Change / localization of local security policy

Question

Change / localization of local security policy

Is it possible to perform at least one of the following actions:

1) Define the local security policy setting (Accounts: Limit the use of blank passwords to the local account to log into the console)

2) Change the setting

Using Win32 / MFC?

+4

visual-c ++ winapi mfc local-security-policy

dennisV 25 sept. '08 at 1:38

source share

2 answers

Kev · Answer 1 · 2008-09-25T02:20:36+0000

I was already on this path and ended up with:

http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/63d884134958cce7?pli=1

I was able to configure user rights assignments using the Lsa * functions in the advapi32.dll file, but I could never determine how to configure the security settings.

This may help, but:

http://www.windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html http://support.microsoft.com/default.aspx?scid=214752

You can customize the template and then run regsvr32% windir% \ system32 \ scecli.dll from within your code.

Not elegant, but there may be a way.

dennisV · Answer 2 · 2008-09-25T02:51:16+0000

Well, I think I figured out how to do the first part (detecting this setting). It is actually in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

the key is "LimitBlankPasswordUse", if it is 1, then it is enabled, otherwise disabled.

So, a reading that, at least, will show me if I need to tell the user to change it or not. I doubt I can change it, though ...

Change / localization of local security policy

More articles: