Skip to content

Commit

Permalink
Merge version 1.4 into main (#23)
Browse files Browse the repository at this point in the history 
* bump version and add release notes

* fix Set-LapsADPasswordExpirationTime (#19)

* fix get-empirumvariable call (#20)

* Add configuration hint (#22)

* Improve user name logging (#22)

* Update configuration hint (#22)

* improve non-existing user warning (#21)

* remove empty sw tag

* ps1: extend release notes
  • Loading branch information
@htcfreek
htcfreek authored May 24, 2023
1 parent 905fdea commit 24f487d
Show file tree
Hide file tree
Showing 10 changed files with 38 additions and 18 deletions.
0 ...assword/1.3/AdmPwd.PSModule/AdmPwd.PS.dll → ...assword/1.4/AdmPwd.PSModule/AdmPwd.PS.dll
View file
File renamed without changes.
0 ....3/AdmPwd.PSModule/AdmPwd.PS.dll-Help.xml → ....4/AdmPwd.PSModule/AdmPwd.PS.dll-Help.xml
View file
File renamed without changes.
0 ...3/AdmPwd.PSModule/AdmPwd.PS.format.ps1xml → ...4/AdmPwd.PSModule/AdmPwd.PS.format.ps1xml
View file
File renamed without changes.
0 ...ssword/1.3/AdmPwd.PSModule/AdmPwd.PS.psd1 → ...ssword/1.4/AdmPwd.PSModule/AdmPwd.PS.psd1
View file
File renamed without changes.
0 ...word/1.3/AdmPwd.PSModule/AdmPwd.Utils.dll → ...word/1.4/AdmPwd.PSModule/AdmPwd.Utils.dll
View file
File renamed without changes.
0 ...psPassword/1.3/AdmPwd.PSModule/README.txt → ...psPassword/1.4/AdmPwd.PSModule/README.txt
View file
File renamed without changes.
40 changes: 30 additions & 10 deletions ...ResetLapsPassword/1.3/Install/Install.ps1 → ...ResetLapsPassword/1.4/Install/Install.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
<#
Name: ResetLapsPassword
Version: 1.3
Version: 1.4
Developer: htcfreek (Heiko Horwedel)
Created at: 16.04.2023
Created at: 24.05.2023
Github URL: https://github.com/htcfreek/PreOS-ResetLapsPassword
Systems requirements:
Expand Down Expand Up @@ -57,6 +57,7 @@ Changes (Date / Version / Author / Change):
2023-03-30 / 1.1 / htcfreek / Fix incorrect detection of missing Windows LAPS on unsupported systems with missing Legacy CSE.; Clean up PXE log in EMC.; Other log improvements (reboot, managed user).
2023-04-04 / 1.2 / htcfreek / Improved reboot behavior on pending Domain join reboot.; Adding a description of the log levels.
2023-04-16 / 1.3 / htcfreek / Fix detection of disabled state for Windows LAPS in Legacy Mode.; Add logging of "Force disabled" state.; Now the script can skip the reset on Windows LAPS with Azure AD as target, if already done.
2023-05-24 / 1.4 / htcfreek / Fix getting Empirum variables.; Fix setting expiration time for Windows LAPS.; Additional non-existing user warnings.; Added hint about configuration details in debug log.; Other small improvements.
#>

Expand Down Expand Up @@ -126,7 +127,13 @@ function ReadEmpirumVariable ([string] $varName, [Switch] $isPwd, [Switch] $retu
# $defaultValue = Value to return if variable is empty. If not set, the script aborts on an empty variable.
# Return: The variable content as plain text or SecureString.

