Old 28th February 2005, 08:17   #1
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
UserMgr - New plugin

Hi y'all!

I released my first plugin for NSIS (so be careful, it's a newbies work) called UserMgr. It can be found in the plugin section of the NSIS Archive and adds some functionality to NSIS when it comes to creating/deleting user accounts and adding/removing user privileges to accounts. Some user group related functions are included, too.

I would appreciate any feedback / comments if you are willing to use this thing for your installer and surprisingly get it to work (or not).

Kind regards,
Heiko

The Archive page for UserMgr
hgerstung is offline   Reply With Quote
Old 28th February 2005, 12:42   #2
flizebogen
Senior Member
 
Join Date: Jan 2002
Location: Berlin
Posts: 171
Can you put a list of privileges online?
flizebogen is offline   Reply With Quote
Old 28th February 2005, 13:05   #3
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,917
mmm, sounds cool, good work, dude


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with MATE.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with MATE.
Joel is offline   Reply With Quote
Old 28th February 2005, 14:17   #4
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
@flizebogen:

Quote:
Originally posted by flizebogen
Can you put a list of privileges online?
That's tricky, I did not find a complete list on the web. But I added a list (incomplete) at the bottom of the archive page (here), this can be used for a start.

HTH

@Joelito: Thanks dude!

Kind regards,
Heiko
hgerstung is offline   Reply With Quote
Old 29th April 2005, 17:54   #5
Apazman123
Junior Member
 
Join Date: Apr 2005
Posts: 3
Exclamation UserMgr::AddToGroup - Issue

I am trying to use this plugin to create a user and add them to the "Administrators" Group. I can add the user successfully, however when I try to Add that user to a group I get an ERROR 2220 Which is "The group name could not be found. " I have double and triple checked the spelling. I also tried to add it to the "Guests" group. I still got the same error. It seems like adding a user to a group may not work? Here is the code I am trying to use.

UserMgr::AddToGroup "progsvc" "Administrators"
Pop $0
MessageBox MB_OK "AddToGroup Result : $0"
Apazman123 is offline   Reply With Quote
Old 30th April 2005, 18:40   #6
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
Re: UserMgr::AddToGroup - Issue

Quote:
Originally posted by Apazman123
I am trying to use this plugin to create a user and add them to the "Administrators" Group. I can add the user successfully, however when I try to Add that user to a group I get an ERROR 2220 Which is "The group name could not be found. " I have double and triple checked the spelling. I also tried to add it to the "Guests" group. I still got the same error. It seems like adding a user to a group may not work? Here is the code I am trying to use.

UserMgr::AddToGroup "progsvc" "Administrators"
Pop $0
MessageBox MB_OK "AddToGroup Result : $0"
Hi!

The AddToGroup function is not working properly, there is a problem with the string format I use, it's some UNICODE struggling and I was not able to solve this. But I'll try to check things again on Monday, so please stay tuned :-)

Sorry for the inconvenience!

Kind regards,
Heiko
hgerstung is offline   Reply With Quote
Old 2nd May 2005, 17:43   #7
Apazman123
Junior Member
 
Join Date: Apr 2005
Posts: 3
Thanks for the help

I really appreciate the help. It's a cool plugin and makes things really easy for setting up a web and/or application servers.
Apazman123 is offline   Reply With Quote
Old 3rd May 2005, 08:12   #8
RobGrant
Senior Member
 
Join Date: Sep 2004
Location: Nottingham
Posts: 263
I use some user manipulation stuff in my company's installer - the syntax I use to add someone to a group is this:

code:

ExecWait 'net localgroup group_name "user_name" /add'



And to remove:

code:

ExecWait 'net localgroup group_name "user_name" /delete'



And mate, if your work (which I'm about to try) adds/removes the SeServiceLogonRight property correctly, then you've saved me lots of time, thanks! (I can add it easily, but can't remove it)

-rob-
RobGrant is offline   Reply With Quote
Old 3rd May 2005, 08:21   #9
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
Hi !

I just wanted to tell you that I'm still working on that AddToGroup issue ... But maybe you can use Rob's way as a workaround until the plugin is able to do that.

