I am working on a Task for the apprentices in our company. In that task the apprentice needs to configure local security policies on a notebook, that where given by the taskmaster. So to check them easily, I though a script would be good. But after almost 14 hours of googling, I didn't found anything good or helpfull...
I also tried some of the documentations of Microsoft, but those don't realy help me... They more do confuse me.
While there are some com objects that allows to work with Domain Policies, for local ones you'll have to use SECEDIT to export data, as mentioned in the comments. Then you can import the exported data in Powershell and work on it. Finally, you'll be able to import the new data still using SECEDIT.
Here is a small example:
# Export Local Policies
secedit /export /cfg c:\temp\secpol.cfg
# Work with Local Policies data
$secpol = (Get-Content C:\temp\secpol.cfg)
$Value = $secpol | where{ $_ -like "MaximumPasswordAge*" }
$Index = [array]::IndexOf($secpol,$Value)
if($Value -ne "MaximumPasswordAge = 90") {
$secpol.item($Index) = "MaximumPasswordAge = 90"
}
# Create new policies file
$secpol | out-file c:\temp\secpol.cfg -Force
# Import modified Local Policies
secedit /configure /db c:\windows\security\local.sdb /cfg c:\temp\secpol.cfg /areas SECURITYPOLICY
Note that this method has several limitations as not all local policies are exported by SECEDIT.
Another method would be to use a module called PolicyFileEditor. You can find it here: https://www.powershellgallery.com/packages/PolicyFileEditor/2.0.2