[beta] User Creation Tool

[Gigre]

I have been working on a unattended DVD where i only have to fill in some information after the instalation (before is inpossible if i want to use it for more pc's and when its burned )

that kind of program would be great for it!

just miss some info that needs to be entered ^^

(if its possible serienumber?) don't know if it can be altered after a windows XP install?

Edited May 17, 2006 by Gigre

[Joc]

I am actually checking if the user belongs to a group, not his/her name. What rights did you have in mind though?

I am working in a LAN and I am part of the administrator group of out network. (domain admin) After I added my LAN account to the local admin group, everything was OK.

Not a bad idea, although it doesn't really follow the initial goal stated on the first page. I guess you can have the unattended mode that you ask if you set the timer to something small (say 1 sec ie Timeout=1000) so that the GUI will not wait for any answer from you. I'll see if I can come up with a better idea though

Yes, I saw the timer property in the config file. And what can I do, if I want to change only the computer details and I cant create new user? Or I want to rename the admin (hungarian Rendszergazda - ugly, long word) to admin or root... Maybe you understand me and my poor english...

Other question: If I would like to use this program in my unattended Win, can I rewrite the english labels in the program to hungarian language? (I mean reshack. )

Joc

[cancerface]

@Gigre

I am not sure if this is possible (the serial number) but I'll look it up

@Joc

Yeah, I see the problem. There are different ways unfortunately for dealing with domain accounts, and up until now all the things that this tool can do only support an isolated workstation. It was my intention initially to include support for domain accounts but it turned out to be too complicated. It is on my list of things to do ... For the time being your solution is probably the best way to go, ie to add the domain admin to the local admin group.

And what can I do, if I want to change only the computer details and I cant create new user?

An option would be to write different INI files (at this stage) using different Parse[]Section directives. For example in order to just change the computer name/details use

[Interface]
...
ParseUserSection=0
ParseComputerSection=1
ParseSecuritySection=0
...

I think I'll include some command line options so that you can specify at least the name of the INI file to read from ...

Other question: If I would like to use this program in my unattended Win, can I rewrite the english labels in the program to hungarian language? (I mean reshack. blushing.gif )

I have no clue if this is feasible

I am also interested in localization so I'll try to figure out a way to have the tool detect the system language and then localize the messages.

CF

[Joc]

...

ParseUserSection=0

ParseComputerSection=1

ParseSecuritySection=0

...

Ooops! I realized just now what these lines means... Sorry...

I am also interested in localization so I'll try to figure out a way to have the tool detect the system language and then localize the messages.

I will wait to the next version.

Thank you for your working.

Joc

[cancerface]

I finally managed to get some time to put together some new features on this little tool. I was planning to include on this version multiple language support (both for the GUI and the messages that pop-up) but I only got a Brazilian and a Greek translation from some friends so far. I expect a German, Italian, French and Hungarian as well and as soon as I get those I will add them to the program. Although initially I was going to add the language strings in a message table on the main EXE (so that people could use resource hacker to add other languages) I decided not to, since the language strings vary in size and then the GUI looks ugly. However if someone is interested in a translation I will be happy to attach the lang strings I am using so that he/she can provide the translated ones in his/her language ...

In version 1.1 I added MAC detection making it easier to target multiple computers: A new series of sections can be added to the INI file each one with a specific MAC address and ComputerName, WorkGroupName etc. This makes it easier to deploy in multiple PCs if you know their MAC in advance so that you can predetermine their names and place them into the INI file used by the program.

In case you need to run the program using a different INI file, I added a command line option that allows to parse an alternate INI file. Simply invoke the program using

CreateUser.exe /INI="<full path to INI file>\<inifile.ini>"

Updated to v.1.1

• Added command line option /INI="<path>\<inifile>.ini" for custom INI file
  
• Added MAC address detection
  
• Added new INI section [ComputerInfo_x] based on MAC address detection
  
• Localized the creation of the 'fake' Administrator and Guest accounts (working on non english versions as well)
  
• Check that the username does not contain , /, \, [, ], :, |, <, >, +, =, ;, ?, * or is terminated by a .
  
• Check that computername does not contain leading or trailing spaces or , /, \, [, ], :, |, <, >, +, =, ;, ?.
  
• Small GUI improvements and bug fixes
  

Updated first post and uploaded the new version

Enjoy

CF

Edited July 9, 2006 by cancerface

[mazin]

@ cancerface

For some reason, I have nothing needed to be done at T-12.

I live at T-13, most of the time. The rest of my SETUP continues on the DESKTOP via the RUN RegKey.

If I understood you correctly, using your tool, I CANNOT get rid of the very ugly name "Administrator", by renaming it to whatever!

Actually, a home user is a user; so why couldn't it be "LiLy", "FlAsK", "waDDa", etc. In my point of view, there shouldn't be an account called "Administrator".

I spent some time, wasting some CDs, to get rid of it; with no success.

Before I waste more CDs, can I rename/delete it at T-13 or T-9; using your tool.

Thank you for your time and patience.

[cancerface]

@mazin

If I understood you correctly, using your tool, I CANNOT get rid of the very ugly name "Administrator", by renaming it to whatever!

Wrong. You can't rename the Administrator account at T-12. You can do that from the first RunOnceEx or RunOnce though. Since this is the default account created by windows (unless you use the oobe method to change the name) that would be the first account to login after setup. Hence I use my tool (or any other to be honest, be it a command prompt with net commands or wihu) in order to get a GUI during setup with predefined info and the option to change that info.

Actually, a home user is a user; so why couldn't it be "LiLy", "FlAsK", "waDDa", etc. In my point of view, there shouldn't be an account called "Administrator".

