Jump to content

[beta] User Creation Tool


Recommended Posts

:hello:

Although there seem to be many methods for creating users during an unattended setup I was looking for some tool that would allow the possibility to interact with the user creation process during an unattended installation, especially after burning my source on a CD/DVD. The oobe method doesn't provide this option neither does a registry hack via some batch.

Hence this little tool was created (see attached).

imagelongac8.th.jpg

How it works:

Place the exe in the same folder with an INI file that you will create and should look like this:

NewUser.ini

[Interface]
CheckValues=0
CancelButton=1
Confirm=1
PasswordCheck=1
MACAddressOveridesSections=1
ParseUserSection=1
ParseComputerSection=1
ParseSecuritySection=1
CheckIfUserExists=1
EnableTimeOut=1
TimeOut=120000
Beep=1
BeepWarning=1
BeepFreq=500
BeepDuration=100

[UserInfo]
FirstName=John
LastName=Doe
Description=System Administrator
UserName=jdoe
Password=123
UnlimitedPass=1
AutoLogon=1
Admin=1

[ComputerInfo]
CompName=DeployedPC
CompWorkGroup=HomeNet
CompDesc=Unattended Windows XP
RegOwner=John Doe
RegOrg=Some Company, Inc.

[ComputerInfo_1]
MAC=00-90-56-C0-DD-00
CompName=DeployedPCA
CompWorkGroup=HomeNetA
CompDesc=Unattended Windows XP (A)
RegOwner=John Doe
RegOrg=Some Company, Inc.
ParseSecuritySection=1
FirstName=Jack
LastName=Doe
Description=System Administrator (A)
UserName=jdoe
Password=567
UnlimitedPass=1
AutoLogon=1
Admin=1
FakeAdmin=1
FakeGuest=1
RenameAdmin=1
RenameGuest=1
DisableAdmin=1
ForcedLogon=1
NewAdminName=rootA
NewGuestName=NewGuestA
HideNewAdmin=1

...

[ComputerInfo_n]
MAC=00-44-45-AB-D0-08
CompName=DeployedPCB
CompWorkGroup=HomeNetB
CompDesc=Unattended Windows XP (B)
RegOwner=John Doe
RegOrg=Yet Another Company, Inc.
ParseSecuritySection=0
FirstName=Jim
LastName=Doe
Description=System Administrator (B)
UserName=jimdoe
Password=567891
UnlimitedPass=1
AutoLogon=1
Admin=1
FakeAdmin=
FakeGuest=
RenameAdmin=
RenameGuest=
DisableAdmin=
ForcedLogon=
NewAdminName=
NewGuestName=
HideNewAdmin=

[SecurityInfo]
FakeAdmin=1
FakeGuest=1
RenameAdmin=1
RenameGuest=1
NewAdminName=root
NewGuestName=NewGuest
DisableAdmin=1
ForcedLogon=0
HideNewAdmin=1

The [interface] Section contains entries that can be either 1 or 0.

CheckValues forces the program to check if the user has filled all fields.

CancelButton displays or hides the cancel button.

Confirm invokes a dialog asking if you really want to proceed with the user creation process (...)

PasswordCheck will disable password checking and will force an empty password

(new!) MACAddressOveridesSections will override all the [userIfo] and [securityInfo] values and will force reading them directly from an appropriate [ComputerInfo_n] section

ParseUserSection if set to 0 the user-creation part will not get processed

ParseComputerSection if set to 0 the computer-renaming part will not get processed

ParseSecuritySection if set to 0 the security section will not be processed

CheckIfUserExists if set to 1 will force a check for the username in the local user database

EnableTimeOut if set to 0 will disable the timeout and the next parameter (TimeOut) will be ignored

TimeOut is the time that you want the program to wait before adding the user. Note that this value is in milliseconds.

Beep if set to 1 it enables a sound from the PC speaker when the progress bar is changing

BeepWarning if set to 1 will only allow the sound when the bar is at 50% or less of the TimeOut value

BeepFreq sets the frequency of the sound (50 - 5000)

BeepDuration sets the duration in ms of the sound (50 - 1000)

The first five values of the [userInfo] section are self explanatory.

Admin can be either 1 or 0. In the first case the created user will be added to the admin group. If the value is 0 then the user will be added to the users group.

UnlimitedPass can be either 1 or 0. In the first case the password will be set not to expire.

AutoLogon can also be 1 or 0. If it is set to 1 then the user will be automatically logged to the system.

The [ComputerInfo] section controls five parameters:

CompName and CompDesc and can be used to setup the computer's name and description

CompWorkGroup is used to set the name of the workgroup for the PC and join it.

RegOwner is used to set the registered owner of the local PC

RegOrg is used to set the registered organization of the local PC

Additionally, the program looks for n [ComputerInfo_n] sections which contain similar information to the [ComputerInfo] section but they are tied to specific MAC addresses.

