github.com/axw/juju@v0.0.0-20161005053422-4bd6544d08d4/cloudconfig/windowsuserdatafiles/addJujuUser.ps1 (about) 1 function create-account ([string]$accountName, [string]$accountDescription, [string]$password) { 2 $hostname = hostname 3 $comp = [adsi]"WinNT://$hostname" 4 $user = $comp.Create("User", $accountName) 5 $user.SetPassword($password) 6 $user.SetInfo() 7 $user.description = $accountDescription 8 $user.SetInfo() 9 $User.UserFlags[0] = $User.UserFlags[0] -bor 0x10000 10 $user.SetInfo() 11 12 # This gets the Administrator group name that is localized on different windows versions. 13 # However the SID S-1-5-32-544 is the same on all versions. 14 $adminGroup = (New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")).Translate([System.Security.Principal.NTAccount]).Value.Split("\")[1] 15 16 $objOU = [ADSI]"WinNT://$hostname/$adminGroup,group" 17 $objOU.add("WinNT://$hostname/$accountName") 18 } 19 20 $Source = @" 21 %s"@ 22 23 Add-Type -TypeDefinition $Source -Language CSharp 24 25 function Get-RandomPassword 26 { 27 [CmdletBinding()] 28 param 29 ( 30 [parameter(Mandatory=$true)] 31 [int]$Length 32 ) 33 process 34 { 35 $hProvider = 0 36 try 37 { 38 if(![PSCloudbase.Win32CryptApi]::CryptAcquireContext([ref]$hProvider, $null, $null, 39 [PSCloudbase.Win32CryptApi]::PROV_RSA_FULL, 40 ([PSCloudbase.Win32CryptApi]::CRYPT_VERIFYCONTEXT -bor 41 [PSCloudbase.Win32CryptApi]::CRYPT_SILENT))) 42 { 43 throw "CryptAcquireContext failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError() 44 } 45 46 $buffer = New-Object byte[] $Length 47 if(![PSCloudbase.Win32CryptApi]::CryptGenRandom($hProvider, $Length, $buffer)) 48 { 49 throw "CryptGenRandom failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError() 50 } 51 52 $buffer | ForEach-Object { $password += "{0:X0}" -f $_ } 53 return $password 54 } 55 finally 56 { 57 if($hProvider) 58 { 59 $retVal = [PSCloudbase.Win32CryptApi]::CryptReleaseContext($hProvider, 0) 60 } 61 } 62 } 63 } 64 65 $SourcePolicy = @" 66 %s"@ 67 68 Add-Type -TypeDefinition $SourcePolicy -Language CSharp 69 70 function SetAssignPrimaryTokenPrivilege($UserName) 71 { 72 $privilege = "SeAssignPrimaryTokenPrivilege" 73 if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -contains $privilege)) 74 { 75 [PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege) 76 } 77 } 78 79 function SetUserLogonAsServiceRights($UserName) 80 { 81 $privilege = "SeServiceLogonRight" 82 if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -Contains $privilege)) 83 { 84 [PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege) 85 } 86 } 87 88 $juju_passwd = Get-RandomPassword 20 89 $juju_passwd += "^" 90 create-account jujud "Juju Admin user" $juju_passwd 91 $hostname = hostname 92 $juju_user = "$hostname\jujud" 93 94 SetUserLogonAsServiceRights $juju_user 95 SetAssignPrimaryTokenPrivilege $juju_user 96 97 $path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" 98 if(!(Test-Path $path)){ 99 New-Item -Path $path -force 100 } 101 New-ItemProperty $path -Name "jujud" -Value 0 -PropertyType "DWord" 102 103 $secpasswd = ConvertTo-SecureString $juju_passwd -AsPlainText -Force 104 $jujuCreds = New-Object System.Management.Automation.PSCredential ($juju_user, $secpasswd)