I found a bit of code that checks to see the SECPOL.MSC settings for complexity are set or not. This is the only item I have seem that deals with accessing settings from the Windows Security Policy Manager. Does anyone know a way in which i can rework this to check for the Max Password Age? I want to make sure the user is set to 90 or below.
Im got the code from here: https://gist.github.com/jkingry/421802
class Program
{
static void Passive(string[] args)
{
Console.Write(MaxPasswordAgePolicy());
}
static bool MaxPasswordAgePolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = ;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}
class IniFile
{
public static IniFile Load(string filename)
{
var result = new IniFile();
result.Sections = new Dictionary<string, IniSection>();
var section = new IniSection(String.Empty);
result.Sections.Add(section.Name, section);
foreach (var line in File.ReadAllLines(filename))
{
var trimedLine = line.Trim();
switch (line[0])
{
case ';':
continue;
case '[':
section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
result.Sections.Add(section.Name, section);
break;
default:
var parts = trimedLine.Split('=');
if (parts.Length > 1)
{
section.Add(parts[0].Trim(), parts[1].Trim());
}
break;
}
}
return result;
}
public IDictionary<string, IniSection> Sections { get; private set; }
}
class IniSection : Dictionary<string, string>
{
public IniSection(string name)
: base(StringComparer.OrdinalIgnoreCase)
{
this.Name = name;
}
public string Name { get; private set; }
}
}
static bool PasswordComplexityPolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = 0;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}