Quote:
Originally posted by RobGrant
I use some user manipulation stuff in my company's installer - the syntax I use to add someone to a group is this:

code:

ExecWait 'net localgroup group_name "user_name" /add'



And to remove:

code:

ExecWait 'net localgroup group_name "user_name" /delete'



And mate, if your work (which I'm about to try) adds/removes the SeServiceLogonRight property correctly, then you've saved me lots of time, thanks! (I can add it easily, but can't remove it)

-rob-
Please note that there are a bunch of "SeDenyxxLogonRight" privileges which I needed to add in order to avoid an account from being able to logon interactively. That's a cute security model, isn't it?

Kind regards,
Heiko
hgerstung is offline   Reply With Quote
Old 3rd May 2005, 22:45   #10
Apazman123
Junior Member
 
Join Date: Apr 2005
Posts: 3
Thanks for the help - still got a bit more to go

Thanks Rob and Heiko for the cmd lines. Worked like a charm. Now I have another issue. I am trying to add the following options to the user:

-Password Never expires
-User cannot change Password

Any Ideas?
Apazman123 is offline   Reply With Quote
Old 28th September 2005, 11:48   #11
UnregBryan
Guest
 
Posts: n/a
Question AddToGroup problem

Hi all. 28 September 05

Just ran into the problem of AddToGroup problem, but as none of the messages are dated do not know if this problem has been outstanding for a year or a day! Can someone please give me a time scale for a solution - thanks.

Tried ...
ExecWait 'net localgroup administrators "TagUser" /add'

But get system error 1788 "the trusted relationship..". I'm adding a user to Administrators. Any solution here?

Many thanks
Bryan


Quote:
Originally posted by hgerstung
Hi !

I just wanted to tell you that I'm still working on that AddToGroup issue ... But maybe you can use Rob's way as a workaround until the plugin is able to do that.



Please note that there are a bunch of "SeDenyxxLogonRight" privileges which I needed to add in order to avoid an account from being able to logon interactively. That's a cute security model, isn't it?

Kind regards,
Heiko
  Reply With Quote
Old 28th September 2005, 12:03   #12
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
Hi!

First:
The time and date of a post can be found on the left side of the line directly below the message text (where the "profile", "pm", "search" etc. buttons reside)

Second:
As you see (by now), the last post you quoted was from March 2005, so it's been a while..

I was not able to resolve this in the meantime as I simply do not have enough time to go after it (sorry).

Maybe someone else can help out with the commandline workaround. If this does not work, my plugin has no chance either..

Kind regards,
Heiko
hgerstung is offline   Reply With Quote
Old 28th October 2005, 18:07   #13
ThierryThelliez
Guest
 
Posts: n/a
I have the same need here. Right now I am thinking of using NTRights.exe from the resource toolkit.

http://support.microsoft.com/?kbid=279664

(I hope it will work for W2K3)

Your plugin would be really useful.

Thierry
  Reply With Quote
Old 26th February 2006, 11:42   #14
Jamyn Shanley
Guest
 
Posts: n/a
Interesting

Just tried this plugin tonight; I wanted to add a user account to run a service in the background. I must say, thank you for writing this plugin. I think it will be very useful.

A couple notes:

1) The plugin does add the user and set the password. However, the user does not appear in the Control Panel -> Users list. (testing with WindowsXP SP2). This could be abused, obviously; hopefully this could be fixed.

In comparison, when using the "net user" command, the user appears in "Control Panel -> Users" immediately.

2) Is there a way to "update" a user with this plugin, instead of just add/remove? I would like to be able to reset the password on the account if it exists (the password for the account is randomly generated during any install, and I need that password for the task scheduler).

Example:

code:

Function AddUser
UserMgr::GetUserInfo ${RUNAS} EXISTS
StrCmp "$0" "OK" user_modify user_add
user_modify:
# FIXME: Previous password is random and unknown,
# so we need to reset it here.
Goto user_done
user_add:
UserMgr::CreateAccount "${RUNAS}" "$RandomPassword" "${NAME} User"
Pop $0
DetailPrint "User: ${RUNAS} does not exist. Creating account (result: $0)"
UserMgr::AddToGroup "${RUNAS}" "Guests"
Pop $0
DetailPrint "User: ${RUNAS} - applying account restrictions (result: $0)"
# FIXME: Remove interactive login permissions, etc.
# Lock the account down as much as possible.
Goto user_done
user_done:
FunctionEnd

  Reply With Quote
Old 27th February 2006, 09:49   #15
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
Hi!

