Active Directory Attrubites mapping
在Password policy setting的UI设定中,显示的名字如何与ADSI中的properties,即attributes对应呢?
对于default password policy settings的值都在ADSI中的root AD的properties中
请参考:http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=643
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy:
Password Properties = "Password must meet complexity requirements" and "Store password using reversible encryption for all users in the domain"
- 0 = both complexity and reversible encryption disabled
1 = complexity enabled and reversible encryption disabled
- 16 = complexity disabled and reversible encryption enabled
- 17 = both complexity and reversible encryption enabled
Min. Password Age = Minimum password age
Max. Password Age = Maximum password age
Min. Password Length = Minimum password length
Password History Length = Enforce password history
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy:
Lockout Threshold = Account lockout threshold
Lockout Observation Window = Reset account lockout counter after
Lockout Duration = Account lockout duration
The following Changed Attributes correspond to settings group policy under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options:
Force Logoff = Network security: Force logoff when logon hours expire