diff --git a/CHANGELOG.md b/CHANGELOG.md index 014fb7f..820c3b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,27 @@ +**1.5** + +Issues: +- GH-27: Improve management of OSUser. +- GH-12: Avoid downloading when the file is already available. + +In detail: +- `Initialize-ISHUser` is **deleted** and split into `Set-ISHUserLocal`, `Set-ISHUserAdministrator`, `Initialize-ISHUserLocalProfile` and `Initialize-ISHRegistry`. + - `Set-ISHUserLocal` adds the osuser when necessary to the local user registry. When the user exists, it will update the password. + - `Set-ISHUserAdministrator` sets the osuser as the local administrator. + - `Initialize-ISHUserLocalProfile` forces the osuser to fully initialize, including the user profile directory. + - `Initialize-ISHRegistry` disables registry unload. +- `Get-ISHNormalizedCredential` normalizes the credentials so they are good with all cmdlets. This is required before using any cmdlet that accepts credentials for the osuser. +- `Get-ISHPrerequisites` will skip downloading files that are already downloaded. Use the `-Force` parameter to force the download regardless. + **1.4** --GH-23: New dependency to [PoshPrivilege](https://www.powershellgallery.com/packages/PoshPrivilege/) for `Grant-ISHUserLogOnAsService`. +Issues: +- GH-23: New dependency to [PoshPrivilege](https://www.powershellgallery.com/packages/PoshPrivilege/) for `Grant-ISHUserLogOnAsService`. **1.3** Issues: + - GH-20: Install-ISHWindowsFeature failes withing a Docker container **1.2** diff --git a/Source/Modules/ISHServer/Get-ISHCD.ps1 b/Source/Modules/ISHServer/Get-ISHCD.ps1 index addb8d2..08fe79b 100644 --- a/Source/Modules/ISHServer/Get-ISHCD.ps1 +++ b/Source/Modules/ISHServer/Get-ISHCD.ps1 @@ -63,6 +63,11 @@ function Get-ISHCD [Parameter(Mandatory=$false,ParameterSetName="From Azure FileStorage")] [Parameter(Mandatory=$false,ParameterSetName="From Azure BlobStorage")] [switch]$Expand=$false, + [Parameter(Mandatory=$false,ParameterSetName="From FTP")] + [Parameter(Mandatory=$false,ParameterSetName="From AWS S3")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure FileStorage")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure BlobStorage")] + [switch]$Force=$false, [Parameter(Mandatory=$true,ParameterSetName="List")] [switch]$ListAvailable ) @@ -86,7 +91,7 @@ function Get-ISHCD 'From FTP' { . $PSScriptRoot\Private\Get-ISHFTPItem.ps1 - $newItem=Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $FTPPath -LocalPath $localPath + $newItem=Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $FTPPath -LocalPath $localPath -Force:$Force if($Expand) { . $PSScriptRoot\Expand-ISHCD.ps1 @@ -107,7 +112,7 @@ function Get-ISHCD SessionToken=$SessionToken } - $newItem=Get-ISHS3Object -Key $Key @hash + $newItem=Get-ISHS3Object -Key $Key @hash -Force:$Force if($Expand) { . $PSScriptRoot\Expand-ISHCD.ps1 @@ -124,7 +129,7 @@ function Get-ISHCD StorageAccountKey=$StorageAccountKey } - $newItem=Get-ISHAzureFileObject -Path $Path @hash + $newItem=Get-ISHAzureFileObject -Path $Path @hash -Force:$Force if($Expand) { . $PSScriptRoot\Expand-ISHCD.ps1 @@ -141,7 +146,7 @@ function Get-ISHCD StorageAccountKey=$StorageAccountKey } - $newItem=Get-ISHAzureBlobObject -BlobName $BlobName @hash + $newItem=Get-ISHAzureBlobObject -BlobName $BlobName @hash -Force:$Force if($Expand) { . $PSScriptRoot\Expand-ISHCD.ps1 diff --git a/Source/Modules/ISHServer/Get-ISHNormalizedCredential.ps1 b/Source/Modules/ISHServer/Get-ISHNormalizedCredential.ps1 new file mode 100644 index 0000000..fe482f4 --- /dev/null +++ b/Source/Modules/ISHServer/Get-ISHNormalizedCredential.ps1 @@ -0,0 +1,52 @@ +<# +# Copyright (c) 2014 All Rights Reserved by the SDL Group. