Is it possible to do at least one of the following:
1) Detect a setting of a Local Security Policy (Accounts: Limit local account use of blank passwords to console logon only)
2) Modify that setting
Using Win32/MFC?
Thanks in advance.
+1
A:
I've been down this road before and ended up with:
I was able to configure User Rights Assignments using the Lsa* functions in advapi32.dll but could never work out how to configure Security Options.
This may be of help though -
http://www.windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html http://support.microsoft.com/default.aspx?scid=214752
You could customise a template then run regsvr32 %windir%\system32\scecli.dll from inside your code.
Not elegant but might be a way.
Kev
Kev
2008-09-25 02:20:36
Thank you - I'll check them out, although I did look through Lsa* functions and haven't found what I need.
dennisV
2008-09-25 02:38:42
Thanks - I'll probably just modify the registry key directly (prompting the user first to tell what's happening).
dennisV
2008-09-25 03:52:11
+1
A:
Well, I think I figured out how to do the first part (detecting this setting). It's actually located in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
the key is "LimitBlankPasswordUse", if it's 1 then it's Enabled, otherwise Disabled.
So, reading that will at least show me if I need to tell the user to modify it or not. I doubt I can change it though...
dennisV
2008-09-25 02:51:16