That's what I'm after. I was hoping Al had a way to query the password policy vs. trying the new password and seeing if it works/capturing the error code else writing a function that manually checks it.
Al(M)
On 12/19/05, joe <[EMAIL PROTECTED]> wrote:
I think AlM is pointing out that it isn't generic. Everyone would need to
encode their rules into the script which quite frankly and sadly is well
beyond the capability of a majority of the admins.
There is a new API call available in K3 that lets you check a password
against the real rules including customer filters, etc. However I haven't
seen it exposed anywhere in a way useable by anyone who can write API code
and even those doing that are complaining that they can't figure out how to
do it (I saw some .NET coder posts on the topic with subjects of please
help...).
I have it on my do some time list to write up a simple little test app to
see how/if it works. Well I take that back, I expect it works, I have seen
it used in some OS level source, but the use wasn't all that complicated
compared to what most people want to do - I believe I saw it in relation to
testing a password for a trust setup.
Oh, the API call is NetValidatePasswordPolicy
http://msdn.microsoft.com/library/default.asp?url=""
mgmt/netvalidatepasswordpolicy.asp
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]] On Behalf Of Alexander Suhovey
Sent: Saturday, December 17, 2005 2:45 PM
To: [email protected]
Subject: RE: [ActiveDir] password changer
Correct. This sample validates a string against a set of predefined
requirements. Any problem with that?..
--
Al
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED]] On Behalf Of Al Mulnick
> Sent: Saturday, December 17, 2005 7:00 PM
> To: [email protected]
> Subject: Re: [ActiveDir] password changer
>
> Al, just so I understand you're not querying for the password
> complexity in this script, but rather just making the script check
> what you already know the password complexity to be. Correct?
>
> Al
>
> On 12/17/05, Alexander Suhovey < [EMAIL PROTECTED]> wrote:
> > > If anyone knows how to query a password against complexity
> requirements,
> > > I'd like to know how.
> >
> > When it comes to string validation the answer is almost always
> > "Regular Expressions". The _vbscript_ example below tests arbitrary
> > string for compliance with "Password must meet security
> > requirements" policy in Windows. (watch for line wraps)
> >
> > ==8<===============
> >
> > Option Explicit
> > Dim arrReq1(0),arrReq2(3),iReq,sErr,sArg,iNum,i
> >
> > 'Mandatory Requirement
> > '=====================
> > arrReq1(0) = ".{8,128}" ' length is 8 to 128 chars
> >
> > 'Group Requirements
> > '==================
> > iReq = 3 ' Must meet this number
> > ' of requirements below
> > arrReq2(0) = "(?=.*[a-z])" ' contains lower letter
> > arrReq2(1) = "(?=.*[A-Z])" ' contains upper letter
> > arrReq2(2) = "(?=.*\d)" ' contains digit
> > arrReq2(3) = "(?=.*[^a-zA-Z\d])" ' contains non-alphanumeric
> >
> > sErr = "Password does not meet security requirements"
> > iNum = 0
> >
> > 'String being tested against req's
> > '=================================
> > 'sArg = "passwor"
> > 'sArg = "password"
> > 'sArg = "Password"
> > 'sArg = "P4ssword"
> > sArg = "P4s$word"
> >
> > If not ArgVrf(sArg,arrReq1(0)) Then
> > WScript.Echo sErr
> > WScript.Quit 1
> > End If
> > For i = LBound(arrReq2) to UBound(arrReq2)
> > If ArgVrf(sArg,arrReq2(i)) Then iNum = iNum+1 Next If
> > iNum<iReq Then
> > WScript.Echo sErr
> > WScript.Quit 1
> > End If
> > WScript.Echo "Test passed"
> >
> > Function ArgVrf(arg,pattern)
> > Dim objRegExp
> > Set objRegExp = New RegExp
> > objRegExp.IgnoreCase = false
> > objRegExp.Pattern = pattern
> > ArgVrf = objRegExp.Test(arg)
> > Set objRegExp = Nothing
> > End Function
> >
> > ==8<===============
> >
> >
> > --
> > Al
> >
> >
> >
> >
> >
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.mail-
> archive.com/activedir%40mail.activedir.org/
> >
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
