// https://stackoverflow.com/questions/31464835/how-to-programmatically-check-the-password-must-meet-complexity-requirements-g public static List <Dictionary <string, string> > GetPasswordPolicy() { List <Dictionary <string, string> > results = new List <Dictionary <string, string> >(); try { using (SamServer server = new SamServer(null, SERVER_ACCESS_MASK.SAM_SERVER_ENUMERATE_DOMAINS | SERVER_ACCESS_MASK.SAM_SERVER_LOOKUP_DOMAIN)) { foreach (string domain in server.EnumerateDomains()) { var sid = server.GetDomainSid(domain); var pi = server.GetDomainPasswordInformation(sid); results.Add(new Dictionary <string, string>() { { "Domain", domain }, { "SID", string.Format("{0}", sid) }, { "MaxPasswordAge", string.Format("{0}", pi.MaxPasswordAge) }, { "MinPasswordAge", string.Format("{0}", pi.MinPasswordAge) }, { "MinPasswordLength", string.Format("{0}", pi.MinPasswordLength) }, { "PasswordHistoryLength", string.Format("{0}", pi.PasswordHistoryLength) }, { "PasswordProperties", string.Format("{0}", pi.PasswordProperties) }, }); } } } catch (Exception ex) { Beaprint.GrayPrint(string.Format(" [X] Exception: {0}", ex)); } return(results); }
public static Dictionary <string, bool> CheckPasswordPolicyAgainstCIS() { using (SamServer server = new SamServer(null, SamServer.SERVER_ACCESS_MASK.SAM_SERVER_ENUMERATE_DOMAINS | SamServer.SERVER_ACCESS_MASK.SAM_SERVER_LOOKUP_DOMAIN)) { var AllDomains = server.EnumerateDomains(); var HostName = Environment.MachineName.ToString(); SecurityIdentifier sid; SamServer.DOMAIN_PASSWORD_INFORMATION pi; sid = server.GetDomainSid(HostName); pi = server.GetDomainPasswordInformation(sid); return(new Dictionary <string, bool>() { { "Max Password Age <= 60", pi.MaxPasswordAge.Days <= 60 & pi.MaxPasswordAge.Days != 0 }, { "Password History Length >= 24", pi.PasswordHistoryLength >= 24 }, { "Password Complexity Enforced", pi.PasswordProperties.HasFlag(SamServer.PASSWORD_PROPERTIES.DOMAIN_PASSWORD_COMPLEX) }, { "Min Password Age >=1", pi.MinPasswordAge.Days >= 1 }, { "Min Password Length >= 14", pi.MinPasswordLength >= 14 }, { "Not Stored in Cleartext", !pi.PasswordProperties.HasFlag(SamServer.PASSWORD_PROPERTIES.DOMAIN_PASSWORD_STORE_CLEARTEXT) } }); } }