Are there Windows API functions that allows reading what the current password policy is? For instance, minimum length, complexity etc.
If not reading, is there a way to verify a password against the policy programmatically?
+1
A:
See Security Watch Windows Domain Password Policies. You can hit AD using ADSI or its wrappers. I found a VBScript sample. You can translate it to any language you want:
Sub ListPasswordPolicyInfo( strDomain )
Dim objComputer
Set objComputer = GetObject("WinNT://" & strDomain )
WScript.Echo "MinPasswordAge: " & ((objComputer.MinPasswordAge) / 86400)
WScript.Echo "MinPasswordLength: " & objComputer.MinPasswordLength
WScript.Echo "PasswordHistoryLength: " & objComputer.PasswordHistoryLength
WScript.Echo "AutoUnlockInterval: " & objComputer.AutoUnlockInterval
WScript.Echo "LockOutObservationInterval: " & objComputer.LockOutObservationInterval
End Sub
Dim strDomain
Do
strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""
ListPasswordPolicyInfo( strDomain )
As a bonus, check out LDAP Admin. It's an open source LDAP directory editor, which you can use to test things, and also checkout the code written in Delphi.
eed3si9n
2008-11-24 11:20:04