Sets SystoLock service OATH security policy settings.
Set-SystoLockOathSecurityPolicy [-DefaultAlgorithm <OathAlgorithmIdentifier>] [-DefaultHotpLength <Int32>]
[-DefaultTotpInterval <Int32>] [-DefaultTotpLength <Int32>] [-LogonFailureThreshold <Int32>]
[-LookAheadValue <Int32>] [-MinPinLength <Int32>] [-ValidationWindow <TimeSpan>] [-AuthType <NtdsAuthType>]
[-DomainController <String>] [-ProgressAction <ActionPreference>] [<CommonParameters>]
The Set-SystoLockOathSecurityPolicy cmdlet updates current OATH security policy configuration.
Set-SystoLockOathSecurityPolicy -MinPinLenght 6
Sets minimal PIN length to 6.
Set-SystoLockOathSecurityPolicy -LogonFailureThreshold 10
Sets logon failure threshold to 10.
As a result an OATH tokens would be locked after 10 consequent login failures.
Set-SystoLockOathSecurityPolicy -LogonFailureThreshold $null
Removes logon failure threshold.
As a result login failures would not block an OATH token.
Set-SystoLockOathSecurityPolicy -LookAheadWindow 10 -TimeSkewWindow '00:03:00'
Sets look-ahead and time-skew windows the server would tolerate when validating out-of-sync OATH tokens.
Specifies authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Specifies default OATH token algorithm for newly created tokens if not specified explicitly.
Possible values: None, HotpSha1, TotpSha1, TotpSha256, TotpSha512, Obsolete5, EcdhTotpSha256
Type: OathAlgorithmIdentifier
Parameter Sets: (All)
Aliases:
Accepted values: None, HotpSha1, TotpSha1, TotpSha256, TotpSha512, Obsolete5, EcdhTotpSha256
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies default PIN length for event-based tokens.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
Specifies default time interval for time-based tokens.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
Specifies default PIN length for time-based tokens.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
Specifies domain controller name (optional).
Accepts a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the number of failed login attempts that will cause an OATH tokes to be locked.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the number of events that the server would tolerate when validating out-of-sync event based OATH tokens.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
Specifies the minimal PIN length the would allow to use.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the time interval that the server would tolerate when validating out-of-sync time based OATH tokens.
Type: TimeSpan
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 00:00:00
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
This cmdlet does not accept any pipeline input.
Product OATH security policy settings model class.
Get-SystoLockOathSecurityPolicy