Differences

This shows you the differences between two versions of the page.

--- userspace:local_user [2012/06/11 19:39]
qx23
+++ userspace:local_user [2021/08/23 08:37]
@@ Line 1: / Line 1: @@
-===== Lokalen Benutzer anlegen =====
-Kommentar und Verbesserungen erwünscht!
-Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.
-Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip).
-Ich will mich nicht mit fremden Federn schmücken:
-Dieses Skript baut sehr stark auf dem Beispielskript für Programminstallationen im Kontext eines lokalen Benutzer/Administrators) des Winst-Handbuches auf. Danke an das UIB-Team für das tolle Handbuch.
-Features:
-  * Benutzername frei wählbar
-  * Passwort frei wählbar
-  * Passwort änderung
-  * Benutzer lässt sich aktivieren und deaktivieren
-  * Prüfung ob User bereits existiert
-To Do:
-  * Konto ablaufen lassen
-  * lokale Gruppen wählbar?
-===== setup.ins =====
-<code winst>
-[Actions]
-requiredWinstVersion >= "4.11.2.1"
-setLogLevel=3
-DefVar $ProductName$
-DefVar $OpsiAdminPass$
-DefVar $OpsiAdminUser$
-DefVar $AdminGroup$
-DefVar $SearchResult$
-DefVar $flag_active$
-DefVar $val_adminpasswd$
-DefVar $val_adminusername$
-DefVar $UserExists$
-DefStringlist $ResultList$
-DefStringlist $ResultList2$
-sub_get_properties
-comment "get the name of the admin group"
-comment "using psgetsid from sysinernals pstools"
-set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
-set $AdminGroup$ = takeString(6,$ResultList$)
-set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))
-comment "Check if user exists."
-comment "If user exists, the password will be altered. Otherwise, the user will be created."
-set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
-set $UserExists$ = takeString(0,$ResultList2$)
-set $UserExists$ = takeString(0,splitstring($UserExists$," "))
-setLogLevel=0
-comment "create our local admin user"
-if $UserExists$ = "no"
-	DosInAnIcon_makeadmin
-else
-	DosInAnIcon_alter_pw
-endif
-setLogLevel=3
-comment "Enables or disables the user."
-comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
-if $flag_active$ = "yes"
-	DosInAnIcon_enable_admin
-else
-	DosInAnIcon_disable_admin
-endif
-[sub_get_properties]
-comment "flag_active"
-comment "description: User active"
-Set $flag_active$ = GetProductProperty("flag_active", "off")
-comment "val_adminpasswd"
-comment "description: password"
-Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!")
-comment "val_adminusername"
-comment "description: admin username"
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")
-[DosInAnIcon_checkuser]
-@echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no
-[DosInAnIcon_get_admin_group]
-@echo off
-"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
-[DosInAnIcon_makeadmin]
-NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes
-NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$
-[DosInAnIcon_alter_pw]
-NET USER $OpsiAdminUser$ $val_adminpasswd$
-[DosInAnIcon_enable_admin]
-NET USER $OpsiAdminUser$ /active:yes
-[DosInAnIcon_disable_admin]
-NET USER $OpsiAdminUser$ /active:no
-</code>
-===== uninstall.ins =====
-<code winst>
-[Actions]
-requiredWinstVersion >= "4.11.2.1"
-setLogLevel=7
-DefVar $ProductName$
-DefVar $OpsiAdminPass$
-DefVar $OpsiAdminUser$
-DefVar $AdminGroup$
-DefVar $SearchResult$
-DefVar $flag_active$
-DefVar $val_adminpasswd$
-DefVar $val_adminusername$
-DefVar $UserExists$
-DefVar $LocalTempPath$
-DefStringlist $ResultList2$
-sub_get_properties
-comment "Check if user exists."
-set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
-set $UserExists$ = takeString(0,$ResultList2$)
-set $UserExists$ = takeString(0,splitstring($UserExists$," "))
-if $UserExists$ = "yes"
-	DosInAnIcon_deleteadmin
-else
-	LogError "User '" + $OpsiAdminUser$ + "' does not exist!"
-	isFatalError
-endif
-[sub_get_properties]
-comment "val_adminusername"
-comment "description: admin username"
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")
-[DosInAnIcon_checkuser]
-@echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no
-[DosInAnIcon_deleteadmin]
-NET USER $OpsiAdminUser$ /DELETE
-[DosInAnIcon_deleteprofile]
-rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"
-</code>
-===== control =====
-<code winst>
-[Package]
-version: 4
-depends:
-incremental: False
-[Product]
-type: localboot
-id: local-admin-user
-name: Lokaler Adminbenutzer
-description: Lokaler Benutzer in der Gruppe (lokale) Administratoren
-advice:
-version: 0.1
-priority: 0
-licenseRequired: False
-productClasses:
-setupScript: setup.ins
-uninstallScript: uninstall.ins
-updateScript:
-alwaysScript:
-onceScript:
-customScript:
-userLoginScript:
-[ProductProperty]
-type: unicode
-name: flag_active
-multivalue: False
-editable: False
-description: Benutzer aktiv
-values: ["off", "on"]
-default: ["off"]
-[ProductProperty]
-type: unicode
-name: val_adminusername
-multivalue: False
-editable: True
-description: Benutzername des lokalen Adminusers
-values: ["locsupp"]
-default: ["locsupp"]
-[ProductProperty]
-type: unicode
-name: val_adminpasswd
-multivalue: False
-editable: True
-description: Passwort des lokalen Adminusers
-values: ["SecurePW!"]
-default: ["SecurePW!"]
-</code>

OPSI DokuWiki

User Tools

Site Tools

Differences

Page Tools