有什么方法可以通过powershell根据gpo设置检查密码是否符合标准用户帐户

编程问答 2022-05-26

问题描述

我担心的是我无法将用户的密码存储在任何地方。用户输入密码后,我想验证它是否符合该机器上的密码策略设置。

  • 我遇到过 net 命令来检索相关信息,但 net 对标准用户不起作用。

  • 标准用户无法在该计算机上创建另一个用户帐户 - 因此,我无法通过该帐户创建另一个具有相同密码的用户以检查密码合规性。

  • 还尝试使用相同的密码更改标准用户的密码,目的是如果不合规,我将收到密码不合规错误。但它可能会弄乱密码历史记录。

有什么方法可以让我通过 powershell 简单地检查密码是否符合标准用户的要求,而无需执行任何写入操作?

解决方法

也许这个实用函数可以帮助你:

function Test-PasswordForDomain {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true,Position = 0)]
        [string]$Password,[Parameter(Mandatory = $false)]
        [string]$AccountSamAccountName = $null,[Parameter(Mandatory = $false)]
        [string]$AccountDisplayName = $null
    )
    # [Microsoft.ActiveDirectory.Management.ADEntity]
    $PasswordPolicy = Get-ADDefaultDomainPasswordPolicy -ErrorAction SilentlyContinue

    If ($Password.Length -lt $PasswordPolicy.MinPasswordLength) {
        Write-Verbose "Password '$Password' is too short. Minimal length is $($PasswordPolicy.MinPasswordLength)"
        return $false
    }
    if (($AccountSamAccountName) -and ($Password -match "$AccountSamAccountName")) {
        Write-Verbose "The password '$Password' includes the users SamAccountName"
        return $false
    }
    if ($AccountDisplayName) {
        # if ANY PART of the display name that is split by the characters below,the password should fail the complexity rules.
        $tokens = $AccountDisplayName.Split(",.-,_ #`t")
        foreach ($token in $tokens) {
            if (($token) -and ($Password -match "$token")) {
                Write-Verbose "The password '$Password' includes (part of) the users DisplayName"
                return $false
            }
        }
    }
    if ($PasswordPolicy.ComplexityEnabled -eq $true) {
        # check for presence of 
        # - Uppercase: A through Z,with diacritic marks,Greek and Cyrillic characters
        if ($Password -cnotmatch "[A-Z\p{Lu}\s]") {
            Write-Verbose "The password '$Password' is missing Uppercase characters"
            return $false
        }
        # - Lowercase: a through z,sharp-s,Greek and Cyrillic characters
        if ($Password -cnotmatch "[a-z\p{Ll}\s]") {
            Write-Verbose "The password '$Password' is missing Lowercase characters"
            return $false
        }
        # - Base 10 digits (0 through 9)
        if ($Password -notmatch "[\d]") {
            Write-Verbose "The password '$Password' is missing digits (0-9)"
            return $false
        }
        # - Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/
        if ($Password -notmatch "[^\w]") {
            Write-Verbose "The password '$Password' is missing Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;`"'<>,.?/"
            return $false
        }
    }

    return $true
}
gponon-adminpasswordswindowswindows

相关问答

导入项目后报错问题
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
idea不能识别yaml文件
使用mybatis plus常见错误
错误1:代码生成器依赖和mybatis依赖冲突 启动项目时报错如下...
gradle常见问题与错误
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...
Mybatis Plus传入参数0不起作用
错误还原:在查询的过程中,传入的workType为0时,该条件不起...
linux中make编译源码包失败
报错如下,gcc版本太低 ^ server.c:5346:31: 错误:‘struct...