CUCM Set Password Options

I like to share some password options which can be set for CUCM/IM/Unity

set password complexity minimum-length

This command modifies the value of minimum password length for the OS administration accounts.

set password complexity minimum-length max-repeat

Note:- Use this command after you enable the character complexity of passwords.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password age

This command modifies the value for password age, in days, for Cisco Collaboration Communication OS (C3OS) accounts.

set password age {maximum | minimum} days

Syntax Description

ParametersDescription
maximumSpecifies the maximum age.
minimumSpecifies the minimum age.
daysSpecifies the maximum password age and must be greater-than or equal-to 90 days.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password change-at-login

Use this command to force new or existing users to change their password when they sign in to the system the next time.

set password change-at-login {disable | enable}userid

Syntax Description

ParametersDescription
disableThis does not force users to change their password.
enableThis forces users to change their password when they sign in to the system the next time.
useridSpecifies the affected user account.

Command Modes

Administrator (admin:)

Usage Guidelines

By default, this command is enabled for new users, so users have to change their password the first time they sign in to the system.

Requirements

Command privilege level: 4

Allowed during upgrade: No

Applies to: IM and Presence service on Unified Communications Manager only.

set password complexity character

Use this command to enable or disable password complexity rules for the type of characters in a password.

NoteAfter you enable password complexity, this command also enables password history if it has not already been enabled (for more information, see the set password history command). If you had not previously enabled password history, the password history number parameter value gets set to 10. If you previously enabled password history with a value of less than 10, the value gets reset to 10 after you execute this command. If you previously enabled password history with a value of 10 or greater, the value remains unchanged after you execute this command.

set password complexity character {disable | enable}num-char

Syntax Description

ParametersDescription
disableThis turns off password complexity for character types.
enableThis turns on password complexity for character types. Note  When you disable password complexity, you also turn off password character difference , password character max-repeat , and password history .
num-charThis specifies the number of characters required from each of the four character sets: lowercase, uppercase, numbers, and special characters. Value range: 0-8 Default value: 1

Command Modes

Administrator (admin:)

Usage Guidelines

When you enable password complexity, you must follow these guidelines when you assign a password:

  • It must have at least the current setting, num-chars, of lower-case character.
  • It must have at least the current setting, num-chars, of uppercase characters.
  • It must have at least the current setting, num-chars, of digit characters.
  • It must have at least the current setting, num-chars, of special characters.
  • You cannot use adjacent characters on the keyboard; for example, qwerty.
  • You cannot reuse any of the previous passwords that match the passwords retained by password history.
  • By default, the admin user password can be changed only once in a 24-hour day.

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password complexity character difference

This command specifies the number of characters that the character sequence in a new password must differ from the character sequence in the old password.

set password complexity character differencenum-char

Syntax Description

ParametersDescription
num-charThis specifies the number of characters that the character sequence in a new password must differ from the character sequence in the old password. Value range: 0-31

Command Modes

Administrator (admin:)

Usage Guidelines

Enter 0 to indicate no difference.

NoteThe maximum password length is 31 characters.

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password complexity character max-repeat

This command specifies the number of times you can consecutively repeat a single character in a new password.

set password complexity character max-repeatmax-repeat

Syntax Description

ParametersDescription
max-repeatThis specifies the number of times you can consecutively repeat a single character in a new password. Value range: 0 – 10 Default value: 0

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password expiry maximum-age

This command enables or disables the password expiry maximum age settings for Cisco Collaboration Communication OS (C3OS) Administrator accounts.

set password expiry maximum-age {enable | disable}

Syntax Description

ParametersDescription
enableTurns on password expiry maximum age settings for Cisco Unified Operating System administrator accounts. The set password expiry enable command sets the value of maximum password age to 3650 days (10 yrs) for Cisco Unified Operating System Administrator accounts.
disableTurns off password expiry maximum age settings for Cisco Unified Operating System administrator accounts. The set password expiry disable command results in Cisco Unified Operating System Administrator accounts never expiring.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Example

admin:set password expiry maximum-age disable
Operation Successful.

set password expiry user maximum-age configure

This command modifies the value of the maximum password age for a particular Cisco Collaboration Communication OS Administration account in days.

set password expiry user maximum-age configureuseridmaximum password age

Syntax Description

ParametersDescription
useridEnter Cisco Collaboration Communication OS (C3OS) Administrator account.
maximum password ageEnter the maximum password age in days. This value must be equal to or greater than 10 days but less than 3650 days (10 years).

