github.com/axw/juju@v0.0.0-20161005053422-4bd6544d08d4/cloudconfig/windowsuserdatafiles/addJujuUser.ps1 (about)

     1  function create-account ([string]$accountName, [string]$accountDescription, [string]$password) {
     2  	$hostname = hostname
     3  	$comp = [adsi]"WinNT://$hostname"
     4  	$user = $comp.Create("User", $accountName)
     5  	$user.SetPassword($password)
     6  	$user.SetInfo()
     7  	$user.description = $accountDescription
     8  	$user.SetInfo()
     9  	$User.UserFlags[0] = $User.UserFlags[0] -bor 0x10000
    10  	$user.SetInfo()
    11  
    12  	# This gets the Administrator group name that is localized on different windows versions. 
    13  	# However the SID S-1-5-32-544 is the same on all versions.
    14  	$adminGroup = (New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")).Translate([System.Security.Principal.NTAccount]).Value.Split("\")[1]
    15  
    16  	$objOU = [ADSI]"WinNT://$hostname/$adminGroup,group"
    17  	$objOU.add("WinNT://$hostname/$accountName")
    18  }
    19  
    20  $Source = @"
    21  %s"@
    22  
    23  Add-Type -TypeDefinition $Source -Language CSharp
    24  
    25  function Get-RandomPassword
    26  {
    27  	[CmdletBinding()]
    28  	param
    29  	(
    30  		[parameter(Mandatory=$true)]
    31  		[int]$Length
    32  	)
    33  	process
    34  	{
    35  		$hProvider = 0
    36  		try
    37  		{
    38  			if(![PSCloudbase.Win32CryptApi]::CryptAcquireContext([ref]$hProvider, $null, $null,
    39  																 [PSCloudbase.Win32CryptApi]::PROV_RSA_FULL,
    40  																 ([PSCloudbase.Win32CryptApi]::CRYPT_VERIFYCONTEXT -bor
    41  																  [PSCloudbase.Win32CryptApi]::CRYPT_SILENT)))
    42  			{
    43  				throw "CryptAcquireContext failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError()
    44  			}
    45  
    46  			$buffer = New-Object byte[] $Length
    47  			if(![PSCloudbase.Win32CryptApi]::CryptGenRandom($hProvider, $Length, $buffer))
    48  			{
    49  				throw "CryptGenRandom failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError()
    50  			}
    51  
    52  			$buffer | ForEach-Object { $password += "{0:X0}" -f $_ }
    53  			return $password
    54  		}
    55  		finally
    56  		{
    57  			if($hProvider)
    58  			{
    59  				$retVal = [PSCloudbase.Win32CryptApi]::CryptReleaseContext($hProvider, 0)
    60  			}
    61  		}
    62  	}
    63  }
    64  
    65  $SourcePolicy = @"
    66  %s"@
    67  
    68  Add-Type -TypeDefinition $SourcePolicy -Language CSharp
    69  
    70  function SetAssignPrimaryTokenPrivilege($UserName)
    71  {
    72  	$privilege = "SeAssignPrimaryTokenPrivilege"
    73  	if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -contains $privilege))
    74  	{
    75  		[PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege)
    76  	}
    77  }
    78  
    79  function SetUserLogonAsServiceRights($UserName)
    80  {
    81  	$privilege = "SeServiceLogonRight"
    82  	if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -Contains $privilege))
    83  	{
    84  		[PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege)
    85  	}
    86  }
    87  
    88  $juju_passwd = Get-RandomPassword 20
    89  $juju_passwd += "^"
    90  create-account jujud "Juju Admin user" $juju_passwd
    91  $hostname = hostname
    92  $juju_user = "$hostname\jujud"
    93  
    94  SetUserLogonAsServiceRights $juju_user
    95  SetAssignPrimaryTokenPrivilege $juju_user
    96  
    97  $path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
    98  if(!(Test-Path $path)){
    99  	New-Item -Path $path -force
   100  }
   101  New-ItemProperty $path -Name "jujud" -Value 0 -PropertyType "DWord"
   102  
   103  $secpasswd = ConvertTo-SecureString $juju_passwd -AsPlainText -Force
   104  $jujuCreds = New-Object System.Management.Automation.PSCredential ($juju_user, $secpasswd)