The High Security module (HSM) provides the option to expire passwords for users. If you do not activate the HSM, this feature is disabled after the 30-day trial expires. (Password expiration for administrator accounts is a core feature of the Server.) EFT Server executes cleanup procedures every day at 00:00:00 UTC and at Server Startup. This daily server cleanup removes/disables inactive administrators and user accounts and sends password reset and expiration notifications for every Site.
EFT Server allows you to set a reminder to notify users of their pending password expiration up to 30 days prior to the password expiration date. You can configure reminder options on the Site, in the Settings Template, and for each user, from 0 (no reminder) to 30 days (5 is the default) before expiration. The reminder can be in the form of a banner message, e-mail, or both.
EFT Server will send an e-mail informing the user of the pending expiration and provides instructions on how to change the password for one or possibly all protocols if all of the following are true:
the user's password is scheduled to expire
the e-mail reminder is enabled (The password expiration options are only available if the Allow users to reset their passwords check box is selected on the Site's, Settings Template's, or user's Security tab. Each will inherit the setting from the parent.)
the user account has an e-mail address associated with it
A user who typically connects over FTP can login via HTTP/S to change the password.
The e-mail reminder messages are editable files stored in EFT Server directory, and accept EFT Server variables (e.g., %days_left%), such as those shown in Event Rules. You can edit the text of the e-mails as described in the procedures below.
The files are stored in the APP_DAT_PATH directory (by default, C:\ProgramData\GlobalSCAPE\EFT Server Enterprise) and apply to all Sites on the Server.
To edit the password reset messages
In the administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the Server node.
In the right pane, click the General tab.
Next to Password reset reminder message, click the browse icon. Your default text editor (e.g., Notepad) opens with the reminder text.
Edit the text as needed, being careful not to delete the variables (%FULL_NAME%, %USERNAME%, %DAYS_LEFT%, %RESET_PAGE%), then save the file and close the text editor.
Next to Password reset required message, click the browse icon . Your default text editor, usually Notepad, opens with the reminder text.
Edit the text as needed, being careful not to delete the variables (%FULL_NAME%, %USERNAME%, %RESET_PAGE%), then save the file and close the text editor.
To edit the Password reset confirmation message, open the file in your default text editor, usually Notepad.
Edit the text as needed, being careful not to delete the variables (%USER.FULL_NAME%, %USER.LOGIN%, %REMOTE_IP%, %LINK%), then save the file and close the text editor.
Click Apply to save the changes on EFT Server.
Editing the User Login Credentials Message
Editing the Username Resend Message
Allowing or Forcing Password Reset on the Site
Expiring Passwords on the Site
Reminding Users when Password is About to Expire (Site)