4

Is it possible to do at least one of the following:

1) Detect a setting of a Local Security Policy (Accounts: Limit local account use of blank passwords to console logon only)

2) Modify that setting

Using Win32/MFC?

rae1
  • 6,066
  • 4
  • 27
  • 48
dennisV
  • 1,119
  • 3
  • 19
  • 34

2 Answers2

2

I've been down this road before and ended up with:

http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/63d884134958cce7?pli=1

I was able to configure User Rights Assignments using the Lsa* functions in advapi32.dll but could never work out how to configure Security Options.

This may be of help though:

http://www.windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html http://support.microsoft.com/default.aspx?scid=214752

You could customise a template then run regsvr32 %windir%\system32\scecli.dll from inside your code.

Not elegant but might be a way.

rae1
  • 6,066
  • 4
  • 27
  • 48
Kev
  • 118,037
  • 53
  • 300
  • 385
  • Thank you - I'll check them out, although I did look through Lsa* functions and haven't found what I need. – dennisV Sep 25 '08 at 02:38
  • Thanks - I'll probably just modify the registry key directly (prompting the user first to tell what's happening). – dennisV Sep 25 '08 at 03:52
2

Well, I think I figured out how to do the first part (detecting this setting). It's actually located in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

the key is "LimitBlankPasswordUse", if it's 1 then it's Enabled, otherwise Disabled.

So, reading that will at least show me if I need to tell the user to modify it or not. I doubt I can change it though...

dennisV
  • 1,119
  • 3
  • 19
  • 34