locked
Powershell DSC user resource RRS feed

  • Question

  • Hi there,

    I'm trying to create a local user on a remote machine using Desired State Configuration. My script so far:

    Configuration testuser {

      param($pass = $("Pa$$w0rd" | ConvertTo-SecureString -AsPlainText -Force))

       node server-web {

         User testuser {

            UserName = "user1"

            FullName = "UserOne"

            PasswordChangeRequired = $false

            PasswordNeverExires = $false

            Password = $pass

            }}}

    Calling the configuration is throwing an error - somehow I have no idea how to get a password credential object into the DSC configuration.

    Yours

    FG Clodt


    fgc

    Friday, February 20, 2015 4:37 PM

Answers

  • You have to provide a credential object, not a secure string. Try this:

    configuration TestUser
    {
        param
        ( 
            [PSCredential]$Credential
        )
        node localhost
        {    
            User TestUser
            {
                UserName = $Credential.UserName
                Ensure = 'Present'
                Password = $Credential
                Description = 'User created by DSC'
                PasswordNeverExpires = $true
                PasswordChangeNotAllowed = $true
            }
        }
    }
    
    $ConfigData = @{   
        AllNodes = @(        
            @{     
                NodeName = 'localhost'
                PSDscAllowPlainTextPassword=$true
            } 
        )  
    } 
    
    TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)

    I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.

    HTH Ben

    • Proposed as answer by Ben GelensMVP Friday, February 20, 2015 7:20 PM
    • Marked as answer by AnnaWY Tuesday, March 10, 2015 9:15 AM
    Friday, February 20, 2015 7:15 PM

All replies

  • This property does not exist:

            PasswordNeverExires = $false


    ¯\_(ツ)_/¯

    Friday, February 20, 2015 6:18 PM
  • Configuration testuser {
        param($pass='Pa$$w0rd')
    	
    	$pwd= $pass | ConvertTo-SecureString -AsPlainText -Force
    
    	node server-web{
        	    User testuser{
                UserName = "user1"
                FullName = "UserOne"
                PasswordChangeRequired = $false
                #PasswordNeverExires = $false
                Password = $pwd
            }
        }
    }


    ¯\_(ツ)_/¯



    • Edited by jrv Friday, February 20, 2015 6:25 PM
    Friday, February 20, 2015 6:21 PM
  • PasswordNeverExpires is a property though. Looks like a misspelling occurred with expires.

    get-dscresource User | Select -Expand Properties
    
    <#
    Name                     PropertyType   IsMandatory Values           
    ----                     ------------   ----------- ------           
    UserName                 [string]              True {}               
    DependsOn                [string[]]           False {}               
    Description              [string]             False {}               
    Disabled                 [bool]               False {}               
    Ensure                   [string]             False {Absent, Present}
    FullName                 [string]             False {}               
    Password                 [PSCredential]       False {}               
    PasswordChangeNotAllowed [bool]               False {}               
    PasswordChangeRequired   [bool]               False {}               
    PasswordNeverExpires     [bool]               False {} 
    #>


    Configuration testuser {
        param($pass='Pa$$w0rd')
    	
    	$pwd= $pass | ConvertTo-SecureString -AsPlainText -Force
    
    	node server-web{
        	    User testuser{
                UserName = "user1"
                FullName = "UserOne"
                PasswordChangeRequired = $false
                PasswordNeverExpires = $false
                Password = $pwd
            }
        }
    }


    Boe Prox
    Blog | Twitter
    PoshWSUS | PoshPAIG | PoshChat | PoshEventUI
    PowerShell Deep Dives Book


    • Edited by Boe ProxMVP Friday, February 20, 2015 6:52 PM display properties
    Friday, February 20, 2015 6:47 PM
  • You have to provide a credential object, not a secure string. Try this:

    configuration TestUser
    {
        param
        ( 
            [PSCredential]$Credential
        )
        node localhost
        {    
            User TestUser
            {
                UserName = $Credential.UserName
                Ensure = 'Present'
                Password = $Credential
                Description = 'User created by DSC'
                PasswordNeverExpires = $true
                PasswordChangeNotAllowed = $true
            }
        }
    }
    
    $ConfigData = @{   
        AllNodes = @(        
            @{     
                NodeName = 'localhost'
                PSDscAllowPlainTextPassword=$true
            } 
        )  
    } 
    
    TestUser -ConfigurationData $ConfigData -Credential (Get-Credential)

    I figure you don't have certificates in place to encrypt the password in the MOF file so you need to provide the overwrite to allow plain text passwords as configuration data.

    HTH Ben

    • Proposed as answer by Ben GelensMVP Friday, February 20, 2015 7:20 PM
    • Marked as answer by AnnaWY Tuesday, March 10, 2015 9:15 AM
    Friday, February 20, 2015 7:15 PM
  • Hi FG,

    I’m writing to just check in to see if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.

    If you have any feedback on our support, please click here.

    Best Regards,

    Anna Wang


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Monday, March 9, 2015 7:48 AM