User Tools

Site Tools


userspace:local_user

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userspace:local_user [2012/06/11 19:39]
qx23
userspace:local_user [2021/08/23 08:37] (current)
Line 1: Line 1:
 ===== Lokalen Benutzer anlegen ===== ===== Lokalen Benutzer anlegen =====
 Kommentar und Verbesserungen erwünscht! Kommentar und Verbesserungen erwünscht!
 +
 +Entwickelt und getestet auf Win 7 64bit.
  
 Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne. Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.
Line 16: Line 18:
   * Benutzer lässt sich aktivieren und deaktivieren   * Benutzer lässt sich aktivieren und deaktivieren
   * Prüfung ob User bereits existiert   * Prüfung ob User bereits existiert
- +  * Benutzer ist im Standard deaktiviert um nicht aus Versehen eine mögliche Sicherheitslücke zu schaffen. 
-To Do: +  * Konto läuft am nächsten Tag oder nie 
-  * Konto ablaufen lassen +  * Gruppen Benutzer, Administratoren, Gäste verwendbar
-  * lokale Gruppen wählbar?+
  
  
 ===== setup.ins ===== ===== setup.ins =====
-<code winst> +<code winst>[Actions]
-[Actions]+
 requiredWinstVersion >= "4.11.2.1" requiredWinstVersion >= "4.11.2.1"
  
 setLogLevel=3 setLogLevel=3
 DefVar $ProductName$ DefVar $ProductName$
-DefVar $OpsiAdminPass+DefVar $local_user
-DefVar $OpsiAdminUser$ +DefVar $Group$
-DefVar $AdminGroup$+
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$ 
 +DefVar $val_groupmember$ 
 +DefVar $val_expires$
 DefVar $UserExists$ DefVar $UserExists$
 +DefVar $UserGroup$
 +DefVar $date_tomorrow$
 +DefVar $pwd_expires$
  
 DefStringlist $ResultList$ DefStringlist $ResultList$
 DefStringlist $ResultList2$ DefStringlist $ResultList2$
 +DefStringlist $ResultList3$
  
 sub_get_properties sub_get_properties
Line 45: Line 50:
 comment "get the name of the admin group" comment "get the name of the admin group"
 comment "using psgetsid from sysinernals pstools" comment "using psgetsid from sysinernals pstools"
 +
 +if $UserGroup$ = "Administratoren"
 set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group") set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
-set $AdminGroup$ = takeString(6,$ResultList$) +endif 
-set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))+ 
 +if $UserGroup$ = "Benutzer" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_user_group"
 +endif 
 + 
 +if $UserGroup$ = "Gaeste" 
 +set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_guest_group"
 +endif 
 + 
 +set $Group$ = takeString(6,$ResultList$) 
 +set $Group$ = takeString(1,splitstring($Group$,"\"))
  
 comment "Check if user exists." comment "Check if user exists."
Line 53: Line 70:
 set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser") set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser")
 set $UserExists$ = takeString(0,$ResultList2$) set $UserExists$ = takeString(0,$ResultList2$)
-set $UserExists$ = takeString(0,splitstring($UserExists$," ")) 
  
 setLogLevel=0 setLogLevel=0
  
-comment "create our local admin user"+comment "create our local user"
 if $UserExists$ = "no" if $UserExists$ = "no"
  DosInAnIcon_makeadmin  DosInAnIcon_makeadmin
Line 68: Line 84:
 comment "Enables or disables the user." comment "Enables or disables the user."
 comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*." comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*."
-if $flag_active$ = "yes"+if $flag_active$ = "on"
  DosInAnIcon_enable_admin  DosInAnIcon_enable_admin
 else else
  DosInAnIcon_disable_admin  DosInAnIcon_disable_admin
 +endif
 +
 +set $ResultList3$ = getOutStreamFromSection("DosInAnIcon_get_date_tomorrow")
 +set $date_tomorrow$ = takeString(2,$ResultList3$)
 +;set $date_tomorrow$ = takeString(1,splitstring(" ",$date_tomorrow$))
 +
 +if $val_expires$ = "never"
 + DosInAnIcon_expires_never
 +else
 + DosInAnIcon_expires_tomorrow
 +endif
 +
 +if $pwd_expires$ = "never"
 +        DosInAnIcon_pwd_expires_never
 endif endif
  
Line 79: Line 109:
 Set $flag_active$ = GetProductProperty("flag_active", "off") Set $flag_active$ = GetProductProperty("flag_active", "off")
  
-comment "val_adminpasswd"+comment "val_userpasswd"
 comment "description: password" comment "description: password"
-Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!")+Set $val_userpasswd$ = GetProductProperty("val_userpasswd", "SecurePW!")
  
