Problems adding users to local group

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Michael Felkins Michael Felkins 2 years, 3 months ago.

  • Author
    Posts
  • #18315
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Hi,

    I am trying to build a web server with several users placed in some local groups.
    I am using the User function in DSC. Here is the error I get.

    ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Password' OF TYPE 'User':
    Converting and storing an encrypted password as plaintext is allowed only if PSDscAllowPlainTextPassword is set to
    true.
    At D:\Scripts\WebRole.ps1:572 char:5

    I am setting the Credentials early on in the script lile this:

    $SecurePassword = ConvertTo-SecureString "xyz**************"' -AsPlainText -Force
    $Credentials = New-Object System.Management.Automation.PSCredential("`$theusername",$SecurePassword)

    I then try to set up the user like this:

    # Create Local User Accounts
    User Theusername {
    UserName = '$theusername'
    Description = 'Service Account'
    Disabled = $False
    Ensure = 'Present'
    FullName = '$theusername'
    Password = $Credentials
    PasswordChangeNotAllowed = $True
    PasswordChangeRequired = $False
    PasswordNeverExpires = $True
    }

    I found one example that says I have to set PSDscAllowPlainTextPassword=$true

    But it is unclear where I would put this in my code.

    Any help would be great.

    TIA

  • #18316
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Have you looked at The DSC Book? There's an example.

  • #18319
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Yes I have, I am using the example in my script. However it does not seem to make any difference.
    I have tried it in the begining of the script and at the end with no luck. It just seems to ignore it.

    I am using the "The Easier, Less-Right Way"

    I inherited this script from someone who started it, but did not finish. It has many issues that I am trying to solve one at a time.

    Thanks for taking the time to answer my question.

    Mike

  • #18324
    Profile photo of Don Jones
    Don Jones
    Keymaster

    The "allow unencrypted" needs to go in a global configuration block that gets passed into the configuration when you run it. That's shown at the bottom of page 44. It doesn't go IN the configuration, you'll notice. It's a little difficult to troubleshoot further without seeing what you're doing (notice that file attachments must have a .txt extension).

  • #18329
    Profile photo of Michael Felkins
    Michael Felkins
    Participant

    Hi,

    Thanks for the quick response. I re-read the section on "The Easier, Less-Right Way" and I realized I wasn't calling the global configuration block when I was running the script.

    That seemed to fix that problem. One down 27 to go.

    Mike

You must be logged in to reply to this topic.