Query on Password policy:
>> How to disable “After Minutes” option in password policy?
>> What happen if it is set to “0”?
There is no switch to turn on/off the "After minutes" and the value comes as empty by default. The 'After Minutes' value takes effect if the 'Re-enable' account is selected. i.e. if "Allow 1 login attempt" is selected, the 'After Minutes' setting will be ignored.
If 'Re-enable' account is selected, and,
If 'After Minutes' set to 0, the account cannot be auto enabled, but you still can manually enble it if needed.
If 'After Minutes' set to a positive number, the account will be auto enabled after specified number of minutes.
The 'After Minutes' cannot be set to negative number, the adminUI will throw an error -- "Error: [Expiration] The value for "Incorrect Password reenablement minutes" cannot be negative."