Worklet: Set Windows Password Policy

5 years ago
October 18, 2019
0 replies
179 views

Nic-Automox
Former Automox Employee
832 replies

Sets password policy using SECEDIT. Note that this only works for Windows machines that aren’t in Active Directory.

Evaluation code:

#REQUIRES -Version 2.0

<#
.SYNOPSIS
	This script tests to see if the remediation script has been run
.DESCRIPTION
	After the remediation script is run there will be a registry key for the template.
    This script checks to see if that registry key exists and what the value is.
    If the key and value match the other script this test script returns a 0.
    otherwise it returns a 1 and the remediation script needs to be ran.
.NOTES
	File Name 	    :Password-policy-Test.ps1
	Author 		    :Automox
	Prerequisite 	:PowerShell V3 on Win10
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function Policy_check() {
    $Reg_Val=Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\' | select-object TemplateUsed -ExpandProperty TemplateUsed | out-string
    if ($Reg_Val.Trim() -match "Automox_Policy.inf") {
        return 0
    }
    else {
        return 1
    }
}

Policy_check

Remediation code:

#REQUIRES -Version 2.0

<#
.SYNOPSIS
	This script allows an admin to edit security policy settings relating to Passwords.
.DESCRIPTION
	Security policies can only be modified by creating a new policy and importing it into the
	policy manager. The following code writes a new policy to the temp directory and imports
	it into the manager using SECEDIT. The settings included are the most common settings
    relating to password policy, however any additional settings can be specified.
    This is an example script that has been tested to work on Win10 and Win7.
    This script may not work on all systems. Modify to fit your needs
.NOTES
	File Name 	    :Password-Policy-Rem.ps1
	Author 		    :Automox
	Prerequisite 	:PowerShell V3 on win10
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function Policy_Change {
########Change the settings in this block############
$User_settings= @"
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 1
PasswordHistorySize = 0
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
NewAdministratorName = "Administrator"
NewGuestName = "Guest"
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 0
EnableGuestAccount = 0

[Version]
signature= "`$Chicago`$"
Revision=1
"@
#######################################################

    Add-content c:\Windows\Inf\Automox_Policy.inf "$User_settings"
    SECEDIT /configure /db secedit.sdb /cfg C:\Windows\Inf\Automox_Policy.inf
    Remove-Item c:\Windows\Inf\Automox_Policy.inf
}

Policy_Change

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Getting 429 - TooManyRequests on Get Subscribericon

429 on Get Subscriber when using the suggested webhook implementationicon

iOS 15 GetPurchaserInfo() emptyicon

How to solve 429 "There is another request in flight trying to perform the same action"?

Not getting subscriptions associated to a customerIdicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings