I am using PowerShell to create local users. I need to get input from keyboard: Username & Password. To get the password I can use one of the following:
$user_details = Get-Credential
or
$pass = Read-Host -assecureString "Please enter your password"
In both cases, I will get encrypted password variable System.Security.SecureString. In both cases, when I try to create the user, with
New-LocalUser -Name $username -Password $pass
I get an error that the password is not complex.
New-LocalUser : Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
Since the password is encrypted, (System.Security.SecureString) I have no way to know the complexity of the password. How can I force the user to type a password that complies the complexity rules?
(using unencrypted passwords is not a good solution for me)
Update: After few answers that were relevant with good solutions, but did not meet my security requirement, I'd like to rephrase:
How can I check password complexity which is already stored in object: System.Security.SecureString (without decryption)
Using a Try-Catch is the best way for me to handle this Issue.
I read the password, trying to execute the command
Catch the exception error, and request password again in case of password error