by Sentri at 2012-10-18 08:27:32
Hello All!by DonJ at 2012-10-19 09:52:15
I was curious if someone out there has an example of the ChangeOwner method, found in the win32_userprofile WMI class. I’m prepping for a user migration; currently users authenticate locally, using pgina, and they will inevitably log in with a domain account, that has already been created in AD. The domain account is exactly the same as the current users local account. I was curious if I could use ChangeOwner in win32_UserProfile to take ownership of the users current SID, with his/her new domain SID. Is this possible with this class, and method? How exactly would the syntax look? I’ve tried playing around with it on a test account, but I can’t seem to figure out how it works exactly, and there isn’t much of anything on the web, in regards to that specific method, at least that I could find. Note - these are all Win7 machines that I’m dealing with. Thanks!
It looks like you’re asking “is there a way for UserA to take ownership of UserB’s SID,” and no, you can’t. ChangeOwner requires that you pass it the SID of a user, and it will change ownership of the profile folder to that SID. So it’s transferring ownership of just the profile, but nobody’s SID changes.by Sentri at 2012-10-19 11:11:06
I suspect that doesn’t help you, though - so feel free to maybe rephrase the question ;). I feel like I’m maybe missing part of your point.
http://www.bing.com/search?q=win32_user … &sp=-1&sk=
http://blogs.technet.com/b/askds/archiv … ement.aspx
Holy crap, Don Jones! I’m almost done with your month of lunches book; it’s incredible! I’ve been able to do so much with Powershell, just by reading that ebook of yours; I’d be no where without it! You’re the man!by Sentri at 2012-10-24 13:16:48
So, in an attempt to simplify, and rephrase my question: Is it possible to have a user log in with(in this case) a new, domain account, but load(or point to) that same users old account(in this case, a local account)?
In looking for a way to do this, I’ve been searching through WMI classes to see if there was a method I could use, that may pertain to this, and so when I came across ChangeOwner, I became curious.
It sounds like, from what you’ve described, that ChangeOwner is more of just a permissions type of thing, so a user can have access to their other profile, while logged in under their new one? I’ve actually tried logging in under a test user account(with both profiles, local, and domain), and then logged in as admin to try and change ownership, and permissions, through the GUI. Certain directories did not like what I was trying to do, and did not grant access to certain locations, but the ownership, and permissions seemed to of taken. I then opened up regedit, and changed the profileimagepath of the new user(domain user), to that of the old user(local), and logged back in as the new, domain user. Didn’t work. Is ChangeOwner basically what I just described, except, maybe, it actually works?
I actually was able to implement changeowner, using wmic, and it worked exactly as I figured, and hoped! I was able to supplant the user’s current SID(local), with the desired SID(domain). This replaced the SID with the one I specified, and redirected the profile, upon login, as advertised. My question is, what would the syntax be in Powershell? Could this work? gwmi win32_userprofile -Filter “sid LIKE ‘S-1-5-21-3961231277-1605112653-578865152-1474’” | Invoke-WmiMethod -name changeowner(S-1-5-21-3961231277-1605112653-578865152-1578,0,1). This would obviously be if I were trying to changeowner on the machine I was currently working on. I would just throw ‘computername in there, depending on where I wanted to do this. Does this syntax make sense? In the meantime, I will test this myself as well…by Sentri at 2012-10-24 13:36:14
It seems that it would make more sense to have the “0,1” flags at the end switched to (…, 1, 0); Open to suggestionsby Sentri at 2012-10-25 13:59:05
I actually just figured it out; I stored the things I needed as variables, and then ran the ChangeOwner command on it:
$OriginalUser = gwmi win32_userprofile -ComputerName testboxcpc -Filter “SID = ‘S-1-5-21-2849508690-365014496-115750160-1011’”
$NewUser = get-wmiobject “Win32_UserAccount WHERE Name=‘rcc2122’”
$Profile = gwmi win32_userprofile -ComputerName testboxcpc -filter "SID=’$($OriginalUser.SID)’"
Worked like a charm!