__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
#!powershell
# Copyright: (c) 2014, Paul Durivage <paul.durivage@rackspace.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#AnsibleRequires -CSharpUtil Ansible.AccessToken
#AnsibleRequires -CSharpUtil Ansible.Basic
$spec = @{
options = @{
account_disabled = @{ type = 'bool' }
account_locked = @{ type = 'bool' }
description = @{ type = 'str' }
fullname = @{ type = 'str' }
groups = @{ type = 'list'; elements = 'str' }
groups_action = @{ type = 'str'; choices = 'add', 'remove', 'replace'; default = 'replace' }
home_directory = @{ type = 'str' }
login_script = @{ type = 'str' }
name = @{ type = 'str'; required = $true }
password = @{ type = 'str'; no_log = $true }
password_expired = @{ type = 'bool' }
password_never_expires = @{ type = 'bool' }
profile = @{ type = 'str' }
state = @{ type = 'str'; choices = 'present', 'absent', 'query'; default = 'present' }
update_password = @{ type = 'str'; choices = 'always', 'on_create'; default = 'always' }
user_cannot_change_password = @{ type = 'bool' }
}
supports_check_mode = $true
}
$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec)
$accountDisabled = $module.Params.account_disabled
$accountLocked = $module.Params.account_locked
$description = $module.Params.description
$fullname = $module.Params.fullname
$groups = $module.Params.groups
$groupsAction = $module.Params.groups_action
$homeDirectory = $module.Params.home_directory
$loginScript = $module.Params.login_script
$name = $module.Params.name
$password = $module.Params.password
$passwordExpired = $module.Params.password_expired
$passwordNeverExpires = $module.Params.password_never_expires
$userProfile = $module.Params.profile
$state = $module.Params.state
$updatePassword = $module.Params.update_password
$userCannotChangePassword = $module.Params.user_cannot_change_password
$module.Diff.before = ""
$module.Diff.after = ""
if ($accountLocked -eq $true) {
$module.FailJson("account_locked must be set to 'no' if provided")
}
$ADS_UF_PASSWD_CANT_CHANGE = 64
$ADS_UF_DONT_EXPIRE_PASSWD = 65536
$ADSI = [ADSI]"WinNT://$env:COMPUTERNAME"
Function Get-AnsibleLocalGroup {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]
$Sid
)
$groupSid = New-Object -TypeName Security.Principal.SecurityIdentifier -ArgumentList $Sid
$ADSI.Children | Where-Object {
if ($_.SchemaClassName -ne 'Group') {
return $false
}
$sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $_.ObjectSid.Value, 0
return $sid -eq $groupSid
} | ForEach-Object -Process {
[PSCustomObject]@{
Name = $_.Name.Value
SecurityIdentifier = $groupSid
BaseObject = $_
}
}
}
Function Get-AnsibleLocalUser {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$Name
)
$ADSI.Children | Where-Object {
$_.SchemaClassName -eq 'User' -and $_.Name -eq $Name
} | ForEach-Object -Process {
$sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $_.ObjectSid.Value, 0
$flags = $_.UserFlags.Value
[PSCustomObject]@{
Name = $_.Name.Value
FullName = $_.FullName.Value
Path = $_.Path
