Minimum ITScripts engine version required: 22.214.171.124
Modifies the target machine: No
Name: Get GPO Password Policy Settings
Outputs: GPO password policy settings are written to a CSV file
Purpose: This script queries the target machine(s) for GPO-based account policy settings.
Script Version: 126.96.36.199
Target Type: Any
The script will output the following information:
- Machine Name
- Setting name: Possible values are:
Enforce password history (# of passwords remembered)
Maximum password age (days)
Minimum password age (days)
Minimum password length (# of characters)
Password must meet complexity requirements (enabled/disabled)
Store passwords using reversible encryption (enabled/disabled)
- Setting Value: Shows the setting and the units. For special cases the script will provide an explanation of the setting.
The script will provide descriptive errors if it fails to connect to a machine or fails to get account lockout settings.
Note: To manually monitor a target machine, open Microsoft Management Console (MMC) and go to: local computer policywindows setttingssecurity settingsaccount policiespassword policy.
Possible Operations Monitor results include:
"WMI connection to the target machine failed. Access is denied."
"WMI connection to the target machine failed. The machine may be offline or firewalled."
"Unable to get GPO password policy settings from a computer in a workgroup"