-comment "val_adminusername"+comment "val_username"
 comment "description: admin username" comment "description: admin username"
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp") 
 + 
 +comment "val_groupmember" 
 +comment "description: Groupemembership" 
 +set $UserGroup$= GetProductProperty("val_groupmember", "Administratoren"
 + 
 +comment "val_expires" 
 +comment "description: expires" 
 +set $val_expires$ = GetProductProperty("val_expires", "tomorrow"
 + 
 +comment "pwd_expires" 
 +comment "description: pwd expires" 
 +set $pwd_expires$ = GetProductProperty("pwd_expires", "never")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
 [DosInAnIcon_get_admin_group] [DosInAnIcon_get_admin_group]
 @echo off @echo off
 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544 "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544
 +
 +[DosInAnIcon_get_user_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-545
 +
 +[DosInAnIcon_get_guest_group]
 +@echo off
 +"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-547
  
 [DosInAnIcon_makeadmin] [DosInAnIcon_makeadmin]
-NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes +NET USER $local_user$ $val_userpasswd$ /ADD /comment:"Local User created by opsi-package" /fullname:"Local User by Opsi" /passwordchg:no /passwordreq:yes 
-NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$+NET LOCALGROUP $Group$ /ADD $local_user$
  
 [DosInAnIcon_alter_pw] [DosInAnIcon_alter_pw]
-NET USER $OpsiAdminUser$ $val_adminpasswd$+NET USER $local_user$ $val_userpasswd$
  
 [DosInAnIcon_enable_admin] [DosInAnIcon_enable_admin]
-NET USER $OpsiAdminUser$ /active:yes+NET USER $local_user$ /active:yes
  
 [DosInAnIcon_disable_admin] [DosInAnIcon_disable_admin]
-NET USER $OpsiAdminUser$ /active:no+NET USER $local_user$ /active:no 
 + 
 +[DosInAnIcon_get_date_tomorrow] 
 +%ScriptPath%\morgen.bat 
 + 
 +[DosInAnIcon_expires_never] 
 +NET USER $local_user$ /expires:never 
 + 
 +[DosInAnIcon_pwd_expires_never] 
 +; Fix siehe: https://forum.opsi.org/viewtopic.php?f=5&t=7326 
 +wmic useraccount where name='$local_user$' set PasswordExpires=FALSE 
 + 
 +[DosInAnIcon_expires_tomorrow] 
 +NET USER $local_user$ /expires:$date_tomorrow$
 </code> </code>
 ===== uninstall.ins ===== ===== uninstall.ins =====
Line 116: Line 179:
 DefVar $ProductName$ DefVar $ProductName$
 DefVar $OpsiAdminPass$ DefVar $OpsiAdminPass$
-DefVar $OpsiAdminUser$+DefVar $local_user$
 DefVar $AdminGroup$ DefVar $AdminGroup$
 DefVar $SearchResult$ DefVar $SearchResult$
 DefVar $flag_active$ DefVar $flag_active$
-DefVar $val_adminpasswd+DefVar $val_userpasswd
-DefVar $val_adminusername$+DefVar $val_username$
 DefVar $UserExists$ DefVar $UserExists$
 DefVar $LocalTempPath$ DefVar $LocalTempPath$
Line 135: Line 198:
  
 if $UserExists$ = "yes" if $UserExists$ = "yes"
- DosInAnIcon_deleteadmin+ DosInAnIcon_deleteuser
 else else
- LogError "User '" + $OpsiAdminUser$ + "' does not exist!" + LogError "User '" + $local_user$ + "' does not exist!" 
  isFatalError  isFatalError
 endif endif
Line 143: Line 206:
  
 [sub_get_properties] [sub_get_properties]
-comment "val_adminusername+comment "val_username
-comment "description: admin username" +comment "description: username" 
-set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp")+set $local_user$= GetProductProperty("val_username", "locsupp")
  
