0

As per this article, using PowerShell or cmd, I want to force a user to have specific password requirements. I tried editing a config file in secedit.

secedit /export /cfg c:\secpol.cfg
$min_pass_regex = "MinimumPasswordLength = \d+"
$min_pass_length = 10
$min_pass_requirement = "MinimumPasswordLength = $($min_pass_length)"

(gc C:\secpol.cfg).replace("RequireLogonToChangePassword = 0", "RequireLogonToChangePassword = 1") | Out-File C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg
(gc C:\secpol.cfg) -replace $min_pass_regex, $min_pass_requirement | Out-File C:\secpol.cfg
cat C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY

However, the user gets no warning to create a more secure password, even after restarting. How can I enforce this policy?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
user1222324562
  • 965
  • 2
  • 9
  • 24
  • Why not use GPO? – Paxz Jul 26 '18 at 20:07
  • @Adam I need a way to do this programmatically. These aren't servers but user devices. – user1222324562 Jul 26 '18 at 20:20
  • @user1222324562 gotcha. Checkout the answer I just gave. I think the one article will be what you're looking for. – Adam Jul 26 '18 at 20:21
  • I think you may want to look at `Set-ADDefaultDomainPasswordPolicy`. Read about it here: https://learn.microsoft.com/en-us/powershell/module/addsadministration/set-addefaultdomainpasswordpolicy?view=win10-ps – Theo Jul 29 '18 at 09:08

0 Answers0