- NSIS Discussion
- New plugin
Archive: New plugin
hgerstung
28th February 2005 09:17 UTC
New plugin
Hi y'all!
I released my first plugin for NSIS (so be careful, it's a newbies work) called UserMgr. It can be found in the plugin section of the NSIS Archive and adds some functionality to NSIS when it comes to creating/deleting user accounts and adding/removing user privileges to accounts. Some user group related functions are included, too.
I would appreciate any feedback / comments if you are willing to use this thing for your installer and surprisingly get it to work (or not).
Kind regards,
Heiko
The Archive page for UserMgr
flizebogen
28th February 2005 13:42 UTC
Can you put a list of privileges online?
Joel
28th February 2005 14:05 UTC
mmm, sounds cool, good work, dude :up:
hgerstung
28th February 2005 15:17 UTC
@flizebogen:
Originally posted by flizebogen
Can you put a list of privileges online?
That's tricky, I did not find a complete list on the web. But I added a list (incomplete) at the bottom of the archive page (
here), this can be used for a start.
HTH
@Joelito: :cool: Thanks dude! :cool:
Kind regards,
Heiko
Apazman123
29th April 2005 18:54 UTC
UserMgr::AddToGroup - Issue
I am trying to use this plugin to create a user and add them to the "Administrators" Group. I can add the user successfully, however when I try to Add that user to a group I get an ERROR 2220 Which is "The group name could not be found. " I have double and triple checked the spelling. I also tried to add it to the "Guests" group. I still got the same error. It seems like adding a user to a group may not work? Here is the code I am trying to use.
UserMgr::AddToGroup "progsvc" "Administrators"
Pop $0
MessageBox MB_OK "AddToGroup Result : $0"
hgerstung
30th April 2005 19:40 UTC
Re: UserMgr::AddToGroup - Issue
Originally posted by Apazman123
I am trying to use this plugin to create a user and add them to the "Administrators" Group. I can add the user successfully, however when I try to Add that user to a group I get an ERROR 2220 Which is "The group name could not be found. " I have double and triple checked the spelling. I also tried to add it to the "Guests" group. I still got the same error. It seems like adding a user to a group may not work? Here is the code I am trying to use.
UserMgr::AddToGroup "progsvc" "Administrators"
Pop $0
MessageBox MB_OK "AddToGroup Result : $0"
Hi!
The AddToGroup function is not working properly, there is a problem with the string format I use, it's some UNICODE struggling and I was not able to solve this. But I'll try to check things again on Monday, so please stay tuned :-)
Sorry for the inconvenience!
Kind regards,
Heiko
Apazman123
2nd May 2005 18:43 UTC
Thanks for the help
I really appreciate the help. It's a cool plugin and makes things really easy for setting up a web and/or application servers.
RobGrant
3rd May 2005 09:12 UTC
I use some user manipulation stuff in my company's installer - the syntax I use to add someone to a group is this:
ExecWait 'net localgroup group_name "user_name" /add'
And to remove:
ExecWait 'net localgroup group_name "user_name" /delete'
And mate, if your work (which I'm about to try) adds/removes the SeServiceLogonRight property correctly, then you've saved me lots of time, thanks! (I can add it easily, but can't remove it)
-rob-
hgerstung
3rd May 2005 09:21 UTC
Hi !
I just wanted to tell you that I'm still working on that AddToGroup issue ... But maybe you can use Rob's way as a workaround until the plugin is able to do that.
Originally posted by RobGrant
I use some user manipulation stuff in my company's installer - the syntax I use to add someone to a group is this:
ExecWait 'net localgroup group_name "user_name" /add'
And to remove:
ExecWait 'net localgroup group_name "user_name" /delete'
And mate, if your work (which I'm about to try) adds/removes the SeServiceLogonRight property correctly, then you've saved me lots of time, thanks! (I can add it easily, but can't remove it)
-rob-
Please note that there are a bunch of "SeDenyxxLogonRight" privileges which I needed to add in order to avoid an account from being able to logon interactively. That's a cute security model, isn't it?
Kind regards,
Heiko
Apazman123
3rd May 2005 23:45 UTC
Thanks for the help - still got a bit more to go
Thanks Rob and Heiko for the cmd lines. Worked like a charm. Now I have another issue. I am trying to add the following options to the user:
-Password Never expires
-User cannot change Password
Any Ideas?
UnregBryan
28th September 2005 12:48 UTC
AddToGroup problem
Hi all. 28 September 05
Just ran into the problem of AddToGroup problem, but as none of the messages are dated do not know if this problem has been outstanding for a year or a day! Can someone please give me a time scale for a solution - thanks.
Tried ...
ExecWait 'net localgroup administrators "TagUser" /add'
But get system error 1788 "the trusted relationship..". I'm adding a user to Administrators. Any solution here?
Many thanks
Bryan
Originally posted by hgerstung
Hi !
I just wanted to tell you that I'm still working on that AddToGroup issue ... But maybe you can use Rob's way as a workaround until the plugin is able to do that.
Please note that there are a bunch of "SeDenyxxLogonRight" privileges which I needed to add in order to avoid an account from being able to logon interactively. That's a cute security model, isn't it?
Kind regards,
Heiko
hgerstung
28th September 2005 13:03 UTC
Hi!
First:
The time and date of a post can be found on the left side of the line directly below the message text (where the "profile", "pm", "search" etc. buttons reside)
Second:
As you see (by now), the last post you quoted was from March 2005, so it's been a while..
I was not able to resolve this in the meantime as I simply do not have enough time to go after it (sorry).
Maybe someone else can help out with the commandline workaround. If this does not work, my plugin has no chance either..
Kind regards,
Heiko
ThierryThelliez
28th October 2005 19:07 UTC
I have the same need here. Right now I am thinking of using NTRights.exe from the resource toolkit.
http://support.microsoft.com/?kbid=279664
(I hope it will work for W2K3)
Your plugin would be really useful.
Thierry
Jamyn Shanley
26th February 2006 12:42 UTC
Interesting
Just tried this plugin tonight; I wanted to add a user account to run a service in the background. I must say, thank you for writing this plugin. I think it will be very useful.
A couple notes:
1) The plugin does add the user and set the password. However, the user does not appear in the Control Panel -> Users list. (testing with WindowsXP SP2). This could be abused, obviously; hopefully this could be fixed.
In comparison, when using the "net user" command, the user appears in "Control Panel -> Users" immediately.
2) Is there a way to "update" a user with this plugin, instead of just add/remove? I would like to be able to reset the password on the account if it exists (the password for the account is randomly generated during any install, and I need that password for the task scheduler).
Example:
Function AddUser
UserMgr::GetUserInfo ${RUNAS} EXISTS
StrCmp "$0" "OK" user_modify user_add
user_modify:
# FIXME: Previous password is random and unknown,
# so we need to reset it here.
Goto user_done
user_add:
UserMgr::CreateAccount "${RUNAS}" "$RandomPassword" "${NAME} User"
Pop $0
DetailPrint "User: ${RUNAS} does not exist. Creating account (result: $0)"
UserMgr::AddToGroup "${RUNAS}" "Guests"
Pop $0
DetailPrint "User: ${RUNAS} - applying account restrictions (result: $0)"
# FIXME: Remove interactive login permissions, etc.
# Lock the account down as much as possible.
Goto user_done
user_done:
FunctionEnd
hgerstung
27th February 2006 10:49 UTC
Hi!
The account can be found in the "extended" user manager applet, you can reach this by using the "Advanced.." button (I am not sure how exactly it is labelled, as my system is a german language XP). The cause of this could be a group membership (but I do not know exactly), maybe it appears if you add it to the Users group?
Unfortunately the modification of a user account is not implemented. You could delete and re-create the user but this could of course cause problems with settings and files and so on.
Kind regards,
Heiko
Jamyn Shanley
8th March 2006 19:57 UTC
Example Code?
I found some interesting code for PostgreSQL's msi-based installer. I may be wrong, but the following code from their installer seems to deal with user and group permissions, etc. Maybe it will help present new ideas for the current plugin?
installer source
file: pginstaller-rel8_1_2-src\pginst\ca\user.c
I am not really capable of translating this information into the current plugin; I apologize. And maybe this information will not prove to be useful. But maybe it will :)
-J
jpderuiter
31st December 2007 15:00 UTC
Hello Heiko,
I know it has been a while since the last post, but I have made a patch for your UserMgr plugin.
These are the changes:
- I used NetLocalGroupAddMembers instead of NetGroupAddUser in the AddToGroup function to make it work.(Thanks to the article of CancerFace (http://nsis.sourceforge.net/User_Management_using_API_calls))
- I added the function CreateAccountEx to be able to add a fullname of a user (Shown in the Welcome Screen) and add flags to the user (Password never expires etc.):
UserMgr::CreateAccountEx USERID PASSWORD COMMENT FULLNAME USERCOMMENT FLAGS
where FLAGS can be one or more of the following, seperated by '|':
UF_ACCOUNTDISABLE The user's account is disabled.
UF_PASSWD_NOTREQD No password is required.
UF_PASSWD_CANT_CHANGE The user cannot change the password.
UF_DONT_EXPIRE_PASSWD The password will never expire on the account.