$varContent = Get-EmpirumVariable -Property $varName -Decrypt $isPwd
# Using the if here is required because "Get-EmpirumVariable ... -Decrypt $isPwd" doesn't work with "$isPwd = $false"!! (GH #20)
if ($isPwd) {
$varContent = Get-EmpirumVariable -Property $varName -Decrypt
}
else {
$varContent = Get-EmpirumVariable -Property $varName
}
$isVarContentEmpty = (($null -eq $varContent) -or ($varContent -eq "") -or ($varContent -eq " "))

$logContent = if ($isPwd -and ($isVarContentEmpty -eq $false)) {"*****"} Else {$varContent}
Expand Down Expand Up @@ -520,9 +527,10 @@ function Get-LapsResetTasks([bool]$LapsIsMandatory)
# Get configuration
WriteLogDebug "Detecting LAPS configuration ..."
$legacyLapsProperties = Get-LegacyLapsState;
$legacyLapsUser = if ([string]::IsNullOrWhiteSpace($legacyLapsProperties.UserName)) { "<Built-in Administrator>" } Else { $legacyLapsProperties.UserName };
$legacyLapsUser = if ([string]::IsNullOrWhiteSpace($legacyLapsProperties.UserName) -and $legacyLapsProperties.Enabled) { "<Built-in Administrator>" } Else { $legacyLapsProperties.UserName };
$winLapsProperties = Get-WindowsLapsState -IsLegacyCSE $legacyLapsProperties.Installed;
$winLapsUser = if ([string]::IsNullOrWhiteSpace($winLapsProperties.UserName)) { "<Built-in Administrator>" } Else { $winLapsProperties.UserName };
$winLapsUser = if ([string]::IsNullOrWhiteSpace($winLapsProperties.UserName) -and $winLapsProperties.Enabled) { "<Built-in Administrator>" } Else { $winLapsProperties.UserName };
WriteLogDebug "NOTICE: Some configuration details might be detected wrong in some edge cases if LAPS is not enabled."
WriteLogDebug "Legacy Microsoft LAPS: Installed = $(ConvertTo-YesNo $legacyLapsProperties.Installed), Enabled = $(ConvertTo-YesNo $legacyLapsProperties.Enabled), GPO is disabled = $(ConvertTo-YesNo $legacyLapsProperties.ForceDisabled), Managed user = $($legacyLapsUser)"
WriteLogDebug "Windows LAPS: Installed = $(ConvertTo-YesNo $winLapsProperties.Installed), Enabled = $(ConvertTo-YesNo $winLapsProperties.Enabled), Configuration set to disabled = $(ConvertTo-YesNo $winLapsProperties.ForceDisabled), Managed user = $($winLapsUser), Configuration source = $($winLapsProperties.ConfigSource), Target Directory = $($winLapsProperties.TargetDirectory), Legacy emulation mode = $(ConvertTo-YesNo $winLapsProperties.LegacyEmulation)"

Expand Down Expand Up @@ -636,8 +644,14 @@ function Invoke-LapsResetCommands([PSCustomObject]$LapsResetTasks, [bool]$DoRese
}
Else
{
# Checking user account ...
if ($LapsResetTasks.WinLapsUserExists -eq $false)
{
WriteLogInfo "WARNING: The Windows LAPS user does not exist."
}

# We don't need special credentials here because the system account is allowed to reset the password.
Set-LapsADPasswordExpirationTime -ComputerName $env:computername
Set-LapsADPasswordExpirationTime -Identity $env:computername
}

WriteLogInfo "Password reset for Windows LAPS user: Successfully done."
Expand All @@ -656,6 +670,16 @@ function Invoke-LapsResetCommands([PSCustomObject]$LapsResetTasks, [bool]$DoRese

try
{
# Checking user account ...
if ($DoResetImmediately -and $LapsResetTasks.LegacyLapsUserExists -eq $false)
{
WriteLogInfo "WARNING: The Legacy Microsoft LAPS user does not exist! - Only expiration time will be set!"
}
elseif (($DoResetImmediately -eq $false) -and ($LapsResetTasks.WinLapsUserExists -eq $false))
{
WriteLogInfo "WARNING: The Legacy Microsoft LAPS user does not exist."
}

# We don't need special credentials here because the system account is allowed to reset the password.
Reset-AdmPwdPassword -ComputerName $env:computername

