Avoid Get-IcingaRandomChars to start with a special char

[AlexMilotin]

We are currently in an ongoing action to configure a Password Rotation process for icinga local account..
The reason why we need to do this is because in our environment InfoSec does not allow local accounts with Password Never Expire flag enabled.

icinga-powershell-framework/lib/core/windows/Get-IcingaRandomChars.psm1

Line 1 in 7a8a138

function Get-IcingaRandomChars()

While working on the solution, re-purposing the already existing icinga powershell framework functions, i've noticed that on some servers this is failing. The reason is that the random char string generated for the new password is sometimes starting with "/" or "&"

I would suggest either having those 2 char excluded or have the function defined such that it would always starts with a letter of number.

This should be enough to avoid '/' and '&' from the string

function Get-RandomChars() {
    param (
        [int]$Count = 10,
        [string]$Symbols = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+=-{}[];:,.<>/?'
    )

    $RandomChars = ''

    if ([string]::IsNullOrEmpty($Symbols)) {
        return $RandomChars
    }

    do {
        $RandomChars = ''
        while ($Count -gt 0) {
            [int]$SymbolLength = $Symbols.Length
            $RandomValue = Get-Random -Minimum 0 -Maximum ($SymbolLength - 1)
            $RandomChars += $Symbols[$RandomValue]
            $Count -= 1
        }
    } until ($RandomChars[0] -ne '/' -and $RandomChars[0] -ne '&')

    return $RandomChars
}

This would ensure that the first char is always a lLetter or Number

function Get-RandomChars2() {
    param (
        [int]$Count = 10,
        [string]$Symbols = 'abcdefghiklmnoprstuvwxyzABCDEFGHKLMNOPRSTUVWXYZ1234567890!§$%&/()=?}][{@#*+'
    )

    $RandomChars = ''

    if ([string]::IsNullOrEmpty($Symbols)) {
        return $RandomChars
    }

    # Split the symbols into letters/numbers and special characters
    $LettersNumbers = [regex]::Matches($Symbols, '[a-zA-Z0-9]') | ForEach-Object { $_.Value }
    $SpecialChars = [regex]::Matches($Symbols, '[^a-zA-Z0-9]') | ForEach-Object { $_.Value }

    # Generate the first character (letter or number)
    $RandomValue = Get-Random -Minimum 0 -Maximum ($LettersNumbers.Count - 1)
    $RandomChars += $LettersNumbers[$RandomValue]
    $Count -= 1

    # Generate the remaining characters
    while ($Count -gt 0) {
        [int]$SymbolLength = $Symbols.Length
        $RandomValue = Get-Random -Minimum 0 -Maximum ($SymbolLength - 1)
        $RandomChars += $Symbols[$RandomValue]
        $Count -= 1
    }

    return $RandomChars
}

[LordHepipud]

Thank you for the report. This is fixed with v1.12.0.
To update the user, simply use

New-IcingaWindowsUser;

This command will update the password with every call and has now a built in retry count of 10, in case the password fails for some reason. The two ambiguous characters were removed from the random generator.