Description = $_.Description.Value
HomeDirectory = $_.HomeDirectory.Value
LoginScript = $_.LoginScript.Value
PasswordExpired = [bool]$_.PasswordExpired.Value
PasswordNeverExpires = [bool]($flags -band $ADS_UF_DONT_EXPIRE_PASSWD)
Profile = $_.Profile.Value
UserCannotChangePassword = [bool]($flags -band $ADS_UF_PASSWD_CANT_CHANGE)
AccountDisabled = $_.AccountDisabled
IsAccountLocked = $_.IsAccountLocked
SecurityIdentifier = $sid
Groups = @(
$_.Groups() | ForEach-Object -Process {
$rawSid = $_.GetType().InvokeMember('ObjectSid', 'GetProperty', $null, $_, $null)
$groupSid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $rawSid, 0
[PSCustomObject]@{
Name = $_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)
Path = $_.GetType().InvokeMember('ADsPath', 'GetProperty', $null, $_, $null)
SecurityIdentifier = $groupSid
}
})
BaseObject = $_
}
}
}
Function Get-UserDiff {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[AllowNull()]
$User
)
if (-not $User) {
""
}
else {
$groups = [System.Collections.Generic.List[String]]@()
foreach ($group in $User.Groups) {
try {
$name = $group.SecurityIdentifier.Translate([Security.Principal.NTAccount]).Value
}
catch [Security.Principal.IdentityNotMappedException] {
$name = $group.Name
}
$groups.Add($name)
}
@{
account_disabled = $User.AccountDisabled
account_locked = $User.IsAccountLocked
description = $User.Description
fullname = $User.FullName
groups = $groups
home_directory = $User.HomeDirectory
login_script = $User.LoginScript
name = $User.Name
password = 'REDACTED'
password_expired = $User.PasswordExpired
password_never_expires = $User.PasswordNeverExpires
profile = $User.Profile
user_cannot_change_password = $User.UserCannotChangePassword
}
}
}
Function Test-LocalCredential {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[String]
$Username,
[Parameter(Mandatory = $true)]
[String]
$Password
)
try {
$handle = [Ansible.AccessToken.TokenUtil]::LogonUser($Username, ".", $Password, "Network", "Default")
$handle.Dispose()
$isValid = $true
}
catch [Ansible.AccessToken.Win32Exception] {
# following errors indicate the creds are correct but the user was
# unable to log on for other reasons, which we don't care about
$successCodes = @(
0x0000052F, # ERROR_ACCOUNT_RESTRICTION
0x00000530, # ERROR_INVALID_LOGON_HOURS
0x00000531, # ERROR_INVALID_WORKSTATION
0x00000569 # ERROR_LOGON_TYPE_GRANTED
)
if ($_.Exception.NativeErrorCode -eq 0x0000052E) {
# ERROR_LOGON_FAILURE - the user or pass was incorrect
$isValid = $false
}
elseif ($_.Exception.NativeErrorCode -in $successCodes) {
$isValid = $true
}
else {
# an unknown failure, reraise exception
throw $_
}
}
$isValid
}
$user = Get-AnsibleLocalUser -Name $name
$module.Diff.before = Get-UserDiff -User $user
if ($state -eq 'present') {
if (-not $user) {
$module.Diff.after = @{name = $name }
$userAdsi = $ADSI.Create('User', $name)
if ($null -ne $password) {
$userAdsi.SetPassword($password)
$module.Diff.after.password = 'REDACTED'
}
if (-not $module.CheckMode) {
$userAdsi.SetInfo()
