PoshC2_Python/Modules/Get-PassPol.ps1

26 lines
1.4 KiB
PowerShell
Raw Normal View History

2018-07-23 08:55:15 +00:00
<#
.Synopsis
Retrives the default active directory password policy
.DESCRIPTION
Retrives the default active directory password policy
.EXAMPLE
PS C:\> Pass-Pol
Output the default domain password policy
#>
function Get-PassPol
{
$domain = [ADSI]"WinNT://$env:userdomain"
$Name = @{Name='DomainName';Expression={$_.Name}}
$MinPassLen = @{Name='Minimum Password Length (Chars)';Expression={$_.MinPasswordLength}}
$MinPassAge = @{Name='Minimum Password Age (Days)';Expression={$_.MinPasswordAge.value/86400}}
$MaxPassAge = @{Name='Maximum Password Age (Days)';Expression={$_.MaxPasswordAge.value/86400}}
$PassHistory = @{Name='Enforce Password History (Passwords remembered)';Expression={$_.PasswordHistoryLength}}
$AcctLockoutThreshold = @{Name='Account Lockout Threshold (Invalid logon attempts)';Expression={$_.MaxBadPasswordsAllowed}}
$AcctLockoutDuration = @{Name='Account Lockout Duration (Minutes)';Expression={if ($_.AutoUnlockInterval.value -eq -1) {'Account is locked out until administrator unlocks it.'} else {$_.AutoUnlockInterval.value/60}}}
$ResetAcctLockoutCounter = @{Name='Reset Account Lockout Counter After (Minutes)';Expression={$_.LockoutObservationInterval.value/60}}
$domain | Select-Object $Name,$MinPassLen,$MinPassAge,$MaxPassAge,$PassHistory,$AcctLockoutThreshold,$AcctLockoutDuration,$ResetAcctLockoutCounter
}
$PassPol = Get-PassPol
Write-Output 'Domain Password Policy: '
Write-Output $PassPol