A [ComputerInfo_n] section contains, in addition to the above, a parameter called MAC which is used to identify the physical address of a network controller. If upon execution the MAC address of an ethernet

controller matches the value of the MAC parameter in a [ComputerInfo_n] section then all the computer parameters (Name, Workgroup etc) will be read from that section.

As of v.1.8 if the MACAddressOveridesSections flag is active in the [interface] section then the following values can also be parsed from the [ComputerInfo_n] section that contains a matching MAC address:

ParseSecuritySection

FirstName

LastName

Description

UserName

Password

UnlimitedPass

AutoLogon

Admin

FakeAdmin

FakeGuest

RenameAdmin

RenameGuest

DisableAdmin

ForcedLogon

NewAdminName

NewGuestName

HideNewAdmin

These values will now override the ones in [userInfo] and [securityInfo] sections!

If however there is no match of the MAC values from each section to the MAC address of an ethernet controller on the target PC then the values from the initial [ComputerInfo] [userInfo] and [securityInfo] section will be used instead.

The [securityInfo] section controls the following parameters:

FakeAdmin if set to 1 the tool will create an account called 'Administrator' (or whatever the name in your localized version of windows) which will be set with a loooong MD5 password and will be locked and inactive.

FakeGuest if set to 1 the tool will generate a Fake Guest account similar to the Administrator account described above

RenameAdmin if set to 1 the tool will attempt to rename the default Administrator account

RenameGuest same as above, if set to 1 the tool will rename the Guest account

NewAdminName if you chose to rename the administrator account this field holds the new name

NewGuestName if you chose to rename the guest account this field holds the new name

DisableAdmin if set to 1 then the administrator (or the renamed administrator) account will be disabled

ForcedLogon if set to 1 will cause windows to automatically login the default user upon logoff

HideNewAdmin [Windows XP] if set to 1 this will hide the renamed administrator account from the list of users that can log on the PC

As of v1.0 setting any of the Parse[]Section parameters to 0 will result in inactivating the relevant section on the GUI. For example ParseUserSection=0 and ParseComputerSection=0 will look like this:

imagelongsecxs6.th.jpg

Call the exe from a script so that the new user will be created. I am running it from cmdlines using the following batch file:

user.bat

@ECHO OFF
CMDOW @ /HID
TITLE Creating Windows XP Users
%SystemDrive%
CD %SystemRoot%Scriptsusers
START /WAIT %SystemRoot%ScriptsCreateUser.exe

In the above example both files (the EXE and the INI) are in $OEM$$Scripts inside my unattended CD/DVD. The INI contains my default information for the account to be created with a non-secure password (123 or something) which will be used only for the unattended setup and should be changed after that ...

In order to read the necessary values from another ini file the tool can be started using:

CreateUser.exe /INI="<full path to INI file><inifile.ini>"

Once the program is executed it will wait for the TimeOut period and then it will parse all the enabled sections UNLESS you click on the GUI, which allows for changes of all the information needed for the process.

Finally I should mention that it is working in my hands in Windows XP but I would consider it as a beta and would appreciate any feedback

B)

CF

ChangeLog

v.1.8.5

  • Added Dutch GUI Support
  • Fixed French GUI

Download program: NewUser.7z

Update Pack Addon (compatible with nLite/Integrator, compiled and maintained by Aserone) Thanks Aserone :)

GUI Translations

Since I am not able to translate the messages that pop-up in every language, I am attaching here the English strings used by the program so that any interested parties can translate in their own language and re-attach the new files on this thread. The attached 7z archive contains two files, an INI with the interface strings and a TXT with the pop-up messages. Try to keep the messages as concise as possible, especially the ones in the INI file as their size will affect the layout of the GUI. It is important that you save the files as ANSI rather than Unicode, since the NSIS compiler used to make the program will not be able to read the translated characters!

It would also be very helpful if people could provide the ANSI page code of the file with their strings. You can find a list of those codes here

Download language strings: Lang_Strings.7z(Only if you wish to translate the GUI to your language and contribute to this thread!)

ToDo

- Add support for CryptProtectData functionality

- Add multi-lingual interface/messages

Edited by cancerface
Link to comment
Share on other sites


I made a similar utility using an .hta script. I really like the clean look of your utility and the fact that it's an .exe file. Any chance you might be able to enable naming the computer from the same interface?

Here's a link to the thread where I posted.

Link to comment
Share on other sites

Nice layout on that one RogueSpear, I may have to redisign mine a bit :)

Yes it is easy to add the computer name (see new attachment).

newuser1il.th.jpg

Change the NewUser.ini to:

[UserInfo]
FirstName=<the user's first name>
LastName=<the user's last name>
Description=<user description>
UserName=<the username>
Password=<the password>
Admin=1
UnlimitedPass=1
AutoLogon=1
TimeOut=120000
[ComputerInfo]
CompName=DeployedPC
CompDesc=Unattended Windows XP

I am using a small tool called compname.exe to change the name and I assume that it will be located inside the System32 folder.

Note that if the computer name is left blank then the program will skip setting it up.

