Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Miscellaneous Pipeline Changes #326

Merged
merged 26 commits into from
May 5, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
83d3b36
Fix Issue #324 and #325
PlagueHO Apr 27, 2020
a0c83e8
Merge branch 'master' into Issue-324-and-325
PlagueHO Apr 27, 2020
6b02ed9
Fix Issue #323
PlagueHO May 3, 2020
a4bedc8
Merge branch 'Issue-324-and-325' of https://github.com/PlagueHO/Compu…
PlagueHO May 3, 2020
1ec54a4
Correct builtInAccount behavior
PlagueHO May 3, 2020
c05a32d
Fix BuiltInAccount handling
PlagueHO May 3, 2020
0f4dc4c
Add Debug Info
PlagueHO May 3, 2020
75b7413
Another try
PlagueHO May 3, 2020
ead9453
Remove debugging code
PlagueHO May 3, 2020
3a4df5e
Add some debug
PlagueHO May 3, 2020
2c2f47a
Fix integration tests
PlagueHO May 3, 2020
a349ec0
Fix ScheduledTask integration test config names
PlagueHO May 3, 2020
1119076
Improve integration tests
PlagueHO May 3, 2020
32efe93
Improve integration tests of ScheduledTask
PlagueHO May 3, 2020
c46ccc4
Test changing Users group name
PlagueHO May 3, 2020
d9024fd
Implement Set-DomainNameInAccountName function
PlagueHO May 4, 2020
3e7ac11
Fix typo in ScheduledTask BuiltInAccount handling
PlagueHO May 4, 2020
bda5751
Improve ScheduledTask Code structure
PlagueHO May 4, 2020
634fbce
Add fixe for #294
PlagueHO May 4, 2020
def95e3
Remove debug code
PlagueHO May 4, 2020
b618df7
Fix PendingReboot tests
PlagueHO May 4, 2020
a4c3df9
Fix PendingReboot parameters
PlagueHO May 4, 2020
88e0388
Fix PendingReboot integration tests
PlagueHO May 4, 2020
d09392c
Another fix to PendingReboot Integration tests
PlagueHO May 4, 2020
8db44ab
Update CHANGELOG
PlagueHO May 4, 2020
74eeeb8
Clarify logic
PlagueHO May 5, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
458 changes: 458 additions & 0 deletions CHANGELOG.md

Large diffs are not rendered by default.

451 changes: 0 additions & 451 deletions HISTORIC_CHANGELOG.md

This file was deleted.

2 changes: 1 addition & 1 deletion RequiredModules.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
PSScriptAnalyzer = 'latest'
Pester = 'latest'
Plaster = 'latest'
ModuleBuilder = '1.0.0'
ModuleBuilder = 'latest'
ChangelogManagement = 'latest'
Sampler = 'latest'
MarkdownLinkCheck = 'latest'
Expand Down
4 changes: 2 additions & 2 deletions azure-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ trigger:
include:
- master
paths:
exclude:
- CHANGELOG.md
include:
- source/*
tags:
include:
- "v*"
Expand Down
74 changes: 73 additions & 1 deletion source/DSCResources/DSC_ScheduledTask/DSC_ScheduledTask.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -1858,7 +1858,8 @@ function Get-CurrentResource

if (($result.ContainsKey('LogonType')) -and ($result['LogonType'] -ieq 'ServiceAccount'))
{
$result.Add('BuiltInAccount', $task.Principal.UserId)
$builtInAccount = Set-DomainNameInAccountName -AccountName $task.Principal.UserId -DomainName 'NT AUTHORITY'
$result.Add('BuiltInAccount', $builtInAccount)
}
}

Expand Down Expand Up @@ -1893,3 +1894,74 @@ function Test-DateStringContainsTimeZone

return $DateString.Contains('+')
}

<#
.SYNOPSIS
Set domain name in a down-level user or group name.

.DESCRIPTION
Set the domain name in a down-level user or group name.

.PARAMETER AccountName
The user or group name to set the domain name in.

.PARAMETER DomainName
If the AccountName does not contain a domain name them prefix
it with this value. If the AccountName already contains a domain
name then it will only be updated if the Force switch is set.

.PARAMETER Force
If the identity already contains a domain prefix then force
it to the value in Domain.

.EXAMPLE
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NT AUTHORITY'

Returns 'NT AUTHORITY\Users'.

.EXAMPLE
Set-DomainNameInAccountName -AccountName 'MyDomain\Users' -DomainName 'NT AUTHORITY'

Returns 'MyDomain\Users'.

