How do I enable password complexity in batch

Question

In windows local security policies there is a complexity requirement. I would like to be able to enable it in a batch-file that enables other password stuff like length, age, etc.

::this will change the minimum length of the password
net accounts /minpwlen:8
::this will change the maximum age of the password
net accounts /maxpwage:30
::this will change the minimum age of the password
net accounts /minpwage:5
::this will change the number of passwords stored
net accounts /uniquepw:5

Above is most of what I want but I can't figure out how I enable the complexity in batch. Thanks in advance. also if you have any other ideas how to do this I'm open.

Answer 1

I had similar situation once and what I did was:

setlocal EnableDelayedExpansion

SecEdit.exe /export /cfg "%temp%\sec-template.cfg" >nul 2>&1

set names=MaximumPasswordAge MinimumPasswordLength PasswordComplexity PasswordHistorySize
set values[MaximumPasswordAge]=90
set values[MinimumPasswordLength]=6
set values[PasswordComplexity]=1
set values[PasswordHistorySize]=10

for /F "delims== tokens=1,*" %%X in ('type "%temp%\sec-template.cfg"') do (
    call :trim "%%X"
    set cur_name=!result!
    for %%I in (%names%) do (
        if "!cur_name!" equ "%%I" (
            set value== !values[%%I]!       
        )
    )

    if not defined value if "%%Y" neq "" (
        call :trim "%%Y"
        set value== !result!        
    )

    echo !cur_name! !value! >> "%temp%\sec-template2.cfg"
    set value=
)

SecEdit.exe /configure /db secedit.sdb /cfg "%temp%\sec-template2.cfg" >nul 2>&1

del /q "%temp%\sec-template2*.cfg" >nul 2>&1

if exist "%~dp0secedit.sdb" del "%~dp0secedit.sdb" >nul 2>&1

goto :eof

:trim 
set result=%~1

set "f=!result:~0,1!" & set "l=!result:~-1!"

if "!f!" neq " " if "!l!" neq " " goto :eof
if "!f!" equ " " set result=!result:~1!
if "!l!" equ " " set result=!result:~0,-1!

call :trim "!result!"
goto :eof

Hope it helps.