aktuell versuche ich ein Opsi Paket zu bauen, welches mir flexibel locale user anlegen kann. Direkt mit Powershell funktioniert die GEschichte, aber in Verbindung mit Opsi winscript funktioniert es nicht. Habt Ihr einen Tipp? Ich habe schon gelesen, dass mit Windows 1809 sich hinsichtlich Powershell Sicherheit einiges geändert hat und dann noch was mit unblock usw gelesen, jedoch sollte es auch so funktionieren? Hier das Skript, vielleicht fällt jemand ein grober schnitzer auf...
Code: Alles auswählen
[Actions]
requiredWinstVersion >= "4.11.2.1"
setLogLevel=3
DefVar $ProductName$
DefVar $local_user$
DefVar $Group$
DefVar $SearchResult$
DefVar $val_userpasswd$
DefVar $val_username$
DefVar $val_groupmember$
DefVar $UserExists$
DefVar $UserGroup$
DefVar $date_tomorrow$
DefVar $pwd_expires$
DefVar $ExitCode$
DefVar $ErrorMsg$
DefVar $LogDir$
Set $LogDir$ = "%opsiLogDir%"
DefStringlist $ResultList$
DefStringlist $ResultList2$
DefStringlist $ResultList3$
comment "val_userpasswd"
comment "description: password"
;Set $val_userpasswd$ = GetProductProperty("val_userpasswd", "SecurePW!")
comment "val_username"
comment "description: admin username"
;Set $local_user$= GetProductProperty("val_username", "locsupp")
comment "val_groupmember"
comment "description: Groupemembership"
;Set $UserGroup$= GetProductProperty("val_groupmember", "Administratoren")
comment "get the name of the admin group"
Message "Installing Local User"
comment "Start setup program"
ChangeDirectory "%SCRIPTPATH%"
;----------------------------------------------
DosInAnIcon_setpolicy
ExecWith_powershell powershell.exe winst /64Bit
set $exitcode$ = getLastExitcode
if not ($exitcode$ = "0")
comment "powershell script failed"
endif
[DosInAnIcon_setpolicy]
echo "powershell set-executionpolicy RemoteSigned ..."
powershell.exe set-executionpolicy RemoteSigned
exit %ERRORLEVEL%
[ExecWith_powershell]
# set Variables from Properties
$UserNames = @("Admin1;User1;User2")
$UserPasswords = @("pwadmin3KKJ!!!;pwlKe6er1211K2!;pwlKe99er1211K2")
$UserGroups = @("Administratoren;Benutzer;Benutzer")
;$UserGroups = '$Usergroup$'
$ArrayGroups = $UserGroups.split(";")
;$UserNames = '$local_user$'
$ArrayUserNames = $Usernames.split(";")
;$UserPasswords = '$val_userpasswd$'
$ArrayUserPasswords = $UserPasswords.split(";")
# start checking array sizes
if ($ArrayUserNames.Length -ne $ArrayGroups -ne $ArrayUserPasswords) {
write-host "Array sizes of Usergroups, Usernames or Userpasswords does not fit"
exit 1
#set-executionpolicy unrestricted
$ArrayUserNames = $Usernames.split(";")
$ArrayUserPasswords = $UserPasswords.split(";")
$ArrayGroups = $UserGroups.split(";")
# start checking array sizes
if ($ArrayUserNames.Length -ne $ArrayGroups -ne $ArrayUserPasswords) {
write-host "Array sizes of Usergroups, Usernames or Userpasswords does not fit"
exit 1
}
$ErrorActionPreference = 'Stop'
$VerbosePreference = 'Continue'
# start looping
For ($i=0; $i -lt $ArrayUserNames.Length; $i++) {
$ObjLocalUser = $null
Try {
Write-Verbose "Searching for $($ArrayUserNames[$i]) in LocalUser DataBase"
$ObjLocalUser = Get-LocalUser $ArrayUserNames[$i]
Write-Verbose "User $($ArrayUserNames[$i]) was found"
}
Catch [Microsoft.PowerShell.Commands.UserNotFoundException] {
"User $($ArrayUserNames[$i]) was not found" | Write-Warning
}
Catch {
"An unspecifed error occured" | Write-Error
Exit 2# Stop Powershell!
}
#Create the user if it was not found (Example)
If (!$ObjLocalUser) {
Write-Verbose "Creating User $($ArrayUserNames[$i])" #(Example)
$SecurePassword = ConvertTo-SecureString $ArrayUserPasswords[$i] -AsPlainText -Force
New-LocalUser -Name $ArrayUserNames[$i] -Password $SecurePassword -AccountNeverExpires -PasswordNeverExpires -FullName $ArrayUserNames[$i] -UserMayNotChangePassword
# Add User to group
Add-LocalGroupMember -Group $ArrayGroups[$i] -Member $ArrayUserNames[$i]
}
}