OPSI DokuWiki

User Tools

Site Tools

Trace:
userspace:local_user

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
userspace:local_user [2012/06/11 19:42]
qx23 [Lokalen Benutzer anlegen] 		userspace:local_user [2021/08/23 08:37] (current)
Line 19: Line 19:
   * Prüfung ob User bereits existiert   * Prüfung ob User bereits existiert
   * Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen.   * Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen.
- +  * Konto läuft am nächsten Tag oder nie 
-To Do: +  * Gruppen Benutzer, Administratoren, Gäste verwendbar
-  * Konto ablaufen lassen +
-  * lokale Gruppen wählbar?+
  
  
 ===== setup.ins ===== ===== setup.ins =====
-<code winst> +<code winst>[Actions]
-[Actions]+
 requiredWinstVersion >= "4.11.2.1" requiredWinstVersion >= "4.11.2.1"
  
 setLogLevel=3 setLogLevel=3
 DefVar $ProductName$ DefVar $ProductName$
-DefVar $OpsiAdminPass+DefVar $local_user
-DefVar $OpsiAdminUser$ +DefVar $Group$
-DefVar $AdminGroup$+
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$ 
 +DefVar $val_groupmember$ 
 +DefVar $val_expires$
 DefVar $UserExists$ DefVar $UserExists$
 +DefVar $UserGroup$
 +DefVar $date_tomorrow$
 +DefVar $pwd_expires$
  
 DefStringlist $ResultList$ DefStringlist $ResultList$
 DefStringlist $ResultList2$ DefStringlist $ResultList2$
 +DefStringlist $ResultList3$
  
 sub_get_properties sub_get_properties
Line 48: Line 50:
 comment "get the name of the admin group" comment "get the name of the admin group"
 comment "using psgetsid from sysinernals pstools" comment "using psgetsid from sysinernals pstools"
 +
 +if $UserGroup$ = "Administratoren"
 set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group") set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
-set $AdminGroup$ = takeString(6,$ResultList$) +endif 
-set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))+ 
 +if $UserGroup$ = "Benutzer" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_user_group"
 +endif 
 + 
 +if $UserGroup$ = "Gaeste" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_guest_group"
 +endif 
 + 
 +set $Group$ = takeString(6,$ResultList$) 
 +set $Group$ = takeString(1,splitstring($Group$,"\"))
  
 comment "Check if user exists." comment "Check if user exists."
Line 56: Line 70:
 set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser") set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
 set $UserExists$ = takeString(0,$ResultList2$) set $UserExists$ = takeString(0,$ResultList2$)
-set $UserExists$ = takeString(0,splitstring($UserExists$," ")) 
  
 setLogLevel=0 setLogLevel=0
  
-comment "create our local admin user"+comment "create our local user"
 if $UserExists$ = "no" if $UserExists$ = "no"
  DosInAnIcon_makeadmin  DosInAnIcon_makeadmin
Line 71: Line 84:
 comment "Enables or disables the user." comment "Enables or disables the user."
 comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*." comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
-if $flag_active$ = "yes"+if $flag_active$ = "on"
  DosInAnIcon_enable_admin  DosInAnIcon_enable_admin
 else else
  DosInAnIcon_disable_admin  DosInAnIcon_disable_admin
 +endif
 +
 +set $ResultList3$ = getOutStreamFromSection("DosInAnIcon_get_date_tomorrow")
 +set $date_tomorrow$ = takeString(2,$ResultList3$)
 +;set $date_tomorrow$ = takeString(1,splitstring(" ",$date_tomorrow$))
 +
 +if $val_expires$ = "never"
 + DosInAnIcon_expires_never
 +else
 + DosInAnIcon_expires_tomorrow
 +endif
 +
 +if $pwd_expires$ = "never"
 +        DosInAnIcon_pwd_expires_never
 endif endif
  
Line 82: Line 109:
 Set $flag_active$ = GetProductProperty("flag_active", "off") Set $flag_active$ = GetProductProperty("flag_active", "off")
  
-comment "val_adminpasswd"+comment "val_userpasswd"
 comment "description: password" comment "description: password"
-Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!")+Set $val_userpasswd$ = GetProductProperty("val_userpasswd", "SecurePW!")
  
