0

我发现了一些代码来检查是否设置了复杂性的 SECPOL.MSC 设置。这是我似乎唯一处理从 Windows 安全策略管理器访问设置的项目。有谁知道我可以修改它以检查最大密码年龄的方法?我想确保用户设置为 90 或以下。

我从这里得到了代码:https ://gist.github.com/jkingry/421802

        class Program
    {
        static void Passive(string[] args)
        {
            Console.Write(MaxPasswordAgePolicy());
        }

        static bool MaxPasswordAgePolicy()
        {
            var tempFile = Path.GetTempFileName();

            Process p = new Process();
            p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
            p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
            p.StartInfo.CreateNoWindow = true;
            p.StartInfo.UseShellExecute = false;
            p.Start();
            p.WaitForExit();

            var file = IniFile.Load(tempFile);

            IniSection systemAccess = null;
            var MaxPasswordAgeString = "";
            var MaxPasswordAge = ;

            return file.Sections.TryGetValue("System Access", out systemAccess)
                && systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
                && Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
                && MaxPasswordAge <= 90;
        }

        class IniFile
        {
            public static IniFile Load(string filename)
            {
                var result = new IniFile();
                result.Sections = new Dictionary<string, IniSection>();
                var section = new IniSection(String.Empty);
                result.Sections.Add(section.Name, section);

                foreach (var line in File.ReadAllLines(filename))
                {
                    var trimedLine = line.Trim();
                    switch (line[0])
                    {
                        case ';':
                            continue;
                        case '[':
                            section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
                            result.Sections.Add(section.Name, section);
                            break;
                        default:
                            var parts = trimedLine.Split('=');
                            if (parts.Length > 1)
                            {
                                section.Add(parts[0].Trim(), parts[1].Trim());
                            }
                            break;
                    }
                }

                return result;
            }

            public IDictionary<string, IniSection> Sections { get; private set; }
        }

        class IniSection : Dictionary<string, string>
        {
            public IniSection(string name)
                : base(StringComparer.OrdinalIgnoreCase)
            {
                this.Name = name;
            }

            public string Name { get; private set; }
        }
    }
4

2 回答 2

0

我可以看到

var MaxPasswordAge = 0;

也许改变那是你想要的?否则,您可以尝试将值存储在其他地方并以不同的方法检查:)

于 2015-05-27T22:23:34.620 回答
0 
            static bool PasswordComplexityPolicy()
        {

            var tempFile = Path.GetTempFileName();

            Process p = new Process();
            p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
            p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
            p.StartInfo.CreateNoWindow = true;
            p.StartInfo.UseShellExecute = false;
            p.Start();
            p.WaitForExit();

            var file = IniFile.Load(tempFile);

            IniSection systemAccess = null;
            var MaxPasswordAgeString = "";
            var MaxPasswordAge = 0;

            return file.Sections.TryGetValue("System Access", out systemAccess)
                && systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
                && Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
                && MaxPasswordAge <= 90;

        }
于 2015-06-04T20:59:18.497 回答