github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/cloudconfig/windowsuserdatafiles/addJujuUser.ps1 (about) 1 function create-account ([string]$accountName, [string]$accountDescription, [string]$password) { 2 $hostname = hostname 3 $comp = [adsi]"WinNT://$hostname" 4 $user = $comp.Create("User", $accountName) 5 $user.SetPassword($password) 6 $user.SetInfo() 7 $user.description = $accountDescription 8 $user.SetInfo() 9 $User.UserFlags[0] = $User.UserFlags[0] -bor 0x10000 10 $user.SetInfo() 11 12 # This gets the Administrator group name that is localized on different windows versions. 13 # However the SID S-1-5-32-544 is the same on all versions. 14 $adminGroup = (New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")).Translate([System.Security.Principal.NTAccount]).Value.Split("\")[1] 15 16 $objOU = [ADSI]"WinNT://$hostname/$adminGroup,group" 17 $objOU.add("WinNT://$hostname/$accountName") 18 } 19 20 $Source = @" 21 %s"@ 22 23 Add-Type -TypeDefinition $Source -Language CSharp 24 25 function Get-RandomPassword 26 { 27 [CmdletBinding()] 28 param 29 ( 30 [parameter(Mandatory=$true)] 31 [int]$Length 32 ) 33 process 34 { 35 $hProvider = 0 36 try 37 { 38 if(![PSCloudbase.Win32CryptApi]::CryptAcquireContext([ref]$hProvider, $null, $null, 39 [PSCloudbase.Win32CryptApi]::PROV_RSA_FULL, 40 ([PSCloudbase.Win32CryptApi]::CRYPT_VERIFYCONTEXT -bor 41 [PSCloudbase.Win32CryptApi]::CRYPT_SILENT))) 42 { 43 throw "CryptAcquireContext failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError() 44 } 45 46 $buffer = New-Object byte[] $Length 47 if(![PSCloudbase.Win32CryptApi]::CryptGenRandom($hProvider, $Length, $buffer)) 48 { 49 throw "CryptGenRandom failed with error: 0x" + "{0:X0}" -f [PSCloudbase.Win32CryptApi]::GetLastError() 50 } 51 52 $buffer | ForEach-Object { $password += "{0:X0}" -f $_ } 53 return $password 54 } 55 finally 56 { 57 if($hProvider) 58 { 59 $retVal = [PSCloudbase.Win32CryptApi]::CryptReleaseContext($hProvider, 0) 60 } 61 } 62 } 63 } 64 $SourcePolicy = @" 65 %s"@ 66 Add-Type -TypeDefinition $SourcePolicy -Language CSharp 67 68 function SetAssignPrimaryTokenPrivilege($UserName) 69 { 70 $privilege = "SeAssignPrimaryTokenPrivilege" 71 if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -contains $privilege)) 72 { 73 [PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege) 74 } 75 } 76 77 function SetUserLogonAsServiceRights($UserName) 78 { 79 $privilege = "SeServiceLogonRight" 80 if (!([PSCarbon.Lsa]::GetPrivileges($UserName) -Contains $privilege)) 81 { 82 [PSCarbon.Lsa]::GrantPrivileges($UserName, $privilege) 83 } 84 } 85 function Test-RegistryValue { 86 param ([parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()]$Path, 87 [parameter(Mandatory=$true)] 88 [ValidateNotNullOrEmpty()]$Value) 89 try { 90 Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null 91 return $true 92 }catch {return $false} 93 } 94 $juju_passwd = Get-RandomPassword 20 95 $juju_passwd += "^" 96 if (& net users | select-string "jujud") { 97 net user "jujud" /DELETE 98 } 99 create-account jujud "Juju Admin user" $juju_passwd 100 $hostname = hostname 101 $juju_user = "$hostname\jujud" 102 SetUserLogonAsServiceRights $juju_user 103 SetAssignPrimaryTokenPrivilege $juju_user 104 $path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" 105 if (Test-RegistryValue -Path $path -Value "jujud") { 106 Remove-ItemProperty -Path $path -Name "jujud" 107 } 108 if(!(Test-Path $path)){ 109 New-Item -Path $path -force 110 } 111 if(Test-Path "C:\Juju") { 112 rm -Recurse -Force "C:\Juju" 113 } 114 if(Test-Path "HKLM:\SOFTWARE\juju-core") { 115 Remove-Item -Path "HKLM:\SOFTWARE\juju-core" -Recurse -Force 116 } 117 New-ItemProperty $path -Name "jujud" -Value 0 -PropertyType "DWord" 118 $secpasswd = ConvertTo-SecureString $juju_passwd -AsPlainText -Force 119 $jujuCreds = New-Object System.Management.Automation.PSCredential ($juju_user, $secpasswd)