Re: programmatically reading password policy or check the complexi
- From: "Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx>
- Date: Tue, 26 Aug 2008 09:23:31 -0700
river-
Actually, I think I sent you down the wrong path with the LSA APIs. I don't see one there that will get you whether or not password complexity is enabled. In fact, I don't see where this is actually retrieved. For example, where I would thought it would have been, in the structure returned from NetUserModalsGet, its not there. So, I suspect the way you are doing it now by parsing the output of secedit is probably as good a method as any. If I do track it down I will let you know.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
*******************************
Secure and configure your Windows desktops accurately every time without having to learn or install new technology.
Find out more about Desktop Policy Manager at http://www.sdmsoftware.com/desktop_management
*******************************
"snaxum" <snaxum@xxxxxxxxxxx> wrote in message news:C25328AE-E8ED-4B6A-ACB6-31AE980B830B@xxxxxxxxxxxxxxxx
Thanks Darren!
Would you please tell me what is the name of the Lsa* function?
I searched out the Lsa* APIs, but i am not sure which one is what i need.
I also have another solution to find out the password policy, that is call
"secedit.exe /export /cfg pwdPolicy.txt", then my program parses the
pwdPolicy.txt to get the MinimumPasswordLength and PasswordComplexity. After
i get the two values, then i can check wether the password meet the
complexity requirement.
--
river
"Darren Mar-Elia" wrote:
On #1, this is a known issue with RSOP--it does not accurately report
non-domain based security policy because local security policy does not use
GP--and thus bypasses RSOP completely.
On #2, you might want to search MSDN for the LSA* APIs. You should find one
in there that gets you the info you need.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
*******************************
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology.
Find out more about Desktop Policy Manager at
http://www.sdmsoftware.com/desktop_management
*******************************
"snaxum" <snaxum@xxxxxxxxxxx> wrote in message
news:1D5BC9A1-2198-4194-9C3B-B2D4BB901433@xxxxxxxxxxxxxxxx
> My project (written by c++) has a requirement that it needs to check > the
> password complexity before create the new account
> I searched out the msdn and google, and got some findings, but none is > the
> perfect
> 1. RSOP_SecuritySettingNumeric and RSOP_SecuritySettingBoolean
> it gets the password policy and works well on the system which is in > a
> domain, but it does not work in a workgroup
> 2. NetValidPasswordPolicy
> it checks whether the password meet the complexity according to the
> "password policy" and works well in 2003 server and vista, but it does > not
> work on XP
>
> But there is no way to read the password policy or check the password
> complexity on both domain/workgroup, or on both xp and vista.
>
> Anybody has any idea on this issue?
>
>
> -- > river
.
- References:
- programmatically reading password policy or check the complexity?
- From: snaxum
- Re: programmatically reading password policy or check the complexity?
- From: Darren Mar-Elia
- programmatically reading password policy or check the complexity?
- Prev by Date: Re: Evt ID 1085 GP client-side extension IE ZoneMapping failed to
- Next by Date: Server 2003, DNS, Birch Telecom T1
- Previous by thread: Re: programmatically reading password policy or check the complexity?
- Next by thread: Re: DC/site placement question
- Index(es):
Relevant Pages
|
