System policies in exported policies

AuditAccesDenied

Audit security access failures

Determines whether to generate an audit message when a user attempts an action and is denied access to the secured object or feature because of insufficient security permissions

AuditAccessGranted

Audit security access successes

Determines whether to generate an audit message when a user attempts an action and is granted access to the secured object or feature because the user has the required security permissions.

AuditingEnabled

Audit changes to configuration and control system

Determines whether to generate audit messages when configuration and control system changes occur across the FactoryTalk system.

AccessTokenExpiration

Access token expiration

Sets the amount of time before the access token expires.

AccountLockoutAutoReset

Account lockout auto reset

The amount of time that must expire before a locked account is reset, allowing the user to attempt access again.

AccountLockoutThreshold

Account lockout threshold

Sets the number of consecutive failed log-on attempts that will cause an account to be locked. If set to 0, accounts are never locked.

AuditNonSecureClientConections

Audit non-secure client connections

Determines whether an audit message is created when client computers with FactoryTalk versions earlier than 2.50 connect to a directory server computer with FactoryTalk 2.50 or later.

AuthorizationCodeExpiration

Authorization code expiration

Sets the amount of time before the authorization token expires.

BadgeEnableSetting

Allow badge login

Determines whether FactoryTalk user accounts can log on to FactoryTalk using an RFID badge.

DataBitsSetting

Number of bits in ID

The number of bits for the badge ID.

DirectoryCacheExpiration

Directory cache expiration

Determines how long the cache files remain available after the client computer is disconnected from the server. Once this time elapses, reconnect to the directory server to access the latest data files.

If set to 0, cache files never expire.

DirectoryCacheExpirationWarning

Directory cache expiration warning

Determines when a warning notification displays in the notification area prior to the directory cache expiring.

If set to 0, warnings do not appear prior to cache expiration.

DNSAliasNameoftheFactoryTalkDirectoryServer

DNS Alias Name of the FactoryTalk Directory Server

Sets the DNS alias name of FactoryTalk Directory server.

FACBitsSetting

Number of bits for Facility Code

Identifies the number of bits used as the Facility Code (FAC).

FacilityCodeSetting

Use Facility Code

Determines whether badge identification numbers must also have a matching facility code to log on.

FactoryTalkWebAuthenticationport

FactoryTalk Web Authentication port

Sets the communication port that FactoryTalk Web Authentication server can access.

FactoryTalkWebSupportServiceport

FactoryTalk Web Support Service port

Sets the communication port that FactoryTalk Web Support Service port can access.

FACValueSetting

Facility Code

The facility code or codes that match the facility code embedded in the badge. This will be used as the first criteria when checking whether a badge can be used to log on.

FileTransferTimeout

Directory cache transfer waiting time

Sets how long the client computer waits before transferring cache files. This only applies when security authorization uses local client cache.

LogonSessionLease

Logon session lease

Sets the maximum number of hours that a user can remain logged on before the system checks whether the user’s account is still valid.

MaximumPasswordAge

Maximum password age

Sets the maximum number of days passwords can be used before they must change. If set to 0, passwords never expire.

MinimumPasswordAge

Minimum password age

Sets the minimum number of days passwords must be in effect before they can change. If set to 0, users can change their passwords immediately following a prior change.

MinimumPasswordLength

Minimum password length

Sets the minimum number of characters a user account password to a must contain. A value of 0 allows you to create user accounts without passwords.

PasswordExpirationWarning

Password expiration warning

Sets the number of days before passwords are due to expire that the system begins prompting users to change their passwords.

If Maximum password age is set to 0, the password expiration warning never appears.

PasswordHistory

Previous passwords remembered

Sets the number of unique new passwords that must be created before reusing an old password.

RefreshTokenExporationTime

Refresh token expiration time

Sets the amount of time before the refresh token expires.

RequireComputerAccounts

Require computer accounts for all client machines

Determines whether client computers can access the FactoryTalk network directory without having a computer account in the network directory. Disable this policy to allow users to connect remotely from any computer, even if the computer does not have a computer account in the FactoryTalk Directory.

