User Tools

Site Tools


userspace:local_user

This is an old revision of the document!


Lokalen Benutzer anlegen

Kommentar und Verbesserungen erwünscht!

Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.

Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip).

Ich will mich nicht mit fremden Federn schmücken: Dieses Skript baut sehr stark auf dem Beispielskript für Programminstallationen im Kontext eines lokalen Benutzer/Administrators) des Winst-Handbuches auf. Danke an das UIB-Team für das tolle Handbuch.

Features:

  • Benutzername frei wählbar
  • Passwort frei wählbar
  • Passwort änderung
  • Benutzer lässt sich aktivieren und deaktivieren
  • Prüfung ob User bereits existiert

To Do:

  • Konto ablaufen lassen
  • lokale Gruppen wählbar?

setup.ins

[Actions]
requiredWinstVersion >= "4.11.2.1"
 
setLogLevel=3
DefVar $ProductName$
DefVar $OpsiAdminPass$
DefVar $OpsiAdminUser$
DefVar $AdminGroup$
DefVar $SearchResult$
DefVar $flag_active$
DefVar $val_adminpasswd$
DefVar $val_adminusername$
DefVar $UserExists$
 
DefStringlist $ResultList$
DefStringlist $ResultList2$
 
sub_get_properties
 
comment "get the name of the admin group"
comment "using psgetsid from sysinernals pstools"
set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
set $AdminGroup$ = takeString(6,$ResultList$)
set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))
 
comment "Check if user exists."
comment "If user exists, the password will be altered. Otherwise, the user will be created."
set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
set $UserExists$ = takeString(0,$ResultList2$)
set $UserExists$ = takeString(0,splitstring($UserExists$," "))
 
setLogLevel=0
 
comment "create our local admin user"
if $UserExists$ = "no"
	DosInAnIcon_makeadmin
else
	DosInAnIcon_alter_pw
endif
 
setLogLevel=3
 
comment "Enables or disables the user."
comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
if $flag_active$ = "yes"
	DosInAnIcon_enable_admin
else
	DosInAnIcon_disable_admin
endif
 
[sub_get_properties]
comment "flag_active"
comment "description: User active"
Set $flag_active$ = GetProductProperty("flag_active", "off")
 
comment "val_adminpasswd"
comment "description: password"
Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!")
 
comment "val_adminusername"
comment "description: admin username"
set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")
 
[DosInAnIcon_checkuser]
@echo off
net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no
 
[DosInAnIcon_get_admin_group]
@echo off
"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
 
[DosInAnIcon_makeadmin]
NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes
NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$
 
[DosInAnIcon_alter_pw]
NET USER $OpsiAdminUser$ $val_adminpasswd$
 
[DosInAnIcon_enable_admin]
NET USER $OpsiAdminUser$ /active:yes
 
[DosInAnIcon_disable_admin]
NET USER $OpsiAdminUser$ /active:no

uninstall.ins

[Actions]
requiredWinstVersion >= "4.11.2.1"
 
setLogLevel=7
DefVar $ProductName$
DefVar $OpsiAdminPass$
DefVar $OpsiAdminUser$
DefVar $AdminGroup$
DefVar $SearchResult$
DefVar $flag_active$
DefVar $val_adminpasswd$
DefVar $val_adminusername$
DefVar $UserExists$
DefVar $LocalTempPath$
DefStringlist $ResultList2$
 
sub_get_properties
 
comment "Check if user exists."
set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
set $UserExists$ = takeString(0,$ResultList2$)
set $UserExists$ = takeString(0,splitstring($UserExists$," "))
 
 
if $UserExists$ = "yes"
	DosInAnIcon_deleteadmin
else
	LogError "User '" + $OpsiAdminUser$ + "' does not exist!" 
	isFatalError
endif
 
 
[sub_get_properties]
comment "val_adminusername"
comment "description: admin username"
set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")
 
[DosInAnIcon_checkuser]
@echo off
net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no
 
[DosInAnIcon_deleteadmin]
NET USER $OpsiAdminUser$ /DELETE
 
[DosInAnIcon_deleteprofile]
rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"

control

[Package]
version: 4
depends: 
incremental: False
 
[Product]
type: localboot
id: local-admin-user
name: Lokaler Adminbenutzer
description: Lokaler Benutzer in der Gruppe (lokale) Administratoren
advice: 
version: 0.1
priority: 0
licenseRequired: False
productClasses: 
setupScript: setup.ins
uninstallScript: uninstall.ins
updateScript: 
alwaysScript: 
onceScript: 
customScript: 
userLoginScript:
 
[ProductProperty]
type: unicode
name: flag_active
multivalue: False
editable: False
description: Benutzer aktiv
values: ["off", "on"]
default: ["off"]
 
[ProductProperty]
type: unicode
name: val_adminusername
multivalue: False
editable: True
description: Benutzername des lokalen Adminusers
values: ["locsupp"]
default: ["locsupp"]
 
[ProductProperty]
type: unicode
name: val_adminpasswd
multivalue: False
editable: True
description: Passwort des lokalen Adminusers
values: ["SecurePW!"]
default: ["SecurePW!"]
userspace/local_user.1339443558.txt.gz · Last modified: 2021/08/23 08:37 (external edit)