Set the local password policy for windows

Download JSON Download Python

Ratings

Release Time

06/04/2018

Downloads

1341 times

Update Time

06/04/2025

Views

1348 times

Share-it:

Tags

local policy

Hi,

This script will set the local password policy for windows such as Password Length , Unique Password History, Minimum & Maximum no. days for Password Expiry and Password Complexity.

Edit Parameters:

Password_History='5' #Provide the no. of unique passwords to remember
Minimum_Password_Age='4' #Provide the minimum no. of days for password expiry
Maximum_Password_Age='10'#Provide the maximum no. of days for password expiry
Minimum_Password_Length='3'#Provide the minimum length of password
Password_Meet_Complexity='1'#Provide the password meet complexity to be enabled(1) or disabled(0)

Run as System User

Procedure's Instructions

#To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('parameterName') with that parameter's name
Password_History='5' #Provide the no. of passwords to remember
Minimum_Password_Age='4' #Provide the minimum no. of days for password expiry
Maximum_Password_Age='10'#Provide the maximum no. of days for password expiry
Minimum_Password_Length='3'#Provide the minimum length of password
Password_Meet_Complexity='1'#Provide the password meet complexity to be enabled(1) or disabled(0)

import os

pass_hist=os.popen('net accounts /uniquepw:'+Password_History).read()
print pass_hist
print 'No. of Unique Passwords to remember is %s '%Password_History

pwd_exp_min=os.popen('net accounts /minpwage:'+Minimum_Password_Age).read()
print pwd_exp_min
print 'Minimum no. of days for Password Expiry is %s days'%Minimum_Password_Age

pwd_exp_max=os.popen('net accounts /maxpwage:'+Maximum_Password_Age).read()
print pwd_exp_max
print 'Maximum no. of days for Password Expiry is %s days'%Maximum_Password_Age

min_pwd=os.popen('net accounts /minpwlen:'+Minimum_Password_Length).read()
print min_pwd
print 'Minimum Password Characters are %s'%Minimum_Password_Length

complexity=r'''
setlocal EnableDelayedExpansion

SecEdit.exe /export /cfg "%temp%\sec-template.cfg" >nul 2>&1

set names= PasswordComplexity

set values[PasswordComplexity]=1

for /F "delims== tokens=1,*" %%X in ('type "%temp%\sec-template.cfg"') do (
    call :trim "%%X"
    set cur_name=!result!
    for %%I in (%names%) do (
        if "!cur_name!" equ "%%I" (
            set value== !values[%%I]!       
        )
    )

if not defined value if "%%Y" neq "" (
        call :trim "%%Y"
        set value== !result!        
    )

echo !cur_name! !value! >> "%temp%\sec-template2.cfg"
    set value=
)

SecEdit.exe /configure /db secedit.sdb /cfg "%temp%\sec-template2.cfg" >nul 2>&1

del /q "%temp%\sec-template2*.cfg" >nul 2>&1

if exist "%~dp0secedit.sdb" del "%~dp0secedit.sdb" >nul 2>&1

goto :eof

:trim 
set result=%~1

set "f=!result:~0,1!" & set "l=!result:~-1!"

if "!f!" neq " " if "!l!" neq " " goto :eof
if "!f!" equ " " set result=!result:~1!
if "!l!" equ " " set result=!result:~0,-1!

call :trim "!result!"
goto :eof
'''

import subprocess
import ctypes

class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)

path=os.environ['programdata']+"\Sample.bat"
with open(path,"w") as f:
    f.write(complexity)
    
with disable_file_system_redirection():
	process = subprocess.Popen([path],stdout=subprocess.PIPE)
	stdout = process.communicate()[0]
	print "---------------------------"
	print "Password Complexity Achieved.."

if os.path.exists(path):
    try:
        os.remove(path)
    except:
        pass

Comments

No Comments.

Set the local password policy for windows

Comments

Leave a Comment