Share via

NetUserSetInfo() API is not returning Error

SrinivasLJ 1 Reputation point
2021-02-17T11:39:27.577+00:00

I have given a old password to a user "xyz" through NetUserSetInfo API,
this API does not consider Enforce password history policy ?

I should get the following error if i give one of the old password.

NERR_PasswordTooShort

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Windows for business Windows Client for IT Pros User experience Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-18T02:52:03.613+00:00

    Hello,

    Thank you so much for posting here.

    The error means that the password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough unique characters, or not meet another password policy requirement.)

    Reference: https://learn.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netusersetinfo

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Anonymous
    2021-02-18T05:36:07.223+00:00

    Hi,

    Thank you so much for your feedback.

    So sorry that I misunderstood this. Frankly speaking, I am not professional with this API.

    According to the research, the NetUserSetInfo function does not control how the password parameters are secured when sent over the network to a remote server to change a user password.

    Besides, when we gave one of old passwords, it was returning NREE_Success, but it should be NERR_PasswordTooShort as you stated.

    As for the Enforce password history policy, it determines the number of unique new passwords that must be associated with a user account before an old password can be reused. If set to 10, the new password set by the user cannot be the same as the old password set 10 times before.

    If we gave the too recent old passwords, will it also return Success?

    Please forgive me if there is any other misunderstanding. Thanks so much for your understanding and support.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.