.EXAMPLE
Set-DomainNameInAccountName -AccountName 'MyDomain\Users' -DomainName 'NT AUTHORITY' -Force

Returns 'NT AUTHORITY\Users'.
#>
function Set-DomainNameInAccountName
{
[CmdletBinding()]
[OutputType([System.String])]
param
(
[Parameter(Mandatory = $true)]
[System.String]
$AccountName,

[Parameter(Mandatory = $true)]
[System.String]
$DomainName,

[Parameter()]
[Switch]
$Force
)

if ($AccountName.Contains('\'))
{
$existingDomainName, $name = ($AccountName -Split '\\')

if (-not [System.String]::IsNullOrEmpty($existingDomainName) -and -not $force.IsPresent)
{
# Keep the existing domain name if it is set and force is not specified
$DomainName = $existingDomainName
}
}
else
{
$name = $AccountName
}

return "$DomainName\$name"
}
24 changes: 24 additions & 0 deletions source/DSCResources/DSC_ScheduledTask/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,27 @@
The resource is used to define basic run once or recurring scheduled tasks
on the local computer. It can also be used to delete or disable built-in
scheduled tasks.

## Known Issues

### ExecuteAsCredential

#### When Using a BUILTIN Group

When creating a scheduled task that uses an `ExecuteAsCredential` that
is one of the 'BUILTIN' groups (e.g. 'BUILTIN\Users'), specifying the
username to include the 'BUILTIN' domain name will result in the resource
never going into state. The same behavior will also occur if setting a
'BUILTIN' group in the UI.

To prevent this issue, set the username in the `ExecuteAsCredential` to the
name of the group only (e.g. 'Users').

#### When Using a Domain User/Group

When creating a scheduled task that uses an `ExecuteAsCredential` that
is a domain user or group, (e.g. 'CONTOSO\ServiceUser'), the domain
name must be included, otherwise the resource will not go into state.

To prevent this issue, set the username in the `ExecuteAsCredential` to the
name of the group only (e.g. 'CONTOSO\ServiceUser').
49 changes: 42 additions & 7 deletions tests/Integration/DSC_PendingReboot.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,20 @@ try
reboot flag and then set it to reboot required. After the tests
have run we will determine if the Get-TargetResource indicates
that a reboot would have been required.

Also, on Azure DevOps Agents, there are sometimes pending file
rename operations that also cause the test to fail. So we will
also preserve the state of this setting.
#>
$windowsUpdateKeys = (Get-ChildItem -Path $rebootRegistryKeys.WindowsUpdate).Name
$script:rebootRegistryKeys = @{
ComponentBasedServicing = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\'
WindowsUpdate = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\'
PendingFileRename = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\'
ActiveComputerName = 'HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName'
PendingComputerName = 'HKLM:\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName'
}

$windowsUpdateKeys = (Get-ChildItem -Path $script:rebootRegistryKeys.WindowsUpdate).Name

if ($windowsUpdateKeys)
{
Expand All @@ -48,10 +60,19 @@ try
if (-not $script:currentAutoUpdateRebootState)
{
$null = New-Item `
-Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\' `
-Path $script:rebootRegistryKeys.WindowsUpdate `
-Name 'RebootRequired'
}

$script:currentPendingFileRenameState = (Get-ItemProperty -Path $script:rebootRegistryKeys.PendingFileRename).PendingFileRenameOperations

if ($script:currentPendingFileRenameState)
{
$null = Remove-ItemProperty `
-Path $script:rebootRegistryKeys.PendingFileRename `
-Name PendingFileRenameOperations
}

