Bug #12582
closed
Bug #12581: Windows Passcode Policy issues
Add UI validation to passcode policy inputs
100%
Description
Environment details
6.3.0 staging server
Prerequisites
Enroll a Windows device
Steps
Create a passcode policy
Apply to the device
Description
Since there is no validation done to the inputs done by user, the device can get locked without being able to set a valid password if the rules are not followed in the DeviceLock CSP.
Refer [1][2] to view the rules necessary to validate before creating the policy
[1] - https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-devicelock#devicepasswordenable
[2] - https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn282287(v=ws.11)#password-length-and-complexity-supported-by-account-types
Result
Device gets locked and keeps saying unable to update the password
Files
Updated by Navod Zoysa about 2 months ago
- File clipboard-202502111523-7mmio.png clipboard-202502111523-7mmio.png added
- Description updated (diff)
Updated by
Updated by Sapna Nethmini about 1 month ago
- Status changed from New to Implementation
Updated by Sapna Nethmini about 1 month ago
- Status changed from Implementation to QA
- % Done changed from 0 to 100
Updated by Sapna Nethmini about 1 month ago
Updated by Arshana Atapattu about 1 month ago
- File 1000439976.jpg 1000439976.jpg added
- Status changed from QA to QA Reject
Policy did not applied on the device
policy payload [3]
registry values [4]
[3] {"policyName":"Pass code policy","description":"Pass code policy","active":true,"compliance":"enforce","ownershipType":null,"policyType":"GENERAL","profile":{"profileName":"Pass code policy","deviceType":"windows","profileFeaturesList":[{"featureCode":"PASSCODE_POLICY","deviceType":"windows","content":{"enablePassword":"true","allowSimple":true,"requireAlphanumeric":"2","minLength":"4","minComplexChars":"4","maxPINAgeInDays":"100","pinHistory":null,"maxFailedAttempts":null,"maxInactiveTime":"5"},"correctiveActions":[]}]},"deviceGroups":[{"id":8,"name":"Test Group"}],"roles":["ANY"],"users":[]}
[4]![[4]](/attachments/download/4718/1000439976.jpg "[4]")
Updated by Navod Zoysa 16 days ago
- Status changed from QA Reject to Testing
- Assignee changed from Sapna Nethmini to Navod Zoysa
Updated by Navod Zoysa 16 days ago
- File clipboard-202503180002-yq9z2.png clipboard-202503180002-yq9z2.png added
- Status changed from Testing to QA
- Assignee changed from Navod Zoysa to Sapna Nethmini
This is working
Policy payload used to test :
| Policy | Value |
|---|---|
| Allow simple Value | true |
| Require alphanumeric value | Password or Alphanumeric PIN required |
| Minimum passcode length | 4 |
| Minimum number of complex characters | Digits and lowercase letters are required |
| Maximum passcode age in days | 0 |
| Passcode history | 0 |
| Maximum number of failed attempts | 16 |
| Maximum idle time (minutes) to auto device lock | 5 |
Registry values are matching and the passcode restrictions are enforced properly.
Updated by Arshana Atapattu 7 days ago
- Status changed from QA to QA Accept
Navod Zoysa wrote in #note-9:
This is working
Policy payload used to test :
Policy Value Allow simple Value true Require alphanumeric value Password or Alphanumeric PIN required Minimum passcode length 4 Minimum number of complex characters Digits and lowercase letters are required Maximum passcode age in days 0 Passcode history 0 Maximum number of failed attempts 16 Maximum idle time (minutes) to auto device lock 5 Registry values are matching and the passcode restrictions are enforced properly.
Working
Updated by Arshana Atapattu 7 days ago
- Status changed from QA Accept to Closed
Closing due to QA accept