Modifying Local Security Policy: Password must meet complexity requirements in C#

Question

I need to modify the Local Security Policy - Password must meet complexity requirements to Disable (Windows 7 and Window 2008).    I cannot find any way to accomplish this task.

I need to do this programatically -- using Windows UI will not help.

Any suggestions?

Answer 1

(http://www.codeproject.com/KB/system/everythingInAD.aspx?msg=2763966)

DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
    Environment.MachineName);
DirectoryEntry newUser = localMachine.Children.Add("localuser", "user");
newUser.Invoke("SetPassword", new object[] { "3l!teP@$$w0RDz" });
newUser.CommitChanges();
Console.WriteLine(newUser.Guid.ToString());
localMachine.Close();
newUser.Close();

Sets the password.   Now how do I set the Security Settings|Account Policies|Password Policy: Password must meet complexity requirements to Disable ?

Answer 2

Hi Anonymous-mouse,

We are doing some pending research on your issue and will come back to you as soon as any result is got.
Have a nice day,

---

Leo Liu [MSFT]
MSDN Community Support | Feedback to us

Answer 3

The following code does actually run without crashing, but you have to run under administrator mode, otherwise it will crash:

private static void LocalSecurityPolicy()

{

   ConnectionOptions options = new ConnectionOptions();

   ManagementScope scope = new ManagementScope(@"\\.\root\RSOP\Computer", options);    //System.Management.ManagementScope scope = new System.Management.ManagementScope("\\\\" +    stringMachineName + "\\root\\cimv2", options);

   //ManagementScope scope = new ManagementScope(@"winmgmts:\\" + "." + @"\root\rsop\computer",  options);
 

   ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, new ObjectQuery("SELECT * FROM    RSOP_SecuritySettingBoolean"));

 

   ManagementObjectCollection queryCollection = searcher.Get();

 

   int count = queryCollection.Count;

 

   Trace.WriteLine("count = " + count.ToString());

 

   foreach (ManagementObject o in queryCollection)

   {

         Console.WriteLine("Key Name: {0}", o["KeyName"]);

 

         Console.WriteLine("Precedence: {0}", o["Precedence"]);

 

         Console.WriteLine("Setting: {0}", o["Setting"]);

   }

}



However the value of coubt is 0 on my PC.    Do you have any idea why?   The above code is a start to get a list of the Local Security Policy values.

 

Answer 4

Hi Anonymous-mouse,

Administrator privilige is a must to modify Local Security Policy.

You may consider to use "secedit" to disable the setting:

1. Use "secedit /export /cfg C:\new.cfg" to export the old settings

2. Edit new.cfg to change the line "PasswordComplexity = 1" to "PasswordComplexity = 0" (you can use script)

3. Apply the changes by "secedit /configure /db <filename1> /cfg <filename2> /overwrite /areas SECURITYPOLICY"

Check http://technet.microsoft.com/en-us/library/bb490997.aspx for more details

Thanks & Regards,

Leon

---

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.