- I added the function BuiltAccountEnv. This function creates the User Environment (Documents and settings\{User} folder, User Registry Hive etc. to be able to do something there without the need to login as the new created user first:
UserMgr::BuiltAccountEnv USERID PASSWORD
- I added the function RegLoadUserHive. This function loads the User Registry hive in HKEY_USERS\{USERID} to be able to add keys and values to the HKEY_CURRENT_USER of this user:
UserMgr::RegLoadUserHive USERID
- I added the function RegUnLoadUserHive. This function unloads the User Registry hive:
UserMgr::RegUnLoadUserHive USERID
I guess the last two functions should be in a Registry Plugin, but since I only found a Plugin with Macro's (which I dislike...) I added it here.
If you don't want it in the plugin, I can remove it.
NOTE: The Platform SDK is needed for this project to compile (The February 2003 build is the last version which work with VC6) (http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm)
Best regards,
Jan Pieter de Ruiter
kichik
31st December 2007 18:20 UTC
You should add the new version to the Wiki page. To upload files, see:
http://nsis.sourceforge.net/Uploading_files
jpderuiter
1st January 2008 00:12 UTC
UserMgr plugin
Yes I know,
but since it's Heiko's plugin I wanted to ask his opinion first.
JP
hgerstung
2nd January 2008 20:55 UTC
Jan Pieter,
awesome work! Please do not hesitate to update the Wiki, that's what it's for! And please do not forget to give yourself the due credit.
Thanks a lot for working on this,
Cheers,
Heiko
jpderuiter
2nd January 2008 21:43 UTC
I have made two additions for the plugin:
- PASSWORD added as possible FIELD for the SetUserInfo function. With this field the user password can be changed (Admin rights needed)
- The function ChangeUserPassword is added to be able to change a user password (Admin rights not needed)
I have also updated the Wiki page:
http://nsis.sourceforge.net/UserMgr_plug-in
You can find the updated plugin there.
Regards,
JP
jpderuiter
15th January 2008 00:50 UTC
Hello,
I have uploaded a new version:
- Fixed a small bug in GetUserInfo function
- Fixed 2 small bugs in SetUserInfo function
- Added GetCurrentUserName function
- Added GetLocalizedStdAccountName function
(e.g. "NT AUTHORITY\SYSTEM" for "S-1-5-18" on a English system and "NT-AUTORITÄT\NETZWERKDIENST" for "S-1-5-20" on a German system)
The most often used SID's are defined in the included SpecialGroupsSIDs.nsh
- Added IsMemberOfGroup function
Best regards,
jpderuiter
jpderuiter
15th January 2008 17:06 UTC
Whoops, found a small (localization) bug in RegLoadUserHive.
I uploaded a new version on the wiki page.
JP
jpderuiter
1st February 2008 17:25 UTC
Hello,
I have uploaded a new version:
- Fixed a bug in SetUserInfo function
- Added HasPrivilege function
Best regards,
jpderuiter
Margon
21st June 2008 12:12 UTC
Hi,
First of all, sorry for my English.
I tried to use plugin in Russian Windows XP and found little localization problem: when i tried to work with user name in russian language function "swprintf" can't convert ANSI string to UNICODE in russian locale. I'l tried to use MultiByteToWideChar instead them and all works.
IMHO, all functins
"swprintf(UNICODE_variable, L"%S", ANSI_variable)"
must be replaced to something like
MultiByteToWideChar(CP_ACP,0,UNICODE_variable,-1,ANSI_variable,sizeof(UNICODE_variable));
Best regards, Dmitriy.
P.S.: Sorry for my English.Once again:)
Wizou
25th June 2008 09:57 UTC
@jpderuiter: you should really think about opening a new forum topic for your plugin, because this one lacks a decent title..
kc7bfi
19th September 2008 13:15 UTC
Missing ZIP
The UserMgr.zip link does not seem to be working
pengyou
19th September 2008 14:52 UTC
The UserMgr.zip link does not seem to be working
The NSIS site is hosted by SourceForge who are currently migrating to a new datacentre. As a result some features on the NSIS wiki, including downloads, are not working properly at the moment. For more information see this topic:
http://forums.winamp.com/showthread.php?threadid=297527
Ivan Andreevich
21st January 2009 20:27 UTC
I am logged in as 'mshome\ivan', but
UserMgr::GetCurrentUserName
returns only 'ivan'. I am creating a service which uses network log on permissions. This action fails when domain is not specified.
Any way to grab the full username, including the domain?
Actually this
http://nsis.sourceforge.net/NSISUser_plug-in kind of does what I need, but I would still prefer to be able to do the above.
jpderuiter
22nd January 2009 00:23 UTC
UserMgr Plugin
Hello Ivan,
I uploaded a new version of the plugin, which has a new Function "GetCurrentDomain".
This function will return the domainname you are currently logged in to (in your case "mshome").
Best regards,
jpderuiter
jpderuiter
22nd January 2009 08:19 UTC
BTW:
I started a new thread about the UserMgr Plugin with a more decent title:
http://forums.winamp.com/showthread....hreadid=302322