-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprofile.ps1
208 lines (191 loc) · 5.8 KB
/
profile.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
<#
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.3.130
Created on: 2016/11/16 15:04
Created by: wang,xinyan@hpe【[email protected]】
Organization: HPE I&A
Filename: profile
===========================================================================
.DESCRIPTION
Change default password for users
#>
#####################################################
#Logic Block 1: | Log Logical
#LogError: | ErrorLog Function
#LogDebug: | DebugLog Function
#LogInfo: | InfoLog Function
#####################################################
$scriptpath = $MyInvocation.MyCommand.Definition
#Write-Host $scriptpath
$parentpath = Split-Path -Parent $scriptpath
$logfile = $parentpath + "\changepassword.log"
Function write2log($logentry)
{
if (Test-Path $logfile)
{
#do nothing
}
else
{
try
{
New-Item $logfile -type file -force
}
catch
{
}
}
try
{
$logentry | out-file -Filepath $logfile -force -Append -Encoding ASCII
}
catch
{
Start-Sleep -m (Get-Random -minimum 30 -maximum 50)
try
{
$logentry | out-file -Filepath $logfile -force -Append -Encoding ASCII
}
catch
{
Start-Sleep -m (Get-Random -minimum 150 -maximum 200)
try
{
$logentry | out-file -Filepath $logfile -force -Append -Encoding ASCII
}
catch { }
}
}
}
Function LogError($action, $errmsg)
{
$dt = Get-Date
$dtstr = $dt.ToString()
$logentry = "[$($dtstr)]|[ERROR] - [$($action)] $($errmsg)"
write2log($logentry)
}
Function LogInfo($infomsg)
{
$dt = Get-Date
$dtstr = $dt.ToString()
$logentry = "[$($dtstr)]|[INFO] - $($infomsg)"
write2log($logentry)
}
################################################################################
#Logic Block 2: |Main Logic
#description:Write the password in script and make username as parameter
################################################################################
Import-Module ActiveDirectory
$pass = ConvertTo-SecureString -AsPlainText Porsche911 -Force
Set-ExecutionPolicy UnRestricted
[string]$xmldocpath = "c:\adminlist.xml"
$xmlDoc = New-Object "system.xml.xmldocument"
$xmlDoc.Load($xmldocpath)
$nodeList = $xmlDoc.GetElementsByTagName("AdminList");
foreach ($node in $nodeList)
{
$childNodes = $node.ChildNodes
$Admins = $childNodes.Item(0).InnerXml.ToString()
$AdminArray = $Admins.split("|")
}
#$adminMembers = net localgroup administrators
if ($args.Length -eq 0)
{
Write-Host -ForegroundColor Red "Please input username who need to change password"
LogError "No username has been input"
return $null
}
else
{
# username: script parameter
# useraccount: the username check from the enviroment
$script:n = 0
$script:username = $args[0]
#$script:useraccount = (Get-WmiObject -Class Win32_UserAccount -Filter "Name='$env:username'").name
$script:useraccount = $env:username
#当当前用户修改的是自己的密码时
if ($username -eq $useraccount)
{
#遍历系统管理员名单,如果自己是系统管理员,则禁止修改密码
foreach ($Admin in $AdminArray)
{
if ($useraccount -eq $Admin)
{
#当前用户是系统管理员,直接禁止修改密码并跳出遍历
Write-Host -ForegroundColor Yellow "Can not change the password of administrator"
LogInfo "password of $($username) can not be changed"
$n = 0
break
}
else
{
#当前用户目前还不是系统管理员,继续遍历
LogInfo "$($Admin) is administrator, you are not this admin"
$n = 1
}
}
#遍历结束,n不为0, 表示用户不是系统管理员,可以修改自己的密码
if ($n -ne 0)
{
set-adaccountpassword $username -Reset -NewPassword $pass
Write-Host -ForegroundColor Green "password has been reset to Porsche911"
LogInfo "password of $($username) has been reset to Porsche911"
}
}
#当前用户修改的不是自己的密码时
else
{
$script:m = 0
#遍历管理员列表
:mainloop foreach ($Admin in $AdminArray)
{
Write-Host -ForegroundColor Yellow "$($Admin) and $($useraccount)"
#当前用户是管理员时,可以修改除其它管理员以外的用户密码
if ($useraccount -eq $Admin)
{
:secloop foreach ($Admin in $AdminArray)
{
#所需要修改密码的用户也是管理员
if ($username -eq $Admin)
{
Write-Host -ForegroundColor Yellow "Can not change the password of administrator"
LogInfo "password of $($username) can not be changed"
$m = 0
break mainloop
}
#所需要修改密码的用户还不是管理员,继续遍历
else
{
Write-Host -ForegroundColor Yellow "$($Admin) is administrator, you are not this admin"
LogInfo "$($Admin) is administrator, you are not this admin"
$m = 1
}
}
break mainloop
}
#当前用户不是管理员,则不允许修改密码
else
{
Write-Host -ForegroundColor Red "This is not your adaccount, you can not change it's password"
LogInfo "$($useraccount) has no access to change the password of $($username)"
$m = 0
}
}
#遍历结束,m 不为 0 时,所需要修改密码的用户一直不是管理员,则可以修改密码
if ($m -ne 0)
{
try
{
set-adaccountpassword $username -Reset -NewPassword $pass
Write-Host -ForegroundColor Green "password has been reset to Porsche911"
LogInfo "password of $($username) has been reset to Porsche911"
}
catch
{
Write-Host -ForegroundColor Red "Name Error"
LogInfo "Name $($username) Error"
}
}
}
}