Select Users in the Server app sidebar.
Click the Action pop-up menu
, then choose Edit Global Password Policy.Select the options to enable, then click OK.
You can use the Server app to set a global password policy that’s applied to all non-admin users. Changes take effect the next time users log in.
There are two types of policies: disabling login when specific conditions are met, and password restrictions.
The server enforces password policies for users. For example, a user’s password policy can specify a password expiration interval. If the user tries to log in and the server determines that the user’s password has expired, the user must set a new password to log in.
Password policies can disable a user account on a specified date, after a number of days, after a period of inactivity, or after a number of failed login attempts. Password policies can also require passwords to be a minimum length, contain at least one letter, contain at least one numeral, differ from the account name, differ from recent passwords, or be changed periodically.
Important: If you choose to disable a user account after a number of failed login attempts, the user account is automatically reenabled after one minute.
Password policies don’t affect administrator accounts. Administrators are exempt from password policies, because they can change these policies, and because enforcing password policies on administrators could subject them to denial-of-service attacks.
Select Users in the Server app sidebar.
Click the Action pop-up menu , then choose Edit Global Password Policy.
Select the options to enable, then click OK.