Hello BigFix Community,
I am looking for guidance on auditing the minimum password length audit policy for Windows Server 2022 using BigFix. Specifically, I want to know:
- Is there an inspector or property available in BigFix that can query this setting?
Sure, we have that.
q: minimum password length of security database
A: 8
T: 1.606 ms
I: singular integer
q: exists minimum password lengths whose (it >= 8) of security databases
A: True
T: 1.363 ms
I: singular boolean
Hope this helps, let us know if you need some more help with it.
edit: Ooops, now I see that it’s something else entirely. I’ll have to look into that. I’ll need to build a new VM to check it out.
1 Like
After a bit of sleuthing, I find this is exposed in the Registry, but because it is in HKLM\SAM, it can only be read by LocalSystem. So this works in a Fixlet/Analysis; but in the Fixlet Debugger, it must be configured to Evaluate → Evaluate Using → Local Client
Q: values "MinimumPasswordLengthAudit" of keys "HKLM\System\CurrentControlSet\Control\SAM" of native registry as integer
A: 14
Q: exists values "MinimumPasswordLengthAudit" whose (it as integer >= 14) of keys "HKLM\System\CurrentControlSet\Control\SAM" of native registry
A: True
2 Likes