The account can be found in the "extended" user manager applet, you can reach this by using the "Advanced.." button (I am not sure how exactly it is labelled, as my system is a german language XP). The cause of this could be a group membership (but I do not know exactly), maybe it appears if you add it to the Users group?

Unfortunately the modification of a user account is not implemented. You could delete and re-create the user but this could of course cause problems with settings and files and so on.

Kind regards,
Heiko
hgerstung is offline   Reply With Quote
Old 8th March 2006, 18:57   #16
Jamyn Shanley
Guest
 
Posts: n/a
Example Code?

I found some interesting code for PostgreSQL's msi-based installer. I may be wrong, but the following code from their installer seems to deal with user and group permissions, etc. Maybe it will help present new ideas for the current plugin?

installer source

file: pginstaller-rel8_1_2-src\pginst\ca\user.c

I am not really capable of translating this information into the current plugin; I apologize. And maybe this information will not prove to be useful. But maybe it will

-J
  Reply With Quote
Old 31st December 2007, 14:00   #17
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
Hello Heiko,

I know it has been a while since the last post, but I have made a patch for your UserMgr plugin.

These are the changes:

- I used NetLocalGroupAddMembers instead of NetGroupAddUser in the AddToGroup function to make it work.(Thanks to the article of CancerFace (http://nsis.sourceforge.net/User_Management_using_API_calls))

- I added the function CreateAccountEx to be able to add a fullname of a user (Shown in the Welcome Screen) and add flags to the user (Password never expires etc.):

code:

UserMgr::CreateAccountEx USERID PASSWORD COMMENT FULLNAME USERCOMMENT FLAGS
where FLAGS can be one or more of the following, seperated by '|':
UF_ACCOUNTDISABLE The user's account is disabled.
UF_PASSWD_NOTREQD No password is required.
UF_PASSWD_CANT_CHANGE The user cannot change the password.
UF_DONT_EXPIRE_PASSWD The password will never expire on the account.


- I added the function BuiltAccountEnv. This function creates the User Environment (Documents and settings\{User} folder, User Registry Hive etc. to be able to do something there without the need to login as the new created user first:

code:

UserMgr::BuiltAccountEnv USERID PASSWORD


- I added the function RegLoadUserHive. This function loads the User Registry hive in HKEY_USERS\{USERID} to be able to add keys and values to the HKEY_CURRENT_USER of this user:

code:

UserMgr::RegLoadUserHive USERID


- I added the function RegUnLoadUserHive. This function unloads the User Registry hive:

code:

UserMgr::RegUnLoadUserHive USERID


I guess the last two functions should be in a Registry Plugin, but since I only found a Plugin with Macro's (which I dislike...) I added it here.
If you don't want it in the plugin, I can remove it.

NOTE: The Platform SDK is needed for this project to compile (The February 2003 build is the last version which work with VC6) (http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm)

Best regards,
Jan Pieter de Ruiter
Attached Files
File Type: zip usermgr.zip (71.4 KB, 516 views)
jpderuiter is offline   Reply With Quote
Old 31st December 2007, 17:20   #18
kichik
M.I.A.
[NSIS Dev, Mod]
 
kichik's Avatar
 
Join Date: Oct 2001
Location: Israel
Posts: 11,343
You should add the new version to the Wiki page. To upload files, see:

http://nsis.sourceforge.net/Uploading_files

NSIS FAQ | NSIS Home Page | Donate $
"I hear and I forget. I see and I remember. I do and I understand." -- Confucius
kichik is offline   Reply With Quote
Old 31st December 2007, 23:12   #19
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
UserMgr plugin

Yes I know,

but since it's Heiko's plugin I wanted to ask his opinion first.

JP
jpderuiter is offline   Reply With Quote
Old 2nd January 2008, 19:55   #20
hgerstung
Junior Member
 
hgerstung's Avatar
 
Join Date: Feb 2005
Posts: 19
Jan Pieter,

awesome work! Please do not hesitate to update the Wiki, that's what it's for! And please do not forget to give yourself the due credit.

Thanks a lot for working on this,

Cheers,
Heiko
hgerstung is offline   Reply With Quote
Old 2nd January 2008, 20:43   #21
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
I have made two additions for the plugin:

- PASSWORD added as possible FIELD for the SetUserInfo function. With this field the user password can be changed (Admin rights needed)

- The function ChangeUserPassword is added to be able to change a user password (Admin rights not needed)

I have also updated the Wiki page:
http://nsis.sourceforge.net/UserMgr_plug-in
You can find the updated plugin there.

