Reputation: 1119
Modifying/detecting Local Security Policy programmatically
Is it possible to do at least one of the following:
1) Detect a setting of a Local Security Policy (Accounts: Limit local account use of blank passwords to console logon only)
2) Modify that setting
Using Win32/MFC?
Upvotes: 4
Views: 3822
Answers (2)
Reputation: 119806
I've been down this road before and ended up with:
I was able to configure User Rights Assignments using the Lsa* functions in advapi32.dll but could never work out how to configure Security Options.
This may be of help though:
http://www.windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html http://support.microsoft.com/default.aspx?scid=214752
You could customise a template then run regsvr32 %windir%\system32\scecli.dll from inside your code.
Not elegant but might be a way.
Upvotes: 2
Reputation: 1119
Well, I think I figured out how to do the first part (detecting this setting). It's actually located in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
the key is "LimitBlankPasswordUse", if it's 1 then it's Enabled, otherwise Disabled.
So, reading that will at least show me if I need to tell the user to modify it or not. I doubt I can change it though...
Upvotes: 2
Related Questions
- Modify Local Security Policy using Powershell
- Changing Local Security Policy Programmatically
- Default security descriptor
- Win7 API to programmatically add a group to a security policy?
- Programmatically open Advanced Security Settings dialog?
- Programmatically set Registry Software Policy key for all Users
- how to check Local Security Policy rights as non-admin
- Reading the local password policy programmatically
- How to Change Local Security Policy using .NET
- Read and set Group Policy settings from C++ program