查询Windows下的密码最长使用时间策略

本文关键字：时间策略 Windows 密码查询 | 更新日期: 2023-09-27 17:51:03

我发现了一些检查SECPOL的代码。是否设置复杂度的MSC设置。这是唯一的项目，我似乎处理从Windows安全策略管理器访问设置。有没有人知道一种方法，我可以重新工作，以检查最大密码年龄?我想确保用户设置为90或更低。

我从这里得到了代码:https://gist.github.com/jkingry/421802

        class Program
    {
        static void Passive(string[] args)
        {
            Console.Write(MaxPasswordAgePolicy());
        }
        static bool MaxPasswordAgePolicy()
        {
            var tempFile = Path.GetTempFileName();
            Process p = new Process();
            p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%'system32'secedit.exe");
            p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
            p.StartInfo.CreateNoWindow = true;
            p.StartInfo.UseShellExecute = false;
            p.Start();
            p.WaitForExit();
            var file = IniFile.Load(tempFile);
            IniSection systemAccess = null;
            var MaxPasswordAgeString = "";
            var MaxPasswordAge = ;
            return file.Sections.TryGetValue("System Access", out systemAccess)
                && systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
                && Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
                && MaxPasswordAge <= 90;
        }
        class IniFile
        {
            public static IniFile Load(string filename)
            {
                var result = new IniFile();
                result.Sections = new Dictionary<string, IniSection>();
                var section = new IniSection(String.Empty);
                result.Sections.Add(section.Name, section);
                foreach (var line in File.ReadAllLines(filename))
                {
                    var trimedLine = line.Trim();
                    switch (line[0])
                    {
                        case ';':
                            continue;
                        case '[':
                            section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
                            result.Sections.Add(section.Name, section);
                            break;
                        default:
                            var parts = trimedLine.Split('=');
                            if (parts.Length > 1)
                            {
                                section.Add(parts[0].Trim(), parts[1].Trim());
                            }
                            break;
                    }
                }
                return result;
            }
            public IDictionary<string, IniSection> Sections { get; private set; }
        }
        class IniSection : Dictionary<string, string>
        {
            public IniSection(string name)
                : base(StringComparer.OrdinalIgnoreCase)
            {
                this.Name = name;
            }
            public string Name { get; private set; }
        }
    }

我可以看到

var MaxPasswordAge = 0;

也许改变这就是你想要的?否则，您可以尝试将值存储在其他地方并检查不同的方法:)

            static bool PasswordComplexityPolicy()
        {
            var tempFile = Path.GetTempFileName();
            Process p = new Process();
            p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%'system32'secedit.exe");
            p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
            p.StartInfo.CreateNoWindow = true;
            p.StartInfo.UseShellExecute = false;
            p.Start();
            p.WaitForExit();
            var file = IniFile.Load(tempFile);
            IniSection systemAccess = null;
            var MaxPasswordAgeString = "";
            var MaxPasswordAge = 0;
            return file.Sections.TryGetValue("System Access", out systemAccess)
                && systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
                && Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
                && MaxPasswordAge <= 90;
        }