question

SrinivasLJ-3676 avatar image
0 Votes"
SrinivasLJ-3676 asked RoyLi-MSFT edited

NetUserSetInfo() API is not returning Error

I have given a old password to a user "xyz" through NetUserSetInfo API,
this API does not consider Enforce password history policy ?

I should get the following error if i give one of the old password.

NERR_PasswordTooShort


windows-10-generalwindows-active-directorywindows-10-securitywindows-group-policy
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you calling this API in an application code or are you using PowerShell?

0 Votes 0 ·

Application code

0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered SrinivasLJ-3676 commented

Hello,

Thank you so much for posting here.

The error means that the password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough unique characters, or not meet another password policy requirement.)

Reference: https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netusersetinfo

Best regards,
Hannah Xiong

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

My question is

I need to get this error(NERR_PasswordTooShort) if I give one of old passwords. Instead it is returning NERR_Success.

Why this API is not checking Enforce password history ?

0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hi,

Thank you so much for your feedback.

So sorry that I misunderstood this. Frankly speaking, I am not professional with this API.

According to the research, the NetUserSetInfo function does not control how the password parameters are secured when sent over the network to a remote server to change a user password.

Besides, when we gave one of old passwords, it was returning NREE_Success, but it should be NERR_PasswordTooShort as you stated.

As for the Enforce password history policy, it determines the number of unique new passwords that must be associated with a user account before an old password can be reused. If set to 10, the new password set by the user cannot be the same as the old password set 10 times before.

If we gave the too recent old passwords, will it also return Success?

Please forgive me if there is any other misunderstanding. Thanks so much for your understanding and support.

Best regards,
Hannah Xiong

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.