#! /usr/bin/perl -w use strict; #* #* basic local user account creation routine for NT/2000 #* use Win32::Lanman; # for account creation use Win32::Perms; # to set the permissions on the home directory #our $homeNTdirs = "\\\\nicksboxv\\home"; # home directory root dir our $homeNTdirs = "E:\\home"; # home directory root dir # returns false if successful, true and an error message if there is a # problem. Rather un-Perl like, more like C. sub CreateNTAccount { my ( $account, $password, $fullname, $group ) = @_; # create this account on the local machine # (i.e. empty first parameter) my $result = Win32::Lanman::NetUserAdd( "", { name => $account, password => $password, full_name => $fullname, home_dir => "$homeNTdirs\\$account", acct_expires => 3600*24 * 356 * 60 + time } ); return Win32::Lanman::GetLastError() unless $result; my @info; # add to appropriate LOCAL group (first get the SID of the account) die "SID lookup error: ".Win32::Lanman::GetLastError()."\n" unless Win32::Lanman::LsaLookupNames( "", [ $account ], \@info ); $result = Win32::Lanman::NetLocalGroupAddMember( "", $group, ${$info[0]}{sid} ); return Win32::Lanman::GetLastError() unless $result; # create home directory mkdir $homeNTdirs, 0777 unless -d $homeNTdirs; mkdir "$homeNTdirs\\$account", 0777 or return "Unable to make homedir:$!"; # now set the ACL and owner of the directory my $acl = new Win32::Perms( "$homeNTdirs\\$account" ); $acl->Owner( $account ); # we give the user full control of the directory and all of the # files that will be created within it (hence the two separate calls) $acl->Allow( $account, FULL, DIRECTORY|CONTAINER_INHERIT_ACE ); $acl->Allow( $account, FULL, FILE|OBJECT_INHERIT_ACE|INHERIT_ONLY_ACE ); $result = $acl->Set(); $acl->Close(); return $result ? "" : $result; } #* #* basic account deletion routine for NT/2000 #* use Win32::Lanman; # for account deletion use File::Path; # for recursive directory deletion sub DeleteNTAccount($) { my ( $account ) = @_; my @info; # remove user from LOCAL groups only. If we wanted to also # remove from global groups we could remove the word "Local" from # the two Win32::Lanman::NetUser* calls *e.g. NetUserGetGroups) die "SID lookup error: ".Win32::Lanman::GetLastError()."\n" unless ( Win32::Lanman::LsaLookupNames( "", [ $account ], \@info ) ); my @groups; Win32::Lanman::NetUserGetLocalGroups( $server, $account, '', \@groups ); foreach my $group ( @groups ) { print "Removing user from local group ".$group->{name}."..."; print( Win32::Lanman::NetLocalGroupDelMember( "", $group->{name}, ${$info[0]}{sid} ) ? "succeeded\n" : "FAILED\n" ); } # delete this account on the local machine # (i.e. empty first parameter) my $result = Win32::Lanman::NetUserDel( "", $account ); return Win32::Lanman::GetLastError() if $result; # delete the home directory and its contents $result = rmtree( "$homeNTdirs\\$account", 0, 1 ); # rmtree returns the number of items deleted, # so if we deleted more than 0,it is likely that we succeeded return $result; } my $result = CreateNTAccount( "test4", "test4passwd", "The Test4 User", "Users" ); unless ( $result ) { print "good, it worked\n"; } else { print "Cannot create test account: $result"; }