Hi all,
I'm trying to figure out how to add or create a user based on the requestor of the VM..
I'm using a clone workflow in my blue print so I'm guessing that VirtualMachine.Admin.AddOwnerToAdmins is out of the question. Currently I have a script that runs after the vm is provisioned, part of this is to scan GuestAgent.log for VirtualMachine.Admin.Owner then create a local user and add it to the Administrators group.
I'm guessing that this isn't the best or right way to do things so any pointers would be appreciated
Thanks!
Late reply but maybe still of interest: instead of using the GuestAgent and have it done on the machine you can always do this in the MachineProvisioned step and with a Invoke-VmGuest call to the machine provisioned. With that approach you might be more flexible depending what other tasks you want to perform. Ronald
Thanks for this!
I ended up using the legacy.workflow.user as it appears to be an external property - My guest script then strips the domain and adds the user to the local admins.
My plan is to migrate tasks like this in to to vCAC workflow stubs, like you suggested, as I feel that you have more control over what is going on!
Kind Regards
eatVM - Can you share how your guest script stripped the domain from the legacy.workflow.user value? I'll need to do the same, because I'm trying to use the sample guest script from the Guest script manager package and it already specifies the domain as a separate value.
I did this with the vCO workflow stubs. It is really easy to get this going just a few setup things which is outlined in the extensibility document which was released with 6.0.1 then a simple workflow. For windows systems this is what I did. You will want to replace the QCrunProgramInGuest with the canned runProgramInGuest workflow.
var vmOwnerEmail = vCACVmProperties.get("__Legacy.Workflow.User");
var vmOwner = vmOwnerEmail.substring(0,vmOwnerEmail.indexOf("@"));
//Add Local Admins
programPath = "c:\\Windows\\System32\\cmd.exe";
workingDirectory = "c:\\Windows\\System32";
arguments = "/c net LOCALGROUP Administrators /ADD " + vmOwner +" >> c:\\runQconfig\\provisioning.log";
result = System.getModule("com.qualcomm.basic").QCrunProgramInGuest(vm,vmUsername,vmPassword,interactiveSession,programPath,arguments,workingDirectory,environment);
You can also add a custom property if you want people to specify a list of user or group names that sort of thing but the __Legacy.Workflow.User property should map to the owner.
This is pretty much what I did, only difference is that I now get VirtualMachine.Admin.Owner in the original machine provisioned workflow stub and pass it to the vco workflow as an input.
Then have this function (which, on it's own is best suited to an action) to strip away suffix:
function getUserCode(user) {
//removes upn from the output of VirtualMachine.Admin.Owner
//and returns usercode
user = user.replace(/@.*$/i, "");
return user;
}
EatVM, your script is exactly what I need. Users are in a different domain than what the VM's are going to be in, so removing the UPN is perfect. However when I run your workflow in my scenario, it completes fine but doesnt actually add the user to the admin group. I can run the command locally on the VM and it add fine.
Sadly you need to disable UAC in the template for in guest commands to run!
I provision the machine with UAC disabled then re enable it at the end of the vco workflow with another in guest script.
Will be able to give more info tomorrow if you need it?
Cheers
Weird, UAC is already disabled.
Will look at my workflow when i'm in work and get back to you. It's been a while since i've looked at that particular part of the workflow.
That's i'd appreciate it!
My experience with uac has been that sometimes I think it is disabled but it is not in fact disabled. Sometimes I have to go in and enable then disable for the change to really stick. If you login to your image with an account that is in the local admin group, then launch a command window, if the title bar for the command window doesn't show up as in administrator mode then running the in guest scripts will fail on windows. I have only noticed this issue in 2012 and 2012R2. Anyway after flipping it on/off and also making sure in the registry that a certain key is flipped. Take a look at this article http://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-ua...
qc4vmware is right.. I have seen this too.
Let us know how you get on! :smileylaugh:
My VM's are 2008, but I still disabled UAC like the link stated to. Verified the paths are fine. So it looks like the script isnt even getting ran on my guest at this point. I tried to ouput a text file to see if it was even executing and it's not outputing anything.
Wait - interactive session isn't set to true is it?? This needs to be false.
Try running the script from vco whilst logged on with the user you tell vco to use.
Here: guestAuth.interactiveSession = false;
Ok I tried running it with the same user I was logged in with, still nothing.
Where do I need to add that new guestAuth to? Sorry this is still all kinda new to me.
That should be in the second scriptable task in the workflow.. The param is already there, just check what it's value is.
I noticed this mornign when looking at this workflow again, the vm variable's value says "not found" although I'm selecting a VM to run it on to test.