Powershell DSC user resource
Hi there,
I'm trying to create a local user on a remote machine using Desired State Configuration. My script so far:
Configuration testuser {
param($pass = $("Pa$$w0rd" | ConvertTo-SecureString -AsPlainText -Force))
node server-web {
User testuser {
UserName = "user1"
FullName = "UserOne"
PasswordChangeRequired = $false
PasswordNeverExires = $false
Password = $pass
}}}
Calling the configuration is throwing an error - somehow I have no idea how to get a password credential object into the DSC configuration.
Yours
FG Clodt
February 20th, 2015 11:43am
This property does not exist:
PasswordNeverExires = $false
February 20th, 2015 1:24pm
Configuration testuser {
param($pass='Pa$$w0rd')
$pwd= $pass | ConvertTo-SecureString -AsPlainText -Force
node server-web{
User testuser{
UserName = "user1"
FullName = "UserOne"
PasswordChangeRequired = $false
#PasswordNeverExires = $false
Password = $pwd
}
}
}
February 20th, 2015 1:27pm
PasswordNeverExpires is a property though. Looks like a misspelling occurred with expires.
get-dscresource User | Select -Expand Properties
<#
Name PropertyType IsMandatory Values
---- ------------ ----------- ------
UserName [string] True {}
DependsOn [string[]] False {}
Description [string] False {}
Disabled [bool] False {}
Ensure [string] False {Absent, Present}
FullName [string] False {}
Password [PSCredential] False {}
PasswordChangeNotAllowed [bool] False {}
PasswordChangeRequired [bool] False {}
PasswordNeverExpires [bool] False {}
#>
Configuration testuser {
param($pass='Pa$$w0rd')
$pwd= $pass | ConvertTo-SecureString -AsPlainText -Force
node server-web{
User testuser{
UserName = "user1"
FullName = "UserOne"
PasswordChangeRequired = $false
PasswordNeverExpires = $false
Password = $pwd
}
}
}
February 20th, 2015 1:53pm
You have to provide a credential object, not a secure string. Try this:
configuration TestUser
{
param
(
[PSCredential]$Credential
)
node localhost
{
User TestUser
{
UserName = $Credential.UserName
Ensure = 'Present'
Password = $Credential
Description = 'User created by DSC'
PasswordNeverExpires = $true
PasswordChangeNotAllowed = $true
}
}
}
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword=$true
}
)
}
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)
I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.
HTH Ben
-
Proposed as answer by
Ben Gelens
16 hours 10 minutes ago
February 20th, 2015 2:22pm
You have to provide a credential object, not a secure string. Try this:
configuration TestUser
{
param
(
[PSCredential]$Credential
)
node localhost
{
User TestUser
{
UserName = $Credential.UserName
Ensure = 'Present'
Password = $Credential
Description = 'User created by DSC'
PasswordNeverExpires = $true
PasswordChangeNotAllowed = $true
}
}
}
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword=$true
}
)
}
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)
I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.
HTH Ben
-
Proposed as answer by
Ben Gelens
Friday, February 20, 2015 7:20 PM
February 20th, 2015 7:15pm
You have to provide a credential object, not a secure string. Try this:
configuration TestUser
{
param
(
[PSCredential]$Credential
)
node localhost
{
User TestUser
{
UserName = $Credential.UserName
Ensure = 'Present'
Password = $Credential
Description = 'User created by DSC'
PasswordNeverExpires = $true
PasswordChangeNotAllowed = $true
}
}
}
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword=$true
}
)
}
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)
I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.
HTH Ben
-
Proposed as answer by
Ben Gelens
Friday, February 20, 2015 7:20 PM
-
Marked as answer by
AnnaWYMicrosoft contingent staff, Moderator
21 hours 54 minutes ago
February 20th, 2015 7:15pm
You have to provide a credential object, not a secure string. Try this:
configuration TestUser
{
param
(
[PSCredential]$Credential
)
node localhost
{
User TestUser
{
UserName = $Credential.UserName
Ensure = 'Present'
Password = $Credential
Description = 'User created by DSC'
PasswordNeverExpires = $true
PasswordChangeNotAllowed = $true
}
}
}
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword=$true
}
)
}
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)
I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.
HTH Ben
-
Proposed as answer by
Ben Gelens
Friday, February 20, 2015 7:20 PM
February 20th, 2015 10:15pm
You have to provide a credential object, not a secure string. Try this:
configuration TestUser
{
param
(
[PSCredential]$Credential
)
node localhost
{
User TestUser
{
UserName = $Credential.UserName
Ensure = 'Present'
Password = $Credential
Description = 'User created by DSC'
PasswordNeverExpires = $true
PasswordChangeNotAllowed = $true
}
}
}
$ConfigData = @{
AllNodes = @(
@{
NodeName = 'localhost'
PSDscAllowPlainTextPassword=$true
}
)
}
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)
I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.
HTH Ben
-
Proposed as answer by
Ben Gelens
Friday, February 20, 2015 7:20 PM
February 20th, 2015 10:15pm
Hi FG,
Im writing to just check in to see if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.
If you have any feedback on our support, please click here.
Best Regards,
Anna Wang
March 9th, 2015 3:50am