In a recent Pester test, I needed to verify that three settings in net.exe accounts were properly set. These included Lockout threshold, Lockout duration (minutes), and Lockout observation window (minutes). Well, now that I have my answer, I thought I would document it here. Before I show you how I handled this task, based on varying versions of PowerShell, I’ll show you the default output that I needed to parse.
PS > net.exe accounts Force user logoff how long after time expires?: Never Minimum password age (days): 0 Maximum password age (days): 42 Minimum password length: 0 Length of password history maintained: None Lockout threshold: 3 Lockout duration (minutes): 30 Lockout observation window (minutes): 30 Computer role: SERVER The command completed successfully.
I needed the above output to be parsed, and when that was done, I only needed the values of the three previously mentioned Lockout settings to be displayed. The below code indicates that if PowerShell is a version greater than 4.0 the ConvertFrom-String cmdlet can be used. It’s not necessary, but it was good to practice using a cmdlet I hardly every use. If the PowerShell version isn’t greater than 4.0, we’ll use a temporary variable and do the parsing ourselves. In the end and regardless of version, we’ll get our results. I’m using [PSCustomObject], but I am confident this test will never run with a version of PowerShell less than that of 3.0. This is happening in AWS with a Server 2012 R2 AMI and as we know, 2012 R2 includes PowerShell 4.0 by default.
If ($PSVersionTable.PSVersion.Major -gt 4) { $AcctSettings = net.exe accounts | ForEach-Object { ConvertFrom-String -InputObject $_ -Delimiter ': +' -PropertyNames Setting,Value } } Else { $AcctSettings = net.exe accounts | ForEach-Object { $TempVar = $_ -split ': +' [PSCustomObject]@{Setting = $TempVar[0]; Value = $TempVar[1]} } } ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout threshold'}).Value ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout duration (minutes)'}).Value ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout observation window (minutes)'}).Value 3 30 30
This task was being done for Pester, so while we’re here, let me show it to you inside the Pester It Block.
# Account lockout policies. It 'Checking the account lockout threshold, duration, observation window settings:' { If ($PSVersionTable.PSVersion.Major -gt 4) { $AcctSettings = net.exe accounts | ForEach-Object { ConvertFrom-String -InputObject $_ -Delimiter ': +' -PropertyNames Setting,Value } } Else { $AcctSettings = net.exe accounts | ForEach-Object { $TempVar = $_ -split ': +' [PSCustomObject]@{Setting = $TempVar[0]; Value = $TempVar[1]} } } ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout threshold'}).Value | Should -Be 3 ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout duration (minutes)'}).Value | Should -Be 30 ($AcctSettings | Where-Object {$_.Setting -eq 'Lockout observation window (minutes)'}).Value | Should -Be 30 } # End It.
That’s it! Now you can parse net.exe accounts, too!!