6

In local security policy (PC-Control panel-Administration-local security policy) there is a parameter "Minimum length of the password" and a parameter "Password must meet complexity requirements" (true/false). How can I read them in Delphi (for WinXpSp3-Win2003-Vista-Win7-Win2008(+r2))?

enter image description here

I'm looking for something like:

Function DetectSystemMinPassLength:integer;
begin
//?
end;

Function DetectSystemPassComplexity:boolean;
begin
//?
end;

Additional question: Does there exist in Delphi (or WinApi) function which can check if a given password conforms to system policies (or set)?

For example:

Function MyCheckPassComplexity (Password:string):boolean;
begin
// ???
end;

use

MyCheckPassComplexity (' 12345 '); //result False

MyCheckPassComplexity (' MyCoolPassword9999 '); //result True
Gu.
  • 1,947
  • 4
  • 30
  • 49
  • There doesn't seem to be any API to do these things (which is a shame). See this question for a command line solution: http://stackoverflow.com/questions/6850837/reading-local-security-policy There are solutions for Active Directory though: http://stackoverflow.com/questions/313859/reading-the-local-password-policy-programmatically – Jens Mühlenhoff Nov 29 '11 at 12:59
  • delphi need, not c# & vb – Gu. Nov 29 '11 at 13:06
  • The first link I posted contains the information you need to read the settings from a file, see RRUZs answer. – Jens Mühlenhoff Nov 29 '11 at 14:00
  • The second link contains a small VBScript example on how to use ADSI, there are ADSI wrappers for Delphi you basically have to query the domain for the information you're looking for. – Jens Mühlenhoff Nov 29 '11 at 14:02
  • ok, how get password complexity with vbscript? – Gu. Nov 29 '11 at 14:44

1 Answers1

6

Usually to read a local or group policy setting you must use the Group Policy Settings Reference for Windows and Windows Server which basically is a set of excel files which contains the windows registry keys where is stored such info. unfortunately in this case if you check such reference for these Account policies (Enforce password history, Maximum password age, Minimum password age, Minimum password length) you will find this message:

Password Policy security settings are not registry keys.

Exist a set of WMI classes in the root\RSOP\Computer namespace like RSOP_SecuritySettingBoolean, RSOP_SecuritySettingNumeric , RSOP_SecuritySettings to access the an account policy but these classes only works (I mean retrieve information) on systems which is are in a domain, but it does not work in a workgroup.

For the moment I think which you best option is export the local policies to a ini file using this command (and then parse the result using a TIniFile class)

secedit.exe /export /cfg C:\Output\Policy.Ini

This command will create a file like this

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0

About your second question to validate a password you can use the NetValidatePasswordPolicy WinAPI function.

timss
  • 9,982
  • 4
  • 34
  • 56
RRUZ
  • 134,889
  • 20
  • 356
  • 483