Agrred. That's why MS has included oobe so that you can change that name to whatever you like. Once you burned it on your CD/DVD though you can't change that. My tool gives an option to change that since it can be interactive at T12.

Before I waste more CDs, can I rename/delete it at T-13 or T-9; using your tool.

No.

This is actually stated on the first page of this post:

Renaming of the administrator account and creation of the fake one is not possible at T12 so if you want to do that in an unattended install you should use the tool at T12 to create an admin user and set the autologon flag, then use the tool again at GuiRunOnce with an altered INI file to process only the SecurityInfo section in order to rename the Administrator/create a fake one.

As for deleting the administrator account I am under the impression that build-in accounts cannot be deleted.

To sum it up for you: I use this tool at T12 to automatically create a new account (plus there is a GUI and if I change my mind about how to call that account I can do so) and set it to autologin upon reboot. The password for that account is encrypted and does not appear in the registry. I can also set the computer name, organization, workgroup at the same time. Upon reboot I run this tool again with a different INI and without parsing the first two sections (user and computer info) I rename the administrator and guest accounts and create fake ones. Everything is optional and controlled by the INI.

If you can figure out a way of renaming the administrator at Txx (without manually hacking SAMSRV.DLL) I will be happy to implement it.

Hope this helps

CF

[benners]

Wrong. You can't rename the Administrator account at T-12

I run XPlode via cmdlines text and it runs at T12, in the xml I use your tool to create a user (Thanks) scripted by AutoIt to add the user info, and I use netuser to Rename the Admin account, set a password, set the password to never expire and disable the account and haven't had any problems.

Upon checking user accounts in computer mangement everything seems normal, so the Admin account is renamed at T12, unless I am misunderstanding something.

On a side note, with the inclusion of the commandline to use a different ini would it be possible to run the app silently, I haven't had time to test the new version, has this already been implemented?.

[cancerface]

...and I use netuser to Rename the Admin account, set a password, set the password to never expire and disable the account and haven't had any problems.

That's very interesting ... When I tried to do something similar calling NetUserSetInfo from netapi32 the call failed and so I had to disable the user renaming process at Txx, assuming that it is not possible to achieve such a think at this time of the setup process. Maybe the error was attributed to something else. I'll play around with this a bit more, thanks for the info benners

As for running the tool in a silent mode, the answer is yes, this has been implemented on some earlier version. All you need to to is set EnableTimeOut=1 and use some small value for TimeOut (like 1 or so) on your INI file. I will probably add some switch for that from the command prompt so that the GUI does not pop up at all.

Would it be useful to add multiple UserInfo sections, at least for the user account that is created, and tie them to specific MAC addresses? In this way upon detection of some MAC a specific user could be created, thus avoiding having to use AutoIt to fill in the fields (why not use the INI by the way to fill in those fields, if you already know their values?)

CF

[Edit] It appears that renuser.exe does the trick at Txx ... It is calling NetUserSetInfo from netapi32 and both the Administrator and Guest accounts can be renamed! I will rewrite the function that handles the user renaming process to include support for Txx

Edited July 11, 2006 by cancerface

[benners]

Hi cancerface,

Great news about the Admin and guest accounts, that will be another few lines removed from the XPlode xml.

I used to use XPlode to create the users but the password was in plain text in the registry, I noticed when I used your excellent app that it was not there and as you stated in your first post would be encrypted.

I used AutoIt to run the app silently, my definition of silent is no visible GUI, apart from when the users are added and the program spawns a window, and if I had the passwords in the exe, add a password to prevent decompilation at least it would be a bit more secure, not that I am expecting anybody to want to steal it , as for the command line switch I would like the idea but think it would be better to have the value inside the ini if possible then the app can just be called by the name with no switches, but its your call.

The MAC address idea is also a good one but I do not use it myself, maybe I might if it were implemented but what I would use is the computername, so if it detected the name as Unattended it would pause for input from the user and other names it would install the settings I input via the ini file, that was another reason for using AutoIt, I could press the ok button and create the user if the machine was mine, or not press the button if the machine was someone elses and the program would wait for input and XPlode would wait for the app to close thus delaying the setup process.

hope this makes sense, thanks again.

[mazin]

@cancerface

It appears that renuser.exe does the trick at Txx

Actually, I used renuser.exe and it did the trick.

I used a group policy ini file and it did the trick, too.

Both were attempted at T-13, one method per CD.

The real problem is not in renaming the "Administrator" account. It's at the first logon where you get a popup telling you that there's no "Administrator" account and you can't continue until you type another user name.

I type another user name and continue the logon process. As you can see, this is not an unattended setup!

And, unless I apply some reg mods after logon, I get the same popup again at the next logon. And so on!

I'm sorry if I wasn't clear enough in my previous post.

[cancerface]

I managed to get this to work: the administrator/guest account can be renamed at T12, and fake ones can also be created at that time. As long as you also create a new account with admin privileges that will be set to autologon for the GuiRunOnce part of the setup, the install process does not complain at all and everything goes fine. I'll test this in 2k/2k3, as well as outside the setup and will release the new version as soon as possible

Thanks to all for the feedback so far!

CF

[benners]

Great stuff, thanks

[RogueSpear]

This utility just keeps on getting better! Keep up the great work

[cancerface]

@all

I am glad that you provide the input to improve this little tool

I rewrote the renaming function and it now works fine at Txx (tested at cmdlines): the administrator/guest accounts can be renamed and fake ones can be created. The rest is the same ...

Updated to v1.2

• Rewrote the account renaming function: both the Administrator and Guest accounts can be renamed during Txx (windows setup)
  

Updated first post and uploaded the new version

Enjoy

CF