$user = Get-AnsibleLocalUser -Name $name
}
$module.Result.changed = $true
}
# When in check mode and a new user was created, $user will still be $null
if ($user) {
$module.Diff.after = Get-UserDiff -User $user
if ($null -ne $password -and $updatePassword -eq 'always') {
# ValidateCredentials will fail if either of these are true- just force update...
if ($user.AccountDisabled -or $user.PasswordExpired) {
$passwordMatch = $false
}
else {
try {
$passwordMatch = Test-LocalCredential -Username $user.Name -Password $password
}
catch [System.ComponentModel.Win32Exception] {
$module.FailJson("Failed to validate the user's credentials: $($_.Exception.Message)", $_)
}
}
if (-not $passwordMatch) {
if (-not $module.CheckMode) {
$user.BaseObject.SetPassword($password)
}
$module.Result.changed = $true
$module.Diff.after.password = 'CHANGED REDACTED'
}
}
if ($null -ne $accountDisabled -and $accountDisabled -ne $user.AccountDisabled) {
$user.BaseObject.AccountDisabled = $accountDisabled
$module.Result.changed = $true
$module.Diff.after.account_disabled = $accountDisabled
}
if ($null -ne $accountLocked -and $accountLocked -ne $user.IsAccountLocked) {
$user.BaseObject.IsAccountLocked = $accountLocked
$module.Result.changed = $true
$module.Diff.after.account_locked = $accountLocked
}
if ($null -ne $fullname -and $fullname -cne $user.FullName) {
$user.BaseObject.FullName = $fullname
$module.Result.changed = $true
$module.Diff.after.fullname = $fullname
}
if ($null -ne $description -and $description -cne $user.Description) {
$user.BaseObject.Description = $description
$module.Result.changed = $true
$module.Diff.after.description = $description
}
if ($null -ne $homeDirectory -and $homeDirectory -ne $user.HomeDirectory) {
$user.BaseObject.HomeDirectory = $homeDirectory
$module.Result.changed = $true
$module.Diff.after.home_directory = $homeDirectory
}
if ($null -ne $loginScript -and $loginScript -ne $user.LoginScript) {
$user.BaseObject.LoginScript = $loginScript
$module.Result.changed = $true
$module.Diff.after.login_script = $loginScript
}
if ($null -ne $passwordExpired -and $passwordExpired -ne $user.PasswordExpired) {
$user.BaseObject.PasswordExpired = [int]$passwordExpired
$module.Result.changed = $true
$module.Diff.after.password_expired = $passwordExpired
}
if ($null -ne $passwordNeverExpires -and $passwordNeverExpires -ne $user.PasswordNeverExpires) {
if ($passwordNeverExpires) {
$newFlags = $user.BaseObject.UserFlags.Value -bor $ADS_UF_DONT_EXPIRE_PASSWD
}
else {
$newFlags = $user.BaseObject.UserFlags.Value -bxor $ADS_UF_DONT_EXPIRE_PASSWD
}
$user.BaseObject.UserFlags = $newFlags
$module.Result.changed = $true
$module.Diff.after.password_never_expires = $passwordNeverExpires
}
if ($null -ne $userProfile -and $userProfile -ne $user.Profile) {
$user.BaseObject.Profile = $userProfile
$module.Result.changed = $true
$module.Diff.after.profile = $userProfile
}
if ($null -ne $userCannotChangePassword -and $userCannotChangePassword -ne $user.UserCannotChangePassword) {
if ($userCannotChangePassword) {
$newFlags = $user.BaseObject.UserFlags.Value -bor $ADS_UF_PASSWD_CANT_CHANGE
}
else {
$newFlags = $user.BaseObject.UserFlags.Value -bxor $ADS_UF_PASSWD_CANT_CHANGE
}
$user.BaseObject.UserFlags = $newFlags
$module.Result.changed = $true
$module.Diff.after.user_cannot_change_password = $userCannotChangePassword
}
if ($module.Result.changed -and -not $module.CheckMode) {
$user.BaseObject.SetInfo()
}
if ($null -ne $groups) {
$desiredGroups = [string[]]@($groups | Where-Object { -not [String]::IsNullOrWhiteSpace($_) } | ForEach-Object -Process {
$inputGroup = $_
try {
$sid = New-Object -TypeName Security.Principal.SecurityIdentifier -ArgumentList $inputGroup
}
catch [ArgumentException] {
$account = New-Object -TypeName Security.Principal.NTAccount -ArgumentList $inputGroup
try {
$sid = $account.Translate([Security.Principal.SecurityIdentifier])
}
catch [Security.Principal.IdentityNotMappedException] {
$module.FailJson("group '$inputGroup' not found")
}
}
# Make sure the group specified in the module args are an actual local group.
if (-not (Get-AnsibleLocalGroup -Sid $sid.Value)) {
$module.FailJson("group '$inputGroup' not found")
}
$sid.Value
})
$existingGroups = [string[]]@($user.Groups.SecurityIdentifier.Value)
$toAdd = [string[]]@()
$toRemove = [string[]]@()
if ($groupsAction -eq 'add') {
$toAdd = [Linq.Enumerable]::Except($desiredGroups, $existingGroups)
}
elseif ($groupsAction -eq 'remove') {
$toRemove = [Linq.Enumerable]::Intersect($desiredGroups, $existingGroups)
}
else {
$toAdd = [Linq.Enumerable]::Except($desiredGroups, $existingGroups)
$toRemove = [Linq.Enumerable]::Except($existingGroups, $desiredGroups)
}
$actionMap = @{
Add = $toAdd
Remove = $toRemove
}
foreach ($action in $actionMap.GetEnumerator()) {
foreach ($group in $action.Value) {
if (-not $group) {
continue
}
$groupAdsi = Get-AnsibleLocalGroup -Sid $group
if (-not $module.CheckMode) {
try {
if ($action.Key -eq 'Add') {
$groupAdsi.BaseObject.Add($user.Path)
}
else {
$groupAdsi.BaseObject.Remove($user.Path)
}
}
catch {
$module.FailJson(
"Failed to $($action.Key.ToLower()) $($groupAdsi.Name): $($_.Exception.Message)", $_
)
}
}
$module.Result.changed = $true
if ($action.Key -eq 'Add') {
$module.Diff.after.groups.Add($groupAdsi.Name)
}
else {
$null = $module.Diff.after.groups.Remove($groupAdsi.Name)
}
}
}
}
}
$module.Result.state = 'present'
}
elseif ($state -eq 'absent') {
if ($user) {
if (-not $module.CheckMode) {
$ADSI.Delete('User', $user.Name)
}
$module.Result.changed = $true
$module.Result.msg = "User '$($user.Name)' deleted successfully"
$user = $null
}
else {
$module.Result.msg = "User '$name' was not found"
}
$module.Result.state = 'absent'
$module.Diff.after = ""
}
else {
$module.Result.msg = "Querying user '$name'"
$module.Result.state = if ($user) { 'present' } else { 'absent' }
$module.Diff.after = $module.Diff.before
}
$user = Get-AnsibleLocalUser -Name $name
$module.Result.name = $name
if ($user) {
$module.Result.fullname = $user.FullName
$module.Result.path = $user.Path
$module.Result.description = $user.Description
$module.Result.password_expired = $user.PasswordExpired
$module.Result.password_never_expires = $user.PasswordNeverExpires
$module.Result.user_cannot_change_password = $user.UserCannotChangePassword
$module.Result.account_disabled = $user.AccountDisabled
$module.Result.account_locked = $user.IsAccountLocked
$module.Result.sid = $user.SecurityIdentifier.Value
$module.Result.groups = @(
foreach ($grp in $user.Groups) {
@{ name = $grp.Name; path = $grp.Path }
}
)
}
$module.ExitJson()
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| __init__.py | File | 0 B | 0644 |
|
| async_status.ps1 | File | 1.81 KB | 0644 |
|
| async_status.yml | File | 1.77 KB | 0644 |
|
| setup.ps1 | File | 49.89 KB | 0644 |
|
| setup.yml | File | 2.35 KB | 0644 |
|
| slurp.ps1 | File | 728 B | 0644 |
|
| slurp.yml | File | 1.5 KB | 0644 |
|
| win_acl.ps1 | File | 9.54 KB | 0644 |
|
| win_acl.py | File | 4.14 KB | 0644 |
|
| win_acl_inheritance.ps1 | File | 4.72 KB | 0644 |
|
| win_acl_inheritance.py | File | 2.34 KB | 0644 |
|
| win_certificate_store.ps1 | File | 19.78 KB | 0644 |
|
| win_certificate_store.py | File | 8.08 KB | 0644 |
|
| win_command.ps1 | File | 3.98 KB | 0644 |
|
