cEPRSAddAslogOnSvc.psm1
|
enum Ensure { Absent Present } [DscResource()] class cEPRSAddAsLogOnSvc { [DscProperty(Key)] [String] $ServerName [DscProperty(Key)] [String] $InfFilePath [DscProperty(Key)] [String] $AccountName [DscProperty(Key)] [String] $Ensure [cEPRSAddAslogOnSvc] Get() { $objuser = New-Object System.Security.Principal.NTAccount($this.AccountName) $strSID = $objuser.Translate([System.Security.Principal.SecurityIdentifier]) $AccSID = $strSID.Value secedit /export /cfg /tempexport.inf /quiet $curSID = Select-string tempexport.inf -pattern "SeServiceLogonRight" $SIDs = $curSID.Line if(($SIDs.Length -ne 0) -and ($SIDs.Contains($ACCSID))) { $this.Ensure = "Present" } else { $this.Ensure = "Absent" } $output = @{ ServerName = $this.ServerName InfFilePath = $this.InfFilePath AccountName = $this.AccountName Ensure = $this.Ensure } return $output } [bool] Test() { $objUser = New-Object System.Security.Principal.NTAccount($this.AccountName) $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $AccSID = $strSID.Value secedit /export /cfg $this.InfFilePath /quiet $curSIDs = Select-string $this.InfFilePath -pattern "SeServiceLogonRight" $Sids = $curSIDs.line if (($Sids.Length -ne 0)-and ($Sids.Contains($AccSID) )) { Write-Verbose " $AccSID is already in servicelogon" return $true } else { return $false } } [void] Set() { $objUser = New-Object System.Security.Principal.NTAccount($this.AccountName) $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) $AccSID = $strSID.Value Write-Verbose "$AccSID" -Verbose Write-Verbose $this.InfFilePath -Verbose secedit /export /cfg $this.InfFilePath /quiet (Get-Content $this.InfFilePath) | Foreach-Object {$_ -replace "GroupName", $this.AccountName} | Set-Content $this.InfFilePath SECEDIT /configure /db secedit.sdb /cfg $this.InfFilePath } } |