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#> + +function Get-ISHNormalizedCredential +{ + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [pscredential]$Credentials + ) + + begin + { + } + + process + { + + if($Credentials.UserName.StartsWith(".\")) + { + Write-Warning "Credentials normalization.Replaced .\ with $env:COMPUTERNAME" + New-Object System.Management.Automation.PSCredential($Credentials.UserName.Replace(".",$env:COMPUTERNAME),$Credentials.Password) + } + elseif($Credentials.UserName.indexOf("\") -lt 0) + { + Write-Warning "Credentials normalization.Prefixed with $env:COMPUTERNAME" + New-Object System.Management.Automation.PSCredential("$env:COMPUTERNAME\$($Credentials.UserName)",$Credentials.Password) + } + else + { + $Credentials + } + } + + end + { + + } +} diff --git a/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH12.ps1 b/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH12.ps1 index 9550bad..1a2de7f 100644 --- a/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH12.ps1 +++ b/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH12.ps1 @@ -53,6 +53,11 @@ function Get-ISHPrerequisites [Parameter(Mandatory=$true,ParameterSetName="From Azure FileStorage")] [Parameter(Mandatory=$true,ParameterSetName="From Azure BlobStorage")] [string]$StorageAccountKey, + [Parameter(Mandatory=$false,ParameterSetName="From FTP")] + [Parameter(Mandatory=$false,ParameterSetName="From AWS S3")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure FileStorage")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure BlobStorage")] + [switch]$Force=$false, [Parameter(Mandatory=$true,ParameterSetName="No Download")] [switch]$FileNames ) @@ -107,23 +112,26 @@ function Get-ISHPrerequisites $filesToDownload+="vbrun60sp6.exe" } + if($PSCmdlet.ParameterSetName -ne "No Download") + { + $localPath=Get-ISHServerFolderPath + } + switch ($PSCmdlet.ParameterSetName) { 'From FTP' { . $PSScriptRoot\Private\Get-ISHFTPItem.ps1 - $localPath=Get-ISHServerFolderPath $paths=@() $filesToDownload | ForEach-Object { $paths+="$FTPFolder$_" } - Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $paths -LocalPath $localPath | Out-Null + Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $paths -LocalPath $localPath -Force:$Force | Out-Null break } 'From AWS S3' { . $PSScriptRoot\Private\Get-ISHS3Object.ps1 - $localPath=Get-ISHServerFolderPath $hash=@{ BucketName=$BucketName LocalFolder=$localPath @@ -138,7 +146,7 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $keys+="$FolderKey$_" } - Get-ISHS3Object -Key $keys @hash | Out-Null + Get-ISHS3Object -Key $keys @hash -Force:$Force | Out-Null break } 'From Azure FileStorage' { @@ -155,13 +163,12 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $paths+="$FolderPath$_" } - Get-ISHAzureFileObject -Path $paths @hash | Out-Null + Get-ISHAzureFileObject -Path $paths @hash -Force:$Force | Out-Null break } 'From Azure BlobStorage' { . $PSScriptRoot\Private\Get-ISHAzureBlobObject.ps1 - $localPath=Get-ISHServerFolderPath $hash=@{ ContainerName=$ContainerName LocalFolder=$localPath @@ -172,7 +179,7 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $blobs+="$FolderPath$_" } - Get-ISHAzureBlobObject -BlobName $blobs @hash | Out-Null + Get-ISHAzureBlobObject -BlobName $blobs @hash -Force:$Force | Out-Null break } 'No Download' { diff --git a/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH13.ps1 b/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH13.ps1 index e48e8cb..d20d969 100644 --- a/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH13.ps1 +++ b/Source/Modules/ISHServer/Get-ISHPrerequisites.ISH13.ps1 @@ -53,6 +53,11 @@ function Get-ISHPrerequisites [Parameter(Mandatory=$true,ParameterSetName="From Azure FileStorage")] [Parameter(Mandatory=$true,ParameterSetName="From Azure BlobStorage")] [string]$StorageAccountKey, + [Parameter(Mandatory=$false,ParameterSetName="From FTP")] + [Parameter(Mandatory=$false,ParameterSetName="From AWS S3")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure FileStorage")] + [Parameter(Mandatory=$false,ParameterSetName="From Azure BlobStorage")] + [switch]$Force=$false, [Parameter(Mandatory=$true,ParameterSetName="No Download")] [switch]$FileNames ) @@ -116,23 +121,26 @@ function Get-ISHPrerequisites $filesToDownload+="vbrun60sp6.exe" } + if($PSCmdlet.ParameterSetName -ne "No Download") + { + $localPath=Get-ISHServerFolderPath + } + switch ($PSCmdlet.ParameterSetName) { 'From FTP' { . $PSScriptRoot\Private\Get-ISHFTPItem.ps1 - $localPath=Get-ISHServerFolderPath $paths=@() $filesToDownload | ForEach-Object { $paths+="$FTPFolder$_" } - Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $paths -LocalPath $localPath | Out-Null + Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $paths -LocalPath $localPath -Force:$Force | Out-Null break } 'From AWS S3' { . $PSScriptRoot\Private\Get-ISHS3Object.ps1 - $localPath=Get-ISHServerFolderPath $hash=@{ BucketName=$BucketName LocalFolder=$localPath @@ -147,13 +155,12 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $keys+="$FolderKey$_" } - Get-ISHS3Object -Key $keys @hash | Out-Null + Get-ISHS3Object -Key $keys @hash -Force:$Force | Out-Null break } 'From Azure FileStorage' { . $PSScriptRoot\Private\Get-ISHAzureFileObject.ps1 - $localPath=Get-ISHServerFolderPath $hash=@{ ShareName=$ShareName LocalFolder=$localPath @@ -164,7 +171,7 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $paths+="$FolderPath$_" } - Get-ISHAzureFileObject -Path $paths @hash | Out-Null + Get-ISHAzureFileObject -Path $paths @hash -Force:$Force | Out-Null break } 'From Azure BlobStorage' { @@ -181,7 +188,7 @@ function Get-ISHPrerequisites $filesToDownload | ForEach-Object { $blobs+="$FolderPath$_" } - Get-ISHAzureBlobObject -BlobName $blobs @hash | Out-Null + Get-ISHAzureBlobObject -BlobName $blobs @hash -Force:$Force | Out-Null break } 'No Download' { diff --git a/Source/Modules/ISHServer/ISHServer.12.psm1 b/Source/Modules/ISHServer/ISHServer.12.psm1 index 4d8f344..da298b4 100644 --- a/Source/Modules/ISHServer/ISHServer.12.psm1 +++ b/Source/Modules/ISHServer/ISHServer.12.psm1 @@ -22,6 +22,7 @@ $exportNames=@( "Get-ISHServerFolderPath" "Grant-ISHUserLogOnAsService" "Get-ISHCOMPlus" + "Get-ISHNormalizedCredential" #endregion #region Ports @@ -39,7 +40,10 @@ $exportNames=@( "Get-ISHPrerequisites.ISH12" "Initialize-ISHLocale" "Initialize-ISHIIS" - "Initialize-ISHUser" + "Initialize-ISHUserLocalProfile" + "Set-ISHUserLocal" + "Set-ISHUserAdministrator" + "Initialize-ISHRegistry" "Initialize-ISHMSDTCSettings" "Initialize-ISHMSDTCTransactionTimeout" #endregion diff --git a/Source/Modules/ISHServer/ISHServer.13.psm1 b/Source/Modules/ISHServer/ISHServer.13.psm1 index 38c97a2..977a9fe 100644 --- a/Source/Modules/ISHServer/ISHServer.13.psm1 +++ b/Source/Modules/ISHServer/ISHServer.13.psm1 @@ -22,6 +22,7 @@ $exportNames=@( "Get-ISHServerFolderPath" "Grant-ISHUserLogOnAsService" "Get-ISHCOMPlus" + "Get-ISHNormalizedCredential" #endregion #region Ports @@ -39,7 +40,10 @@ $exportNames=@( "Get-ISHPrerequisites.ISH13" "Initialize-ISHLocale" "Initialize-ISHIIS" - "Initialize-ISHUser" + "Initialize-ISHUserLocalProfile" + "Set-ISHUserLocal" + "Set-ISHUserAdministrator" + "Initialize-ISHRegistry" #endregion #region Install diff --git a/Source/Modules/ISHServer/Initialize-ISHRegistry.ps1 b/Source/Modules/ISHServer/Initialize-ISHRegistry.ps1 new file mode 100644 index 0000000..2c4d181 --- /dev/null +++ b/Source/Modules/ISHServer/Initialize-ISHRegistry.ps1 @@ -0,0 +1,42 @@ +<# +# Copyright (c) 2014 All Rights Reserved by the SDL Group. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#> + + +function Initialize-ISHRegistry +{ + [CmdletBinding()] + param ( + ) + + begin + { + . $PSScriptRoot\Private\Test-RunningAsElevated.ps1 + Test-RunningAsElevated -StopCallerPSCmdlet $PSCmdlet + } + + process + { + # http://docs.sdl.com/LiveContent/content/en-US/SDL%20Knowledge%20Center%20full%20documentation-v2/GUID-70BAEF73-D2B4-488B-8F71-505DB8ACB244 + Write-Debug "Disabling Force Unload of registry" + Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name DisableForceUnload -Value $true + Write-Verbose "Disabled Force Unload of registry" + } + + end + { + + } +} diff --git a/Source/Modules/ISHServer/Initialize-ISHUserLocalProfile.ps1 b/Source/Modules/ISHServer/Initialize-ISHUserLocalProfile.ps1 new file mode 100644 index 0000000..b68c7ed --- /dev/null +++ b/Source/Modules/ISHServer/Initialize-ISHUserLocalProfile.ps1 @@ -0,0 +1,126 @@ +<# +# Copyright (c) 2014 All Rights Reserved by the SDL Group. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#> + +#requires -Module PoshPrivilege + +function Initialize-ISHUserLocalProfile +{ + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [pscredential]$OSUserCredentials + ) + + begin + { + . $PSScriptRoot\Private\Test-RunningAsElevated.ps1 + Test-RunningAsElevated -StopCallerPSCmdlet $PSCmdlet + } + + process + { + $OSUserCredentials=Get-ISHNormalizedCredential -Credentials $OSUserCredentials + $osUserName=$OSUserCredentials.UserName + $osUserPassword=$OsUserCredentials.GetNetworkCredential().Password + Write-Verbose "Normalized Credentials" + Write-Debug "osUserName=$osUserName" + + $arguments=@( + "-Command" + "' { } '" + ) + $powerShellPath=& C:\Windows\System32\where.exe