-comment "val_adminusername"+comment "val_username"
 comment "description: admin username" comment "description: admin username"
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp") 
 + 
 +comment "val_groupmember" 
 +comment "description: Groupemembership" 
 +set $UserGroup$= GetProductProperty("val_groupmember", "Administratoren"
 + 
 +comment "val_expires" 
 +comment "description: expires" 
 +set $val_expires$ = GetProductProperty("val_expires", "tomorrow"
 + 
 +comment "pwd_expires" 
 +comment "description: pwd expires" 
 +set $pwd_expires$ = GetProductProperty("pwd_expires", "never")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
 [DosInAnIcon_get_admin_group] [DosInAnIcon_get_admin_group]
 @echo off @echo off
 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
 +
 +[DosInAnIcon_get_user_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-545
 +
 +[DosInAnIcon_get_guest_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-547
  
 [DosInAnIcon_makeadmin] [DosInAnIcon_makeadmin]
-NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes +NET USER $local_user$ $val_userpasswd$ /ADD /comment:"Local User created by opsi-package" /fullname:"Local User by Opsi" /passwordchg:no /passwordreq:yes 
-NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$+NET LOCALGROUP $Group$ /ADD $local_user$
  
 [DosInAnIcon_alter_pw] [DosInAnIcon_alter_pw]
-NET USER $OpsiAdminUser$ $val_adminpasswd$+NET USER $local_user$ $val_userpasswd$
  
 [DosInAnIcon_enable_admin] [DosInAnIcon_enable_admin]
-NET USER $OpsiAdminUser$ /active:yes+NET USER $local_user$ /active:yes
  
 [DosInAnIcon_disable_admin] [DosInAnIcon_disable_admin]
-NET USER $OpsiAdminUser$ /active:no+NET USER $local_user$ /active:no 
 + 
 +[DosInAnIcon_get_date_tomorrow] 
 +%ScriptPath%\morgen.bat 
 + 
 +[DosInAnIcon_expires_never] 
 +NET USER $local_user$ /expires:never 
 + 
 +[DosInAnIcon_pwd_expires_never] 
 +; Fix siehe: https://forum.opsi.org/viewtopic.php?f=5&t=7326 
 +wmic useraccount where name='$local_user$' set PasswordExpires=FALSE 
 + 
 +[DosInAnIcon_expires_tomorrow] 
 +NET USER $local_user$ /expires:$date_tomorrow$
 </code> </code>
 ===== uninstall.ins ===== ===== uninstall.ins =====
Line 119: Line 179:
 DefVar $ProductName$ DefVar $ProductName$
 DefVar $OpsiAdminPass$ DefVar $OpsiAdminPass$
-DefVar $OpsiAdminUser$+DefVar $local_user$
 DefVar $AdminGroup$ DefVar $AdminGroup$
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$
 DefVar $UserExists$ DefVar $UserExists$
 DefVar $LocalTempPath$ DefVar $LocalTempPath$
Line 138: Line 198:
  
 if $UserExists$ = "yes" if $UserExists$ = "yes"
- DosInAnIcon_deleteadmin+ DosInAnIcon_deleteuser
 else else
- LogError "User '" + $OpsiAdminUser$ + "' does not exist!" + LogError "User '" + $local_user$ + "' does not exist!" 
  isFatalError  isFatalError
 endif endif
Line 146: Line 206:
  
 [sub_get_properties] [sub_get_properties]
-comment "val_adminusername+comment "val_username
-comment "description: admin username" +comment "description: username" 
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
-[DosInAnIcon_deleteadmin+[DosInAnIcon_deleteuser
-NET USER $OpsiAdminUser$ /DELETE+NET USER $local_user$ /DELETE
  
 [DosInAnIcon_deleteprofile] [DosInAnIcon_deleteprofile]
-rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"+rmdir /S /Q "%ProfileDir%\$local_user$" 
 +</code> 
 + 
 +===== morgen.bat ===== 
 +<code> 
 +@echo off 
 +setlocal 
 +rem Datum auslesen 
 +set tag=%date:~-10,2% 
 +set monat=%date:~-7,2% 
 +set jahr=%date:~-4% 
 + 
 +if %monat% NEQ 2 goto :done 
 +rem Letzter Tag im Februar, Schaltjahr prüfen 
 +set /a mod4=jahr % 4 
 +set /a mod100=jahr % 100 
 +set /a mod400=jahr % 400 
 +set ltag=28 
 +if %mod4% NEQ 0 goto :done 
 +set ltag=29 
 +if %mod100% NEQ 0 goto :done 
 +set ltag=28 
 +if %mod400% NEQ 0 goto :done 
 +set ltag=29 
 +:done 
 + 
 +rem Letzter Tag des Monats 
 +if %monat% EQU 1 set ltag=31 
 +if %monat% EQU 3 set ltag=31 
 +if %monat% EQU 4 set ltag=30 
 +if %monat% EQU 5 set ltag=31 
 +if %monat% EQU 6 set ltag=30 
 +if %monat% EQU 7 set ltag=31 
 +if %monat% EQU 8 set ltag=31 
 +if %monat% EQU 9 set ltag=30 
 +if %monat% EQU 10 set ltag=31 
 +if %monat% EQU 11 set ltag=30 
 +if %monat% EQU 12 set ltag=31 
 + 
 +set /a tag+=1 
 +if %tag% GTR %ltag% set /a monat+=1 & set tag=1 
 +if %monat% GTR 12 set /a jahr+=1 & set monat=1 
 + 
 +echo %tag%.%monat%.%jahr%
 </code> </code>
  
Line 164: Line 267:
 <code winst> <code winst>
 [Package] [Package]
-version: 4+version: 2
 depends:  depends: 
 incremental: False incremental: False
Line 172: Line 275:
 id: local-admin-user id: local-admin-user
 name: Lokaler Adminbenutzer name: Lokaler Adminbenutzer
-description: Lokaler Benutzer in der Gruppe (lokale) Administratoren+description: Lokaler Benutzer anlegen
 advice:  advice: 
-version: 0.1+version: 0.2
 priority: 0 priority: 0
 licenseRequired: False licenseRequired: False
Line 197: Line 300:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminusername+name: val_username
 multivalue: False multivalue: False
 editable: True editable: True
-description: Benutzername des lokalen Adminusers+description: Benutzername des lokalen User
 values: ["locsupp"] values: ["locsupp"]
 default: ["locsupp"] default: ["locsupp"]
Line 206: Line 309:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminpasswd+name: val_groupmember 
 +multivalue: False 
 +editable: False 
 +description: Gruppenmitgliedschaft des lokalen Users 
 +values: ["Benutzer", "Administratoren", "Gaeste"
 +default: ["Administratoren"
 + 
 +[ProductProperty] 
 +type: unicode 
 +name: val_userpasswd
 multivalue: False multivalue: False
 editable: True editable: True
-description: Passwort des lokalen Adminusers+description: Passwort des lokalen Users
 values: ["SecurePW!"] values: ["SecurePW!"]
 default: ["SecurePW!"] default: ["SecurePW!"]
 +
 +[ProductProperty]
 +type: unicode
 +name: val_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "tomorrow"]
 +default: ["tomorrow"]
 +
 +[ProductProperty]
 +type: unicode
 +name: pwd_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "policy"]
 +default: ["never"]
 </code> </code>
userspace/local_user.1339443749.txt.gz · Last modified: 2021/08/23 08:37 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki