Reading the local password policy programmatically

Question

Are there Windows API functions that allows reading what the current password policy is? For instance, minimum length, complexity etc.

If not reading, is there a wa

Answer 1

See Security Watch Windows Domain Password Policies. You can hit AD using ADSI or its wrappers. I found a VBScript sample. You can translate it to any language you want:

Sub ListPasswordPolicyInfo( strDomain )
    Dim objComputer
    Set objComputer = GetObject("WinNT://" & strDomain )
    WScript.Echo "MinPasswordAge: " &  ((objComputer.MinPasswordAge) / 86400)
    WScript.Echo "MinPasswordLength: " &  objComputer.MinPasswordLength
    WScript.Echo "PasswordHistoryLength: " &  objComputer.PasswordHistoryLength
    WScript.Echo "AutoUnlockInterval: " &  objComputer.AutoUnlockInterval
    WScript.Echo "LockOutObservationInterval: " &  objComputer.LockOutObservationInterval
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListPasswordPolicyInfo( strDomain )

As a bonus, check out LDAP Admin. It's an open source LDAP directory editor, which you can use to test things, and also checkout the code written in Delphi.