@REM ############################################################### @REM # This script contains 5 parameters.. # @REM # 1. MinimumPasswordLength (0 - 14) -1 to skip # @REM # 2. MinimumPasswordAge (0 - 999) -1 to skip # @REM # 3. MaximumPasswordAge (1 - Unlimited) -1 to skip # @REM # 4. PasswordHistorySize (1 - 24) -1 to skip # @REM # 5. Enable/Disable Password Complexity (0 or 1) -1 to skip # @REM # # @REM # # @REM # Notes: # @REM # 1. If you dont't want to modify the existing pass -1 # @REM # as parameter # @REM # 2. All 4 paramet are need to given # @REM # 3. Need to run with admin privileges # @REM # # @REM # # @REM # # @REM # Example: # @REM # PasswordPolicies.bat 8 0 60 3 0 # @REM # PasswordPolicies.bat 8 -1 -1 3 1 # @REM # PasswordPolicies.bat 10 -1 -1 -1 -1 # @REM # # @REM ############################################################### @echo off SET /A MinimumPasswordLength = %1 SET /A MinimumPasswordAge = %2 SET /A MaximumPasswordAge = %3 SET /A PasswordHistorySize = %4 SET /A EnablePasswordComplex = %5 SET X = %SYSTEMDRIVE% echo ================================================= echo. echo Setting MinimumPasswordLength......... echo. if %MinimumPasswordLength% EQU -1 ( echo Skipping MinimumPasswordLength Settings..) else ( if %MinimumPasswordLength% GEQ 0 ( if %MinimumPasswordLength% LEQ 14 (net accounts /MINPWLEN:%MinimumPasswordLength%) else ( echo Unable to set - Password length is grater than 14 ) )) echo. echo Setting MinimumPasswordAge......... echo. if %MinimumPasswordAge% EQU -1 ( echo Skipping MinimumPasswordAge Settings) else ( if %MinimumPasswordAge% GEQ 0 ( if %MinimumPasswordAge% LEQ 999 (net accounts /MINPWAGE:%MinimumPasswordAge% ) else ( echo Unable to set - MinimumPasswordAge is grater than 999 ))) echo. echo Setting MaximumPasswordAge......... echo. if %MaximumPasswordAge% EQU -1 ( echo Skipping MaximumPasswordAge Settings) else ( if %MaximumPasswordAge% GEQ 1 (net accounts /MAXPWAGE:%MaximumPasswordAge% ) else ( echo Unable to set MaximumPasswordAge - lesser than 1 ) ) echo. echo Setting PasswordHistorySize......... echo. if %PasswordHistorySize% EQU -1 ( echo Skipping PasswordHistorySize Settings) else ( if %PasswordHistorySize% GEQ 0 ( if %PasswordHistorySize% LEQ 24 ( net accounts /UNIQUEPW:%PasswordHistorySize% ) else ( echo Unable to set - PasswordHistorySize lesser than 24 ) )) echo. echo Setting PasswordComplexity......... echo. @REM Powershell.exe -executionpolicy @REMotesigned -File setPasswordComplexity.ps1 if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 1 ( powershell.exe "secedit /export /cfg .\secpol.cfg" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 1 ( powershell.exe "(gc .\secpol.cfg).replace('PasswordComplexity = 0', 'PasswordComplexity = 1') | Out-File .\secpol.cfg" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 1 ( powershell.exe "secedit /configure /db $env:SystemDrive\windows\security\local.sdb /cfg .\secpol.cfg /areas SECURITYPOLICY" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 1 ( powershell.exe "rm -force .\secpol.cfg -confirm:$false" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 0 ( powershell.exe "secedit /export /cfg .\secpol.cfg" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 0 ( powershell.exe "(gc .\secpol.cfg).replace('PasswordComplexity = 1', 'PasswordComplexity = 0') | Out-File .\secpol.cfg" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 0 ( powershell.exe "secedit /configure /db $env:SystemDrive\windows\security\local.sdb /cfg .\secpol.cfg /areas SECURITYPOLICY" ) ) if %EnablePasswordComplex% EQU -1 ( echo Skipping EnablePasswordComplex Settings) else ( if %EnablePasswordComplex% EQU 0 ( powershell.exe "rm -force .\secpol.cfg -confirm:$false" ) ) echo. echo =================================================