You can use the Defender Administration Console to create and configure Defender Security Policies. A Defender Security Policy can be assigned to a user, group of users, Access Node, or Defender Security Server.
If a different Defender Security Policy is applied to each of the above elements, the policy assigned to the user takes the highest priority, followed by the policy assigned to the group, then the policy assigned to the Access Node and finally, the policy assigned to the Defender Security Server. Security Policies cannot be aggregated.
Logon attempts made by the user are rejected if the user belongs to two groups with conflicting security policies and both groups are assigned to the Access Node through which the user connects to the Defender Security Server.
If no Defender Security Policy has been assigned, the default Defender Security Policy is applied. For more information, see Default Defender Security Policy.
When you have defined the Defender Security Policy, you can use its property pages to:
- Change the Defender Security Policy configuration.
- Change user account lockout information.
- Configure password and PIN expiration policies.
- Specify permitted logon hours.
- Configure settings for SMS tokens.
- Configure settings for e-mail tokens.
- Configure settings for GrIDsure tokens.