Skip to main content

Sets password policy using SECEDIT. Note that this only works for Windows machines that aren’t in Active Directory.



Evaluation code:



#REQUIRES -Version 2.0





<#


.SYNOPSIS


	This script tests to see if the remediation script has been run


.DESCRIPTION


	After the remediation script is run there will be a registry key for the template.


    This script checks to see if that registry key exists and what the value is.


    If the key and value match the other script this test script returns a 0.


    otherwise it returns a 1 and the remediation script needs to be ran.


.NOTES


	File Name 	    :Password-policy-Test.ps1


	Author 		    :Automox


	Prerequisite 	:PowerShell V3 on Win10


#>


#Handle Exit Codes:


trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }





function Policy_check() {


    $Reg_Val=Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\' | select-object TemplateUsed -ExpandProperty TemplateUsed | out-string


    if ($Reg_Val.Trim() -match "Automox_Policy.inf") {


        return 0


    }


    else {


        return 1


    }


}





Policy_check


Remediation code:



#REQUIRES -Version 2.0





<#


.SYNOPSIS


	This script allows an admin to edit security policy settings relating to Passwords.


.DESCRIPTION


	Security policies can only be modified by creating a new policy and importing it into the


	policy manager. The following code writes a new policy to the temp directory and imports


	it into the manager using SECEDIT. The settings included are the most common settings


    relating to password policy, however any additional settings can be specified.


    This is an example script that has been tested to work on Win10 and Win7.


    This script may not work on all systems. Modify to fit your needs


.NOTES


	File Name 	    :Password-Policy-Rem.ps1


	Author 		    :Automox


	Prerequisite 	:PowerShell V3 on win10


#>


#Handle Exit Codes:


trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }





function Policy_Change {


########Change the settings in this block############


$User_settings= @"


>System Access]


MinimumPasswordAge = 0


MaximumPasswordAge = 42


MinimumPasswordLength = 0


PasswordComplexity = 1


PasswordHistorySize = 0


LockoutBadCount = 0


RequireLogonToChangePassword = 0


ForceLogoffWhenHourExpire = 0


NewAdministratorName = "Administrator"


NewGuestName = "Guest"


ClearTextPassword = 0


LSAAnonymousNameLookup = 0


EnableAdminAccount = 0


EnableGuestAccount = 0





>Version]


signature= "`$Chicago`$"


Revision=1


"@


#######################################################





    Add-content c:\Windows\Inf\Automox_Policy.inf "$User_settings"


    SECEDIT /configure /db secedit.sdb /cfg C:\Windows\Inf\Automox_Policy.inf


    Remove-Item c:\Windows\Inf\Automox_Policy.inf


}





Policy_Change
Be the first to reply!

Reply


Terms & ConditionsCookie settings