设置本地安全策略

通过secedit工具设置本地安全策略

#定义需要配置的密码策略
$passpolicy = @'
[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 95
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 10
[Version]
signature="$CHICAGO$"
Revision=1
'@

$dir_temp = "C:\Windows\Temp"
$secpolicy_file_custom = Join-Path $dir_temp "localpasswordpolicy.cfg"
If (Test-Path $secpolicy_file_custom) {Remove-Item $secpolicy_file_custom -Force}
$passpolicy |Out-File $secpolicy_file_custom

#导入新的安全策略模板(指定要应用到系统的安全性范围为SECURITYPOLICY)
secedit /configure /db C:\Windows\security\database\localpass1.sdb /cfg $secpolicy_file_custom  /areas SECURITYPOLICY /quiet
sleep -Seconds 1
If (Test-Path $secpolicy_file_custom) {Remove-Item $secpolicy_file_custom -Force}

 

 

 

 1 #更改本地策略:设置密码永不过期、禁用密码复杂度
 2 $CurrentPath = $MyInvocation.MyCommand.Path.substring(0,$MyInvocation.MyCommand.Path.LastIndexOf('\')+1)
 3 If (Test-Path secedit.sdb) {Remove-Item secedit.sdb -Force}
 4 $secfile = join-path $CurrentPath "secpol.cfg"
 5 #导出当前安全策略模板
 6 secedit /export /cfg $secfile /quiet
 7 #禁用密码复杂度,设置密码永不过期
 8 ((gc $secfile) -replace "PasswordComplexity = 1", "PasswordComplexity = 0" ) -replace "MaximumPasswordAge = 42","MaximumPasswordAge = -1"| Out-File $secfile -force
 9 #导入新的安全策略模板(指定要应用到系统的安全性范围为SECURITYPOLICY)
10 secedit /configure /db secedit.sdb /cfg $secfile /areas SECURITYPOLICY /quiet
11 Remove-Item $secfile -Force
12 Remove-Item secedit.sdb -Force

 

posted on 2014-10-16 17:59  momingliu11  阅读(1319)  评论(0编辑  收藏  举报