 [DosInAnIcon_checkuser] [DosInAnIcon_checkuser]
 @echo off @echo off
-net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no+net user $local_user$ >nul 2>&1 && echo yes || echo no
  
-[DosInAnIcon_deleteadmin+[DosInAnIcon_deleteuser
-NET USER $OpsiAdminUser$ /DELETE+NET USER $local_user$ /DELETE
  
 [DosInAnIcon_deleteprofile] [DosInAnIcon_deleteprofile]
-rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"+rmdir /S /Q "%ProfileDir%\$local_user$" 
 +</code> 
 + 
 +===== morgen.bat ===== 
 +<code> 
 +@echo off 
 +setlocal 
 +rem Datum auslesen 
 +set tag=%date:~-10,2% 
 +set monat=%date:~-7,2% 
 +set jahr=%date:~-4% 
 + 
 +if %monat% NEQ 2 goto :done 
 +rem Letzter Tag im Februar, Schaltjahr prüfen 
 +set /a mod4=jahr % 4 
 +set /a mod100=jahr % 100 
 +set /a mod400=jahr % 400 
 +set ltag=28 
 +if %mod4% NEQ 0 goto :done 
 +set ltag=29 
 +if %mod100% NEQ 0 goto :done 
 +set ltag=28 
 +if %mod400% NEQ 0 goto :done 
 +set ltag=29 
 +:done 
 + 
 +rem Letzter Tag des Monats 
 +if %monat% EQU 1 set ltag=31 
 +if %monat% EQU 3 set ltag=31 
 +if %monat% EQU 4 set ltag=30 
 +if %monat% EQU 5 set ltag=31 
 +if %monat% EQU 6 set ltag=30 
 +if %monat% EQU 7 set ltag=31 
 +if %monat% EQU 8 set ltag=31 
 +if %monat% EQU 9 set ltag=30 
 +if %monat% EQU 10 set ltag=31 
 +if %monat% EQU 11 set ltag=30 
 +if %monat% EQU 12 set ltag=31 
 + 
 +set /a tag+=1 
 +if %tag% GTR %ltag% set /a monat+=1 & set tag=1 
 +if %monat% GTR 12 set /a jahr+=1 & set monat=1 
 + 
 +echo %tag%.%monat%.%jahr%
 </code> </code>
  
Line 161: Line 267:
 <code winst> <code winst>
 [Package] [Package]
-version: 4+version: 2
 depends:  depends: 
 incremental: False incremental: False
Line 169: Line 275:
 id: local-admin-user id: local-admin-user
 name: Lokaler Adminbenutzer name: Lokaler Adminbenutzer
-description: Lokaler Benutzer in der Gruppe (lokale) Administratoren+description: Lokaler Benutzer anlegen
 advice:  advice: 
-version: 0.1+version: 0.2
 priority: 0 priority: 0
 licenseRequired: False licenseRequired: False
Line 194: Line 300:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminusername+name: val_username
 multivalue: False multivalue: False
 editable: True editable: True
-description: Benutzername des lokalen Adminusers+description: Benutzername des lokalen User
 values: ["locsupp"] values: ["locsupp"]
 default: ["locsupp"] default: ["locsupp"]
Line 203: Line 309:
 [ProductProperty] [ProductProperty]
 type: unicode type: unicode
-name: val_adminpasswd+name: val_groupmember 
 +multivalue: False 
 +editable: False 
 +description: Gruppenmitgliedschaft des lokalen Users 
 +values: ["Benutzer", "Administratoren", "Gaeste"
 +default: ["Administratoren"
 + 
 +[ProductProperty] 
 +type: unicode 
 +name: val_userpasswd
 multivalue: False multivalue: False
 editable: True editable: True
-description: Passwort des lokalen Adminusers+description: Passwort des lokalen Users
 values: ["SecurePW!"] values: ["SecurePW!"]
 default: ["SecurePW!"] default: ["SecurePW!"]
 +
 +[ProductProperty]
 +type: unicode
 +name: val_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "tomorrow"]
 +default: ["tomorrow"]
 +
 +[ProductProperty]
 +type: unicode
 +name: pwd_expires
 +multivalue: False
 +editable: True
 +description: Expires
 +values: ["never", "policy"]
 +default: ["never"]
 </code> </code>
userspace/local_user.1339443558.txt.gz · Last modified: 2021/08/23 08:37 (external edit)