Sets SystoLock service OATH security policy settings.
Set-SystoLockOathSecurityPolicy [-LogonFailureThreshold <Int32>] [-LookAheadValue <Int32>]
[-MinPinLength <Int32>] [-ValidationWindow <TimeSpan>] [-AuthType <NtdsAuthType>] [-DomainController <String>]
[<CommonParameters>]
The Set-SystoLockOathSecurityPolicy cmdlet updates current OATH security policy configuration.
Set-SystoLockOathSecurityPolicy -MinPinLenght 6
Sets minimal PIN length to 6.
Set-SystoLockOathSecurityPolicy -LogonFailureThreshold 10
Sets logon failure threshold to 10.
As a result an OATH tokens would be locked after 10 consequent login failures.
Set-SystoLockOathSecurityPolicy -LogonFailureThreshold $null
Removes logon failure threshold.
As a result login failures would not block an OATH token.
Set-SystoLockOathSecurityPolicy -LookAheadWindow 10 -TimeSkewWindow '00:03:00'
Sets look-ahead and time-skew windows the server would tolerate when validating out-of-sync OATH tokens.
Authentication method to use with domain controller (optional).
The acceptable values for this parameter are: Kerberos and Negotiate.
The default authentication method is Kerberos.
Possible values: Kerberos, Negotiate
Type: NtdsAuthType
Parameter Sets: (All)
Aliases:
Accepted values: Kerberos, Negotiate
Required: False
Position: Named
Default value: Kerberos
Accept pipeline input: False
Accept wildcard characters: False
Domain controller name (optional).
You can pass a domain name, a fully qualified domain name or an IP address of the domain controller.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The number of failed login attempts that will cause an OATH tokes to be locked.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The number of events that the server would tolerate when validating out-of-sync event based OATH tokens.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
The minimal PIN length the would allow to use.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
The time interval that the server would tolerate when validating out-of-sync time based OATH tokens.
Type: TimeSpan
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 00:00:00
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
This cmdlet does not accept any pipeline input.
SystoLock OATH security policy settings model class.
Get-SystoLockOathSecurityPolicy