Expand All @@ -664,10 +688,6 @@ function Invoke-LapsResetCommands([PSCustomObject]$LapsResetTasks, [bool]$DoRese
# We don't need special credentials here because the system account is allowed to reset the password.
& gpupdate.exe /target:computer /force
}
elseif ($DoResetImmediately -and $LapsResetTasks.LegacyLapsUserExists -eq $false)
{
WriteLogInfo "WARNING: Legacy Microsoft LAPS user does not exist! - Only expiration time was set!"
}

WriteLogInfo "Password reset for legacy Microsoft LAPS user: Successfully done."
}
Expand Down
0 ...ackages/ResetLapsPassword/1.3/LICENSE.txt → ...ackages/ResetLapsPassword/1.4/LICENSE.txt
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...Packages/ResetLapsPassword/1.3/README.txt → ...Packages/ResetLapsPassword/1.4/README.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

PreOS-Package: ResetLapsPassword
Author: Heiko Horwedel (htcfreek)
Version: 1.3
Version: 1.4


PACKAGE INFORMATION
Expand Down
14 changes: 7 additions & 7 deletions ...etLapsPassword 1.3/EmpirumPackageData.xml → ...etLapsPassword 1.4/EmpirumPackageData.xml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<EmpirumPackage UUID="6b9fb755-b8c0-4475-803d-5122cad13193" Name="ResetLapsPassword 1.3" Type="OSPackage" Version="1.0">
<VersionInformation Version="1.3" Revision="0" />
<EmpirumPackage UUID="bdeb69f8-b2ec-47f5-a931-d69786ef4e79" Name="ResetLapsPassword 1.4" Type="OSPackage" Version="1.0">
<VersionInformation Version="1.4" Revision="0" />
<TargetPath />
<Description>This package triggers the reset of the LAPS password for the client on which it is running.</Description>
<DatabaseSettings></DatabaseSettings>
Expand All @@ -10,8 +10,8 @@
<CatalogueID i:nil="true" />
<GenerallyReleased>0001-01-01T00:00:00</GenerallyReleased>
<Icon i:nil="true" />
<Id>6b9fb755-b8c0-4475-803d-5122cad13193</Id>
<Name>ResetLapsPassword 1.3</Name>
<Id>bdeb69f8-b2ec-47f5-a931-d69786ef4e79</Id>
<Name>ResetLapsPassword 1.4</Name>
<PackageAssignments />
<ProductKey i:nil="true" />
<Revision>0</Revision>
Expand Down Expand Up @@ -132,7 +132,7 @@
</SoftwareVarDefinition>
</SoftwareVarDefinitions>
<Vendor>htcfreek</Vendor>
<Version>1.3</Version>
<Version>1.4</Version>
<VersionFile i:nil="true" />
<AllowUnInstallation>false</AllowUnInstallation>
<Author i:nil="true" />
Expand All @@ -143,7 +143,7 @@
<CheckReg i:nil="true" />
<CreationDate i:nil="true" />
<Description>This package triggers the reset of the LAPS password for the client on which it is running.</Description>
<Directory>%Packages%\htcfreek\OsPackages\ResetLapsPassword\1.3</Directory>
<Directory>%Packages%\htcfreek\OsPackages\ResetLapsPassword\1.4</Directory>
<Discontinue i:nil="true" />
<DiskFreeApplication>0</DiskFreeApplication>
<DiskFreeSystem>0</DiskFreeSystem>
Expand All @@ -162,7 +162,7 @@
<MachineKeyName i:nil="true" />
<Method i:nil="true" />
<MinBandwidth i:nil="true" />
<PackageName>htcfreek\OsPackages\ResetLapsPassword\1.3</PackageName>
<PackageName>htcfreek\OsPackages\ResetLapsPassword\1.4</PackageName>
<ParentID i:nil="true" />
<Path i:nil="true" />
<ProcessorSpeed>0</ProcessorSpeed>
Expand Down

0 comments on commit 24f487d

Please sign in to comment.