$configData = @{
AllNodes = @(
@{
Expand Down Expand Up @@ -96,17 +117,23 @@ try
$_.ConfigurationName -eq "$($script:dscResourceName)_Config"
}
$current.Name | Should -Be $configData.AllNodes[0].RebootName
$current.SkipComponentBasedServicing | Should -Be $configData.AllNodes[0].SkipComponentBasedServicing
$current.ComponentBasedServicing | Should -BeFalse
$current.SkipWindowsUpdate | Should -Be $configData.AllNodes[0].SkipWindowsUpdate
$current.WindowsUpdate | Should -BeTrue
$current.SkipPendingFileRename | Should -Be $configData.AllNodes[0].SkipPendingFileRename
$current.PendingFileRename | Should -BeFalse
$current.SkipPendingComputerRename | Should -Be $configData.AllNodes[0].SkipPendingComputerRename
$current.PendingComputerRename | Should -BeFalse
$current.SkipCcmClientSDK | Should -Be $configData.AllNodes[0].SkipCcmClientSDK
$current.CcmClientSDK | Should -BeFalse
$current.RebootRequired | Should -BeTrue
<#
The actual values assigned to the Skip* parameters
are not returned by Get-TargetResource because they
are set only (control) parameters, so can not be
evaluated except to check the default values.
#>
$current.SkipComponentBasedServicing | Should -BeFalse
$current.SkipWindowsUpdate | Should -BeFalse
$current.SkipPendingFileRename | Should -BeFalse
$current.SkipPendingComputerRename | Should -BeFalse
$current.SkipCcmClientSDK | Should -BeTrue
}
}
}
Expand All @@ -120,5 +147,13 @@ finally
-ErrorAction SilentlyContinue
}

if ($script:currentPendingFileRenameState)
{
$null = Set-ItemProperty `
-Path $script:rebootRegistryKeys.PendingFileRename `
-Name PendingFileRenameOperations `
-Value $script:currentPendingFileRenameState
}

Restore-TestEnvironment -TestEnvironment $script:testEnvironment
}
42 changes: 27 additions & 15 deletions tests/Integration/DSC_ScheduledTask.config.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -224,9 +224,9 @@ Configuration ScheduledTaskExecuteAsGroupAdd
{
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ('BUILTIN\Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))
-ArgumentList ('Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsAdd
ScheduledTask ScheduledTaskExecuteAsGroupAdd
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
Expand Down Expand Up @@ -403,13 +403,19 @@ Configuration ScheduledTaskExecuteAsMod

node 'localhost'
{
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ("$ENV:COMPUTERNAME\$ENV:USERNAME", (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsMod
{
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
ExecuteAsCredential = $executeAsCredential
LogonType = 'Interactive'
RunLevel = 'Highest'
}
}
}
Expand All @@ -420,13 +426,19 @@ Configuration ScheduledTaskExecuteAsGroupMod

node 'localhost'
{
ScheduledTask ScheduledTaskLogonMod
$executeAsCredential = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList ('Users', (ConvertTo-SecureString -String 'Ignore' -AsPlainText -Force))

ScheduledTask ScheduledTaskExecuteAsGroupMod
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
ActionExecutable = 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe'
LogonType = 'Group'
ExecuteAsCredential = $executeAsCredential
ScheduleType = 'AtLogOn'
RunLevel = 'Limited'
}
}
}
Expand Down Expand Up @@ -600,7 +612,7 @@ Configuration ScheduledTaskExecuteAsDel

node 'localhost'
{
ScheduledTask ScheduledTaskLogonDel
ScheduledTask ScheduledTaskExecuteAsDel
{
TaskName = 'Test task Logon'
TaskPath = '\ComputerManagementDsc\'
Expand All @@ -617,7 +629,7 @@ Configuration ScheduledTaskExecuteAsGroupDel

node 'localhost'
{
ScheduledTask ScheduledTaskLogonDel
ScheduledTask ScheduledTaskExecuteAsGroupDel
{
TaskName = 'Test task Logon with BuiltIn Group'
TaskPath = '\ComputerManagementDsc\'
Expand Down
32 changes: 32 additions & 0 deletions tests/Unit/DSC_ScheduledTask.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -2189,6 +2189,38 @@ try
}
}
}

Describe 'DSC_ScheduledTask\Set-DomainNameInAccountName' {
Context 'When the account name does not have a domain name and force is not set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NewDomain' | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name has an empty domain and force is not set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName '\Users' -DomainName 'NewDomain' | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name has a domain name and force is not set' {
It 'Should return ExistingDomain\Users' {
Set-DomainNameInAccountName -AccountName 'ExistingDomain\Users' -DomainName 'NewDomain' | Should -BeExactly 'ExistingDomain\Users'
}
}

Context 'When the account name has a domain name and force is set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'ExistingDomain\Users' -DomainName 'NewDomain' -Force | Should -BeExactly 'NewDomain\Users'
}
}

Context 'When the account name does not have a domain name and force is set' {
It 'Should return NewDomain\Users' {
Set-DomainNameInAccountName -AccountName 'Users' -DomainName 'NewDomain' -Force | Should -BeExactly 'NewDomain\Users'
}
}
}
}
}
finally
Expand Down