Problems adding users to local group

This topic contains 4 replies, has 2 voices, and was last updated by  Michael Felkins 3 years, 9 months ago.

  • Author
  • #18315

    Michael Felkins


    I am trying to build a web server with several users placed in some local groups.
    I am using the User function in DSC. Here is the error I get.

    ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Password' OF TYPE 'User':
    Converting and storing an encrypted password as plaintext is allowed only if PSDscAllowPlainTextPassword is set to
    At D:\Scripts\WebRole.ps1:572 char:5

    I am setting the Credentials early on in the script lile this:

    $SecurePassword = ConvertTo-SecureString "xyz**************"' -AsPlainText -Force
    $Credentials = New-Object System.Management.Automation.PSCredential("`$theusername",$SecurePassword)

    I then try to set up the user like this:

    # Create Local User Accounts
    User Theusername {
    UserName = '$theusername'
    Description = 'Service Account'
    Disabled = $False
    Ensure = 'Present'
    FullName = '$theusername'
    Password = $Credentials
    PasswordChangeNotAllowed = $True
    PasswordChangeRequired = $False
    PasswordNeverExpires = $True

    I found one example that says I have to set PSDscAllowPlainTextPassword=$true

    But it is unclear where I would put this in my code.

    Any help would be great.


  • #18316

    Don Jones

    Have you looked at The DSC Book? There's an example.

  • #18319

    Michael Felkins

    Yes I have, I am using the example in my script. However it does not seem to make any difference.
    I have tried it in the begining of the script and at the end with no luck. It just seems to ignore it.

    I am using the "The Easier, Less-Right Way"

    I inherited this script from someone who started it, but did not finish. It has many issues that I am trying to solve one at a time.

    Thanks for taking the time to answer my question.


  • #18324

    Don Jones

    The "allow unencrypted" needs to go in a global configuration block that gets passed into the configuration when you run it. That's shown at the bottom of page 44. It doesn't go IN the configuration, you'll notice. It's a little difficult to troubleshoot further without seeing what you're doing (notice that file attachments must have a .txt extension).

  • #18329

    Michael Felkins


    Thanks for the quick response. I re-read the section on "The Easier, Less-Right Way" and I realized I wasn't calling the global configuration block when I was running the script.

    That seemed to fix that problem. One down 27 to go.


You must be logged in to reply to this topic.