| win_command.py | File | 6.13 KB | 0644 |
|
| win_copy.ps1 | File | 18.06 KB | 0644 |
|
| win_copy.py | File | 6.55 KB | 0644 |
|
| win_dns_client.ps1 | File | 12.99 KB | 0644 |
|
| win_dns_client.py | File | 2.13 KB | 0644 |
|
| win_domain.ps1 | File | 7.67 KB | 0644 |
|
| win_domain.py | File | 4.15 KB | 0644 |
|
| win_domain_controller.ps1 | File | 12.37 KB | 0644 |
|
| win_domain_controller.py | File | 5.66 KB | 0644 |
|
| win_domain_membership.ps1 | File | 10.36 KB | 0644 |
|
| win_domain_membership.py | File | 3.35 KB | 0644 |
|
| win_dsc.ps1 | File | 19.46 KB | 0644 |
|
| win_dsc.py | File | 7.31 KB | 0644 |
|
| win_environment.ps1 | File | 5.56 KB | 0644 |
|
| win_environment.py | File | 4.13 KB | 0644 |
|
| win_feature.ps1 | File | 4.1 KB | 0644 |
|
| win_feature.py | File | 4.63 KB | 0644 |
|
| win_file.ps1 | File | 5.4 KB | 0644 |
|
| win_file.py | File | 2.16 KB | 0644 |
|
| win_find.ps1 | File | 14.29 KB | 0644 |
|
| win_find.py | File | 11.19 KB | 0644 |
|
| win_get_url.ps1 | File | 11.59 KB | 0644 |
|
| win_get_url.py | File | 5.82 KB | 0644 |
|
| win_group.ps1 | File | 1.64 KB | 0644 |
|
| win_group.py | File | 1.1 KB | 0644 |
|
| win_group_membership.ps1 | File | 5.82 KB | 0644 |
|
| win_group_membership.py | File | 2.95 KB | 0644 |
|
| win_hostname.ps1 | File | 1 KB | 0644 |
|
| win_hostname.py | File | 1.07 KB | 0644 |
|
| win_optional_feature.ps1 | File | 2.84 KB | 0644 |
|
| win_optional_feature.py | File | 2.32 KB | 0644 |
|
| win_owner.ps1 | File | 2.18 KB | 0644 |
|
| win_owner.py | File | 1.05 KB | 0644 |
|
| win_package.ps1 | File | 51.85 KB | 0644 |
|
| win_package.py | File | 15.68 KB | 0644 |
|
| win_path.ps1 | File | 6.17 KB | 0644 |
|
| win_path.py | File | 2.94 KB | 0644 |
|
| win_ping.ps1 | File | 454 B | 0644 |
|
| win_ping.py | File | 1.16 KB | 0644 |
|
| win_powershell.ps1 | File | 29.57 KB | 0644 |
|
| win_powershell.py | File | 15.7 KB | 0644 |
|
| win_reboot.py | File | 4.76 KB | 0644 |
|
| win_reg_stat.ps1 | File | 4.11 KB | 0644 |
|
| win_reg_stat.py | File | 3.51 KB | 0644 |
|
| win_regedit.ps1 | File | 18.12 KB | 0644 |
|
| win_regedit.py | File | 6.35 KB | 0644 |
|
| win_service.ps1 | File | 37.85 KB | 0644 |
|
| win_service.py | File | 16.71 KB | 0644 |
|
| win_service_info.ps1 | File | 9.98 KB | 0644 |
|
| win_service_info.py | File | 9.44 KB | 0644 |
|
| win_share.ps1 | File | 11.93 KB | 0644 |
|
| win_share.py | File | 3.02 KB | 0644 |
|
| win_shell.ps1 | File | 4.93 KB | 0644 |
|
| win_shell.py | File | 5.69 KB | 0644 |
|
| win_stat.ps1 | File | 7.24 KB | 0644 |
|
| win_stat.py | File | 7.39 KB | 0644 |
|
| win_tempfile.ps1 | File | 2.46 KB | 0644 |
|
| win_tempfile.py | File | 1.49 KB | 0644 |
|
| win_template.py | File | 5.48 KB | 0644 |
|
| win_updates.ps1 | File | 57.42 KB | 0644 |
|
| win_updates.py | File | 11.95 KB | 0644 |
|
| win_uri.ps1 | File | 7.95 KB | 0644 |
|
| win_uri.py | File | 4.14 KB | 0644 |
|
| win_user.ps1 | File | 16.46 KB | 0644 |
|
| win_user.py | File | 5.43 KB | 0644 |
|
| win_user_right.ps1 | File | 13.78 KB | 0644 |
|
| win_user_right.py | File | 3.24 KB | 0644 |
|
| win_wait_for.ps1 | File | 9.56 KB | 0644 |
|
| win_wait_for.py | File | 4.42 KB | 0644 |
|
| win_whoami.ps1 | File | 30.96 KB | 0644 |
|
| win_whoami.py | File | 5.29 KB | 0644 |
|