Regards,
JP
jpderuiter is offline   Reply With Quote
Old 14th January 2008, 23:50   #22
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
Hello,

I have uploaded a new version:

- Fixed a small bug in GetUserInfo function

- Fixed 2 small bugs in SetUserInfo function

- Added GetCurrentUserName function

- Added GetLocalizedStdAccountName function
(e.g. "NT AUTHORITY\SYSTEM" for "S-1-5-18" on a English system and "NT-AUTORITÄT\NETZWERKDIENST" for "S-1-5-20" on a German system)
The most often used SID's are defined in the included SpecialGroupsSIDs.nsh

- Added IsMemberOfGroup function

Best regards,
jpderuiter
jpderuiter is offline   Reply With Quote
Old 15th January 2008, 16:06   #23
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
Whoops, found a small (localization) bug in RegLoadUserHive.

I uploaded a new version on the wiki page.

JP
jpderuiter is offline   Reply With Quote
Old 1st February 2008, 16:25   #24
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
Hello,

I have uploaded a new version:

- Fixed a bug in SetUserInfo function

- Added HasPrivilege function

Best regards,
jpderuiter
jpderuiter is offline   Reply With Quote
Old 21st June 2008, 11:12   #25
Margon
Junior Member
 
Join Date: Jun 2008
Posts: 1
Hi,
First of all, sorry for my English.

I tried to use plugin in Russian Windows XP and found little localization problem: when i tried to work with user name in russian language function "swprintf" can't convert ANSI string to UNICODE in russian locale. I'l tried to use MultiByteToWideChar instead them and all works.
IMHO, all functins
"swprintf(UNICODE_variable, L"%S", ANSI_variable)"
must be replaced to something like
MultiByteToWideChar(CP_ACP,0,UNICODE_variable,-1,ANSI_variable,sizeof(UNICODE_variable));

Best regards, Dmitriy.
P.S.: Sorry for my English.Once again
Margon is offline   Reply With Quote
Old 25th June 2008, 08:57   #26
Wizou
Senior Member
 
Join Date: Aug 2007
Location: Paris, France
Posts: 304
@jpderuiter: you should really think about opening a new forum topic for your plugin, because this one lacks a decent title..
Wizou is offline   Reply With Quote
Old 19th September 2008, 12:15   #27
kc7bfi
Junior Member
 
Join Date: Oct 2007
Posts: 10
Missing ZIP

The UserMgr.zip link does not seem to be working
kc7bfi is offline   Reply With Quote
Old 19th September 2008, 13:52   #28
pengyou
Major Dude
 
Join Date: Mar 2003
Posts: 571
Quote:
The UserMgr.zip link does not seem to be working
The NSIS site is hosted by SourceForge who are currently migrating to a new datacentre. As a result some features on the NSIS wiki, including downloads, are not working properly at the moment. For more information see this topic:

http://forums.winamp.com/showthread.php?threadid=297527
pengyou is offline   Reply With Quote
Old 21st January 2009, 19:27   #29
Ivan Andreevich
Junior Member
 
Join Date: Nov 2003
Location: Vancouver, BC
Posts: 48
I am logged in as 'mshome\ivan', but
code:
UserMgr::GetCurrentUserName

returns only 'ivan'. I am creating a service which uses network log on permissions. This action fails when domain is not specified.

Any way to grab the full username, including the domain?

Actually this http://nsis.sourceforge.net/NSISUser_plug-in kind of does what I need, but I would still prefer to be able to do the above.

Last edited by Ivan Andreevich; 21st January 2009 at 20:00.
Ivan Andreevich is offline   Reply With Quote
Old 21st January 2009, 23:23   #30
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
UserMgr Plugin

Hello Ivan,

I uploaded a new version of the plugin, which has a new Function "GetCurrentDomain".
This function will return the domainname you are currently logged in to (in your case "mshome").

Best regards,
jpderuiter
jpderuiter is offline   Reply With Quote
Old 22nd January 2009, 07:19   #31
jpderuiter
Major Dude
 
Join Date: Feb 2007
Posts: 672
BTW:

I started a new thread about the UserMgr Plugin with a more decent title:
http://forums.winamp.com/showthread....hreadid=302322
jpderuiter is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump