account policies entries in Registry

[Guest]

hi

Does any one know where can we find the account policies in the registry, in other words, how does one change account policies using regedit ,

Actually we are writing a vulnerability tool, which will check the account policies applied on the target machine and gives us the details of the policies, so that we can check the vulnerability of the system, any suggestion in this regard will be greatly appreciated,

TIA
regard
Ven

 

[Dale Weiss]

Hello,

I am not sure that I completely understand your question. Are you referring
to the policies such as length and such? Are you referring to local
policies or policies enforced from higher levels such as the OU and/or the
domain? Does this refer to Windows 2000 or XP?

Local Policies are stored in policy files (Registry.pol) files that live in
the %SYSTEMROOT%\System32\Group Policy directory which subdirectories that
are for the machine and the user.

Machine policies are typically written to HKEY_LOCAL_MACHINE and User
policies are typically written to HKEY_CURRENT_USER. I don't know that
password policies are written there. I believe that they may be in the
Security hive and if so would be harder to get to.

The information there is normally in encoded blobs (Binary Large Objects)
that are not publicly defined. I will need to verify this.

 

[Dale Weiss]

Neglected to include this in the last post.

Dale Weiss MCSA MCSE CISSP
PSS Security

This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms
specified at http://www.microsoft.com/info/cpyright.htm