Worklet: Set Windows Password Policy

Sets password policy using SECEDIT. Note that this only works for Windows machines that aren’t in Active Directory.

Evaluation code:

#REQUIRES -Version 2.0

<#
.SYNOPSIS
	This script tests to see if the remediation script has been run
.DESCRIPTION
	After the remediation script is run there will be a registry key for the template.
    This script checks to see if that registry key exists and what the value is.
    If the key and value match the other script this test script returns a 0.
    otherwise it returns a 1 and the remediation script needs to be ran.
.NOTES
	File Name 	    :Password-policy-Test.ps1
	Author 		    :Automox
	Prerequisite 	:PowerShell V3 on Win10
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function Policy_check() {
    $Reg_Val=Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\' | select-object TemplateUsed -ExpandProperty TemplateUsed | out-string
    if ($Reg_Val.Trim() -match "Automox_Policy.inf") {
        return 0
    }
    else {
        return 1
    }
}

Policy_check

Remediation code:

#REQUIRES -Version 2.0

<#
.SYNOPSIS
	This script allows an admin to edit security policy settings relating to Passwords.
.DESCRIPTION
	Security policies can only be modified by creating a new policy and importing it into the
	policy manager. The following code writes a new policy to the temp directory and imports
	it into the manager using SECEDIT. The settings included are the most common settings
    relating to password policy, however any additional settings can be specified.
    This is an example script that has been tested to work on Win10 and Win7.
    This script may not work on all systems. Modify to fit your needs
.NOTES
	File Name 	    :Password-Policy-Rem.ps1
	Author 		    :Automox
	Prerequisite 	:PowerShell V3 on win10
#>
#Handle Exit Codes:
trap {  $host.ui.WriteErrorLine($_.Exception); exit 90 }

function Policy_Change {
########Change the settings in this block############
$User_settings= @"
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 1
PasswordHistorySize = 0
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
NewAdministratorName = "Administrator"
NewGuestName = "Guest"
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableAdminAccount = 0
EnableGuestAccount = 0

[Version]
signature= "`$Chicago`$"
Revision=1
"@
#######################################################

    Add-content c:\Windows\Inf\Automox_Policy.inf "$User_settings"
    SECEDIT /configure /db secedit.sdb /cfg C:\Windows\Inf\Automox_Policy.inf
    Remove-Item c:\Windows\Inf\Automox_Policy.inf
}

Policy_Change