Can someone possibly point me to a query check if accounts o osquery #general

Can someone possibly point me to a query check if ...

Avik Sengupta

11/04/2022, 6:53 PM

Can someone possibly point me to a query check if accounts on a machine have passwords enabled? Windows, Mac and/or Linux. Thanks!

Jason

11/04/2022, 7:09 PM

How do you mean, if a password is set for a user?

Avik Sengupta

11/04/2022, 7:09 PM

yes, ie, the password is not empty.

Kathy Satterlee

11/04/2022, 7:30 PM

Avik Sengupta

11/04/2022, 7:37 PM

Thanks! The second query in that gist does not work for me (shows a

constraint failure

error,) but the first one works.

Kathy Satterlee

11/04/2022, 7:43 PM

I had the same experience.

Kathy Satterlee

11/04/2022, 7:43 PM

Will keep hunting for Windows and Linux

sharvil

11/05/2022, 4:19 AM

There is a new

password_policy

table on macOS, perhaps that's helpful too

Noah Talerman

11/07/2022, 7:52 PM

Here’s a “Password requires 10 or more characters” query that uses the

password_policy

Avik Sengupta

11/08/2022, 10:34 PM

It looks like

password_policy

table needs the mac to be enrolled into an MDM?

Noah Talerman

11/09/2022, 6:39 PM

Hmm, I’m not sure. @Guillaume or @sharvil do you know?

sharvil

11/10/2022, 9:36 PM

hey @Avik Sengupta,

password_policy

table doesn’t necessarily mean MDM..one can set local policies on the mac without MDM, and the table will report it

5 Views