User Policies; blank database updated, tooltip added

The User Policy, Password Policy page, a tooltip has been added for Lockout "Defines the number of login attempts within a time period that causes the User to be locked out. The Lockout will be cancelled after the lockout minutes (0 minutes = indefinite)".

In addition the default settings added in a new database for User Policy "G", General were not the current standards.

The following settings have been updated:

• Allow Databases to be opened in Exclusive mode?
• Updated from checked to unchecked.
• Password
• Delay seconds, updated from 2 to 0.1 seconds
• Login Timespan, updated from 10 to 60 minutes
• Lockout updated from 1 to 0 (indefinite) minutes
• Min Length, updated from 4 to 5 characters
• Force Strong Passwords, updated from unchecked to checked
• Event Logging
• Login Succeeded, updated from 1 - Low Severity => 0 - Do Not Log
• Change Password, updated from 2 => 1 - Low Severity

Most importantly the Event Logging for Successful Logins was set to "1 - Low Severity" rather than "0 - Do Not Log". This means the ISAuditLog table can get bloated with successful login records. We suggest you consider changing this setting and purging these logs.