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: Yes

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password expiry minimum-age

This command enables or disables the password expiry minimum age settings for Cisco Unified Operating System Administrator accounts.

set password expiry minimum-age {enable | disable}

Syntax Description

ParametersDescription
enableTurns on password expiry minimum age settings for Cisco Unified Operating System administrator accounts. The set password expiry enable command sets the value of minimum password age to one day (24 hrs) for Cisco Collaboration Communication OS (C3OS) Administrator accounts.
disableTurns off password expiry minimum age settings for Cisco Collaboration Communication OS (C3OS) administrator accounts. This means that passwords for administrator accounts can be changed at any interval.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Example

admin:set password expiry minimum-age disable
Operation Successful.

set password expiry user maximum-age

This command disables the maximum age password expiry for a particular Cisco Unified Operating System Administrator account.

set password expiry user maximum-age {enable | disable}userid

Syntax Description

ParametersDescription
enableTurns on the maximum age password expiry settings for a particular Cisco Collaboration Communication OS (C3OS) administrator account. The set password expiry user enable command sets the value of maximum password age to 3650 days (10 yrs) for the Cisco Unified Operating System Administrator account.
disableTurns on the maximum age password expiry settings for a particularCisco Collaboration Communication OS (C3OS) administrator account. The set password expiry user enable command sets the value of maximum password age to 3650 days (10 yrs) for the Cisco Unified Operating System Administrator account.
useridSpecifies a particular Cisco Collaboration Communication OS (C3OS) Administrator account.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Example

admin:set password expiry user maximum-age enable
Operation Successful.

set password expiry user minimum-age

This command enables or disables the maximum age password expiry for a particular Cisco Unified Operating System Administrator account.

set password expiry user minimum-age {enable | disable}userid

Syntax Description

ParametersDescription
enableTurns on the minimum age password expiry settings for a particular Cisco Unified Operating System administrator account.
disableTurns off the minimum age password expiry settings for a particular Cisco Unified Operating System administrator account.
useridSpecifies a particular Cisco Unified Operating System Administrator account.

Command Modes

Administrator (admin:)

Requirements

Command privilege level: 1

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Example

admin:set password expiry user minimum-age disable
Operation Successful.

set password history

This command modifies the number of passwords that get maintained in the history for OS admin accounts. New passwords matching remembered passwords get rejected.

set password historynumber

Syntax Description

ParametersDescription
numberSpecifies the mandatory number of passwords to maintain in history.

Command Modes

Administrator (admin:)

Usage Guidelines

  • To disable, enter 0.
  • Default specifies 10.
  • Upper limit specifies 20.

Requirements

Command privilege level: 1

Allowed during upgrade: Yes

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

set password inactivity

set password inactivity {enable | disable | period}days

Syntax Description

ParametersDescription
enableEnable the password inactivity globally and update individual OS users according to the setting.
disableDisable the password inactivity globally and update individual OS users according to the setting.
periodConfigure the password inactivity period globally and update individual OS users according to the setting.
daysSpecify the number of days of inactivity after a password has expired before the account gets disabled. Valid range is 1 – 99.

Command Modes

Administrator (admin:)

Usage Guidelines

  • To enable password inactivity globally, execute the set password inactivity enable command. This command enables the password inactivity globally and updates individual OS users according to the setting.
  • To disable password inactivity globally, execute the set password inactivity disable command. This command disables the password inactivity globally and updates individual OS users according to the setting. A user whose account is disabled must contact the system administrator to use the system again.
  • To configure the password inactivity period execute the set password inactivity period days command. This command configures the password inactivity globally and updates individual OS users according to the setting.

Requirements

Command privilege level: 0

Allowed during upgrade: No

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Applies to: Unified Communications Manager, IM and Presence service on Unified Communications Manager, and Cisco Unity Connection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s