0

I am working on a Task for the apprentices in our company. In that task the apprentice needs to configure local security policies on a notebook, that where given by the taskmaster. So to check them easily, I though a script would be good. But after almost 14 hours of googling, I didn't found anything good or helpfull...

I also tried some of the documentations of Microsoft, but those don't realy help me... They more do confuse me.

starball
  • 20,030
  • 7
  • 43
  • 238
ItsJustHaga
  • 15
  • 1
  • 8

1 Answers1

0

While there are some com objects that allows to work with Domain Policies, for local ones you'll have to use SECEDIT to export data, as mentioned in the comments. Then you can import the exported data in Powershell and work on it. Finally, you'll be able to import the new data still using SECEDIT.

Here is a small example:

# Export Local Policies
secedit /export /cfg c:\temp\secpol.cfg

# Work with Local Policies data
$secpol = (Get-Content C:\temp\secpol.cfg)

$Value = $secpol | where{ $_ -like "MaximumPasswordAge*" }
$Index = [array]::IndexOf($secpol,$Value)

if($Value -ne "MaximumPasswordAge = 90") {
    $secpol.item($Index) = "MaximumPasswordAge = 90"
}

# Create new policies file
$secpol | out-file c:\temp\secpol.cfg -Force


# Import modified Local Policies
secedit /configure /db c:\windows\security\local.sdb /cfg c:\temp\secpol.cfg /areas SECURITYPOLICY

Note that this method has several limitations as not all local policies are exported by SECEDIT.

Another method would be to use a module called PolicyFileEditor. You can find it here: https://www.powershellgallery.com/packages/PolicyFileEditor/2.0.2

ZivkoK
  • 366
  • 3
  • 6
  • i do use PolicyFileEditor to edit the local security policies. But I would like to know if I can also use PFE to have the local security policies checked by script, so that if they don't match it will give me a warning. – ItsJustHaga Jan 11 '22 at 07:30