Version 5

Operational requirements

It is important to know that: WinLocal connector uses WinRM. Consequently, WinRM communication should be always enabled between connector server and target computer.

Using SSL

Connector supports working using SSL connection as well. If you would like to use WinRM via HTTPS please make sure that:

  1. WinRM should be configured for communication via HTTPS.
  2. You should add 'useSSL' attribute on the managed system level.

Additionally you should have PowerShell version 5.1 installed on connector server and all client (target) instances.

Service account information:

Service account should be set including your domain name. For example, 'MachineName\serviceAccount'. Connector will perform all operations on behalf of the user, that you specify. Consequently, your service account should have sufficient permissions.

Provisioning identities

WinLocal connector supports working with following identities:

  • Users (including group memberships)
  • Groups

Provisioning User

ADD

Attribute nameDescriptionType
NameSpecifies the user name for the user account.

If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:

\ / [ ]| < > + = ; , ? * @

A user name cannot consist only of periods . or spaces.

Required
string
PasswordSpecifies a password for the user account.

Required or can be omitted if is used 'NoPassword' attribute
string
NoPasswordIndicates that the user account does not have a password.

Required if "Password" attribute omitted.
Note: "Password" and "PasswordNeverExpires" attributes should not be used together with this one.
bool
PasswordNeverExpiresIndicates whether the password expires.bool
UserMayNotChangePasswordIndicates that the user cannot change the password on the user account.bool
AccountExpiresIndicates that the account does not expire.

Note: "AccountExpires" attribute may not be used together.
datetime
DisabledIndicates that creates the user account as disabled.bool
FullNameSpecifies the full name for the user account. The full name differs from the user name of the user account.string
DescriptionSpecifies a comment for the user account. The maximum length is 48 characters.string
MemberOf
(Custom attribute)
Specifies an array of groups. You can specify groups by 'Name'.array

MODIFY

Attribute nameDescriptionType
NameSet new name for local userstring
AccountExpiresSpecifies when the user account expires.datetime
AccountNeverExpiresIndicates that the account does not expire.bool
DescriptionSpecifies a comment for the user account. The maximum length is 48 characters.string
FullNameSpecifies the full name for the user account.string
PasswordSpecifies a password for the user account.string
PasswordNeverExpiresIndicates whether the password expires.bool
UserMayChangePasswordIndicates that the user can change the password on the user account.bool
Enabled
(Custom attribute)
Makes user enabled or notbool
MemberOf
(Custom attribute)
Specifies an array of groups. You can specify groups by 'Name'.array

RESET PASSWORD

Attribute nameDescriptionType
PasswordSpecifies a password for the user account.

Required
string
PasswordNeverExpiresIndicates whether the password expires.bool
UserMayChangePasswordIndicates that the user can change the password on the user account.bool

Provisioning Group

ADD

Attribute nameDescriptionType
NameSpecifies a name for the group. The maximum length is 256 characters.

Required
string
DescriptionSpecifies a comment for the group. The maximum length is 48 characters.string
Members
(Custom attribute)
Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.array

MODIFY

Attribute nameDescriptionType
NameSpecifies a name for the group. The maximum length is 256 characters.

Required
string
DescriptionSpecifies a comment for the group. The maximum length is 48 characters.string
Members
(Custom attribute)
Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.array

Search

Get-LocalUser - Gets local user accounts.
[-Name <String[]>] – Specifies an array of names of user accounts.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of user accounts.

Attribute nameDescriptionType
AccountExpiresSpecifies when the user account expires.datetime
DescriptionSpecifies a comment for the user account.string
EnabledSpecifies a user account is enabled.bool
FullNameSpecifies the full name for the user account.string
PasswordChangeableDatedatetime
PasswordExpiresSpecifies a password date expiration.datetime
UserMayChangePasswordIndicates that the user can change the password on the user account.bool
PasswordRequiredbool
PasswordLastSetdatetime
LastLogondatetime
NameSpecifies the user name for the user account.string
SIDSpecifies a security IDs (SIDs) of user account.string

Get-LocalGroup - Gets local security groups in Security Account Manager.
[-Name <String[]>] - Specifies an array of names of security group.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of security groups.

Attribute nameDescriptionType
DescriptionSpecifies a comment for the group.string
NameSpecifies a name for the group.string
SIDSpecifies a security IDs (SIDs) of security group.string
LocalUsers
(Custom attribute)
Specifies a names of local users.array
DomainUsers
(Custom attribute)
Specifies a names of domain users.array
DomainGroups
(Custom attribute)
Specifies a names of domain groups.array
AzuerAdUsers
(Custom attribute)
Specifies a names of Azure users.

Note: Only for Windows Server 2016 or higher
array
AzuerAdGroups
(Custom attribute)
Specifies a names of Azure groups.

Note: Only for Windows Server 2016 or higher
array
OtherUsers
(Custom attribute)
Specifies a names of system users.array
OtherGroups
(Custom attribute)
Specifies a names of system groups.array

Get-LocalGroupMember - Gets members from a local group.
[-Member <String>] - Specifies a user or group that this cmdlet gets from a security group. You can specify users or groups by name or security ID (SID). Specify SID strings in S-R-I-S-S . . . format. You can use wildcard characters. If you do not specify this parameter, the cmdlet gets all members of the group.
[-Name <String>] - Specifies the name of the security group from which this cmdlet gets members.
[-SID <SecurityIdentifier>] - Specifies the security ID of the security group from which this cmdlet gets members.

Attribute nameDescriptionType
NameSpecifies a name for the object.string
SIDSpecifies a security IDs (SIDs) of object.string
ObjectClassSpecifies an object name.string