This is an old revision of the document!
Kommentar und Verbesserungen erwünscht!
Manchmal ist es aus diveresen Gründen praktisch, einen lokalen Benutzer in der lokalen Administratorengruppe zu haben. Dieser Benutzer ist ausserhalb einer Domäne.
Man benötigt für dieses Skript noch zusätzlich das Programm psgetsid aus der Sysinternal Suite, kostenlos herunterladbar bei Microsoft. PSgetSID ist in der Programmsammlung PSTools der Sysinternal Suite erhältlich (http://download.sysinternals.com/files/PSTools.zip).
Ich will mich nicht mit fremden Federn schmücken: Dieses Skript baut sehr stark auf dem Beispielskript für Programminstallationen im Kontext eines lokalen Benutzer/Administrators) des Winst-Handbuches auf. Danke an das UIB-Team für das tolle Handbuch.
Features:
To Do:
[Actions] requiredWinstVersion >= "4.11.2.1" setLogLevel=3 DefVar $ProductName$ DefVar $OpsiAdminPass$ DefVar $OpsiAdminUser$ DefVar $AdminGroup$ DefVar $SearchResult$ DefVar $flag_active$ DefVar $val_adminpasswd$ DefVar $val_adminusername$ DefVar $UserExists$ DefStringlist $ResultList$ DefStringlist $ResultList2$ sub_get_properties comment "get the name of the admin group" comment "using psgetsid from sysinernals pstools" set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group") set $AdminGroup$ = takeString(6,$ResultList$) set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\")) comment "Check if user exists." comment "If user exists, the password will be altered. Otherwise, the user will be created." set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser") set $UserExists$ = takeString(0,$ResultList2$) set $UserExists$ = takeString(0,splitstring($UserExists$," ")) setLogLevel=0 comment "create our local admin user" if $UserExists$ = "no" DosInAnIcon_makeadmin else DosInAnIcon_alter_pw endif setLogLevel=3 comment "Enables or disables the user." comment "flag_active is set to 'no' by the product properties for not opening accidently a security risk *g*." if $flag_active$ = "yes" DosInAnIcon_enable_admin else DosInAnIcon_disable_admin endif [sub_get_properties] comment "flag_active" comment "description: User active" Set $flag_active$ = GetProductProperty("flag_active", "off") comment "val_adminpasswd" comment "description: password" Set $val_adminpasswd$ = GetProductProperty("val_adminpasswd", "SecurePW!") comment "val_adminusername" comment "description: admin username" set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp") [DosInAnIcon_checkuser] @echo off net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no [DosInAnIcon_get_admin_group] @echo off "%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544 [DosInAnIcon_makeadmin] NET USER $OpsiAdminUser$ $val_adminpasswd$ /ADD /comment:"Local Admin created by opsi-package" /fullname:"Local Support Admin" /passwordchg:no /passwordreq:yes NET LOCALGROUP $AdminGroup$ /ADD $OpsiAdminUser$ [DosInAnIcon_alter_pw] NET USER $OpsiAdminUser$ $val_adminpasswd$ [DosInAnIcon_enable_admin] NET USER $OpsiAdminUser$ /active:yes [DosInAnIcon_disable_admin] NET USER $OpsiAdminUser$ /active:no
[Actions] requiredWinstVersion >= "4.11.2.1" setLogLevel=7 DefVar $ProductName$ DefVar $OpsiAdminPass$ DefVar $OpsiAdminUser$ DefVar $AdminGroup$ DefVar $SearchResult$ DefVar $flag_active$ DefVar $val_adminpasswd$ DefVar $val_adminusername$ DefVar $UserExists$ DefVar $LocalTempPath$ DefStringlist $ResultList2$ sub_get_properties comment "Check if user exists." set $ResultList2$ = getOutStreamFromSection("DosInAnIcon_checkuser") set $UserExists$ = takeString(0,$ResultList2$) set $UserExists$ = takeString(0,splitstring($UserExists$," ")) if $UserExists$ = "yes" DosInAnIcon_deleteadmin else LogError "User '" + $OpsiAdminUser$ + "' does not exist!" isFatalError endif [sub_get_properties] comment "val_adminusername" comment "description: admin username" set $OpsiAdminUser$= GetProductProperty("val_adminusername", "locsupp") [DosInAnIcon_checkuser] @echo off net user $OpsiAdminUser$ >nul 2>&1 && echo yes || echo no [DosInAnIcon_deleteadmin] NET USER $OpsiAdminUser$ /DELETE [DosInAnIcon_deleteprofile] rmdir /S /Q "%ProfileDir%\$OpsiAdminUser$"
[Package] version: 4 depends: incremental: False [Product] type: localboot id: local-admin-user name: Lokaler Adminbenutzer description: Lokaler Benutzer in der Gruppe (lokale) Administratoren advice: version: 0.1 priority: 0 licenseRequired: False productClasses: setupScript: setup.ins uninstallScript: uninstall.ins updateScript: alwaysScript: onceScript: customScript: userLoginScript: [ProductProperty] type: unicode name: flag_active multivalue: False editable: False description: Benutzer aktiv values: ["off", "on"] default: ["off"] [ProductProperty] type: unicode name: val_adminusername multivalue: False editable: True description: Benutzername des lokalen Adminusers values: ["locsupp"] default: ["locsupp"] [ProductProperty] type: unicode name: val_adminpasswd multivalue: False editable: True description: Passwort des lokalen Adminusers values: ["SecurePW!"] default: ["SecurePW!"]