[gptalk] Re: remote password policy retrieval?

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 24 Mar 2008 07:31:03 -0700

From a WMI perspective, there is unfortunately no one reliable place to get
this. Win32_NetworkLoginProfile will return Password Age, Bad Password Count
and Password Expiration time for a given user logged into a system.
Win32_UserAccount holds some of this info for a local user account. You
would think RSOP would hold this on the local system but alas, it is not
very reliable on returning this but in fact its not if you are trying to
query the remote machine's RSOP namespace (root\RSOP). I would say that the
MOST reliable way to get it is to use the LSA* Win32 APIs to query these
values directly from the SAM on that system, but alas,  I haven't used them
specifically and don't have a lot of information for you on doing this.


If you can run a remote shell on a system, you can simply type 'Net
Accounts' to get the local effective password policy.



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Deepak J. Mathew
Sent: Monday, March 24, 2008 6:47 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] remote password policy retrieval?


I'm looking for a way to remotely obtain the password policies of a group of
servers that are not part of a domain.  I was looking to see if there was a
WMIobject I can work with for powershell.  Any ideas?


Deepak J. Mathew

Systems Manager - Administrative Systems

Rice University


(t) 713-348-4328

Other related posts: