OPSI DokuWiki

User Tools

Site Tools

Trace:
userspace:local_user

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
userspace:local_user [2012/06/11 19:37]
qx23 created 		userspace:local_user [2021/08/23 08:37] (current)
Line 1: Line 1:
-Manchmal ist es diveresen Gründen prakatisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.+===== Lokalen Benutzer anlegen ===== 
 +Kommentar und Verbesserungen erwünscht! 
 + 
 +Entwickelt und getestet auf Win 7 64bit. 
 + 
 +Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.
  
 Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip). Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip).
Line 13: Line 18:
   * Benutzer lässt sich aktivieren und deaktivieren   * Benutzer lässt sich aktivieren und deaktivieren
   * Prüfung ob User bereits existiert   * Prüfung ob User bereits existiert
- +  * Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen. 
-To Do: +  * Konto läuft am nächsten Tag oder nie 
-  * Konto ablaufen lassen +  * Gruppen Benutzer, Administratoren, Gäste verwendbar
-  * lokale Gruppen wählbar?+
  
  
 ===== setup.ins ===== ===== setup.ins =====
-<code winst> +<code winst>[Actions]
-[Actions]+
 requiredWinstVersion >= "4.11.2.1" requiredWinstVersion >= "4.11.2.1"
  
 setLogLevel=3 setLogLevel=3
 DefVar $ProductName$ DefVar $ProductName$
-DefVar $OpsiAdminPass+DefVar $local_user
-DefVar $OpsiAdminUser$ +DefVar $Group$
-DefVar $AdminGroup$+
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$ 
 +DefVar $val_groupmember$ 
 +DefVar $val_expires$
 DefVar $UserExists$ DefVar $UserExists$
 +DefVar $UserGroup$
 +DefVar $date_tomorrow$
 +DefVar $pwd_expires$
  
 DefStringlist $ResultList$ DefStringlist $ResultList$
 DefStringlist $ResultList2$ DefStringlist $ResultList2$
 +DefStringlist $ResultList3$
  
 sub_get_properties sub_get_properties
Line 42: Line 50:
 comment "get the name of the admin group" comment "get the name of the admin group"
 comment "using psgetsid from sysinernals pstools" comment "using psgetsid from sysinernals pstools"
 +
 +if $UserGroup$ = "Administratoren"
 set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group") set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
-set $AdminGroup$ = takeString(6,$ResultList$) +endif 
-set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))+ 
 +if $UserGroup$ = "Benutzer" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_user_group"
 +endif 
 + 
 +if $UserGroup$ = "Gaeste" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_guest_group"
 +endif 
 + 
 +set $Group$ = takeString(6,$ResultList$) 
 +set $Group$ = takeString(1,splitstring($Group$,"\"))
  
 comment "Check if user exists." comment "Check if user exists."
Line 50: Line 70:
 set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser") set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
 set $UserExists$ = takeString(0,$ResultList2$) set $UserExists$ = takeString(0,$ResultList2$)
-set $UserExists$ = takeString(0,splitstring($UserExists$," ")) 
  
 setLogLevel=0 setLogLevel=0
  
-comment "create our local admin user"+comment "create our local user"
 if $UserExists$ = "no" if $UserExists$ = "no"
  DosInAnIcon_makeadmin  DosInAnIcon_makeadmin
Line 65: Line 84:
 comment "Enables or disables the user." comment "Enables or disables the user."
 comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*." comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
-if $flag_active$ = "yes"+if $flag_active$ = "on"
  DosInAnIcon_enable_admin  DosInAnIcon_enable_admin
 else else
  DosInAnIcon_disable_admin  DosInAnIcon_disable_admin
 +endif
 +
 +set $ResultList3$ = getOutStreamFromSection("DosInAnIcon_get_date_tomorrow")
 +set $date_tomorrow$ = takeString(2,$ResultList3$)
 +;set $date_tomorrow$ = takeString(1,splitstring(" ",$date_tomorrow$))
 +
 +if $val_expires$ = "never"
 + DosInAnIcon_expires_never
 +else
 + DosInAnIcon_expires_tomorrow
 +endif
 +
 +if $pwd_expires$ = "never"
 +        DosInAnIcon_pwd_expires_never
 endif endif
  
Line 76: Line 109:
 Set $flag_active$ = GetProductProperty("flag_active", "off") Set $flag_active$ = GetProductProperty("flag_active", "off")
  
-comment "val_adminpasswd"+comment "val_userpasswd"
 comment "description: password" comment "description: password"
-Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!")+Set $val_userpasswd$ = GetProductProperty("val_userpasswd", "SecurePW!")
  
-comment "val_adminusername"+comment "val_username"
 comment "description: admin username" comment "description: admin username"
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp") 
 + 
 +comment "val_groupmember" 
 +comment "description: Groupemembership" 
 +set $UserGroup$= GetProductProperty("val_groupmember", "Administratoren"
 + 
 +comment "val_expires" 
 +comment "description: expires" 
 +set $val_expires$ = GetProductProperty("val_expires", "tomorrow"
 + 
 +comment "pwd_expires" 
 +comment "description: pwd expires" 
 +set $pwd_expires$ = GetProductProperty("pwd_expires", "never")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
 [DosInAnIcon_get_admin_group] [DosInAnIcon_get_admin_group]
 @echo off @echo off
 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
 +
 +[DosInAnIcon_get_user_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-545
 +
 +[DosInAnIcon_get_guest_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-547
  
 [DosInAnIcon_makeadmin] [DosInAnIcon_makeadmin]
-NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes +NET USER $local_user$ $val_userpasswd$ /ADD /comment:"Local User created by opsi-package" /fullname:"Local User by Opsi" /passwordchg:no /passwordreq:yes 
-NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$+NET LOCALGROUP $Group$ /ADD $local_user$
  
 [DosInAnIcon_alter_pw] [DosInAnIcon_alter_pw]
-NET USER $OpsiAdminUser$ $val_adminpasswd$+NET USER $local_user$ $val_userpasswd$
  
 [DosInAnIcon_enable_admin] [DosInAnIcon_enable_admin]
-NET USER $OpsiAdminUser$ /active:yes+NET USER $local_user$ /active:yes
  
 [DosInAnIcon_disable_admin] [DosInAnIcon_disable_admin]
-NET USER $OpsiAdminUser$ /active:no+NET USER $local_user$ /active:no 
 + 
 +[DosInAnIcon_get_date_tomorrow] 
 +%ScriptPath%\morgen.bat 
 + 
 +[DosInAnIcon_expires_never] 
 +NET USER $local_user$ /expires:never 
 + 
 +[DosInAnIcon_pwd_expires_never] 
 +; Fix siehe: https://forum.opsi.org/viewtopic.php?f=5&t=7326 
 +wmic useraccount where name='$local_user$' set PasswordExpires=FALSE 
 + 
 +[DosInAnIcon_expires_tomorrow] 
 +NET USER $local_user$ /expires:$date_tomorrow$
 </code> </code>
 ===== uninstall.ins ===== ===== uninstall.ins =====
Line 113: Line 179:
 DefVar $ProductName$ DefVar $ProductName$
 DefVar $OpsiAdminPass$ DefVar $OpsiAdminPass$
-DefVar $OpsiAdminUser$+DefVar $local_user$
 DefVar $AdminGroup$ DefVar $AdminGroup$
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$
 DefVar $UserExists$ DefVar $UserExists$
 DefVar $LocalTempPath$ DefVar $LocalTempPath$
Line 132: Line 198:
  
 if $UserExists$ = "yes" if $UserExists$ = "yes"
- DosInAnIcon_deleteadmin+ DosInAnIcon_deleteuser
 else else
- LogError "User '" + $OpsiAdminUser$ + "' does not exist!" + LogError "User '" + $local_user$ + "' does not exist!" 
  isFatalError  isFatalError
 endif endif
Line 140: Line 206:
  
 [sub_get_properties] [sub_get_properties]
-comment "val_adminusername+comment "val_username
-comment "description: admin username" +comment "description: username" 
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
-[DosInAnIcon_deleteadmin+[DosInAnIcon_deleteuser
-NET USER $OpsiAdminUser$ /DELETE+NET USER $local_user$ /DELETE
  
 [DosInAnIcon_deleteprofile] [DosInAnIcon_deleteprofile]
-rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"+rmdir /S /Q "%ProfileDir%\$local_user$" 
 +</code> 
 + 
 +===== morgen.bat ===== 
 +<code> 
 +@echo off 
 +setlocal 
 +rem Datum auslesen 
 +set tag=%date:~-10,2% 
 +set monat=%date:~-7,2% 
 +set jahr=%date:~-4% 
 + 
 +if %monat% NEQ 2 goto :done 
 +rem Letzter Tag im Februar, Schaltjahr prüfen 
 +set /a mod4=jahr % 4 
 +set /a mod100=jahr % 100 
 +set /a mod400=jahr % 400 
 +set ltag=28 
 +if %mod4% NEQ 0 goto :done 
 +set ltag=29 
 +if %mod100% NEQ 0 goto :done 
 +set ltag=28 
 +if %mod400% NEQ 0 goto :done 
 +set ltag=29 
 +:done 
 + 
 +rem Letzter Tag des Monats 
 +if %monat% EQU 1 set ltag=31 
 +if %monat% EQU 3 set ltag=31 
 +if %monat% EQU 4 set ltag=30 
 +if %monat% EQU 5 set ltag=31 
 +if %monat% EQU 6 set ltag=30 
 +if %monat% EQU 7 set ltag=31 
 +if %monat% EQU 8 set ltag=31 
 +if %monat% EQU 9 set ltag=30 
 +if %monat% EQU 10 set ltag=31 
 +if %monat% EQU 11 set ltag=30 
 +if %monat% EQU 12 set ltag=31 
 + 
 +set /a tag+=1 
 +if %tag% GTR %ltag% set /a monat+=1 & set tag=1 
 +if %monat% GTR 12 set /a jahr+=1 & set monat=1 
 + 
 +echo %tag%.%monat%.%jahr%
 </code> </code>
  
Line 158: Line 267:
 <code winst> <code winst>
 [Package] [Package]
-version: 4+version: 2
 depends:  depends: 
 incremental: False incremental: False
Line 166: Line 275:
 id: local-admin-user id: local-admin-user
 name: Lokaler Adminbenutzer name: Lokaler Adminbenutzer
-description: Lokaler Benutzer in der Gruppe (lokale) Administratoren+description: Lokaler Benutzer anlegen
 advice:  advice: 
-version: 0.1+version: 0.2
 priority: 0 priority: 0
 licenseRequired: False licenseRequired: False
Line 191: Line 300:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminusername+name: val_username
 multivalue: False multivalue: False
 editable: True editable: True
-description: Benutzername des lokalen Adminusers+description: Benutzername des lokalen User
 values: ["locsupp"] values: ["locsupp"]
 default: ["locsupp"] default: ["locsupp"]
Line 200: Line 309:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminpasswd+name: val_groupmember 
 +multivalue: False 
 +editable: False 
 +description: Gruppenmitgliedschaft des lokalen Users 
 +values: ["Benutzer", "Administratoren", "Gaeste"
 +default: ["Administratoren"
 + 
 +[ProductProperty] 
 +type: unicode 
 +name: val_userpasswd
 multivalue: False multivalue: False
 editable: True editable: True
-description: Passwort des lokalen Adminusers+description: Passwort des lokalen Users
 values: ["SecurePW!"] values: ["SecurePW!"]
 default: ["SecurePW!"] default: ["SecurePW!"]
 +
 +[ProductProperty]
 +type: unicode
 +name: val_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "tomorrow"]
 +default: ["tomorrow"]
 +
 +[ProductProperty]
 +type: unicode
 +name: pwd_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "policy"]
 +default: ["never"]
 </code> </code>
userspace/local_user.1339443466.txt.gz · Last modified: 2021/08/23 08:37 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki