From 79d2dbaa18dc92a394647eddaa169350615b78da Mon Sep 17 00:00:00 2001
From: lutfi-ingram <67720910+lutfi-ingram@users.noreply.github.com>
Date: Wed, 24 Aug 2022 14:22:14 +0700
Subject: [PATCH] Add Relax_minimum_password_length_limits,
 Minimum_Password_Length and Minimum_length_password_audit

Signed-off-by: lutfi-ingram <67720910+lutfi-ingram@users.noreply.github.com>
---
 .../MSFT_AccountPolicy/MSFT_AccountPolicy.psm1 |  3 ++-
 .../MSFT_SecurityOption.psm1                   | 16 ++++++++++++++--
 .../MSFT_SecurityOption.schema.mof             |  3 +++
 .../SecurityOptionData.psd1                    | 18 ++++++++++++++++++
 4 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1 b/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1
index 457adf3..78aff63 100644
--- a/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1
+++ b/source/DSCResources/MSFT_AccountPolicy/MSFT_AccountPolicy.psm1
@@ -100,7 +100,7 @@ function Set-TargetResource
         $Minimum_Password_Age,
 
         [Parameter()]
-        [ValidateRange(0, 14)]
+        [ValidateRange(0, 30)]
         [System.UInt32]
         $Minimum_Password_Length,
 
@@ -153,6 +153,7 @@ function Set-TargetResource
         [ValidateRange(0, 99999)]
         [System.UInt32]
         $Maximum_tolerance_for_computer_clock_synchronization
+
     )
 
     $kerberosPolicies = @()
diff --git a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1 b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1
index 541ba1a..82f6109 100644
--- a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1
+++ b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.psm1
@@ -571,9 +571,21 @@ function Set-TargetResource
         [System.String]
         $User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation,
 
-        [Parameter()][ValidateSet("Enabled", "Disabled")]
+        [Parameter()]
+        [ValidateSet("Enabled", "Disabled")]
         [System.String]
-        $User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations
+        $User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations,
+
+        [Parameter()]
+        [ValidateRange(0, 50)]
+        [System.String]
+        $Minimum_length_password_audit,
+
+        [Parameter()]
+        [ValidateSet("Enabled", "Disabled")]
+        [System.String]
+        $Relax_minimum_password_length_limits
+
     )
 
     $registryPolicies = @()
diff --git a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof
index de3e46b..aafb7fe 100644
--- a/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof
+++ b/source/DSCResources/MSFT_SecurityOption/MSFT_SecurityOption.schema.mof
@@ -105,4 +105,7 @@ class MSFT_SecurityOption : OMI_BaseResource
     [Write, Description("Determines the behavior of all User Account Control (UAC) policies for the entire system"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode;
     [Write, Description("Determines whether the elevation request prompts on the interactive user desktop or on the secure desktop"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation;
     [Write, Description("Enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system"), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations;
+    [Write, Description("This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 50.")] String Minimum_length_password_audit;
+    [Write, Description("This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14."), ValueMap{"Enabled","Disabled"}, Values{"Enabled","Disabled"}] String Relax_minimum_password_length_limits;
+
 };
diff --git a/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1 b/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1
index 3c56b46..55c9046 100644
--- a/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1
+++ b/source/DSCResources/MSFT_SecurityOption/SecurityOptionData.psd1
@@ -875,4 +875,22 @@
             Disabled = '4,0'
         }
     }
+
+    "Minimum_length_password_audit" = @{
+        Value   = "MACHINE\System\CurrentControlSet\Control\SAM\MinimumPasswordLengthAudit"
+        Section = 'Registry Values'
+        Option  = @{
+            String = '4,' # + <Length
+        }
+    }
+
+    "Relax_minimum_password_length_limits" = @{
+        Value   = "MACHINE\System\CurrentControlSet\Control\SAM\RelaxMinimumPasswordLengthLimits"
+        Section = 'Registry Values'
+        Option  = @{
+            Enabled  = '4,1'
+            Disabled = '4,0'
+        }
+    }
+
 }