Previous Topic: REGVAL ClassNext Topic: SERVICE Class


SEOS Class

The SEOS class controls the behavior of the native local security system.

The class contains only one record, called SEOS, which specifies general native security options. To view or change the status of SEOS class properties, use the setoptions command.

The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.

AuditCategory

Specifies which detected authorized and unauthorized events are audited.

AccountLogon

Specifies whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account.

AccountManagement

Specifies whether to audit each event of account management on a computer. Examples of account management events include:

  • A user account or group is created, changed, or deleted.
  • A user account is renamed, disabled, or enabled.
  • A password is set or changed.
DirectoryAccess

Specifies whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) defined.

Logon

Specifies whether to audit each instance of a user logging on to or logging off from a computer.

ObjectAccess

Specifies whether to audit the event of a user accessing an object. For example, a file, folder, registry key, printer, and so on, that has its own system access control list (SACL) defined.

PolicyChange

Specifies whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.

PrivilegeUse

Specifies whether to audit each instance of a user exercising a user right.

DetailedTracking

Specifies whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.

System

Specifies whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.

History

Defines the number of unique new passwords that have to be associated with a user account before an old password can be reused.

Limits: An integer between 1 and 24. If you specify zero, no passwords are saved.

Interval

Defines the period of time (in days) that a password can be used before the system requires the user to change it.

Min life

Defines the period of time (in days) that a password must be used before the user can change it.

Min length

Defines the least number of characters that a password for a user account may contain.

Password fails

Defines the number of failed logon attempts that causes a user account to be locked out.

Reset count after

Defines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts.