Author Posts

August 26, 2014 at 9:27 am

Hi,

I am trying to build a web server with several users placed in some local groups.
I am using the User function in DSC. Here is the error I get.

ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Password' OF TYPE 'User':
Converting and storing an encrypted password as plaintext is allowed only if PSDscAllowPlainTextPassword is set to
true.
At D:\Scripts\WebRole.ps1:572 char:5

I am setting the Credentials early on in the script lile this:

$SecurePassword = ConvertTo-SecureString "xyz**************"' -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential("`$theusername",$SecurePassword)

I then try to set up the user like this:

# Create Local User Accounts
User Theusername {
UserName = '$theusername'
Description = 'Service Account'
Disabled = $False
Ensure = 'Present'
FullName = '$theusername'
Password = $Credentials
PasswordChangeNotAllowed = $True
PasswordChangeRequired = $False
PasswordNeverExpires = $True
}

I found one example that says I have to set PSDscAllowPlainTextPassword=$true

But it is unclear where I would put this in my code.

Any help would be great.

TIA

August 26, 2014 at 9:41 am

Have you looked at The DSC Book? There's an example.

August 26, 2014 at 11:59 am

Yes I have, I am using the example in my script. However it does not seem to make any difference.
I have tried it in the begining of the script and at the end with no luck. It just seems to ignore it.

I am using the "The Easier, Less-Right Way"

I inherited this script from someone who started it, but did not finish. It has many issues that I am trying to solve one at a time.

Thanks for taking the time to answer my question.

Mike

August 26, 2014 at 1:18 pm

The "allow unencrypted" needs to go in a global configuration block that gets passed into the configuration when you run it. That's shown at the bottom of page 44. It doesn't go IN the configuration, you'll notice. It's a little difficult to troubleshoot further without seeing what you're doing (notice that file attachments must have a .txt extension).

August 26, 2014 at 5:37 pm

Hi,

Thanks for the quick response. I re-read the section on "The Easier, Less-Right Way" and I realized I wasn't calling the global configuration block when I was running the script.

That seemed to fix that problem. One down 27 to go.

Mike