Re: sshd problem on WS2008R2 64bit

On Wed, Mar 06, 2019 at 02:24:59PM -0700, Bill Stewart wrote:
> For my part, I'm writing a PowerShell script that does the following:
> 1) Create a local user account
> 2) Grant it SeBatchLogonRight
> 3) Create a scheduled task for it

Powershell is probably more elegant if you're familiar with it, but I
found this bash sequence that does the trick:

PW=`dd if=/dev/random bs=15 count=1 | base 64`
net user s4udummy /add
net user s4udummy $PW
wmic USERACCOUNT WHERE NAME=\'s4udummy\' SET PasswordExpires=FALSE

/usr/bin/editrights -u s4udummy -a SeBatchLogonRight
schtasks /create /tn wake-s4u /sc ONSTART /ru s4udummy /rp $PW \
         /tr '"$SYSTEMROOT"\\System32\\cmd.exe /c exit'
sc config cron depend= Schedule

I added the last statement, to make cron dependent on the Task Scheduler,
because my crontabs use '@reboot' and I am worried about cron trying
to spawn an important job before the Task Scheduler has a chance to
fix seteuid().

The dependency isn't logically sufficient as wake-s4u job needs some
time to finish.  But its working so far.  I can configure cron to start
with a delay should Task Scheduler ever lose the race.

Thanks everyone for quick attention to this problem and the workaround!


