are a security risk.

image

1 Like

If you set you password expiration to 90 days, it will disable accounts that haven’t updated their passwords. Sometimes that’s less than the dormant time but safer. The other option is to write a BAQ that shows date last used > 90 days and then run a DMT to disable the users. This could be done from a PowerShell script. (You’ll trap a lot of high-level managers with this rule…) :wink:

2 Likes

I thought after the password expiration the user just gets prompted to reset their password and then they are allowed 3 grace logins to do that. If they do not reset after 3 logins then it would be disabled.

This is for sure a version question but instead of the BAQ / DMT you can place a button on the company configuration that trips a simple BPM to go check for dormant users and disable them. You could also schedule the BPM to run nightly.

2 Likes

10.2

Thank you Mark! this will help me for those with blank password… I hope this will apply to all companies because I do have around 185 companies in one database.

Good news. The UserFile table is global.

That was my impression too Dan. But I swear that I get people calling in for a password reset and they haven’t logged in for several weeks. Did they mess up their passwords three times? Quite possible. It provides some protection against brute force attacks but I like your scheduled BPM idea.

1 Like