With the introduction of Password Rules Management, PowerSchool now provides PowerSchool administrators the ability to configure various rules that are applicable when Students, Admins and Teachers, and Parents establish and maintain their passwords, including:
- Password Complexity Rules
- Password Expiration Rule
- Password Reuse Rule
- Account Lockout Rule
Once Password Rules Management is configured, Password Rules Management functionality appears throughout the PowerSchool SIS Admin portal, the PowerSchool SIS Student and Parent portal, the PowerSchool SIS Teacher portal, and PowerTeacher Administrator.
When upgrading, Password Rules Management is automatically set to the following default values for students, admins and teachers, and parents:
- Password Complexity Rules (Minimum characters) – Set to 1 for students, admins, and teachers. Set to 6 for parents.
- Password Complexity Rules (Password contains) – Disabled.
- Password Expiration Rule – Disabled.
- Password Reuse Rule – Disabled.
- Account Lockout Rule – Disabled.
Once you have configured Password Rules Management, subsequent upgrades will preserve your configurations.
During the upgrade, user account data is migrated into the new Password Rules Management PCAS tables. Once the upgrade is completed, a comma-delimited file is created in the PowerSchool logs folder (the same folder containing pslog.txt and dalx.log) called PCAS_Migrate.csv. The file only contains errors and modified usernames. If the file appears empty, all accounts migrated successfully and without change. To open the file, use a spreadsheet application, such as Excel. The file displays original usernames, new usernames where the original usernames had to be modified, and any errors that were encountered during the migration. Possible errors include:
- Failed to migrate: Indicates that the account could not be migrated for unexpected reasons.
- Truncated password to 40 characters: Indicates that the user's password was too long for an admin-entered password and has been truncated to the first 40 characters of the password.
- Failed Rename in Legacy Table (PCAS and Legacy out of sync!): Indicates that the new username was created in PCAS, but was not copied back over to the legacy table overwriting the original username; as a result, the user will not be able to sign in; therefore, manually change the user's username via the appropriate PowerSchool page.
Note: If you are unable to identify a user by their username, the DCID value for that particular row in the appropriate table is given; you can use the DCID value to bring up the matching record in USM.
Using the information provided, you can notify users who usernames had to be modified (user names are modified to prevent duplicate user names from migrating to the new Password Rules Management PCAS tables, as well as to troubleshoot any data migration issues.
When installing, Password Rules Management is automatically set to the following default values for students, admins and teachers, and parents:
- Password Complexity Rules (Minimum characters) – Set to 7.
- Password Complexity Rules (Password contains) – Enabled.
- Password Expiration Rule – Set to 60 days.
- Password Reuse Rule – Set to 5.
- Account Lockout Rule – Set to 5.