Author Posts

October 27, 2015 at 7:44 am

I don't think there is a native way through Powershell v2 to edit the values of

 Lockout observation window (minutes) 
 Lockout duration (minutes) 
 Length of password history maintained 
 Minimum password length 
 Lockout threshold 
 Minimum password age (days) 
 Maximum password age (days) 

But is there a way using powershell to initiate other windows tools to edit these values (local values, not GPO)

I see some options are available through the cmd

NET ACCOUNTS
[/FORCELOGOFF:{minutes | NO}] [/MINPWLEN:length]
              [/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days]
              [/UNIQUEPW:number] [/DOMAIN]

But not all, is there a way to edit the values for:

Lockout observation window (minutes)
Lockout duration (minutes)
Lockout threshold

October 27, 2015 at 7:55 am

You can still run the old command prompt commands in PowerShell. Look at the net accounts command

C:\>net accounts /?
The syntax of this command is:

NET ACCOUNTS
[/FORCELOGOFF:{minutes | NO}] [/MINPWLEN:length]
[/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days]
[/UNIQUEPW:number] [/DOMAIN]

October 27, 2015 at 7:58 am

Yeah, sorry was editting my original post to include that, do you know of a way to edit:

Lockout observation window (minutes)
Lockout duration (minutes)
Lockout threshold

I dont see those listed in the /?

October 27, 2015 at 8:07 am

Ah....thank you very much Curtis, you're always a huge help!

October 27, 2015 at 10:22 am

Final question...I made it so it will change the settings based on desired settings using the following line:

start-process -filepath net.exe -argumentlist "accounts /$($dvhash[$dvh][1]):$($dvhash[$dvh][2])"  -NoNewWindow -Wait -passthru | out-null

With out-null it still shows

The command completed successfully.

I cant seem to find a way to suppress this message. I've tried out-null and 2>&1, anyone have an idea?

October 27, 2015 at 10:56 am

is there a specific reason for using start-process?

net.exe accounts /settings:value > null

October 27, 2015 at 10:59 am

I suppose not really, just seemed more robust than net accounts /... but it works much better.

Still displays if an error occurs such as 'The Parameter is incorrect' but it'll do. Thanks!

October 27, 2015 at 11:54 am

Technically all of those settings are registry entries. If you want to take the time to figure out which ones, you could just write to the registry value and bypass the commandline utility.