7
A
回答
5
請參閱Security Watch Windows Domain Password Policies。您可以使用ADSI或其包裝打AD。我發現了VBScript sample。你可以將它翻譯成任何你想要的語言:
Sub ListPasswordPolicyInfo(strDomain)
Dim objComputer
Set objComputer = GetObject("WinNT://" & strDomain)
WScript.Echo "MinPasswordAge: " & ((objComputer.MinPasswordAge)/86400)
WScript.Echo "MinPasswordLength: " & objComputer.MinPasswordLength
WScript.Echo "PasswordHistoryLength: " & objComputer.PasswordHistoryLength
WScript.Echo "AutoUnlockInterval: " & objComputer.AutoUnlockInterval
WScript.Echo "LockOutObservationInterval: " & objComputer.LockOutObservationInterval
End Sub
Dim strDomain
Do
strDomain = inputbox("Please enter a domainname", "Input")
Loop until strDomain <> ""
ListPasswordPolicyInfo(strDomain)
作爲獎金,退房LDAP Admin。它是一個開源的LDAP目錄編輯器,您可以使用它來測試事物,並檢查用Delphi編寫的代碼。
3
尤金的回答很有幫助,但不是我所需要的。密碼複雜性過濾器實際上可以進行自定義,如果問Windows,這個密碼是否符合要求會有什麼好處?
我花了一段時間才找到它,但功能是NetValidatePasswordPolicy。此功能的MSDN文檔非常糟糕;請檢查此MSDN blog entry。
1
查詢ActiveDirectory僅適用於加入域的計算機;並且用戶有能力查詢域控制器(這可以是未授權的)。
@尼古拉斯威爾遜的回答使用NetValidatePasswordPolicy是一個很好的;因爲它可以爲你做很多繁重的工作。它甚至可以執行密碼質量檢查,您將不得不重新實施自己。但NetValidatePasswordPolicy在使用鹽漬散列存儲密碼(例如BCrypt或Scrypt)時檢查自定義密碼歷史記錄的操作失敗。
但真正的問題是如何查詢當前機器(即使是非域加入機器)的密碼策略。您可以查詢,使用:
struct USER_MODALS_INFO_0
{
DWORD usrmod0_min_passwd_len;
DWORD usrmod0_max_passwd_age;
DWORD usrmod0_min_passwd_age
DWORD usrmod0_force_logoff;
DWORD usrmod0_password_hist_len;
}
PUSER_MODALS_INFO_0 = ^USER_MODALS_INFO_0;
PUSER_MODALS_INFO_0 info0;
NET_API_STATUS res = NetUserModalsGet(nil, 0, out info0);
if (res <> NERR_Success)
RaiseWin32Error(res);
try
//Specifies the minimum allowable password length.
//Valid values for this element are zero through PWLEN.
Log(info0.usrmod0_min_passwd_len);
//Specifies, in seconds, the maximum allowable password age.
//A value of TIMEQ_FOREVER indicates that the password never expires.
//The minimum valid value for this element is ONE_DAY.
//The value specified must be greater than or equal to the value for the usrmod0_min_passwd_age member.
Log(info0.usrmod0_max_passwd_age);
//Specifies the minimum number of seconds that can elapse between the time
//a password changes and when it can be changed again.
//A value of zero indicates that no delay is required between password updates.
//The value specified must be less than or equal to the value for the usrmod0_max_passwd_age member.
Log(info0.usrmod0_min_passwd_age);
//Specifies, in seconds, the amount of time between the end of the valid
// logon time and the time when the user is forced to log off the network.
//A value of TIMEQ_FOREVER indicates that the user is never forced to log off.
//A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires.
Log(info0.usrmod0_force_logoff);
//Specifies the length of password hi'+'story maintained.
//A new password cannot match any of the previous usrmod0_password_hist_len passwords.
//Valid values for this element are zero through DEF_MAX_PWHIST
Log(info0.usrmod0_password_hist_len);
finally
NetApiBufferFree(info0);
end;
相關問題
- 1. 以編程方式確定AD密碼策略
- 2. 以編程方式更改本地安全策略
- 3. 以編程方式刷新Chrome策略?
- 4. Apacheds密碼模式策略
- 5. 以編程方式生成滿足Active Directory密碼策略複雜性要求的隨機密碼
- 6. BLE以編程方式發送密碼
- 7. 以編程方式閱讀地圖
- 8. 正則表達式對密碼策略
- 9. 以編程方式從LocalizedResource.properties讀取密鑰
- 10. 閱讀本地安全策略
- 11. 以編程方式生成XACML 2.0策略?
- 12. Android:以編程方式更改wifi睡眠策略?
- 13. 如何以編程方式添加用戶帳戶策略?
- 14. 如何以編程方式檢索組策略設置?
- 15. 如何以編程方式設置軟件限制策略
- 16. Win7 API以編程方式將組添加到安全策略?
- 17. 如何以編程方式更改公鑰策略?
- 18. Biztalk - 可能以編程方式創建規則/策略?
- 19. 以編程方式訪問aws IAM策略JSON文件.Net SDK
- 20. 以編程方式讀取DMQ
- 21. 以編程方式讀取網頁
- 22. 以編程方式讀取Manifest文件?
- 23. 以編程方式讀取Internet Explorer cookies
- 24. 以編程方式讀取.resx文件
- 25. OPENLDAP supportedControl密碼策略
- 26. Java - 密碼策略驗證
- 27. Active Directory密碼策略
- 28. 密碼策略Windows API
- 29. SQL密碼策略到期
- 30. 密碼重置策略?