Reputation: 183
How to Enable password complexity on Workgroup computers using Windows Powershell? I know how to do it on the Domain level. We have some computer which are located on remote locations and they don't have domain access, hence they are on Workgroup.
Upvotes: 3
Views: 6588
Reputation: 6860
This is not a good solution for powershell. This would be ok for a Local Security Policy.
So i decided to write a few functions to take care of all this through Powershell for you.
You can get and edit the Security Policy with this function Parse-SecPol
. This will turn the entire config file into a PSobject so you can change properties and sort them or whatever you want to do.
The Next is Set-SecPol
which will allow you to resave the object back into Local Security Policy.
The Parameter -CfgFile
is the location you would like to save the config file.
Here is full script with example (Must be run as a Administrator)
Function Parse-SecPol($CfgFile){
secedit /export /cfg "$CfgFile" | out-null
$obj = New-Object psobject
$index = 0
$contents = Get-Content $CfgFile -raw
[regex]::Matches($contents,"(?<=\[)(.*)(?=\])") | %{
$title = $_
[regex]::Matches($contents,"(?<=\]).*?((?=\[)|(\Z))", [System.Text.RegularExpressions.RegexOptions]::Singleline)[$index] | %{
$section = new-object psobject
$_.value -split "\r\n" | ?{$_.length -gt 0} | %{
$value = [regex]::Match($_,"(?<=\=).*").value
$name = [regex]::Match($_,".*(?=\=)").value
$section | add-member -MemberType NoteProperty -Name $name.tostring().trim() -Value $value.tostring().trim() -ErrorAction SilentlyContinue | out-null
}
$obj | Add-Member -MemberType NoteProperty -Name $title -Value $section
}
$index += 1
}
return $obj
}
Function Set-SecPol($Object, $CfgFile){
$SecPool.psobject.Properties.GetEnumerator() | %{
"[$($_.Name)]"
$_.Value | %{
$_.psobject.Properties.GetEnumerator() | %{
"$($_.Name)=$($_.Value)"
}
}
} | out-file $CfgFile -ErrorAction Stop
secedit /configure /db c:\windows\security\local.sdb /cfg "$CfgFile" /areas SECURITYPOLICY
}
$SecPool = Parse-SecPol -CfgFile C:\test\Test.cgf
$SecPool.'System Access'.PasswordComplexity = 1
$SecPool.'System Access'.MinimumPasswordLength = 8
$SecPool.'System Access'.MaximumPasswordAge = 60
Set-SecPol -Object $SecPool -CfgFile C:\Test\Test.cfg
Upvotes: 4