Skip to content
/ windows_account_names Public

Custom fact that shows the name of the Administrator and Guest account on Windows

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

natemccurdy/windows_account_names

BranchesTags

Repository files navigation

Puppet Forge Build Status

Windows Accounts Fact

This Puppet module adds a custom fact called windows_accounts that shows the current name of the Administrator and Guest users on Windows.

This is useful for those that change or randomize these built-in accounts then need to know what the name is. Or, when you need to know what the current name is to trigger the renaming.

For example, this shows that we've renamed the Administrator account to Kermit on this machine:

ps> facter -p windows_accounts

{
  Administrator => 'Kermit',
  Guest => 'Guest'
}

Example 1

Say that we want to rename the Administrator account to abcdefg, we could use this fact to check if we need to change it:

# Save the current Administrator account name to a shorter variable.
$current_admin = $facts['windows_accounts']['Administrator']

if $current_admin != 'abcdefg' {
  exec { 'Rename Administrator':
    command  => "$(Get-WMIObject Win32_UserAccount -Filter 'Name=\"${current_admin}\"').Rename('abcdefg')",
    provider => powershell,
  }
}

Note that this is a bit of a contrived example as it'd probably be better to use an unless attribute with some PowerShell to make the exec idempotent.

Example 2

Say that we wanted to query PuppetDB for the name of the Administrator account on all of our nodes.

ps> puppet query 'fact_contents[certname,value] { path ~> ["windows_accounts", "Administrator"] }'
[
  {
    "certname": "win-appx-web.corp.net",
    "value": "Administrator"
  },
  {
    "certname": "win-appx-db.corp.net",
    "value": "xadmin"
  }
]

We can see that the win-appx-db node's administrator account is called xadmin.

How this works

Windows uses well-known SID's to identify its built-in accounts: http://support.microsoft.com/kb/243330

This fact enumerates all local users and looks for the SID's that match the pattern for the Administrator and Guest accounts.

Account SID Pattern
Administrator /^S-1-5-21.*-500$/
Guest /^S-1-5-21.*-501$/

Contributing and Development

Pull requests are always welcomed!

This module uses the Puppet Development Kit for validation. All pull requests must pass the GitHub Actions checks before they can be merged.

For local development, here's the workflow I use and what I recommend you use as well:

  1. Create a feature branch.
  2. Make your changes.
  3. Update any docs or README's if user-facing things change.
  4. Run: pdk validate
  5. Push up your branch to your fork and make a Pull Request.

About

Custom fact that shows the name of the Administrator and Guest account on Windows

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

3.0.0 Latest
Apr 24, 2024
+ 1 release

Packages

No packages published

Languages