Menu
I use Windows Server 2012.
I can do this:
In Administrative Tools folder, double click the Local Security Policy icon, expand Account Policies and click Password Policy.
In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
How can I do it programmatically using Powershell?
843
In Administrative Tools folder, double click the Local Security Policy icon, expand Account Policies and click Password Policy. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
To open Local Security Policy, on the Start screen, type secpol. msc, and then press ENTER. Under Security Settings of the console tree, do one of the following: Click Account Policies to edit the Password Policy or Account Lockout Policy.
In PowerShell, type 'gpedit' and then 'Enter. ' If you would prefer, you can also use PowerShell to make changes to Local GPOs without the UI.
There is no pure powershell way of doing it as per @Kayasax's answer, you have to wrap secedit into Powershell.
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false
I decided to write a couple functions to make this process easier.
Parse-SecPol : will turn Local Security Policy into a PsObject. You can view all the properties and make changed to the object.
Set-SecPol : will turn the Parse-SecPol object back into a config file and import it to into the Local Security Policy.
Here is a example of its usage :
Function Parse-SecPol($CfgFile){
secedit /export /cfg "$CfgFile" | out-null
$obj = New-Object psobject
$index = 0
$contents = Get-Content $CfgFile -raw
[regex]::Matches($contents,"(?<=\[)(.*)(?=\])") | %{
$title = $_
[regex]::Matches($contents,"(?<=\]).*?((?=\[)|(\Z))", [System.Text.RegularExpressions.RegexOptions]::Singleline)[$index] | %{
$section = new-object psobject
$_.value -split "\r\n" | ?{$_.length -gt 0} | %{
$value = [regex]::Match($_,"(?<=\=).*").value
$name = [regex]::Match($_,".*(?=\=)").value
$section | add-member -MemberType NoteProperty -Name $name.tostring().trim() -Value $value.tostring().trim() -ErrorAction SilentlyContinue | out-null
}
$obj | Add-Member -MemberType NoteProperty -Name $title -Value $section
}
$index += 1
}
return $obj
}
Function Set-SecPol($Object, $CfgFile){
$SecPool.psobject.Properties.GetEnumerator() | %{
"[$($_.Name)]"
$_.Value | %{
$_.psobject.Properties.GetEnumerator() | %{
"$($_.Name)=$($_.Value)"
}
}
} | out-file $CfgFile -ErrorAction Stop
secedit /configure /db c:\windows\security\local.sdb /cfg "$CfgFile" /areas SECURITYPOLICY
}
$SecPool = Parse-SecPol -CfgFile C:\test\Test.cgf
$SecPool.'System Access'.PasswordComplexity = 1
$SecPool.'System Access'.MinimumPasswordLength = 8
$SecPool.'System Access'.MaximumPasswordAge = 60
Set-SecPol -Object $SecPool -CfgFile C:\Test\Test.cfg
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
