WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!
Script to set local security policies
Hello,
I have a group of servers (Windows 2008 / 2012 / 2016) that are not connected to a domain.
I would like to use a command line script (powershell / ) that would allow me to change only the following values :
Security settings->Account Policies->Password Policy
Enforce password history : 3 passwords remembered
Maximum password age : 45 days
Minimum password age : 1 day
Maximum password length: 8 characters
Password must meet complexity requirements : Enabled
Store a password using reversible encryption : Disabled
I only want to change (via a script) the 6 values listed above and not change any other security settings.
How can this be accomplished?
I have a group of servers (Windows 2008 / 2012 / 2016) that are not connected to a domain.
I would like to use a command line script (powershell / ) that would allow me to change only the following values :
Security settings->Account Policies->Password Policy
Enforce password history : 3 passwords remembered
Maximum password age : 45 days
Minimum password age : 1 day
Maximum password length: 8 characters
Password must meet complexity requirements : Enabled
Store a password using reversible encryption : Disabled
I only want to change (via a script) the 6 values listed above and not change any other security settings.
How can this be accomplished?
Asked:
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 9
You can't do this using PowerShell. However, you could probably track down the associated registry keys and export them to a .reg file that you can import to the other machines.
You can quickly google a solution that involves using secedit /export /cfg c:\temp\secpol.cfg, searching and replacing things inside secpol.cfg and importing that again.
It can not be done using powershell cmdlets but of course, the batch code will work inside powershell as well.
It cannot be done using the registry.
It can not be done using powershell cmdlets but of course, the batch code will work inside powershell as well.
It cannot be done using the registry.
I have looked at secdeit, but it exports more settings than I want to change. As I am only interested in modifying password section of the security policy, how can I import a new policy without overwriting existing values that I do not want to change?
I am trying to create a generic script (from command line for instance) that can be applied to new servers as they are spun up or existing servers that need to be hardened.
I am trying to create a generic script (from command line for instance) that can be applied to new servers as they are spun up or existing servers that need to be hardened.
I am only interested in modifying the following:
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 45
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 3
If I import just the values above, what would happen to existing values of other configuration settings? Would they be wiped out?
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 45
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 3
If I import just the values above, what would happen to existing values of other configuration settings? Would they be wiped out?
If you export the config, change the values and import that, you have an automated solution. There is no other way.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
I use a simple one for this.
I change the policies on one server
and down load LGPO.exe tool from microsoft
then on the machine where you did changes
run LGPO.exe /b "location"
It will save a folder there
rename that folder Something meaningful
and then run other server copy the folder and LGPO tool and run
LGPO.exe /g "foldername"
I change the policies on one server
and down load LGPO.exe tool from microsoft
then on the machine where you did changes
run LGPO.exe /b "location"
It will save a folder there
rename that folder Something meaningful
and then run other server copy the folder and LGPO tool and run
LGPO.exe /g "foldername"
That is similar :-) Doesn't matter if we use a config GUI to change values or commands - we will have to export and import something, powershell commands for that are non-existant.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS
From novice to tech pro — start learning today.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.