userspace:local_user
Table of Contents
Lokalen Benutzer anlegen
Kommentar und Verbesserungen erwünscht!
Entwickelt und getestet auf Win 7 64bit.
Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.
Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip).
Ich will mich nicht mit fremden Federn schmücken: Dieses Skript baut sehr stark auf dem Beispielskript für Programminstallationen im Kontext eines lokalen Benutzer/Administrators) des Winst-Handbuches auf. Danke an das UIB-Team für das tolle Handbuch.
Features:
- Benutzername frei wählbar
- Passwort frei wählbar
- Passwort änderung
- Benutzer lässt sich aktivieren und deaktivieren
- Prüfung ob User bereits existiert
- Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen.
- Konto läuft am nächsten Tag oder nie
- Gruppen Benutzer, Administratoren, Gäste verwendbar
setup.ins
[Actions]
requiredWinstVersion >= "4.11.2.1"
setLogLevel=3
DefVar $ProductName$
DefVar $local_user$
DefVar $Group$
DefVar $SearchResult$
DefVar $flag_active$
DefVar $val_userpasswd$
DefVar $val_username$
DefVar $val_groupmember$
DefVar $val_expires$
DefVar $UserExists$
DefVar $UserGroup$
DefVar $date_tomorrow$
DefVar $pwd_expires$
DefStringlist $ResultList$
DefStringlist $ResultList2$
DefStringlist $ResultList3$
sub_get_properties
comment "get the name of the admin group"
comment "using psgetsid from sysinernals pstools"
if $UserGroup$ = "Administratoren"
set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
endif
if $UserGroup$ = "Benutzer"
set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_user_group")
endif
if $UserGroup$ = "Gaeste"
set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_guest_group")
endif
set $Group$ = takeString(6,$ResultList$)
set $Group$ = takeString(1,splitstring($Group$,"\"))
comment "Check if user exists."
comment "If user exists, the password will be altered. Otherwise, the user will be created."
set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
set $UserExists$ = takeString(0,$ResultList2$)
setLogLevel=0
comment "create our local user"
if $UserExists$ = "no"
DosInAnIcon_makeadmin
else
DosInAnIcon_alter_pw
endif
setLogLevel=3
comment "Enables or disables the user."
comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
if $flag_active$ = "on"
DosInAnIcon_enable_admin
else
DosInAnIcon_disable_admin
endif
set $ResultList3$ = getOutStreamFromSection("DosInAnIcon_get_date_tomorrow")
set $date_tomorrow$ = takeString(2,$ResultList3$)
;set $date_tomorrow$ = takeString(1,splitstring(" ",$date_tomorrow$))
if $val_expires$ = "never"
DosInAnIcon_expires_never
else
DosInAnIcon_expires_tomorrow
endif
if $pwd_expires$ = "never"
DosInAnIcon_pwd_expires_never
endif
[sub_get_properties]
comment "flag_active"
comment "description: User active"
Set $flag_active$ = GetProductProperty("flag_active", "off")
comment "val_userpasswd"
comment "description: password"
Set $val_userpasswd$ = GetProductProperty("val_userpasswd", "SecurePW!")
comment "val_username"
comment "description: admin username"
set $local_user$= GetProductProperty("val_username", "locsupp")
comment "val_groupmember"
comment "description: Groupemembership"
set $UserGroup$= GetProductProperty("val_groupmember", "Administratoren")
comment "val_expires"
comment "description: expires"
set $val_expires$ = GetProductProperty("val_expires", "tomorrow")
comment "pwd_expires"
comment "description: pwd expires"
set $pwd_expires$ = GetProductProperty("pwd_expires", "never")
[DosInAnIcon_checkuser]
@echo off
net user $local_user$ >nul 2>&1 && echo yes || echo no
[DosInAnIcon_get_admin_group]
@echo off
"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
[DosInAnIcon_get_user_group]
@echo off
"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-545
[DosInAnIcon_get_guest_group]
@echo off
"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-547
[DosInAnIcon_makeadmin]
NET USER $local_user$ $val_userpasswd$ /ADD /comment:"Local User created by opsi-package" /fullname:"Local User by Opsi" /passwordchg:no /passwordreq:yes
NET LOCALGROUP $Group$ /ADD $local_user$
[DosInAnIcon_alter_pw]
NET USER $local_user$ $val_userpasswd$
[DosInAnIcon_enable_admin]
NET USER $local_user$ /active:yes
[DosInAnIcon_disable_admin]
NET USER $local_user$ /active:no
[DosInAnIcon_get_date_tomorrow]
%ScriptPath%\morgen.bat
[DosInAnIcon_expires_never]
NET USER $local_user$ /expires:never
[DosInAnIcon_pwd_expires_never]
; Fix siehe: https://forum.opsi.org/viewtopic.php?f=5&t=7326
wmic useraccount where name='$local_user$' set PasswordExpires=FALSE
[DosInAnIcon_expires_tomorrow]
NET USER $local_user$ /expires:$date_tomorrow$
uninstall.ins
[Actions]
requiredWinstVersion >= "4.11.2.1"
setLogLevel=7
DefVar $ProductName$
DefVar $OpsiAdminPass$
DefVar $local_user$
DefVar $AdminGroup$
DefVar $SearchResult$
DefVar $flag_active$
DefVar $val_userpasswd$
DefVar $val_username$
DefVar $UserExists$
DefVar $LocalTempPath$
DefStringlist $ResultList2$
sub_get_properties
comment "Check if user exists."
