查询 Windows 中的密码最长期限策略
Query Password Max Age Policy in Windows
我找到了一些代码,用于检查是否设置了 SECPOL.MSC 复杂性设置。这是我所看到的唯一一项处理从 Windows 安全策略管理器访问设置的项目。有谁知道我可以重做这个来检查最大密码年龄的方法吗?我想确保用户设置为 90 或以下。
我从这里得到代码:https://gist.github.com/jkingry/421802
class Program
{
static void Passive(string[] args)
{
Console.Write(MaxPasswordAgePolicy());
}
static bool MaxPasswordAgePolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = ;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}
class IniFile
{
public static IniFile Load(string filename)
{
var result = new IniFile();
result.Sections = new Dictionary<string, IniSection>();
var section = new IniSection(String.Empty);
result.Sections.Add(section.Name, section);
foreach (var line in File.ReadAllLines(filename))
{
var trimedLine = line.Trim();
switch (line[0])
{
case ';':
continue;
case '[':
section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
result.Sections.Add(section.Name, section);
break;
default:
var parts = trimedLine.Split('=');
if (parts.Length > 1)
{
section.Add(parts[0].Trim(), parts[1].Trim());
}
break;
}
}
return result;
}
public IDictionary<string, IniSection> Sections { get; private set; }
}
class IniSection : Dictionary<string, string>
{
public IniSection(string name)
: base(StringComparer.OrdinalIgnoreCase)
{
this.Name = name;
}
public string Name { get; private set; }
}
}
我能看到
var MaxPasswordAge = 0;
也许改变就是你想要的?否则,您可以尝试将值存储在其他地方并使用不同的方法进行检查:)
static bool PasswordComplexityPolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = 0;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}
我找到了一些代码,用于检查是否设置了 SECPOL.MSC 复杂性设置。这是我所看到的唯一一项处理从 Windows 安全策略管理器访问设置的项目。有谁知道我可以重做这个来检查最大密码年龄的方法吗?我想确保用户设置为 90 或以下。
我从这里得到代码:https://gist.github.com/jkingry/421802
class Program
{
static void Passive(string[] args)
{
Console.Write(MaxPasswordAgePolicy());
}
static bool MaxPasswordAgePolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = ;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}
class IniFile
{
public static IniFile Load(string filename)
{
var result = new IniFile();
result.Sections = new Dictionary<string, IniSection>();
var section = new IniSection(String.Empty);
result.Sections.Add(section.Name, section);
foreach (var line in File.ReadAllLines(filename))
{
var trimedLine = line.Trim();
switch (line[0])
{
case ';':
continue;
case '[':
section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
result.Sections.Add(section.Name, section);
break;
default:
var parts = trimedLine.Split('=');
if (parts.Length > 1)
{
section.Add(parts[0].Trim(), parts[1].Trim());
}
break;
}
}
return result;
}
public IDictionary<string, IniSection> Sections { get; private set; }
}
class IniSection : Dictionary<string, string>
{
public IniSection(string name)
: base(StringComparer.OrdinalIgnoreCase)
{
this.Name = name;
}
public string Name { get; private set; }
}
}
我能看到
var MaxPasswordAge = 0;
也许改变就是你想要的?否则,您可以尝试将值存储在其他地方并使用不同的方法进行检查:)
static bool PasswordComplexityPolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = 0;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}