Create basic users
There are two user account types in Milestone XProtect VMS: Basic users and Windows users.
Basic users are user accounts that you create in Milestone XProtect VMS. It is a dedicated system user account with a basic user name and password authentication for the individual user.
Windows users are user accounts that you add through Microsoft's Active Directory.
There are some differences between basic users and Windows users:
- Basic users are authenticated by a user name and password combination and are specific to one system/site. Note that even if a basic user created at one federated site has the same name and password as a basic user on another federate site, the basic user only has access to the site it has been created on.
- Windows users are authenticated based on their Windows login and are specific to a machine.
Configure login settings for basic users
You can define the login settings for basic users in a JSON file, which is located here: \\Program Files\Milestone\Management Server\IIS\IDP\appsettings.json.
In that file, you can set the following parameters:
LoginSettings | |
"ExpireTimeInMinutes": 5 | Define the length of time (in minutes) a login session will expire if the user takes no action. |
LockoutSettings | |
"LockoutTimeSpanInMinutes": 5 | Define the length of time (in minutes) a user will be locked out. |
"MaxFailedAccessAttempts": 5 | Define the number of attempts a user will have to log in before being locked out. |
PasswordSettings | |
"RequireDigit": true | Define whether base digits (0 through 9) are required in the password. |
"RequireLowercase": true | Define whether lowercase characters are required in the password. |
"RequireNonAlphanumeric": true | Define whether special characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/) are required in the password. |
"RequireUppercase": true | Define whether uppercase characters are required in the password. |
"RequiredLength": 8 | Define the number of characters that are required in the password. There is a minimum password length of {0} characters and a maximum password length of 255 characters. |
"RequiredUniqueChars": 1 |
Define the minimum number of unique characters that are required in a password. For example, if you set required unique characters to 2, then passwords such as – aaaaaa, aa, a, b, bb, bbbbbbb – will be rejected. Whereas – abab, abc, aaab, and so forth – will be accepted because there are at least two unique characters in the password. Increasing the number of unique characters in a password increases password strength by avoiding repetitive sequences that are easily guessed. |
To create a basic user on your system:
- Expand Security > Basic Users.
- In the Basic Users pane, right-click and select Create Basic User.
- Specify a user name and a password. Repeat the password to be sure you have specified it correctly.
- Specify if the basic user should change password on next login. Milestone recommends that you select the check box so that basic users can specify their own passwords when they log in for the first time.
- Specify the status of the basic user to be Enabled or Locked out.
- Click OK to create the basic user.
The password must meet the complexity as defined in the appsettings.json file (see Configure login settings for basic users).
You should only clear the check box when you create basic users that cannot change their password. Such basic users are, for example, system users, that are used for plug-ins and server services authentication.