Objective:
- Resolved the error “PASSWORD_COMPLEXITY_UNSUPPORTED_ON_AGENT” when running a Windows auditfile via a Nessus Agent.
Issue:
I run the following audit check via a Nessus Agent:
<custom_item> type : PASSWORD_POLICY description : "CCE-37063-5:PASSWORD ATTRIBUTES Password must meet complexity requirements:W2K12R2Member" info : "STIG V-1150" value_type : POLICY_SET password_policy : COMPLEXITY_REQUIREMENTS value_data : "Enabled" </custom_item> |
The following error was returned (severity Medium)
PASSWORD_COMPLEXITY_UNSUPPORTED_ON_AGENT: Password complexity is not supported when scanning through the Nessus agent
Solution:
I created a Powershell version of the same check:
<custom_item> type : AUDIT_POWERSHELL description : "CCE-37063-5:PASSWORD ATTRIBUTES Password must meet complexity requirements:W2K12R2Member" info : "STIG V-26489" value_type : POLICY_TEXT value_data : "True" powershell_args : 'Get-WmiObject -NameSpace Root\\RSOP\\Computer -Class RSOP_PolicySetting | Where {$_.Keyname -eq \'PasswordComplexity\'} | Select Setting | ft -HideTableHeaders' check_type : CHECK_EQUAL powershell_option : CAN_BE_NULL </custom_item> |