Let me know what you think :)

CF

[Edit]

Moved the attachment to the first post

Edited by cancerface
Link to comment
Share on other sites

I think you have a pretty promising little tool here. I'm not sure what you're developing your utility with, but if it's VB or C# or something from Microsoft, you could easily adapt my code to eliminate the dependance on outside utilities for renaming a computer and the user stuff too.

Link to comment
Share on other sites

@RogueSpear

This is the evolution of a rather old and simple batch script into a simple exe. Unfortunately it is not in VB or C++ although I have been thinking for some time to move it to Delphi. It is a simple NSIS script. I have altered the header of the NSIS exe a bit to accommodate the changes needed in order to have a larger window etc.

I could make calls directly to the windows API or even use tools that come with windows xp, like wmic for example, in order to avoid use of external utilities but this was never an issue since it does the simple job I wanted it to do. I would be interested to see what you have in mind though :yes:

@ abadaba

Can't you use the oobeinfo method to create the users, including an admin account then run this tool at cmdlines which will create another admin account and will set the autologon option? You can then delete the oobeinfo admin account from some batch script if you don't need it (not sure if you can use oobeinfo without creating an admin account ... Also I am not sure when oobeinfo creates the accounts) ...

CF

Link to comment
Share on other sites

I was big into programming years ago. When I say years ago, I mean like 15 to 20 years ago. About 2 years ago I started to fiddle with VBscript and just this year, a little bit of AutoIt. My HTA utility, like your utility, does the job. But I've been desperately searching for the time to immerse myself in VB.NET. I know it's not C# or C++, but it should be flexible enough to allow me to make the kind of tools I want. And it has some relation to VBscript, possibly making it easier for me to master.

I'll probably look at this as one of the first projects to try in VB.NET since I have the mechanics down already. I have to say it's kind of amazing what a little bit of batch coupled with NSIS is capable of doing :D

Regarding Delphi. I know it's a well regarded development environment, but personally I'd stear clear of anything having to do with Borland. They currently have all of their development tools up for sale so they can concentrate on something else. I don't remember what the something else is at the moment. It seems odd too since developer tools is really all they're known for.

Link to comment
Share on other sites

I came across NSIS about a year ago and was impressed at the simple yet powerful code that you can generate. I have never been big into programming and I can only qualify as a noob in delphi, however I started moving all my batch scripts a while ago into NSIS. Like you said, you get an exe rather than a cmd file and you can in fact talk to the native windows API without use of external tools + as an open source tool it allows you to get answers to your questions in no time ... If only I had more time in my hands :D

CF

[Edit]

I posted a small guide for an unattended firefox deployment that created a small banner showing information about the install process a while ago in this thread, based on an NSIS script ...

Edited by cancerface
Link to comment
Share on other sites

@kelsenellenelvian

Glad you like it :)

The cancel button is easy to implement, although in my setup this is how I create an admin account so if I hit cancel then the default 'administrator' account will be the one active during the unattended install (a bit pointless). Also I didn't really see the point in having multiple accounts as this tool is always run at cmdlines and was needed in order to get an admin account that could potentially be different than the one hard-coded to the INI. My scenario was to have an already burned unattended XP DVD which I use for my desktop at home and my laptop at work. I use a different account for these machines due to restrictions on my work environment, but I wanted to have the ability to silently deploy all my apps and settings using the appropriate account ...

I see however the point of having a tool that would allow the creation of multiple users in a batch mode giving at the same time control to the admin to change their names/properties ... In fact I was thinking of combining the oobeinfo way with my tool if possible so that a set of standard users can be created via oobeinfo, and then their info/usernames can be edited using my approach during the unattended setup. I will post my results as soon as I test this, although I am not sure if oobeinfo runs before the system goes into cmdlines ...

The other option is to have a post-install GUI for creating multiple users. Maybe something like that already exists; I have not searched around to be honest. :whistle:

CF

[Edit] Updated first post and uploaded a version with a cancel button

Edited by cancerface
Link to comment
Share on other sites

  • 2 weeks later...

Nice, however in need of improvement, I think.

Tried to create a (dummy) user foo (no surename), didn't work.

No fields are supposed to remain empty, that's why.

Link to comment
Share on other sites

@All

Thanks for the feedback, I appreciate it :D

@Mikka

The purpose was to create a real account that would substitute the Administrator during the first login and this is why it is checking for all the fields being filled. However it is easy to get rid of this check and just look for a username/password ...

@XPero :hello:

I have seen you actually posting on the NSIS forum ... Good work on xpize by the way :thumbup

@Dels

I have been using it with XP and I am pretty sure it should work in 2k and 2k3, although I have not tested it ... Not sure about 9x/ME though. At this stage it makes external calls to net.exe, compname.exe and cusrmgr.exe but I have not tested either of these in Win9x/ME ...

I am working on a version that does not depend on any external utilities, as per RogueSpear's suggestion but I am stuck right now trying to make the created account not to expire. I'll post my work as soon as I figure this out :yes:

CF

Edited by cancerface
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...