powershell + + Write-Debug "powerShellPath=$powerShellPath" + + # Check if execution is within a remoting session + if(Test-Path -Path Variable:\PSSenderInfo) + { + $useScheduledTask=$true + } + # Check if execution is invoked by the Windows SYSTEM user. Typically for AWS CodeDeploy and UserData execution + elseif($env:USERNAME -eq "NT AUTHORITY\SYSTEM") + { + $useScheduledTask=$true + } + # Check if execution is invoked by the Windows SYSTEM user. Typically for AWS CodeDeploy and UserData execution + elseif($env:USERNAME -eq "$($env:computername)`$") + { + $useScheduledTask=$true + } + else + { + $useScheduledTask=$false + } + Write-Debug "useScheduledTask=$useScheduledTask" + + # When the script is executing within a remoting session or from the Windows System user, we need to create and destroy a scheduled task that will force the user's profile initialization. + if($useScheduledTask) + { + Write-Verbose "Using a scheduled task to initialize $osUserName" + + Write-Debug "Added SeBatchLogonRight privilege to $osUserName" + Add-Privilege -AccountName $osUserName -Privilege SeBatchLogonRight + Write-Verbose "Added SeBatchLogonRight privilege to $osUserName" + + $taskName="Initialize $osUserName user profile" + $argumentList=$arguments -join ' ' + $command="Start-Process -FilePath powershell -LoadUserProfile -Wait -ArgumentList ""$argumentList""" + $action = New-ScheduledTaskAction -Execute $powerShellPath -Argument "-Command '& { $command }'" + Write-Debug "taskName=$taskName" + Write-Debug "command=$command" + Write-Debug "argumentList=$argumentList" + Write-Debug "Register and starting Scheduled Task $taskName" + $task = Register-ScheduledTask -TaskName $taskName -Action $action -User $osUserName -Password $osUserPassword + Write-Verbose "Scheduled Task $taskName registered" + + Start-ScheduledTask -InputObject $task + Write-Verbose "Scheduled Task $taskName started" + + $state=($task|Get-ScheduledTask).State + Write-Debug "Scheduled Task $taskName state is $state." + while($state -eq "Ready") + { + Start-Sleep -Milliseconds 500 + Write-Debug "Waiting for Scheduled Task $taskName" + + $state=($task|Get-ScheduledTask).State + Write-Debug "Scheduled Task $taskName state is $state." + } + Write-Verbose "Scheduled Task $taskName removed" + + Write-Debug "Removing Scheduled Task $taskName" + $task|Unregister-ScheduledTask -Confirm:$false + Write-Verbose "Scheduled Task $taskName removed" + + Write-Debug "Removing SeBatchLogonRight privilege from $osUserName" + Remove-Privilege -AccountName $osUserName -Privilege SeBatchLogonRight + Write-Verbose "Removed SeBatchLogonRight privilege from $osUserName" + } + else + { + Write-Verbose "Using a normal process to initialize $osUserName" + Write-Debug "Starting process" + Start-Process -FilePath $powerShellPath -ArgumentList $arguments -Credential $OsUserCredentials -LoadUserProfile -NoNewWindow -Wait + Write-Verbose "Finished process" + } + } + + end + { + + } +} diff --git a/Source/Modules/ISHServer/Private/Get-ISHAzureBlobObject.ps1 b/Source/Modules/ISHServer/Private/Get-ISHAzureBlobObject.ps1 index 79f978e..e795420 100644 --- a/Source/Modules/ISHServer/Private/Get-ISHAzureBlobObject.ps1 +++ b/Source/Modules/ISHServer/Private/Get-ISHAzureBlobObject.ps1 @@ -53,7 +53,7 @@ function Get-ISHAzureBlobObject } else { - Write-Verbose "Skipped $_ already exists at $localFile" + Write-Warning "Skipped $_ already exists at $localFile" } Get-Item -Path $localFile } diff --git a/Source/Modules/ISHServer/Private/Get-ISHAzureFileObject.ps1 b/Source/Modules/ISHServer/Private/Get-ISHAzureFileObject.ps1 index a8b4946..c83875f 100644 --- a/Source/Modules/ISHServer/Private/Get-ISHAzureFileObject.ps1 +++ b/Source/Modules/ISHServer/Private/Get-ISHAzureFileObject.ps1 @@ -53,7 +53,7 @@ function Get-ISHAzureFileObject } else { - Write-Verbose "Skipped $_ already exists at $localFile" + Write-Warning "Skipped $_ already exists at $localFile" } Get-Item -Path $localFile } diff --git a/Source/Modules/ISHServer/Private/Get-ISHFTPItem.ps1 b/Source/Modules/ISHServer/Private/Get-ISHFTPItem.ps1 index 6f4e202..e2f14e1 100644 --- a/Source/Modules/ISHServer/Private/Get-ISHFTPItem.ps1 +++ b/Source/Modules/ISHServer/Private/Get-ISHFTPItem.ps1 @@ -25,7 +25,9 @@ function Get-ISHFTPItem [Parameter(Mandatory=$true)] [string[]]$Path, [Parameter(Mandatory=$true)] - [string]$LocalPath + [string]$LocalPath, + [Parameter(Mandatory=$false)] + [switch]$Force=$false ) begin @@ -38,10 +40,18 @@ function Get-ISHFTPItem { $Path | ForEach-Object { Write-Debug "Path=$_" - Get-FTPItem -Path $_ -LocalPath $LocalPath -Overwrite - Write-Verbose "Downloaded $_ to $LocalPath" - $filePath=Join-Path $LocalPath ($_.Substring($_.LastIndexOf('/')+1)) - Get-Item -Path $filePath + $localFile=Join-Path $LocalPath ($_.Substring($_.LastIndexOf('/')+1)) + Write-Debug "localFile=$localFile" + if(-not (Test-Path $localFile) -or $Force) + { + Get-FTPItem -Path $_ -LocalPath $LocalPath -Overwrite + Write-Verbose "Downloaded $_ to $LocalPath" + } + else + { + Write-Warning "Skipped $_ already exists at $localFile" + } + Get-Item -Path $localFile } } diff --git a/Source/Modules/ISHServer/Private/Get-ISHS3Object.ps1 b/Source/Modules/ISHServer/Private/Get-ISHS3Object.ps1 index 24c70c9..63a1bc8 100644 --- a/Source/Modules/ISHServer/Private/Get-ISHS3Object.ps1 +++ b/Source/Modules/ISHServer/Private/Get-ISHS3Object.ps1 @@ -35,7 +35,9 @@ function Get-ISHS3Object [Parameter(Mandatory=$false)] [string]$SecretKey, [Parameter(Mandatory=$false)] - [string]$SessionToken + [string]$SessionToken, + [Parameter(Mandatory=$false)] + [switch]$Force=$false ) begin @@ -68,11 +70,18 @@ function Get-ISHS3Object process { $Key | ForEach-Object { - $localFile=Join-Path $LocalFolder ($_.Substring($_.LastIndexOf('/')+1)) Write-Debug "key=$_" + $localFile=Join-Path $LocalFolder ($_.Substring($_.LastIndexOf('/')+1)) Write-Debug "localFile=$localFile" - Copy-S3Object -Key $_ -LocalFile $localFile @hash - Write-Verbose "Downloaded $_ to $localFile" + if(-not (Test-Path $localFile) -or $Force) + { + Copy-S3Object -Key $_ -LocalFile $localFile @hash + Write-Verbose "Downloaded $_ to $localFile" + } + else + { + Write-Warning "Skipped $_ already exists at $localFile" + } } } diff --git a/Source/Modules/ISHServer/Set-ISHToolAntennaHouseLicense.ps1 b/Source/Modules/ISHServer/Set-ISHToolAntennaHouseLicense.ps1 index 1bc0a46..26b7a14 100644 --- a/Source/Modules/ISHServer/Set-ISHToolAntennaHouseLicense.ps1 +++ b/Source/Modules/ISHServer/Set-ISHToolAntennaHouseLicense.ps1 @@ -91,7 +91,7 @@ function Set-ISHToolAntennaHouseLicense switch ($PSCmdlet.ParameterSetName) { 'From FTP' { - Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $FTPPath -LocalPath $antennaHouseFolderPath | Out-Null + Get-ISHFTPItem -FTPHost $FTPHost -Credential $Credential -Path $FTPPath -LocalPath $antennaHouseFolderPath -Force | Out-Null break } 'From AWS S3' { @@ -107,7 +107,7 @@ function Set-ISHToolAntennaHouseLicense SessionToken=$SessionToken } - Get-ISHS3Object -Key $Key @hash | Out-Null + Get-ISHS3Object -Key $Key @hash -Force | Out-Null break } 'From Azure FileStorage' { @@ -119,7 +119,7 @@ function Set-ISHToolAntennaHouseLicense StorageAccountKey=$StorageAccountKey } - Get-ISHAzureFileObject -Path $Path @hash | Out-Null + Get-ISHAzureFileObject -Path $Path @hash -Force | Out-Null break } 'From Azure BlobStorage' { @@ -131,7 +131,7 @@ function Set-ISHToolAntennaHouseLicense StorageAccountKey=$StorageAccountKey } - Get-ISHAzureBlobObject -BlobName $Path @hash | Out-Null + Get-ISHAzureBlobObject -BlobName $Path @hash -Force | Out-Null break } 'Content' { diff --git a/Source/Modules/ISHServer/Initialize-ISHUser.ps1 b/Source/Modules/ISHServer/Set-ISHUserAdministrator.ps1 similarity index 69% rename from Source/Modules/ISHServer/Initialize-ISHUser.ps1 rename to Source/Modules/ISHServer/Set-ISHUserAdministrator.ps1 index 517fdec..a5eb273 100644 --- a/Source/Modules/ISHServer/Initialize-ISHUser.ps1 +++ b/Source/Modules/ISHServer/Set-ISHUserAdministrator.ps1 @@ -14,7 +14,8 @@ # limitations under the License. #> -function Initialize-ISHUser + +function Set-ISHUserAdministrator { [CmdletBinding()] param ( @@ -38,13 +39,15 @@ function Initialize-ISHUser if(Get-Module "Microsoft.PowerShell.LocalAccounts" -ListAvailable) { # https://technet.microsoft.com/en-us/library/mt651690.aspx - if(-not (Get-LocalGroupMember -Name Administrators -Member $OSUser -ErrorAction SilentlyContinue)) + if(-not (Get-LocalGroupMember -Name Administrators |Where-Object -Property Name -EQ $OSUser)) { Add-LocalGroupMember -Group "Administrators" -Member $OSUser } + Write-Verbose "Added $OSUser to Administrators" } else { + Write-Warning "Using net.exe commands because Microsoft.PowerShell.LocalAccounts module is not available" if((& net localgroup Administrators) -notcontains $OSUser) { $netCmdArgs=@( @@ -55,19 +58,9 @@ function Initialize-ISHUser ) & net $netCmdArgs } + Write-Verbose "Added $OSUser to Administrators" } - Write-Verbose "Added $OSUser to Administrators" - - # Grant Log on as Service to the osuser - Write-Debug "Granting ServiceLogonRight to $OSUser" - Grant-ISHUserLogOnAsService -User $OSUser - Write-Verbose "Granted ServiceLogonRight to $OSUser" - - # http://docs.sdl.com/LiveContent/content/en-US/SDL%20Knowledge%20Center%20full%20documentation-v2/GUID-70BAEF73-D2B4-488B-8F71-505DB8ACB244 - Write-Debug "Disabling Force Unload of registry" - Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name DisableForceUnload -Value $true - Write-Verbose "Disabled Force Unload of registry" } end diff --git a/Source/Modules/ISHServer/Set-ISHUserLocal.ps1 b/Source/Modules/ISHServer/Set-ISHUserLocal.ps1 new file mode 100644 index 0000000..66a987f --- /dev/null +++ b/Source/Modules/ISHServer/Set-ISHUserLocal.ps1 @@ -0,0 +1,130 @@ +<# +# Copyright (c) 2014 All Rights Reserved by the SDL Group. