读本地组策略/ Active Directory设置 [英] Reading Local Group Policy / Active Directory Settings

问题描述

我正在写一个C＃程序，将加强密码的复杂性，根据Windows的组策略设置密码必须符合复杂性要求。特别是，如果该政策设置为Enabled无论是在本地机器上（如果它不是域的一部分），或者通过域安全策略（域成员），那么我的软件需要执行一个复杂的密码，为自己的内部安全。

I'm writing a C# program that will enforce password complexity in accordance with the Windows Group Policy setting "Password must meet complexity requirements". Specifically, if that policy is set to Enabled either on the local machine (if it's not part of a domain) or by the Domain Security Policy (for domain members), then my software needs to enforce a complex password for its own internal security.

问题是我不知道如何读的GPO设置。谷歌的搜索表明，我可以读取GPO设置与这两个API之一：在.NET Framework和Windows管理规范（WMI）中的System.DirectoryServices库，但我没有到目前为止，任何成功

The issue is that I can't figure out how to read that GPO setting. Google searches have indicated that I can read GPO settings with one of these two APIs: the System.DirectoryServices library in .NET Framework, and Windows Management Instrumentation (WMI), but I haven't had any success so far.

任何见解将是有益的。

推荐答案

似乎没有要完成这个任务，记录的API，管理或以其他方式。

There doesn't appear to be a documented API for this task, managed or otherwise.

我尝试使用 System.Management 组件：

        ConnectionOptions options = new ConnectionOptions();
        ManagementScope scope = new ManagementScope(@"\\.\root\RSOP\Computer", options);

        ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, new ObjectQuery("SELECT * FROM RSOP_SecuritySettingBoolean"));
        foreach(ManagementObject o in searcher.Get())
        {
            Console.WriteLine("Key Name: {0}", o["KeyName"]);
            Console.WriteLine("Precedence: {0}", o["Precedence"]);
            Console.WriteLine("Setting: {0}", o["Setting"]);
        }

不过，这不会返回结果。它不似乎是一个权限问题，因为提供的用户名/密码对， ConnectionOptions 将导致异常告诉你，你不能在本地连接指定一个用户名。

This however will not return results. It doesn't appear to be a permission issue as providing a username/password pair to ConnectionOptions results in an exception telling you that you can not specify a username when connecting locally.

我看着 NetUserModalsGet 。虽然这会返回一些信息密码设置：

I looked at NetUserModalsGet. While this will return some information on password settings:

typedef struct _USER_MODALS_INFO_0 {
  DWORD usrmod0_min_passwd_len;
  DWORD usrmod0_max_passwd_age;
  DWORD usrmod0_min_passwd_age;
  DWORD usrmod0_force_logoff;
  DWORD usrmod0_password_hist_len;
} USER_MODALS_INFO_0, *PUSER_MODALS_INFO_0, *LPUSER_MODALS_INFO_0;

..它不会让告诉我们，如果在密码复杂性启用此策略。

于是，我使出解析 Secedit.exe应输出。

So I resorted to parsing secedit.exe output.

    public static bool PasswordComplexityPolicy()
    {
        var tempFile = Path.GetTempFileName();

        Process p = new Process();
        p.StartInfo.FileName = Environment.ExpandEnvironmentVariables(@"%SystemRoot%\system32\secedit.exe");
        p.StartInfo.Arguments = String.Format(@"/export /cfg ""{0}"" /quiet", tempFile);
        p.StartInfo.CreateNoWindow = true;
        p.StartInfo.UseShellExecute = false;
        p.Start();
        p.WaitForExit();

        var file = IniFile.Load(tempFile);

        IniSection systemAccess = null;
        var passwordComplexityString = "";
        var passwordComplexity = 0;

        return file.Sections.TryGetValue("System Access", out systemAccess)
            && systemAccess.TryGetValue("PasswordComplexity", out passwordComplexityString)
            && Int32.TryParse(passwordComplexityString, out passwordComplexity)
            && passwordComplexity == 1;
    }

全部code在这里： http://gist.github.com/421802

这篇关于读本地组策略/ Active Directory设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！