是否有任何 API 可用于本地和/或全局密码策略(读/写策略设置)?
我发现有一个windows命令:
净帐户
它使用什么 API 来读取设置?是否可以在管理员权限下以编程方式更改设置?
使用可以使用 netapi32.lib 中的 NetUserModalsGet() 函数。
请参阅https://msdn.microsoft.com/en-us/library/aa370656(VS.85).aspx中的示例
struct USER_MODALS_INFO_0
{
DWORD usrmod0_min_passwd_len;
DWORD usrmod0_max_passwd_age;
DWORD usrmod0_min_passwd_age
DWORD usrmod0_force_logoff;
DWORD usrmod0_password_hist_len;
}
PUSER_MODALS_INFO_0 = ^USER_MODALS_INFO_0;
PUSER_MODALS_INFO_0 info0;
NET_API_STATUS res = NetUserModalsGet(nil, 0, out info0);
if (res <> NERR_Success)
RaiseWin32Error(res);
try
//Specifies the minimum allowable password length.
//Valid values for this element are zero through PWLEN.
Log(info0.usrmod0_min_passwd_len);
//Specifies, in seconds, the maximum allowable password age.
//A value of TIMEQ_FOREVER indicates that the password never expires.
//The minimum valid value for this element is ONE_DAY.
//The value specified must be greater than or equal to the value for the usrmod0_min_passwd_age member.
Log(info0.usrmod0_max_passwd_age);
//Specifies the minimum number of seconds that can elapse between the time
//a password changes and when it can be changed again.
//A value of zero indicates that no delay is required between password updates.
//The value specified must be less than or equal to the value for the usrmod0_max_passwd_age member.
Log(info0.usrmod0_min_passwd_age);
//Specifies, in seconds, the amount of time between the end of the valid
// logon time and the time when the user is forced to log off the network.
//A value of TIMEQ_FOREVER indicates that the user is never forced to log off.
//A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires.
Log(info0.usrmod0_force_logoff);
//Specifies the length of password hi'+'story maintained.
//A new password cannot match any of the previous usrmod0_password_hist_len passwords.
//Valid values for this element are zero through DEF_MAX_PWHIST
Log(info0.usrmod0_password_hist_len);
finally
NetApiBufferFree(info0);
end;