我找到了一些代码,用于检查是否设置了SECPOL.MSC设置的复杂性。这是我看来唯一涉及从Windows安全策略管理器访问设置的项目。有谁知道我可以通过哪种方式来重新检查Max Password Age?我想确保用户设置为90或更低。
我从这里得到了代码:https://gist.github.com/jkingry/421802
class Program
{
static void Passive(string[] args)
{
Console.Write(MaxPasswordAgePolicy());
}
static bool MaxPasswordAgePolicy()
{
var tempFile = Path.GetTempFileName();
Process p = new Process();
p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.Start();
p.WaitForExit();
var file = IniFile.Load(tempFile);
IniSection systemAccess = null;
var MaxPasswordAgeString = "";
var MaxPasswordAge = ;
return file.Sections.TryGetValue("System Access", out systemAccess)
&& systemAccess.TryGetValue("MaxPasswordAge", out MaxPasswordAgeString)
&& Int32.TryParse(MaxPasswordAgeString, out MaxPasswordAge)
&& MaxPasswordAge <= 90;
}
class IniFile
{
public static IniFile Load(string filename)
{
var result = new IniFile();
result.Sections = new Dictionary<string, IniSection>();
var section = new IniSection(String.Empty);
result.Sections.Add(section.Name, section);
foreach (var line in File.ReadAllLines(filename))
{
var trimedLine = line.Trim();
switch (line[0])
{
case ';':
continue;
case '[':
section = new IniSection(trimedLine.Substring(1, trimedLine.Length - 2));
result.Sections.Add(section.Name, section);
break;
default:
var parts = trimedLine.Split('=');
if (parts.Length > 1)
{
section.Add(parts[0].Trim(), parts[1].Trim());
}
break;
}
}
return result;
}
public IDictionary<string, IniSection> Sections { get; private set; }
}
class IniSection : Dictionary<string, string>
{
public IniSection(string name)
: base(StringComparer.OrdinalIgnoreCase)
{
this.Name = name;
}
public string Name { get; private set; }
}
}
答案 0 :(得分:0)
我可以看到
var MaxPasswordAge = 0;
也许改变你想要的是什么?否则,您可以尝试将值存储在其他位置并检查其他方法:)