Archive: my extensions for UserInfo plugin


my extensions for UserInfo plugin
Hey guys!

I must have the possibility to create a new user in my installer, as well as setting up some user rights / privileges for this user.

I put a few new functions into the UserInfo plugin and it seems to work just fine. Here's the list of functions I added to UserInfo:

- CreateAccount USER_ID PASSWORD COMMENT
Adds a user account with the given password and comment to the local system

- DeleteAccount USER_ID
Removes the given user account from the system

- AddPrivilege USER_ID PRIVILEGE
Adds a privilege to the given user, e.g. SeServiceLogonRight or SeSetSystemTime etc.

- RemovePrivilege USER_ID PRIVILEGE
Removes a privilege from a user account

Now I would like to add a number of group related functions and would like to add:

- CreateGroup GROUP_ID COMMENT
Create a new group

- DeleteGroup GROUP_ID
Deletes a group

- AddToGroup USER_ID GROUP_ID
Adds the user to the given group

- RemoveFromGroup USER_ID GROUP_ID
Removes the user from the given group

I have difficulties with the group name, which has to be passed to almost all NETAPI functions as a LPCWSTR (Unicode). I am using the same conversions I did with the user related functions, but I get constant errors. If any Visual C++ freak out there with experiences regarding Unicode string handling can help me, please send me a PM.

And: I would like to know if I should submit my hacked UserInfo plugin? Who has to receive it in which format? (I could zip the UserInfo folder in my NSIS contrib dir, that's where I am actually developing).

Is this of any interest to somebody?

Kind regards,
Heiko


AccessControl is already able to change user access to objects. There are also some users currently working on improving it. I think it would be better if you apply your changes to the AccessControl plug-in. The UserInfo plug-in is just for information, not for access control.


Originally posted by kichik
AccessControl is already able to change user access to objects. There are also some users currently working on improving it. I think it would be better if you apply your changes to the AccessControl plug-in. The UserInfo plug-in is just for information, not for access control.
The AccessControl plugin seems to be targeted against File and Registry access rights, I will probably better start a new plugin, maybe calling it UserManager or something like that...

If anyone is interested in helping me with these damn unicode strings, I could send you a Zip file containing the project.

At the moment, the features I need are working fine, so I already can use it for myself.

Kind regards,
Heiko

It might be targeted against file and registry, but it is still about AccessControl. Other than the concept, there are probably a lot of code that can be shared. It probably already handles Unicode strings... You could join forces with the users already working on it.


Your Extension
Your extension sounds like just what I need. All I need to do is create user accounts and set their privileges. This is required for a silent install of PostgreSQL 8.0. Have you posted your extension anywhere or can you post it here? Or has anyone else found anything that will acomplish this?

Thanks!
Ryan


The plugin is available on the Archive Download page.

-Stu


Perfect. Thank you!


Re: Your Extension

Originally posted by Rlstephens
Your extension sounds like just what I need. All I need to do is create user accounts and set their privileges. This is required for a silent install of PostgreSQL 8.0. Have you posted your extension anywhere or can you post it here? Or has anyone else found anything that will acomplish this?

Thanks!
Ryan
Hi, I am doing a silent postgresql install too and wandering if you managed to get this working using UserInfo. I am calling "net user" to create a service account but run into the problem when the account expires after XX days. There is no native net user/account to disable password expiry for a specific account.. Were you able to get around this issue?

Cheers,
Tao

Re: Re: Your Extension

Originally posted by tao.shen
Hi, I am doing a silent postgresql install too and wandering if you managed to get this working using UserInfo. I am calling "net user" to create a service account but run into the problem when the account expires after XX days. There is no native net user/account to disable password expiry for a specific account.. Were you able to get around this issue?

Cheers,
Tao
Hi Tao,

sorry but I did not find out an easy way to accomplish this. Did you try to use my plugin to create that user account? As far as I can see it seems not to be affected by that problem, but I may be wrong as this could differ on different Windows flavours.

Kind regards,
Heiko

@tao.shen
Although net commands do not have the option of changing the 'expired' flag of a user account, you can use WMI do do it. Set a variable for the user name and call


nsExec::ExecToStack '$SYSDIR\Wbem\wmic.exe UserAccount Where Name="$YourUserAcount" Set PasswordExpires= FALSE'

Other properties that can be changed in this way are

The following writeable properties are available:
Property Type Operation
======== ==== =========
Disabled boolean Read/Write
FullName string Read/Write
Lockout boolean Read/Write
PasswordChangeable boolean Read/Write
PasswordExpires boolean Read/Write
PasswordRequired boolean Read/Write

Not very elegant since it requires WMI, but a solution nonetheless.

@hgerstung
My understanding is that it is possible to set the password to not expire using the netapi32 calls that the UserInfo plugin utilizes. If the user properties are defined using a USER_INFO_1 structure you can pass the UF_DONT_EXPIRE_PASSWD flag to the NetUserAdd function.

CF