-
-
Notifications
You must be signed in to change notification settings - Fork 60
/
Copy pathPasswordComplexity.ps1
105 lines (104 loc) · 3.35 KB
/
PasswordComplexity.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
$PasswordComplexity = @{
Enable = $true
Source = @{
Name = 'Password Complexity Requirements'
Data = {
# Imports all commands / including private ones from PSWinDocumentation.AD
$ADModule = Import-Module PSWinDocumentation.AD -PassThru
& $ADModule { param($Domain); Get-WinADDomainDefaultPasswordPolicy -Domain $Domain } $Domain
}
Details = [ordered] @{
Area = ''
Category = ''
Severity = ''
RiskLevel = 0
Description = ''
Resolution = ''
Resources = @(
)
}
}
Tests = [ordered] @{
ComplexityEnabled = @{
Enable = $true
Name = 'Complexity Enabled'
Parameters = @{
Property = 'Complexity Enabled'
ExpectedValue = $true
OperationType = 'eq'
}
}
'LockoutDuration' = @{
Enable = $true
Name = 'Lockout Duration'
Parameters = @{
Property = 'Lockout Duration'
ExpectedValue = 30
OperationType = 'ge'
}
}
'LockoutObservationWindow' = @{
Enable = $true
Name = 'Lockout Observation Window'
Parameters = @{
Property = 'Lockout Observation Window'
ExpectedValue = 30
OperationType = 'ge'
}
}
'LockoutThreshold' = @{
Enable = $true
Name = 'Lockout Threshold'
Parameters = @{
Property = 'Lockout Threshold'
ExpectedValue = 5
OperationType = 'gt'
}
}
'MaxPasswordAge' = @{
Enable = $true
Name = 'Max Password Age'
Parameters = @{
Property = 'Max Password Age'
ExpectedValue = 60
OperationType = 'le'
}
}
'MinPasswordLength' = @{
Enable = $true
Name = 'Min Password Length'
Parameters = @{
Property = 'Min Password Length'
ExpectedValue = 8
OperationType = 'gt'
}
}
'MinPasswordAge' = @{
Enable = $true
Name = 'Min Password Age'
Parameters = @{
Property = 'Min Password Age'
ExpectedValue = 1
OperationType = 'le'
}
}
'PasswordHistoryCount' = @{
Enable = $true
Name = 'Password History Count'
Parameters = @{
Property = 'Password History Count'
ExpectedValue = 10
OperationType = 'ge'
}
}
'ReversibleEncryptionEnabled' = @{
Enable = $true
Name = 'Reversible Encryption Enabled'
Parameters = @{
Property = 'Reversible Encryption Enabled'
ExpectedValue = $false
OperationType = 'eq'
}
}
}
}