RetainDeletedAccountHistory

Keep record of deleted accounts

To keep a record of accounts that were deleted and force all new accounts to be unique, select

Enabled

. Also, change a policy setting to show deleted accounts in the list of users. To discard accounts when they are deleted, select

Disabled

.

ReverseProxyPort

Reverse Proxy Port

Sets the website port for the computers using FactoryTalk Proxy Server.

ReverseProxyProtocol

Reverse Proxy Protocol

Sets the communication protocol for the computers using FactoryTalk Proxy Server.

ShowDeletedAccountsInUserList

Show deleted accounts in user list

Sets whether deleted account records are listed in the Users folder in the System tree.

SupportNonSecureClients

Support non-secure clients

Determines whether client computers with FactoryTalk versions earlier than 2.50 can access a directory server computer with FactoryTalk CPR 9 SR5 or later.

SupportSecureCryptography

Password encryption method

Determines how the password is encrypted when stored in the FactoryTalk Directory.

SynchronizedTransferCacheFile

Security authorization policy

Determines whether the client computer is authorized with directory files from server or local client cache files.

TrailingBitsSetting

Number of trailing parity bits to strip

Identifies the number of parity bits included in the badge identification number.

UseClientComputerName

Identify terminal server clients using the name of

Determines what computer name identifies clients connecting to the FactoryTalk Directory through Remote Desktop Services.

UseSingleSignOn

Use single sign on

Sets whether users can log on once to the FactoryTalk system or must log on to each FactoryTalk product separately.

UseStrongPasswords

Password must meet complexity requirements

Determines how simple or complex passwords must be.

Disabled means that passwords to user accounts can include any characters or combinations of characters.

Enabled requires users to create passwords that are more secure.

EnableLearningMode

Enable Default Access

Determines whether new applications are automatically allowed access to FactoryTalk Directory.

VerifyAppSignature

Verify Publisher Info

Determines whether to verify the publisher certificate information of FactoryTalk applications.

AuditToAlmLog

Send operator action audit messages to the alarm history log

Select this check box to generate tracking events for operator actions and send them to the alarm and event history log.

EventBufferSize

Buffer events before sending to clients, until xx events have occurred

The number of events that alarm servers queue before sending the events on to attached clients.

EventBufferTime

Buffer events before sending to clients, until xx second have elapsed

The number of seconds that alarm servers queue events before sending the events on to attached clients.

HighLowerLimit

High priority - lower limit

Defines alarm priority settings by filling in the values in the

Low

column.

MediumLowerLimit

Medium priority - lower limit

Define alarm priority settings by filling in the values in the

Low

column.

SuppressLog

Send suppressed alarms to the alarm history log

Use this setting to configure whether changes in the alarm state for suppressed alarms are recorded in the alarm and event history log.

OnlyQualityChangedForActiveLog

Only send changes in Quality for active alarms to the alarm history log

Select this check box to send changes in quality for only active alarms to the alarm history log.

Clear this check box to send changes in quality for all alarms (active or otherwise) to the log.

UrgentLowerLimit

Urgent priority - lower limit

Define alarm priority settings by filling in the values in the

Low

column.

ControllerStatusSeverity

Control status alarm

The severity for controller status alarms that are generated by the Rockwell Automation Device Server (FactoryTalk Linx).

OperatorActionSeverity

Operator Actions

The severity for the tracking events that are logged when an operator acknowledges, resets, enables, disables, suppresses, or unsuppresses an alarm.

DefaultProtocolSetting

Default Protocol Setting

Sets the default protocol from TCP/IP to DCOM or vice versa.

ICMPPeriod

Computer detection interval

The amount of time that the health monitoring service waits between its attempts to detect the existence of a computer on the network.

ReadyTimeout

Maximum delay before server is active

The maximum amount of time during a switch back that the server becoming active waits for clients to be ready for the switch.

TCPPeriod

Network failure detection interval

The time of how often the health monitoring service attempts to verify the health of the network connection to remote computers.

TCPTimeout

Maximum network glitch

The maximum duration of a network disruption before the health monitoring service determines that communications failed.