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#> + + +function Set-ISHUserLocal +{ + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [pscredential]$OSUserCredentials + ) + + begin + { + . $PSScriptRoot\Private\Test-RunningAsElevated.ps1 + Test-RunningAsElevated -StopCallerPSCmdlet $PSCmdlet + } + + process + { + $osUserName=$OSUserCredentials.UserName + $osUserPassword=$OsUserCredentials.GetNetworkCredential().Password + $localUserNameToAdd=$osUserName.Substring($osUserName.IndexOf('\')+1) + + Write-Verbose "Normalized Credentials" + Write-Debug "osUserName=$osUserName" + + if($OsUserCredentials.UserName.StartsWith("$($env:computername)\")) + { + $overwriteLocalUser=$true + } + elseif($OsUserCredentials.UserName.StartsWith(".\")) + { + $overwriteLocalUser=$true + } + elseif($OsUserCredentials.UserName.indexOf("\") -lt 0) + { + $overwriteLocalUser=$true + } + else + { + $overwriteLocalUser=$false + } + + Write-Debug "overwriteLocalUser=$overwriteLocalUser" + + if($overwriteLocalUser) + { + $localUserName=$osUserName.Substring($osUserName.IndexOf('\')+1) + Write-Debug "localUserNameToAdd=$localUserName" + + if(Get-Module Microsoft.PowerShell.LocalAccounts -ListAvailable) + { + if(Get-LocalUser -Name $localUserName -ErrorAction SilentlyContinue) + { + Set-LocalUser -Name $localUserName -Password $OsUserCredentials.Password -AccountNeverExpires + Write-Verbose "Updated $localUserName" + } + else + { + New-LocalUser -Name $localUserName -Password $OsUserCredentials.Password -AccountNeverExpires -PasswordNeverExpires + Write-Verbose "Created $localUserName" + } + } + else + { + Write-Warning "Using net.exe commands because Microsoft.PowerShell.LocalAccounts module is not available" + + Write-Debug "Querying local users for $localUserName" + $netUserOutput=& net user + $lineHasUsers=$false + $existingUsers=@() + for($i=0;$i -lt $netUserOutput.Count;$i++) + { + if($netUserOutput[$i] -eq "The command completed successfully.") + { + $lineHasUsers=$false + } + if($lineHasUsers) + { + $existingUsers+=$netUserOutput[$i].Split(' ')|Where-Object {$_ -ne ""} + } + if($netUserOutput[$i].StartsWith("---------")) + { + $lineHasUsers=$true + } + } + + if($existingUsers -contains $localUserName) + { + & NET USER $localUserName $osUserPassword + Write-Verbose "Updated $localUserName" + } + else + { + & NET USER $localUserName $osUserPassword /ADD + $user = [adsi]"WinNT://$env:computername/$localUserName" + $user.UserFlags.value = $user.UserFlags.value -bor 0x10000 + $user.CommitChanges() + + Write-Verbose "Created $localUserName" + } + + } + } + + # Grant Log on as Service to the osuser + Write-Debug "Granting ServiceLogonRight to $OSUser" + Grant-ISHUserLogOnAsService -User $osUserName + Write-Verbose "Granted ServiceLogonRight to $OSUser" + } + + end + { + + } +} diff --git a/Source/Modules/ISHServer/metadata.ps1 b/Source/Modules/ISHServer/metadata.ps1 index 553e15b..fb8387d 100644 --- a/Source/Modules/ISHServer/metadata.ps1 +++ b/Source/Modules/ISHServer/metadata.ps1 @@ -15,5 +15,5 @@ #> <#PSScriptInfo -.VERSION 1.4 -#> \ No newline at end of file +.VERSION 1.5 +#>