locked
Modifying Local Security Policy: Password must meet complexity requirements in C#

    Question

  • I need to modify the Local Security Policy - Password must meet complexity requirements to Disable (Windows 7 and Window 2008).    I cannot find any way to accomplish this task.

    I need to do this programatically -- using Windows UI will not help.

    Any suggestions?

    Monday, November 14, 2011 9:28 PM

Answers

  • Hi Anonymous-mouse,

    Administrator privilige is a must to modify Local Security Policy.

    You may consider to use "secedit" to disable the setting:

    1. Use "secedit /export /cfg C:\new.cfg" to export the old settings

    2. Edit new.cfg to change the line "PasswordComplexity = 1" to "PasswordComplexity = 0" (you can use script)

    3. Apply the changes by "secedit /configure /db <filename1> /cfg <filename2> /overwrite /areas SECURITYPOLICY"

    Check http://technet.microsoft.com/en-us/library/bb490997.aspx for more details

    Thanks & Regards,

    Leon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, November 16, 2011 5:52 AM

All replies

  • (http://www.codeproject.com/KB/system/everythingInAD.aspx?msg=2763966)

    DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
        Environment.MachineName);
    DirectoryEntry newUser = localMachine.Children.Add("localuser", "user");
    newUser.Invoke("SetPassword", new object[] { "3l!teP@$$w0RDz" });
    newUser.CommitChanges();
    Console.WriteLine(newUser.Guid.ToString());
    localMachine.Close();
    newUser.Close();

    Sets the password.   Now how do I set the Security Settings|Account Policies|Password Policy: Password must meet complexity requirements to Disable ?


    Tuesday, November 15, 2011 1:32 AM
  • Hi Anonymous-mouse,

    We are doing some pending research on your issue and will come back to you as soon as any result is got.
    Have a nice day,
    Leo Liu [MSFT]
    MSDN Community Support | Feedback to us
    Tuesday, November 15, 2011 10:30 AM
    Moderator
  • The following code does actually run without crashing, but you have to run under administrator mode, otherwise it will crash:

    private static void LocalSecurityPolicy()

    {

       ConnectionOptions options = new ConnectionOptions();

       ManagementScope scope = new ManagementScope(@"\\.\root\RSOP\Computer", options);    //System.Management.ManagementScope scope = new System.Management.ManagementScope("\\\\" +    stringMachineName + "\\root\\cimv2", options);

       //ManagementScope scope = new ManagementScope(@"winmgmts:\\" + "." + @"\root\rsop\computer",  options);
     

       ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, new ObjectQuery("SELECT * FROM    RSOP_SecuritySettingBoolean"));

     

       ManagementObjectCollection queryCollection = searcher.Get();

     

       int count = queryCollection.Count;

     

       Trace.WriteLine("count = " + count.ToString());

     

       foreach (ManagementObject o in queryCollection)

       {

             Console.WriteLine("Key Name: {0}", o["KeyName"]);

     

             Console.WriteLine("Precedence: {0}", o["Precedence"]);

     

             Console.WriteLine("Setting: {0}", o["Setting"]);

       }

    }

    

    However the value of coubt is 0 on my PC.    Do you have any idea why?   The above code is a start to get a list of the Local Security Policy values.

     

    Tuesday, November 15, 2011 9:38 PM
  • Hi Anonymous-mouse,

    Administrator privilige is a must to modify Local Security Policy.

    You may consider to use "secedit" to disable the setting:

    1. Use "secedit /export /cfg C:\new.cfg" to export the old settings

    2. Edit new.cfg to change the line "PasswordComplexity = 1" to "PasswordComplexity = 0" (you can use script)

    3. Apply the changes by "secedit /configure /db <filename1> /cfg <filename2> /overwrite /areas SECURITYPOLICY"

    Check http://technet.microsoft.com/en-us/library/bb490997.aspx for more details

    Thanks & Regards,

    Leon


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, November 16, 2011 5:52 AM