Skip to content

Commit

Permalink
Miscellaneous Pipeline Changes (#326)
Browse files Browse the repository at this point in the history
* Fix Issue #324 and #325
* Fix Issue #323
* Add fix for #294
  • Loading branch information
PlagueHO authored May 5, 2020
1 parent cff40b2 commit 29db49a
Show file tree
Hide file tree
Showing 9 changed files with 659 additions and 477 deletions.
458 changes: 458 additions & 0 deletions CHANGELOG.md

Large diffs are not rendered by default.

451 changes: 0 additions & 451 deletions HISTORIC_CHANGELOG.md

This file was deleted.

2 changes: 1 addition & 1 deletion RequiredModules.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
PSScriptAnalyzer = 'latest'
Pester = 'latest'
Plaster = 'latest'
ModuleBuilder = '1.0.0'
ModuleBuilder = 'latest'
ChangelogManagement = 'latest'
Sampler = 'latest'
MarkdownLinkCheck = 'latest'
Expand Down
4 changes: 2 additions & 2 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ trigger:
include:
- master
paths:
exclude:
- CHANGELOG.md
include:
- source/*
tags:
include:
- "v*"
Expand Down
74 changes: 73 additions & 1 deletion source/DSCResources/DSC_ScheduledTask/DSC_ScheduledTask.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -1858,7 +1858,8 @@ function Get-CurrentResource

if (($result.ContainsKey('LogonType')) -and ($result['LogonType'] -ieq 'ServiceAccount'))
{
$result.Add('BuiltInAccount', $task.Principal.UserId)
$builtInAccount = Set-DomainNameInAccountName -AccountName $task.Principal.UserId -DomainName 'NT AUTHORITY'
$result.Add('BuiltInAccount', $builtInAccount)
}
}

Expand Down Expand Up @@ -1893,3 +1894,74 @@ function Test-DateStringContainsTimeZone

return $DateString.Contains('+')
}

<#
.SYNOPSIS
Set domain name in a down-level user or group name.
.DESCRIPTION
Set the domain name in a down-level user or group name.
.PARAMETER AccountName
The user or group name to set the domain name in.
.PARAMETER DomainName
If the AccountName does not contain a domain name them prefix
it with this value. If the AccountName already contains a domain
name then it will only be updated if the Force switch is set.
.PARAMETER Force
If the identity already contains a domain prefix then force
it to the value in Domain.
.EXAMPLE
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NT AUTHORITY'
Returns 'NT AUTHORITY\Users'.
.EXAMPLE
Set-DomainNameInAccountName -AccountName 'MyDomain\Users' -DomainName 'NT AUTHORITY'
Returns 'MyDomain\Users'.
.EXAMPLE
Set-DomainNameInAccountName -AccountName 'MyDomain\Users' -DomainName 'NT AUTHORITY' -Force
Returns 'NT AUTHORITY\Users'.
#>
function Set-DomainNameInAccountName
{
[CmdletBinding()]
[OutputType([System.String])]
param
(
[Parameter(Mandatory = $true)]
[System.String]
$AccountName,

[Parameter(Mandatory = $true)]
[System.String]
$DomainName,

[Parameter()]
[Switch]
$Force
)

if ($AccountName.Contains('\'))
{
$existingDomainName, $name = ($AccountName -Split '\\')

if (-not [System.String]::IsNullOrEmpty($existingDomainName) -and -not $force.IsPresent)
{
# Keep the existing domain name if it is set and force is not specified
$DomainName = $existingDomainName
}
}
else
{
$name = $AccountName
}

return "$DomainName\$name"
}
24 changes: 24 additions & 0 deletions source/DSCResources/DSC_ScheduledTask/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,27 @@
The resource is used to define basic run once or recurring scheduled tasks
on the local computer. It can also be used to delete or disable built-in
scheduled tasks.

## Known Issues

### ExecuteAsCredential

#### When Using a BUILTIN Group

When creating a scheduled task that uses an `ExecuteAsCredential` that
is one of the 'BUILTIN' groups (e.g. 'BUILTIN\Users'), specifying the
username to include the 'BUILTIN' domain name will result in the resource
never going into state. The same behavior will also occur if setting a
'BUILTIN' group in the UI.

To prevent this issue, set the username in the `ExecuteAsCredential` to the
name of the group only (e.g. 'Users').

#### When Using a Domain User/Group

When creating a scheduled task that uses an `ExecuteAsCredential` that
is a domain user or group, (e.g. 'CONTOSO\ServiceUser'), the domain
name must be included, otherwise the resource will not go into state.

To prevent this issue, set the username in the `ExecuteAsCredential` to the
name of the group only (e.g. 'CONTOSO\ServiceUser').
49 changes: 42 additions & 7 deletions tests/Integration/DSC_PendingReboot.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,20 @@ try
reboot flag and then set it to reboot required. After the tests
have run we will determine if the Get-TargetResource indicates
that a reboot would have been required.
Also, on Azure DevOps Agents, there are sometimes pending file
rename operations that also cause the test to fail. So we will
also preserve the state of this setting.
#>
$windowsUpdateKeys = (Get-ChildItem -Path $rebootRegistryKeys.WindowsUpdate).Name
$script:rebootRegistryKeys = @{
ComponentBasedServicing = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\'
WindowsUpdate = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\'
PendingFileRename = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\'
ActiveComputerName = 'HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName'
PendingComputerName = 'HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName'
}

$windowsUpdateKeys = (Get-ChildItem -Path $script:rebootRegistryKeys.WindowsUpdate).Name

if ($windowsUpdateKeys)
{
Expand All @@ -48,10 +60,19 @@ try
if (-not $script:currentAutoUpdateRebootState)
{
$null = New-Item `
-Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\' `
-Path $script:rebootRegistryKeys.WindowsUpdate `
-Name 'RebootRequired'
}

$script:currentPendingFileRenameState = (Get-ItemProperty -Path $script:rebootRegistryKeys.PendingFileRename).PendingFileRenameOperations

if ($script:currentPendingFileRenameState)
{
$null = Remove-ItemProperty `
-Path $script:rebootRegistryKeys.PendingFileRename `
-Name PendingFileRenameOperations
}

$configData = @{
AllNodes = @(
@{
Expand Down Expand Up @@ -96,17 +117,23 @@ try
$_.ConfigurationName -eq "$($script:dscResourceName)_Config"
}
$current.Name | Should -Be $configData.AllNodes[0].RebootName
$current.SkipComponentBasedServicing | Should -Be $configData.AllNodes[0].SkipComponentBasedServicing
$current.ComponentBasedServicing | Should -BeFalse
$current.SkipWindowsUpdate | Should -Be $configData.AllNodes[0].SkipWindowsUpdate
$current.WindowsUpdate | Should -BeTrue
$current.SkipPendingFileRename | Should -Be $configData.AllNodes[0].SkipPendingFileRename
$current.PendingFileRename | Should -BeFalse
$current.SkipPendingComputerRename | Should -Be $configData.AllNodes[0].SkipPendingComputerRename
$current.PendingComputerRename | Should -BeFalse
$current.SkipCcmClientSDK | Should -Be $configData.AllNodes[0].SkipCcmClientSDK
$current.CcmClientSDK | Should -BeFalse
$current.RebootRequired | Should -BeTrue
<#
The actual values assigned to the Skip* parameters
are not returned by Get-TargetResource because they
are set only (control) parameters, so can not be
evaluated except to check the default values.
#>
$current.SkipComponentBasedServicing | Should -BeFalse
$current.SkipWindowsUpdate | Should -BeFalse
$current.SkipPendingFileRename | Should -BeFalse
$current.SkipPendingComputerRename | Should -BeFalse
$current.SkipCcmClientSDK | Should -BeTrue
}
}
}
Expand All @@ -120,5 +147,13 @@ finally
-ErrorAction SilentlyContinue
}

if ($script:currentPendingFileRenameState)
{
$null = Set-ItemProperty `
-Path $script:rebootRegistryKeys.PendingFileRename `
-Name PendingFileRenameOperations `
-Value $script:currentPendingFileRenameState
}

Restore-TestEnvironment -TestEnvironment $script:testEnvironment
}
42 changes: 27 additions & 15 deletions tests/Integration/DSC_ScheduledTask.config.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -224,9 +224,9 @@ Configuration ScheduledTaskExecuteAsGroupAdd
{
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ('BUILTIN\Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))
-ArgumentList ('Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsAdd
ScheduledTask ScheduledTaskExecuteAsGroupAdd
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
Expand Down Expand Up @@ -403,13 +403,19 @@ Configuration ScheduledTaskExecuteAsMod

node 'localhost'
{
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ("$ENV:COMPUTERNAME\$ENV:USERNAME", (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsMod
{
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
ExecuteAsCredential = $executeAsCredential
LogonType = 'Interactive'
RunLevel = 'Highest'
}
}
}
Expand All @@ -420,13 +426,19 @@ Configuration ScheduledTaskExecuteAsGroupMod

node 'localhost'
{
ScheduledTask ScheduledTaskLogonMod
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ('Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsGroupMod
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
LogonType = 'Group'
ExecuteAsCredential = $executeAsCredential
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
}
}
}
Expand Down Expand Up @@ -600,7 +612,7 @@ Configuration ScheduledTaskExecuteAsDel

node 'localhost'
{
ScheduledTask ScheduledTaskLogonDel
ScheduledTask ScheduledTaskExecuteAsDel
{
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
Expand All @@ -617,7 +629,7 @@ Configuration ScheduledTaskExecuteAsGroupDel

node 'localhost'
{
ScheduledTask ScheduledTaskLogonDel
ScheduledTask ScheduledTaskExecuteAsGroupDel
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
Expand Down
32 changes: 32 additions & 0 deletions tests/Unit/DSC_ScheduledTask.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2189,6 +2189,38 @@ try
}
}
}

Describe 'DSC_ScheduledTask\Set-DomainNameInAccountName' {
Context 'When the account name does not have a domain name and force is not set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NewDomain' | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name has an empty domain and force is not set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName '\Users' -DomainName 'NewDomain' | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name has a domain name and force is not set' {
It 'Should return ExistingDomain\Users' {
Set-DomainNameInAccountName -AccountName 'ExistingDomain\Users' -DomainName 'NewDomain' | Should -BeExactly 'ExistingDomain\Users'
}
}

Context 'When the account name has a domain name and force is set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'ExistingDomain\Users' -DomainName 'NewDomain' -Force | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name does not have a domain name and force is set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NewDomain' -Force | Should -BeExactly 'NewDomain\Users'
}
}
}
}
}
finally
Expand Down

0 comments on commit 29db49a

Please sign in to comment.