https://github.com/osquery/osquery logo
Title
a

Avik Sengupta

11/04/2022, 6:53 PM
Can someone possibly point me to a query check if accounts on a machine have passwords enabled? Windows, Mac and/or Linux. Thanks!
j

Jason

11/04/2022, 7:09 PM
How do you mean, if a password is set for a user?
a

Avik Sengupta

11/04/2022, 7:09 PM
yes, ie, the password is not empty.
k

Kathy Satterlee

11/04/2022, 7:30 PM
a

Avik Sengupta

11/04/2022, 7:37 PM
Thanks! The second query in that gist does not work for me (shows a
constraint failure
error,) but the first one works.
k

Kathy Satterlee

11/04/2022, 7:43 PM
I had the same experience.
Will keep hunting for Windows and Linux
s

sharvil

11/05/2022, 4:19 AM
There is a new
password_policy
table on macOS, perhaps that's helpful too
n

Noah Talerman

11/07/2022, 7:52 PM
Here’s a “Password requires 10 or more characters” query that uses the
password_policy
table: https://fleetdm.com/queries/password-requires-10-or-more-characters-mac-os You can use this query as a Fleet policy. Works for macOS.
a

Avik Sengupta

11/08/2022, 10:34 PM
It looks like
password_policy
table needs the mac to be enrolled into an MDM?
n

Noah Talerman

11/09/2022, 6:39 PM
Hmm, I’m not sure. @Guillaume or @sharvil do you know?
s

sharvil

11/10/2022, 9:36 PM
hey @Avik Sengupta,
password_policy
table doesn’t necessarily mean MDM..one can set local policies on the mac without MDM, and the table will report it