set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
set $UserExists$ = takeString(0,$ResultList2$)
set $UserExists$ = takeString(0,splitstring($UserExists$," "))
if $UserExists$ = "yes"
DosInAnIcon_deleteuser
else
LogError "User '" + $local_user$ + "' does not exist!"
isFatalError
endif
[sub_get_properties]
comment "val_username"
comment "description: username"
set $local_user$= GetProductProperty("val_username", "locsupp")
[DosInAnIcon_checkuser]
@echo off
net user $local_user$ >nul 2>&1 && echo yes || echo no
[DosInAnIcon_deleteuser]
NET USER $local_user$ /DELETE
[DosInAnIcon_deleteprofile]
rmdir /S /Q "%ProfileDir%\$local_user$"
morgen.bat
@echo off setlocal rem Datum auslesen set tag=%date:~-10,2% set monat=%date:~-7,2% set jahr=%date:~-4% if %monat% NEQ 2 goto :done rem Letzter Tag im Februar, Schaltjahr prüfen set /a mod4=jahr % 4 set /a mod100=jahr % 100 set /a mod400=jahr % 400 set ltag=28 if %mod4% NEQ 0 goto :done set ltag=29 if %mod100% NEQ 0 goto :done set ltag=28 if %mod400% NEQ 0 goto :done set ltag=29 :done rem Letzter Tag des Monats if %monat% EQU 1 set ltag=31 if %monat% EQU 3 set ltag=31 if %monat% EQU 4 set ltag=30 if %monat% EQU 5 set ltag=31 if %monat% EQU 6 set ltag=30 if %monat% EQU 7 set ltag=31 if %monat% EQU 8 set ltag=31 if %monat% EQU 9 set ltag=30 if %monat% EQU 10 set ltag=31 if %monat% EQU 11 set ltag=30 if %monat% EQU 12 set ltag=31 set /a tag+=1 if %tag% GTR %ltag% set /a monat+=1 & set tag=1 if %monat% GTR 12 set /a jahr+=1 & set monat=1 echo %tag%.%monat%.%jahr%
control
[Package] version: 2 depends: incremental: False [Product] type: localboot id: local-admin-user name: Lokaler Adminbenutzer description: Lokaler Benutzer anlegen advice: version: 0.2 priority: 0 licenseRequired: False productClasses: setupScript: setup.ins uninstallScript: uninstall.ins updateScript: alwaysScript: onceScript: customScript: userLoginScript: [ProductProperty] type: unicode name: flag_active multivalue: False editable: False description: Benutzer aktiv values: ["off", "on"] default: ["off"] [ProductProperty] type: unicode name: val_username multivalue: False editable: True description: Benutzername des lokalen User values: ["locsupp"] default: ["locsupp"] [ProductProperty] type: unicode name: val_groupmember multivalue: False editable: False description: Gruppenmitgliedschaft des lokalen Users values: ["Benutzer", "Administratoren", "Gaeste"] default: ["Administratoren"] [ProductProperty] type: unicode name: val_userpasswd multivalue: False editable: True description: Passwort des lokalen Users values: ["SecurePW!"] default: ["SecurePW!"] [ProductProperty] type: unicode name: val_expires multivalue: False editable: True description: Expires values: ["never", "tomorrow"] default: ["tomorrow"] [ProductProperty] type: unicode name: pwd_expires multivalue: False editable: True description: Expires values: ["never", "policy"] default: ["never"]
userspace/local_user.txt · Last modified: 2021/08/23 08:37 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
