DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.schema.mof
[ClassVersion("1.0.0.0"), FriendlyName("AccountPolicy")] class MSFT_AccountPolicy : OMI_BaseResource { [Key, Description("A unique name of the AccountPolicy resource instance. This is not used during configuration.")] String Name; [Write, Description("Specifies the number of unique new passwords that must be associated with a user account before an old password can be reused. A number from 0 through 24 can be specified")] Uint32 Enforce_password_history; [Write, Description("Specifies the period of time (in days) that a password can be used before the system requires the user to change it. A number from 0 through 999 can be specified, with 0 meaning the password will never expire")] Uint32 Maximum_Password_Age; [Write, Description("Specifies the period of time (in days) that a password must be used before the user can change it. A number from 0 to 998 can be specified")] Uint32 Minimum_Password_Age; [Write, Description("Specifies the least number of characters that can make up a password for a user account. A number from 0 to 14 can be specified")] Uint32 Minimum_Password_Length; [Write, Description("Specifies whether passwords must meet a series of guidelines that are considered important for a strong password"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String Password_must_meet_complexity_requirements; [Write, Description("Specifies whether passwords are stored in a way that is reversible to provides support for applications that use protocols that require the user's password for authentication "), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String Store_passwords_using_reversible_encryption; [Write, Description("Specifies the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. A number from 1 through 99,999 can be specified")] Uint32 Account_lockout_duration; [Write, Description("Specifies the number of failed sign-in attempts that will cause a user account to be locked")] Uint32 Account_lockout_threshold; [Write, Description("Specifies the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0")] Uint32 Reset_account_lockout_counter_after; [Write, Description("Specifies whether the Kerberos V5 Key Distribution Center (KDC) validates every request for a session ticket against the user rights policy of the user account"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String Enforce_user_logon_restrictions; [Write, Description("Specifies the maximum number of minutes that a granted session ticket can be used to access a particular service. A number from 10 to the value of the 'Maximum lifetime for service ticket' policy setting can be specified")] Uint32 Maximum_lifetime_for_service_ticket; [Write, Description("Specifies the maximum amount of time (in hours) that a user’s ticket-granting ticket can be used. A number from 0 to 99,999 can be specified")] Uint32 Maximum_lifetime_for_user_ticket; [Write, Description("Specifies the period of time (in days) during which a user’s ticket-granting ticket can be renewed. A number from 0 to 99,999 can be specified")] Uint32 Maximum_lifetime_for_user_ticket_renewal; [Write, Description("Specifies the maximum time difference (in minutes) that Kerberos V5 tolerates between the time on the client clock and the time on the domain controller that provides Kerberos authentication")] Uint32 Maximum_tolerance_for_computer_clock_synchronization; }; |