From 29277d19713724ee5ec4e4f16429a38a9afab669 Mon Sep 17 00:00:00 2001 From: Charley Wu Date: Mon, 6 Mar 2023 21:18:13 +0800 Subject: [PATCH] Audit password expires accounts --- README.md | 3 ++- README.zh-TW.md | 3 ++- SecureAuditor.psd1 | 2 +- rules/LocalUser/PasswordExpires.psm1 | 14 ++++++++++++-- rules/LocalUser/zh-TW/PasswordExpires.psd1 | 2 ++ 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e573e37..262016d 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ git pull Sample output ````markdown -# Windows Secure Auditor: 1.0.1 +# Windows Secure Auditor: 1.1.0 ## System Information @@ -139,6 +139,7 @@ Poll Interval: 6 (64s) ## Password Expires - [ ] WDeployAdmin: password never expires +- [ ] tom: last set at 2022-06-03T21:10:00+08:00 > 90 days ## Event Logs diff --git a/README.zh-TW.md b/README.zh-TW.md index a53abfd..9bb2985 100644 --- a/README.zh-TW.md +++ b/README.zh-TW.md @@ -50,7 +50,7 @@ git pull 範例輸出 ````markdown -# Windows Secure Auditor: 1.0.1 +# Windows Secure Auditor: 1.1.0 ## 系統資訊 @@ -139,6 +139,7 @@ git pull ## 密碼逾期 - [ ] WDeployAdmin: 密碼永不逾期 +- [ ] tom: 上次變更於 2022-06-03T21:10:00+08:00 > 90 天 ## 事件記錄 diff --git a/SecureAuditor.psd1 b/SecureAuditor.psd1 index 5b2e25c..e74a498 100644 --- a/SecureAuditor.psd1 +++ b/SecureAuditor.psd1 @@ -6,7 +6,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.0.1' + ModuleVersion = '1.1.0' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/rules/LocalUser/PasswordExpires.psm1 b/rules/LocalUser/PasswordExpires.psm1 index 58e4ba3..3e52177 100644 --- a/rules/LocalUser/PasswordExpires.psm1 +++ b/rules/LocalUser/PasswordExpires.psm1 @@ -1,6 +1,8 @@ $i18n = Data { # culture="en-US" ConvertFrom-StringData @' + Days = days + LastSetAt = last set at PasswordExpires = Password Expires PasswordNeverExpires = password never expires '@ @@ -17,16 +19,24 @@ function Test($config) { return } # https://learn.microsoft.com/powershell/module/microsoft.powershell.localaccounts/get-localuser - $users = Get-LocalUser | Where-Object { $_.Enabled -and $null -eq $_.PasswordExpires } + $users = Get-LocalUser | Where-Object { $_.Enabled } $exclude = $config.PasswordExpires.Exclude; if (-not [string]::IsNullOrWhiteSpace($exclude)) { $users = $users | Where-Object { $_.Name -notmatch $exclude } } + $maximumPasswordAge = [int]$config.PasswordPolicy.MaximumPasswordAge; + $now = Get-Date; + $users = $users | Where-Object { $null -eq $_.PasswordExpires -or ($now - $_.PasswordLastSet).TotalDays -gt $maximumPasswordAge } if ($users.Count -eq 0) { return; } Write-Output "`n## $($i18n.PasswordExpires)`n" foreach ($user in $users) { - Write-CheckList $false "$($user.Name): $($i18n.PasswordNeverExpires)" + if ($null -eq $user.PasswordExpires) { + Write-CheckList $false "$($user.Name): $($i18n.PasswordNeverExpires)" + } + else { + Write-CheckList $false ("$($user.Name): $($i18n.LastSetAt) {0:yyyy-MM-dd'T'HH:mm:ssK} > $($maximumPasswordAge) $($i18n.Days)" -f $user.PasswordLastSet) + } } } diff --git a/rules/LocalUser/zh-TW/PasswordExpires.psd1 b/rules/LocalUser/zh-TW/PasswordExpires.psd1 index 9f48616..36f852f 100644 --- a/rules/LocalUser/zh-TW/PasswordExpires.psd1 +++ b/rules/LocalUser/zh-TW/PasswordExpires.psd1 @@ -1,5 +1,7 @@ # culture="zh-TW" ConvertFrom-StringData -StringData @' +Days = 天 +LastSetAt = 上次變更於 PasswordExpires = 密碼逾期 PasswordNeverExpires = 密碼永不逾期 '@