EFT Server's HS-PCI module (Payment Card Industry Data Security Standard High Security Module; add on to EFT Server to facilitate ongoing compliance with PCI DSS v1.1.) allows you to disable or remove user accounts; however, administrator accounts can only be removed, not disabled. Inactive accounts are removed every night at midnight, during Server Startup, and at each GetAllSites() response. If you do not activate the HS-PCI module, this feature is disabled after the 30-day trial period expires.
For HS-PCI-enabled sites, EFT Server enables the option to disable or remove inactive accounts automatically, and warn if you attempt to disable that setting. The option to remove administrator accounts will be enabled by default, unless during the setup process you choose not to enable this option. EFT Server prompts administrators when they login advising them of the potential removal of their account if their login failed due to unknown login name. The removal of accounts is captured in the Auditing and Reporting database for reporting.
If a user attempts to log in remotely to EFT Server with an administrator username that does not exist or an incorrect password, EFT Administrator displays a warning message.
To specify automatic removal of inactive user accounts
In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Server you want to configure, then click the Administration tab. The Account Security settings appear at the bottom of the tab.
Select the Remove admin accounts after check box, then specify the number of days of inactivity after which to remove the account.
A change in any date-sensitive value resets the calculations. For example, if this feature was configured for 60 days, and you change it to 90 days, the count resets to zero, so that any inactive account that has been inactive for 59 days and was set to be removed tomorrow, will now not be considered inactive until 90 days from today. |