密码策略Windows API

Question

是否有任何API可与本地和/或全局密码策略（读/写策略设置）配合使用？

，我发现有一个窗口的命令：

网账户

它使用什么样的API来读取设置？是否可以在管理权限下以编程方式更改设置？

Answer 1

你应该看看：

Windows-OS-User-Management

Query-the-New-Windows-Audit-Policies-Programmatica

Answer 2

使用可以使用NetUserModalsGet（）函数netapi32.lib。

看到https://msdn.microsoft.com/en-us/library/aa370656(VS.85).aspx

NetUserModalsGet

struct USER_MODALS_INFO_0 
{ 
    DWORD usrmod0_min_passwd_len; 
    DWORD usrmod0_max_passwd_age; 
    DWORD usrmod0_min_passwd_age 
    DWORD usrmod0_force_logoff; 
    DWORD usrmod0_password_hist_len; 
} 
PUSER_MODALS_INFO_0 = ^USER_MODALS_INFO_0;  

PUSER_MODALS_INFO_0 info0; 

NET_API_STATUS res = NetUserModalsGet(nil, 0, out info0); 

if (res <> NERR_Success) 
    RaiseWin32Error(res); 
try 
    //Specifies the minimum allowable password length. 
    //Valid values for this element are zero through PWLEN. 
    Log(info0.usrmod0_min_passwd_len); 

    //Specifies, in seconds, the maximum allowable password age. 
    //A value of TIMEQ_FOREVER indicates that the password never expires. 
    //The minimum valid value for this element is ONE_DAY. 
    //The value specified must be greater than or equal to the value for the usrmod0_min_passwd_age member. 
    Log(info0.usrmod0_max_passwd_age); 

    //Specifies the minimum number of seconds that can elapse between the time 
    //a password changes and when it can be changed again. 
    //A value of zero indicates that no delay is required between password updates. 
    //The value specified must be less than or equal to the value for the usrmod0_max_passwd_age member. 
    Log(info0.usrmod0_min_passwd_age); 

    //Specifies, in seconds, the amount of time between the end of the valid 
    // logon time and the time when the user is forced to log off the network. 
    //A value of TIMEQ_FOREVER indicates that the user is never forced to log off. 
    //A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires. 
    Log(info0.usrmod0_force_logoff); 

    //Specifies the length of password hi'+'story maintained. 
    //A new password cannot match any of the previous usrmod0_password_hist_len passwords. 
    //Valid values for this element are zero through DEF_MAX_PWHIST 
    Log(info0.usrmod0_password_hist_len); 
finally 
    NetApiBufferFree(info0); 
end;