This shows you the differences between two versions of the page.
userspace:local_user [2012/06/11 19:41] qx23 [Lokalen Benutzer anlegen] |
userspace:local_user [2021/08/23 08:37] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Lokalen Benutzer anlegen ===== | ||
- | Kommentar und Verbesserungen erwünscht! | ||
- | Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne. | ||
- | |||
- | Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http:// | ||
- | |||
- | Ich will mich nicht mit fremden Federn schmücken: | ||
- | Dieses Skript baut sehr stark auf dem Beispielskript für Programminstallationen im Kontext eines lokalen Benutzer/ | ||
- | |||
- | |||
- | Features: | ||
- | * Benutzername frei wählbar | ||
- | * Passwort frei wählbar | ||
- | * Passwort änderung | ||
- | * Benutzer lässt sich aktivieren und deaktivieren | ||
- | * Prüfung ob User bereits existiert | ||
- | * Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen. | ||
- | |||
- | To Do: | ||
- | * Konto ablaufen lassen | ||
- | * lokale Gruppen wählbar? | ||
- | |||
- | |||
- | ===== setup.ins ===== | ||
- | <code winst> | ||
- | [Actions] | ||
- | requiredWinstVersion >= " | ||
- | |||
- | setLogLevel=3 | ||
- | DefVar $ProductName$ | ||
- | DefVar $OpsiAdminPass$ | ||
- | DefVar $OpsiAdminUser$ | ||
- | DefVar $AdminGroup$ | ||
- | DefVar $SearchResult$ | ||
- | DefVar $flag_active$ | ||
- | DefVar $val_adminpasswd$ | ||
- | DefVar $val_adminusername$ | ||
- | DefVar $UserExists$ | ||
- | |||
- | DefStringlist $ResultList$ | ||
- | DefStringlist $ResultList2$ | ||
- | |||
- | sub_get_properties | ||
- | |||
- | comment "get the name of the admin group" | ||
- | comment "using psgetsid from sysinernals pstools" | ||
- | set $ResultList$ = getOutStreamFromSection(" | ||
- | set $AdminGroup$ = takeString(6, | ||
- | set $AdminGroup$ = takeString(1, | ||
- | |||
- | comment "Check if user exists." | ||
- | comment "If user exists, the password will be altered. Otherwise, the user will be created." | ||
- | set $ResultList2$ = getOutStreamFromSection(" | ||
- | set $UserExists$ = takeString(0, | ||
- | set $UserExists$ = takeString(0, | ||
- | |||
- | setLogLevel=0 | ||
- | |||
- | comment " | ||
- | if $UserExists$ = " | ||
- | DosInAnIcon_makeadmin | ||
- | else | ||
- | DosInAnIcon_alter_pw | ||
- | endif | ||
- | |||
- | setLogLevel=3 | ||
- | |||
- | comment " | ||
- | comment " | ||
- | if $flag_active$ = " | ||
- | DosInAnIcon_enable_admin | ||
- | else | ||
- | DosInAnIcon_disable_admin | ||
- | endif | ||
- | |||
- | [sub_get_properties] | ||
- | comment " | ||
- | comment " | ||
- | Set $flag_active$ = GetProductProperty(" | ||
- | |||
- | comment " | ||
- | comment " | ||
- | Set $val_adminpasswd$ = GetProductProperty(" | ||
- | |||
- | comment " | ||
- | comment " | ||
- | set $OpsiAdminUser$= GetProductProperty(" | ||
- | |||
- | [DosInAnIcon_checkuser] | ||
- | @echo off | ||
- | net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no | ||
- | |||
- | [DosInAnIcon_get_admin_group] | ||
- | @echo off | ||
- | " | ||
- | |||
- | [DosInAnIcon_makeadmin] | ||
- | NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD / | ||
- | NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$ | ||
- | |||
- | [DosInAnIcon_alter_pw] | ||
- | NET USER $OpsiAdminUser$ $val_adminpasswd$ | ||
- | |||
- | [DosInAnIcon_enable_admin] | ||
- | NET USER $OpsiAdminUser$ /active:yes | ||
- | |||
- | [DosInAnIcon_disable_admin] | ||
- | NET USER $OpsiAdminUser$ /active:no | ||
- | </ | ||
- | ===== uninstall.ins ===== | ||
- | <code winst> | ||
- | [Actions] | ||
- | requiredWinstVersion >= " | ||
- | |||
- | setLogLevel=7 | ||
- | DefVar $ProductName$ | ||
- | DefVar $OpsiAdminPass$ | ||
- | DefVar $OpsiAdminUser$ | ||
- | DefVar $AdminGroup$ | ||
- | DefVar $SearchResult$ | ||
- | DefVar $flag_active$ | ||
- | DefVar $val_adminpasswd$ | ||
- | DefVar $val_adminusername$ | ||
- | DefVar $UserExists$ | ||
- | DefVar $LocalTempPath$ | ||
- | DefStringlist $ResultList2$ | ||
- | |||
- | sub_get_properties | ||
- | |||
- | comment "Check if user exists." | ||
- | set $ResultList2$ = getOutStreamFromSection(" | ||
- | set $UserExists$ = takeString(0, | ||
- | set $UserExists$ = takeString(0, | ||
- | |||
- | |||
- | if $UserExists$ = " | ||
- | DosInAnIcon_deleteadmin | ||
- | else | ||
- | LogError "User '" | ||
- | isFatalError | ||
- | endif | ||
- | |||
- | |||
- | [sub_get_properties] | ||
- | comment " | ||
- | comment " | ||
- | set $OpsiAdminUser$= GetProductProperty(" | ||
- | |||
- | [DosInAnIcon_checkuser] | ||
- | @echo off | ||
- | net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no | ||
- | |||
- | [DosInAnIcon_deleteadmin] | ||
- | NET USER $OpsiAdminUser$ /DELETE | ||
- | |||
- | [DosInAnIcon_deleteprofile] | ||
- | rmdir /S /Q " | ||
- | </ | ||
- | |||
- | ===== control ===== | ||
- | <code winst> | ||
- | [Package] | ||
- | version: 4 | ||
- | depends: | ||
- | incremental: | ||
- | |||
- | [Product] | ||
- | type: localboot | ||
- | id: local-admin-user | ||
- | name: Lokaler Adminbenutzer | ||
- | description: | ||
- | advice: | ||
- | version: 0.1 | ||
- | priority: 0 | ||
- | licenseRequired: | ||
- | productClasses: | ||
- | setupScript: | ||
- | uninstallScript: | ||
- | updateScript: | ||
- | alwaysScript: | ||
- | onceScript: | ||
- | customScript: | ||
- | userLoginScript: | ||
- | |||
- | [ProductProperty] | ||
- | type: unicode | ||
- | name: flag_active | ||
- | multivalue: False | ||
- | editable: False | ||
- | description: | ||
- | values: [" | ||
- | default: [" | ||
- | |||
- | [ProductProperty] | ||
- | type: unicode | ||
- | name: val_adminusername | ||
- | multivalue: False | ||
- | editable: True | ||
- | description: | ||
- | values: [" | ||
- | default: [" | ||
- | |||
- | [ProductProperty] | ||
- | type: unicode | ||
- | name: val_adminpasswd | ||
- | multivalue: False | ||
- | editable: True | ||
- | description: | ||
- | values: [" | ||
- | default: [" | ||
- | </ |