Version 5

Operational requirements

It is important to know that: WinLocal connector uses WinRM. Consequently, WinRM communication should be always enabled between connector server and target computer.

Additionally you should have PowerShell version 5.1 installed on connector server and all client (target) instances.

Service account information:

Service account should be set including your domain name. For example, 'MachineName\serviceAccount'. Connector will perform all operations on behalf of the user, that you specify. Consequently, your service account should have sufficient permissions.

Provisioning identities

WinLocal connector supports working with following identities:

  • Users (incuding group memberships)
  • Groups

Provisioning User

ADD

Attribute nameDescriptionType
NameSpecifies the user name for the user account.

If you create a local user account for the local system, the user name can contain up to 20 uppercase characters or lowercase characters. A user name cannot contain the following characters:

\ / [ ]| < > + = ; , ? * @

A user name cannot consist only of periods . or spaces.

Required
string
PasswordSpecifies a password for the user account.

Required or can be omitted if is used 'NoPassword' attribute
string
NoPasswordIndicates that the user account does not have a password.

Required if "Password" attribute omitted.
Note: "Password" and "PasswordNeverExpires" attributes may not be used.
bool
PasswordNeverExpiresIndicates whether the password expires.bool
UserMayNotChangePasswordIndicates that the user cannot change the password on the user account.bool
AccountExpiresIndicates that the account does not expire.

Note: "AccountExpires" attribute may not be used together.
datetime
DisabledIndicates that creates the user account as disabled.bool
FullNameSpecifies the full name for the user account. The full name differs from the user name of the user account.string
DescriptionSpecifies a comment for the user account. The maximum length is 48 characters.string
MemberOf
(Custom attribute)
Specifies an array of groups. You can specify groups by 'Name'.array

MODIFY

Attribute nameDescriptionType
NameSet new name for local userstring
AccountExpiresSpecifies when the user account expires.datetime
AccountNeverExpiresIndicates that the account does not expire.bool
DescriptionSpecifies a comment for the user account. The maximum length is 48 characters.string
FullNameSpecifies the full name for the user account.string
PasswordSpecifies a password for the user account.string
PasswordNeverExpiresIndicates whether the password expires.bool
UserMayChangePasswordIndicates that the user can change the password on the user account.bool
Enable
(Custom attribute)
Enable or Disable the local userbool
MemberOf
(Custom attribute)
Specifies an array of groups. You can specify groups by 'Name'.array

RESET PASSWORD

Attribute nameDescriptionType
PasswordSpecifies a password for the user account.

Required
string

Provisioning Group

ADD

Attribute nameDescriptionType
NameSpecifies a name for the group. The maximum length is 256 characters.

Required
string
DescriptionSpecifies a comment for the group. The maximum length is 48 characters.string
Members
(Custom attribute)
Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.array

MODIFY

Attribute nameDescriptionType
NameSpecifies a name for the group. The maximum length is 256 characters.

Required
string
DescriptionSpecifies a comment for the group. The maximum length is 48 characters.string
Members
(Custom attribute)
Specifies an array of users or groups. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.array

Search

Get-LocalUser - Gets local user accounts.
[-Name <String[]>] – Specifies an array of names of user accounts.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of user accounts.

Attribute nameDescriptionType
AccountExpiresSpecifies when the user account expires.datetime
DescriptionSpecifies a comment for the user account.string
EnabledSpecifies a user account is enabled.bool
FullNameSpecifies the full name for the user account.string
PasswordChangeableDatedatetime
PasswordExpiresSpecifies a password date expiration.datetime
UserMayChangePasswordIndicates that the user can change the password on the user account.bool
PasswordRequiredbool
PasswordLastSetdatetime
LastLogondatetime
NameSpecifies the user name for the user account.string
SIDSpecifies a security IDs (SIDs) of user account.string

Get-LocalGroup - Gets local security groups in Security Account Manager.
[-Name <String[]>] - Specifies an array of names of security group.
[-SID <SecurityIdentifier[]>] - Specifies an array of security IDs (SIDs) of security groups.

Attribute nameDescriptionType
DescriptionSpecifies a comment for the group.string
NameSpecifies a name for the group.string
SIDSpecifies a security IDs (SIDs) of security group.string
Members
(Custom attribute)
Specifies a names of users or groups.array

Get-LocalGroupMember - Gets members from a local group.
[-Member <String>] - Specifies a user or group that this cmdlet gets from a security group. You can specify users or groups by name or security ID (SID). Specify SID strings in S-R-I-S-S . . . format. You can use wildcard characters. If you do not specify this parameter, the cmdlet gets all members of the group.
[-Name <String>] - Specifies the name of the security group from which this cmdlet gets members.
[-SID <SecurityIdentifier>] - Specifies the security ID of the security group from which this cmdlet gets members.

Attribute nameDescriptionType
NameSpecifies a name for the object.string
SIDSpecifies a security IDs (SIDs) of object.string
ObjectClassSpecifies an object name.string