search

cloudbase / windows-imaging-tools

Tools to automate the creation of a Windows image for OpenStack, supporting KVM, Hyper-V, ESXi and more.
Apache License 2.0
670 stars 227 forks source link

Remove Admin account and enable Administrator #327

Closed Kuanlin-Chen closed 4 years ago

Kuanlin-Chen commented 4 years ago

According to this https://github.com/cloudbase/cloudbase-init/issues/24

I tried to modify the file Unattend.xslt, I changed its DisplayName and Name from Admin to Administrator, here is the code:

<xsl:element name="Description" namespace="{namespace-uri()}">Admin user</xsl:element>
<xsl:element name="DisplayName" namespace="{namespace-uri()}">Administrator</xsl:element>
<xsl:element name="Group" namespace="{namespace-uri()}">Administrators</xsl:element>
<xsl:element name="Name" namespace="{namespace-uri()}">Administrator</xsl:element>

The name of Admin finally changed, but the instance created from this image has two Administrator accounts.

BTW, I can't understand when this file Unattend.xslt be applied in the image? Any idea is appreciated.

Kuanlin-Chen commented 4 years ago

I tried to comment the block of UserAccounts template, it finally worked, I can only see one Administrator account as I expected.

<!--<xsl:template match='u:unattend/u:settings/u:component[@name="Microsoft-Windows-Shell-Setup"]/u:UserAccounts/u:AdministratorPassword|u:unattend/u:settings/u:component[@name="Microsoft-Windows-Shell-Setup"]/u:AutoLogon/u:Password'>
......
......
        <xsl:element name="LocalAccounts" namespace="{namespace-uri()}">
          <xsl:element name="LocalAccount" namespace="{namespace-uri()}">
            <xsl:attribute name="wcm:action">add</xsl:attribute>
            <xsl:element name="Description" namespace="{namespace-uri()}">Admin user</xsl:element>
            <xsl:element name="DisplayName" namespace="{namespace-uri()}">Administrator</xsl:element>
            <xsl:element name="Group" namespace="{namespace-uri()}">Administrators</xsl:element>
            <xsl:element name="Name" namespace="{namespace-uri()}">Admin</xsl:element>
......
  </xsl:template>-->

Another strange situation, I found that something will trigger Logon.ps1 running when the instance starting or user login, which service do that? I have no idea.

ader1990 commented 4 years ago

@Kuanlin-Chen ,

This tool to create the image works like this:

  1. creates the vhd and applies the correct image from the iso on the vhd
  2. creates and starts a vm on hyperv using the above vhd. when the vm starts, a set of scripts are run automatically (Specialize.ps1, FirstLogon.ps1, Logon.ps1) that execute things like installing updates, configuring swap, installing cloudbase-init, etc. The script Logon.ps1 can reboot the VM and after the reboot, Logon.ps1 starts again. At the end of Logon.ps1, sysprep generalize is performed, all the scripts are removed and the Logon.ps1 script is removed from running at the next boot.
  3. waits for the vm to stop and converts the vhd to the desired format (if different than vhd).

You have these 3 stages in a visual form described in the readme: https://github.com/cloudbase/windows-openstack-imaging-tools#workflow-of-windows-imaging-tools

You have here a complete definition of all the configuration options applicable for all these 3 stages: https://github.com/cloudbase/windows-openstack-imaging-tools/blob/master/Config.psm1#L23

You are REQUIRED to use New-WindowsOnlineImage to run the above 3 stages.

If you run New-WindowsCloudImage, only the first stage will run and you are REQUIRED to move the image to your target cloud, start an instance there, wait for it to stop, then snapshot it and use the snapshot as the final image.

Getting back to your actual issues, you are not supposed to change any xml code in the tool, as you can specify custom cloudbase-init configuration files with the desired content: https://github.com/cloudbase/windows-openstack-imaging-tools/blob/master/Config.psm1#L146 https://github.com/cloudbase/windows-openstack-imaging-tools/blob/master/Config.psm1#L148

Please take a look at the docs for a better understanding of how all works: https://github.com/cloudbase/windows-openstack-imaging-tools/tree/master/docs

Kuanlin-Chen commented 4 years ago

Thanks for the explanation, it really helps me a lot. Would you mind if I ask one more question?

As you said "all the scripts are removed and the Logon.ps1 script is removed from running at the next boot." => Do you mean the Logon.ps1 will not be removed from the image until the next boot? Why? And who triggers the script?

ader1990 commented 4 years ago

Logon.ps1 is configured as an autologon script, and it is removed by itself just before it triggers the shutdown.