dsccommunity · lutfi-ingram · Aug 24, 2022
diff --git a/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1 b/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1
@@ -100,7 +100,7 @@ function Set-TargetResource
  $Minimum_Password_Age,
 
  [Parameter()]
- [ValidateRange(0, 14)]
+ [ValidateRange(0, 30)]
  [System.UInt32]
  $Minimum_Password_Length,
 
@@ -153,6 +153,7 @@ function Set-TargetResource
  [ValidateRange(0, 99999)]
  [System.UInt32]
  $Maximum_tolerance_for_computer_clock_synchronization
+
  )
 
  $kerberosPolicies = @()

diff --git a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1 b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1
@@ -571,9 +571,21 @@ function Set-TargetResource
  [System.String]
  $User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation,
 
- [Parameter()][ValidateSet("Enabled", "Disabled")]
+ [Parameter()]
+ [ValidateSet("Enabled", "Disabled")]
  [System.String]
- $User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations
+ $User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations,
+
+ [Parameter()]
+ [ValidateRange(0, 50)]
+ [System.String]
+ $Minimum_length_password_audit,
+
+ [Parameter()]
+ [ValidateSet("Enabled", "Disabled")]
+ [System.String]
+ $Relax_minimum_password_length_limits
+
  )
 
  $registryPolicies = @()

diff --git a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof
@@ -105,4 +105,7 @@ class MSFT_SecurityOption : OMI_BaseResource
  [Write, Description("Determines the behavior of all User Account Control (UAC) policies for the entire system"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode;
  [Write, Description("Determines whether the elevation request prompts on the interactive user desktop or on the secure desktop"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation;
  [Write, Description("Enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations;
+ [Write, Description("This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 50.")] String Minimum_length_password_audit;
+ [Write, Description("This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14."), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String Relax_minimum_password_length_limits;
+
 };
diff --git a/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1 b/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1
@@ -875,4 +875,22 @@
  Disabled = '4,0'
  }
  }
+
+ "Minimum_length_password_audit" = @{
+ Value = "MACHINE\System\CurrentControlSet\Control\SAM\MinimumPasswordLengthAudit"
+ Section = 'Registry Values'
+ Option = @{
+ String = '4,' # + <Length
+ }
+ }
+
+ "Relax_minimum_password_length_limits" = @{
+ Value = "MACHINE\System\CurrentControlSet\Control\SAM\RelaxMinimumPasswordLengthLimits"
+ Section = 'Registry Values'
+ Option = @{
+ Enabled = '4,1'
+ Disabled = '4,0'
+ }
+ }
+
 }