How to access local security settings on Win2K (and above) computers

I am trying to write a MS VS.NET C++ (unmanaged code) application that will audit the settings available through the "Local Security Settings" (secpol.msc).  In particular, the password settings such as "Minimum password length".  This computer is not part of any domain.  I do not need to be able to change these settings, just to find out what they are.

A small code snippet would be preferable.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

the following post may be relevant to your question.
Date: Wed, 31 Mar 2004 11:46:54 -0600


Reading is one thing, writing is another. The policy settings apply to the
domain only, so there isn't much point altering these programmatically. They
cannot be set for individual users. I don't remember seeing code to modify
any Integer8 attributes. The relevant attributes are:

attribute syntax
--------- ------
midPwdAge Integer8
midPwdLength Integer
lockoutDuration Integer8
lockoutObservationWindow Integer8
lockoutThreshold Integer

The Integer8 attributes are 64-bit numbers. You must use the
IADsLargeInteger interface to deal with the 64-bit numbers. In VBScript, you
can read the values as follows:

Option Explicit
Dim objRootDSE, strDNSDomain, objDomain
Dim objMinPWAge, lngMinPWAge
Dim objDuration, lngDuration
Dim objLockoutWin, lngLockoutWin

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)

Wscript.Echo "Domain policy values"

Set objMinPWAge = objDomain.minPwdAge
lngMinPWAge = Int8ToSec(objMinPWAge) / (24 * 60 * 60)
Wscript.Echo "Minimum password age in days: " & lngMinPWAge

Wscript.Echo "Minimum password length: " & objDomain.minPwdLength

Set objDuration = objDomain.lockoutDuration
lngDuration = Int8ToSec(objDuration) / (60)
Wscript.Echo "Lockout duration in minutes: " & lngDuration

Set objLockoutWin = objDomain.lockoutObservationWindow
lngLockoutWin = Int8ToSec(objLockoutWin) / (60)
Wscript.Echo "Lockout window in minutes: " & lngLockoutWin

Wscript.Echo "Lockout threshold: " & objDomain.lockoutThreshold

Function Int8ToSec(objInt8)
' Function to convert Integer8 attributes from
' 64-bit numbers to seconds.
  Dim lngHigh, lngLow
  lngHigh = objInt8.HighPart
' Account for error in IADsLargeInteger property methods.
  lngLow = objInt8.LowPart
  If lngLow < 0 Then
    lngHigh = lngHigh + 1
  End If
  Int8ToSec = -(lngHigh * (2^32) + lngLow) / (10000000)
End Function

Microsoft MVP Scripting and ADSI
HilltopLab web site -

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual C++.NET

From novice to tech pro — start learning today.