4.16.3 Changing the account for the OS service
Function
This plug-in changes the user name and password of the OS service on the Windows execution target server.
The following explains the meaning of an important term used in this document:
- OS service
To distinguish from services executed in JP1/AO, Windows services are generically referred to as OS services.
OS services specified for an OS service name (common.serviceNameproperty) have a name and a service display name displayed in Name when you click Control Panel, Administrative Tools, and then Services.
For an OS user name (Common.OSUserName), specify a user in the format of "domain-name\OS-user-name" or "\OS-user-name". To specify a built-in account, specify the OS user name (Common.OSUserName property) in the following format:
Built-in account OS user name (Common.OSUserName property)
---------------- -----------------------------------------
Local System LocalSystem
Local Service NT AUTHORITY\LocalService
Network Service NT AUTHORITY\NetworkService
The prerequisite server for this plug-in is as follows:
- Execution target server
This server is used as the target for executing this plug-in.
The scripts in this plug-in perform the following processing:
- Checking that no wildcard (* ? [ ]) is used for the specified OS service name (the common.serviceName property)
- Executing the following command:
Get-WmiObject -Class Win32_Service -Filter "DisplayName=OS-service-name (the common.serviceName property)"
Use the change method of the Win32_Service object obtained by the above command to change the OS service account (user name and password) to the OS user name (the Common.OSUserName property) and the OS user password (the common.osUserPassword property).
For details on the change method of the Win32_Service class, visit the Microsoft library Web site.
Use situation
This plug-in is used to change the user name in the initial settings for the registered OS service, and to the OS service password periodically as a security measure.
Prerequisites
For the latest support status of the following items, see the Release notes: Prerequisite product within the system, prerequisite products on the execution target server, and running OS for prerequisite products on the execution target server.
Prerequisite product within the system:
- JP1/Automatic Operation 11-00 or later
Prerequisite products on the execution target server:
None
Running OS on the execution target server:
(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter
(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter
(3) Windows Server 2016 Standard/Datacenter
(4) Windows Server 2019 Standard/Datacenter
Conditions of using the execution target server:
None
Cautions
(1) Do not use a character string containing a double quotation mark (") or a single quotation mark (') in a plug-in property. If you use such a character string, this plug-in will terminate abnormally.
(2) The connected user defined for the agentless connection destination requires access permission for the operation target OS service.
(3) When you specify an OS service name (common.serviceNameproperty), use its full name. You cannot use a partial match or a wild card.
(4) If you execute the plug-in by specifying an empty string to the OS user password (the common.osUserPassword property), the OS user password will be changed to the empty string.
Version
02.00.01
Plug-in tags
Control OS,Windows
Plug-in name displayed in the task log
osChangeServiceAccount
Return code
0: Normal
21: Error (invalid environment) Command cannot be found (error detected in the plugin script)
27: Error (check task logs for the nature of error)
41: Error (error detected in plugin) Missing property (error detected in plugin script)
Property list
The following table lists the properties:
|
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
|---|---|---|---|---|---|
|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
|
common.serviceName |
Service Name |
Name of the OS service for which you want to change the account. |
-- |
Input |
R |
|
common.osUserName |
OS user name |
Specify the name of the OS user to be created. |
-- |
Input |
R |
|
common.osUserPassword |
OS user password |
Specify the password of the OS user to be created. |
-- |
Input |
O |
|
common.osUserPasswordReEnter |
Re-entry of a password for the OS user |
Re-enter the password for the OS user after the change. |
-- |
Input |
O |
|
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |