密码策略 Windows API

【问题标题】:Password Policy Windows API密码策略 Windows API
【发布时间】:2012-11-14 09:39:28
【问题描述】:

是否有任何 API 可用于本地和/或全局密码策略(读/写策略设置)?

我发现有一个windows命令:

净帐户

它使用什么 API 来读取设置?是否可以在管理员权限下以编程方式更改设置?

【问题讨论】:

    标签: c++ .net winapi policy


    【解决方案1】:

    使用可以使用netapi32.lib中的NetUserModalsGet()函数。

    查看https://msdn.microsoft.com/en-us/library/aa370656(VS.85).aspx的示例

    NetUserModalsGet

    struct USER_MODALS_INFO_0
{
    DWORD usrmod0_min_passwd_len;
    DWORD usrmod0_max_passwd_age;
    DWORD usrmod0_min_passwd_age
    DWORD usrmod0_force_logoff; 
    DWORD usrmod0_password_hist_len;
}
PUSER_MODALS_INFO_0 = ^USER_MODALS_INFO_0;    

PUSER_MODALS_INFO_0 info0;

NET_API_STATUS res = NetUserModalsGet(nil, 0,  out info0);

if (res <> NERR_Success)
   RaiseWin32Error(res);
try
   //Specifies the minimum allowable password length. 
   //Valid values for this element are zero through PWLEN.
   Log(info0.usrmod0_min_passwd_len);

   //Specifies, in seconds, the maximum allowable password age. 
   //A value of TIMEQ_FOREVER indicates that the password never expires. 
   //The minimum valid value for this element is ONE_DAY. 
   //The value specified must be greater than or equal to the value for the usrmod0_min_passwd_age member.
   Log(info0.usrmod0_max_passwd_age);

   //Specifies the minimum number of seconds that can elapse between the time
   //a password changes and when it can be changed again. 
   //A value of zero indicates that no delay is required between password updates. 
   //The value specified must be less than or equal to the value for the usrmod0_max_passwd_age member.
   Log(info0.usrmod0_min_passwd_age);

   //Specifies, in seconds, the amount of time between the end of the valid
   // logon time and the time when the user is forced to log off the network. 
   //A value of TIMEQ_FOREVER indicates that the user is never forced to log off. 
   //A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires.
   Log(info0.usrmod0_force_logoff);

   //Specifies the length of password hi'+'story maintained. 
   //A new password cannot match any of the previous usrmod0_password_hist_len passwords. 
   //Valid values for this element are zero through DEF_MAX_PWHIST
   Log(info0.usrmod0_password_hist_len);
finally
   NetApiBufferFree(info0);
end;

    【讨论】:

    • @IanBoyd 我们可以使用这个 NetUserModalsGet 来查询密码复杂度吗?
    • @user3664223 NetUserModals 无法检查密码复杂性。我所做的是使用NetValidatePasswordPolicy 使用NetValidatePasswordReset 语义。或者你可以阅读stackoverflow.com/a/31748252/12597,有人说这是可能的;但我实际上并没有试图破译它。
    【解决方案2】:

    你应该看看:

    Windows-OS-User-Management

    Query-the-New-Windows-Audit-Policies-Programmatica

    【讨论】:

    • 第一篇文章与本地/全局密码策略无关。它设置用户标志。我正在寻找 API 至少为特定工作站设置本地密码策略。从第二篇文章中,我不明白应该使用什么 API 来更改 f.e.最小密码年龄或禁用密码复杂性。
    猜你喜欢
    • 2013-02-18
    • 2019-08-24
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2023-03-31
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode