问题描述

在本地安全策略（PC控制面板 - 管理 - 本地安全策略）中，有一个参数密码的最小长度，参数密码必须满足复杂度要求（true / false）。如何在Delphi中读取它们（对于WinXpSp3-Win2003-Vista-Win7-Win2008（+ r2））？

In local security policy (PC-Control panel-Administration-local security policy) there is a parameter "Minimum length of the password" and a parameter "Password must meet complexity requirements" (true/false). How can I read them in Delphi (for WinXpSp3-Win2003-Vista-Win7-Win2008(+r2))?

我正在寻找类似的东西：

I'm looking for something like:

Function DetectSystemMinPassLength:integer;
begin
//?
end;

Function DetectSystemPassComplexity:boolean;
begin
//?
end;

附加问题：
Delphi（或WinApi）函数中是否存在可以检查给定的密​​码符合系统策略（或设置）？

Additional question:Does there exist in Delphi (or WinApi) function which can check if a given password conforms to system policies (or set)?

例如：

Function MyCheckPassComplexity (Password:string):boolean;
begin
// ???
end;

使用

MyCheckPassComplexity (' 12345 '); //result False

MyCheckPassComplexity (' MyCoolPassword9999 '); //result True

推荐答案

通常读取本地或组策略设置，您必须使用，它基本上是一组Excel文件，其中包含Windows注册表项，其中存储了这样的信息。不幸的是，在这种情况下，如果您检查这些帐户政策的引用（强制密码历史记录，
最大密码年龄，最短密码年龄，最小密码长度），您会发现以下消息：

Usually to read a local or group policy setting you must use the Group Policy Settings Reference for Windows and Windows Server which basically is a set of excel files which contains the windows registry keys where is stored such info. unfortunately in this case if you check such reference for these Account policies (Enforce password history,Maximum password age, Minimum password age, Minimum password length) you will find this message:

Password Policy security settings are not registry keys.

在 root\RSOP\Computer中存在一组WMI类命名空间，如，，访问帐户策略，但这些类只能工作（我的意思是检索信息）在一个域中的系统，但它不工作在一个工作组。

Exist a set of WMI classes in the root\RSOP\Computer namespace like RSOP_SecuritySettingBoolean, RSOP_SecuritySettingNumeric , RSOP_SecuritySettings to access the an account policy but these classes only works (I mean retrieve information) on systems which is are in a domain, but it does not work in a workgroup.

目前我认为最好的选择是将本地策略导出到使用此命令的一个ini文件（然后使用TIniFile类解析结果）

For the moment I think which you best option is export the local policies to a ini file using this command (and then parse the result using a TIniFile class)

secedit.exe /export /cfg C:\Output\Policy.Ini

此命令将创建一个这样的文件

This command will create a file like this

[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0

关于您的第二个问题来验证密码可以使用 WinAPI功能。

About your second question to validate a password you can use the NetValidatePasswordPolicy WinAPI function.

这篇关于获取系统最小密码长度和复杂性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！