Reputation: 87
Check if local account has a blank password using Python
I'm trying to build a script that checks to see whether or not the password on the currently logged in user's local account has a password that isn't blank in Windows. I need this to run as part of a background check for security compliance; it's going to report to a Nagios server. I need this done in Python, but I'm open to PowerShell if Python won't do it.
So, the script will need to detect:
- The username of the currently logged in user.
- Whether or not the aforementioned user has a blank password.
- Return error code 0 if the password is NOT blank, error code 2 if it is.
I'm stuck on just whichever bit of code will allow me to check if the password of the current user is "". I have a layout which, without too many embellishments, looks something like this:
import os
import Tkinter
import tkMessageBox
from Tkinter import Tk, Toplevel
MyGui.update_idletasks()
MyGui.attributes('-topmost', True)
MyGui.geometry('{}x{}'.format(300, 150))
MyGui.resizable(width=False, height=False)
MyGui.withdraw()
ThisUser = os.getlogin()
ThisPassword = ... # line of code necessary to test for blank password; this is the part where I'm stuck
if ThisPassword = "":
tkMessageBox.showerror("Error For User Here", parent=MyGui)
print "No password set!"
sys.exit(2)
else:
print "Password exists."
sys.exit(0)
I spotted this article, where a WinAPI commend LogonUser is used, but I'm not savvy with C#. Python is more within my comfort zone, I just can't figure out how to check whether or not a password set is blank. I don't want to collect the password, itself.
Upvotes: 1
Views: 1171
Answers (1)
Reputation: 34280
If a user's password is not blank, then attempting a logon with a blank password will fail with the error code ERROR_LOGON_FAILURE. If it is blank, then the logon will either succeed or, if system policy forbids blank passwords, will fail with the error code ERROR_ACCOUNT_RESTRICTION. For example:
import winerror
import win32security
def is_password_blank(username):
try:
token = win32security.LogonUser(username, None, '',
win32security.LOGON32_LOGON_INTERACTIVE,
win32security.LOGON32_PROVIDER_DEFAULT)
except win32security.error as e:
if e.winerror == winerror.ERROR_ACCOUNT_RESTRICTION:
return True
elif e.winerror == winerror.ERROR_LOGON_FAILURE:
return False
raise
else:
token.Close()
return True
Upvotes: 1
Related Questions
- Powershell - local credential verification
- Powershell To Check Local Admin Credentials
- Checking if a local user account/ group exists or not with Powershell
- Verify Passwords Match in Windows Powershell
- Powershell script for checking password criteria
- Powershell script to verify if files in a directory contain passwords
- Verify Local Admin Password Change in Powershell
- Powershell check if user is local-user and have admin rights from username and password on local windows machine (Not active directory)
- How to check if a local user account still have the same password
- How to ensure that password is entered?