SPP includes several Windows PowerShell cmdlets. For more information about PowerShell, visit the Microsoft website.
Setting it up
To start using the cmdlets, perform the following steps:
- Install the SPP Administrative tools package
- Start PowerShell and add the password policy cmdlets by running the following command from PowerShell:
- Download the cmdlets help file and copy it to the the directory where you installed the SPP Administrative tools. E.G. %ProgramFiles%\Specopssoft\Specops Password Policy\Administrative Tools
After adding the cmdlets with the command above, he following cmdlets are made available:
To get a list of all the password policy cmdlets from within PowerShell, use the following command:
Get-Command -Noun PasswordPolicy*
This will produce a list, similar to that above.
Lets get started with using the cmdlets.
Note! One important thing to note is that the cmdlets, or the SPP SDK will not create the Group Policy Objects for you. The GPOs to be used must exist and can be created and linked from the Group Policy Management Console (GPMC). You can also use freeware cmdlets from SDM Software to create and link Group Policy Objects (http://www.sdmsoftware.com/freeware.php).
The following command will create a new password policy in the Group Policy called My GPO.
$policy = (New-PasswordPolicy -GpoName ‘My GPO’)
Then we can set a value for one of the rules, and saving the policy.
$policy.MinimumLength = 6
Note that the changes to the password policy are not carried through until the Save command is called. Permitted that the GPO is linked, the new settings in the password policy will be in affect as soon as the Save method is called.
To get a list of all configured password polices in the domain, try the following command.
This will produce a list with all the polices and their properties. To get a better overview of the policies try this version of the command, where the Format-Table (ft) cmdlet is used to improve the format of the output.
Get-PasswordPolicy | ft -Property Name, DomainName, PolicyStrength
The Get-PasswordPolicy cmdlet works similar to the New-PasswordPolicy, use the name of the GPO as a parameter to get a reference to a specific password policy:
$policy = (Get-PasswordPolicy -GpoName ‘My GPO’)
To completely remove a password policy (from a GPO), use the following command:
Remove-PasswordPolicy -GpoName ‘My GPO’
Some more things to try out. The following commands will attempt to set properties to the password polices that would make it invalid. Max length cannot be shorter than min length. Try saving the policy and watch the result.
$policy.MinimumLength = 6;
$policy.MaximumLength = 5;
Try exploring the properties and methods of the PasswordPolicy class and the other classes available by calling the cmdlets. Refer to the SDK documentation for detialed information about the underlying objects, their properties and methods.
Make sure to read the section about the SDK for information about the available classes and methods.
Page last modified on July 01, 2008, at 03:54 PM