When I try to change the password on an endpoint in the Local User Management dashboard, the action script that it generates looks like it’s missing something. Here are the first several lines that show the missing “if” block:
parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”
parameter “OPENSSL_FOLDER” = “{pathname of parent folder of client}\openSSL\bin”
If I try to submit the action I get the expected error,
“Unable to parse action script line 8: Endif encountered without If.”
Any ideas what’s missing here? I’ve activated the Local User Management Analysis and ran the Enable Encrypted Password Deployment task on a number of test servers. They all show up in the dashboard, but have this same result.
There are several idiosyncrasies with Local User Management.
First, the wizard duplicates the first line of the script. Just delete the duplicate line.
If you try to set a password over 14 characters, it will fail. That appears to be a CLI limitation of the Microsoft command.
Be careful of the special characters you try to use in the password. It is easy for some of them to get mis-interpreted. For example ‘/’ or ‘’ or ‘|’ may get mis-interpreted or fail.
Make sure you test the password that you are setting so that the results are what you expect. This process does work within the noted parameters.
However, it doesn’t appear the wizard is generating the correct net user syntax to accept the greater than 14 character password warning. That syntax is, net user username password /add /y
None of this still explains why there is an endif without an if though.
So it looks like there are two bugs with this labs project.
It seems the wizard doesn’t create the proper syntax for long passwords. Andrew has provided the proper command to handle this, so the workaround would be to edit the action to include this line.
The other bug is that the dashboard has a dependency on analysis 977: “Encryption Analysis for Clients” in the BigFix Management site, but doesn’t really tell you about it. This analysis is used to generate those encryption blocks (so without it there is nothing to encrypt, and is why you end up with a dangling “endif” clause; there is suppose to be a bunch of if blocks there). The work around here is to activate that analysis, and once it starts reporting you should be able to encrypt passwords against these devices.
hhmmmmm…It seems that I am missing that analysis. When we use our MO account we receive a relevance error. See attached. Do you think I need to contact support?
The analysis “Encryption Analysis for Clients” is activated, but it appears to be looking for the following:
(value
"CertificatePath"
of
key
"HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\EncryptionControl"
of
x32 registry
as
string)
which does not exist on clients that have had the “Enable Encrypted Password Deployment” task run on them. This task does not appear to set the required registry entry.
Has the Issue with Local User Management been resolved… We are attempting to create local administrators in a Secure manner however the bug in the Local User Management still continues… is there any fix in Pipeline or any means to achieve our requirement