hgerstung
18th February 2005 11:35 UTC

my extensions for UserInfo plugin
Hey guys!

I must have the possibility to create a new user in my installer, as well as setting up some user rights / privileges for this user.

I put a few new functions into the UserInfo plugin and it seems to work just fine. Here's the list of functions I added to UserInfo:

- CreateAccount USER_ID PASSWORD COMMENT
Adds a user account with the given password and comment to the local system

- DeleteAccount USER_ID
Removes the given user account from the system

- AddPrivilege USER_ID PRIVILEGE
Adds a privilege to the given user, e.g. SeServiceLogonRight or SeSetSystemTime etc.

- RemovePrivilege USER_ID PRIVILEGE
Removes a privilege from a user account

Now I would like to add a number of group related functions and would like to add:

- CreateGroup GROUP_ID COMMENT
Create a new group

- DeleteGroup GROUP_ID
Deletes a group

- AddToGroup USER_ID GROUP_ID
Adds the user to the given group

- RemoveFromGroup USER_ID GROUP_ID
Removes the user from the given group

I have difficulties with the group name, which has to be passed to almost all NETAPI functions as a LPCWSTR (Unicode). I am using the same conversions I did with the user related functions, but I get constant errors. If any Visual C++ freak out there with experiences regarding Unicode string handling can help me, please send me a PM.

And: I would like to know if I should submit my hacked UserInfo plugin? Who has to receive it in which format? (I could zip the UserInfo folder in my NSIS contrib dir, that's where I am actually developing).

Is this of any interest to somebody?

Kind regards,
Heiko

kichik
18th February 2005 11:39 UTC

AccessControl is already able to change user access to objects. There are also some users currently working on improving it. I think it would be better if you apply your changes to the AccessControl plug-in. The UserInfo plug-in is just for information, not for access control.

hgerstung
18th February 2005 11:57 UTC

Originally posted by kichik
AccessControl is already able to change user access to objects. There are also some users currently working on improving it. I think it would be better if you apply your changes to the AccessControl plug-in. The UserInfo plug-in is just for information, not for access control.

kichik
18th February 2005 12:05 UTC

It might be targeted against file and registry, but it is still about AccessControl. Other than the concept, there are probably a lot of code that can be shared. It probably already handles Unicode strings... You could join forces with the users already working on it.

Rlstephens
21st March 2005 17:48 UTC

Your Extension
Your extension sounds like just what I need. All I need to do is create user accounts and set their privileges. This is required for a silent install of PostgreSQL 8.0. Have you posted your extension anywhere or can you post it here? Or has anyone else found anything that will acomplish this?

Thanks!
Ryan

Afrow UK
21st March 2005 17:51 UTC

The plugin is available on the Archive Download page.

-Stu

Rlstephens
21st March 2005 17:54 UTC

Perfect. Thank you!

tao.shen
6th July 2005 08:22 UTC

Re: Your Extension

Originally posted by Rlstephens
Your extension sounds like just what I need. All I need to do is create user accounts and set their privileges. This is required for a silent install of PostgreSQL 8.0. Have you posted your extension anywhere or can you post it here? Or has anyone else found anything that will acomplish this?

Thanks!
Ryan

hgerstung
6th July 2005 09:53 UTC

Re: Re: Your Extension

Originally posted by tao.shen
Hi, I am doing a silent postgresql install too and wandering if you managed to get this working using UserInfo. I am calling "net user" to create a service account but run into the problem when the account expires after XX days. There is no native net user/account to disable password expiry for a specific account.. Were you able to get around this issue?

Cheers,
Tao

CancerFace
14th April 2006 11:18 UTC

@tao.shen
Although net commands do not have the option of changing the 'expired' flag of a user account, you can use WMI do do it. Set a variable for the user name and call

nsExec::ExecToStack '$SYSDIR\Wbem\wmic.exe UserAccount Where Name="$YourUserAcount" Set PasswordExpires= FALSE'

The following writeable properties are available:
Property                                Type                    Operation
========                                ====                    =========
Disabled                                boolean                 Read/Write
FullName                                string                  Read/Write
Lockout                                 boolean                 Read/Write
PasswordChangeable                      boolean                 Read/Write
PasswordExpires                         boolean                 Read/Write
PasswordRequired                        boolean                 Read/Write