diff --git a/xCAT-server/lib/perl/xCAT/Template.pm b/xCAT-server/lib/perl/xCAT/Template.pm
index a9d3f8971..b21b7eb78 100644
--- a/xCAT-server/lib/perl/xCAT/Template.pm
+++ b/xCAT-server/lib/perl/xCAT/Template.pm
@@ -34,6 +34,7 @@ my $idir;
my $node;
my %loggedrealms;
my $lastmachinepassdata;
+my $localadminenabled; #indicate whether Windows template has local logins enabled or not
my %tab_replacement=(
"noderes:nfsserver"=>"noderes:xcatmaster",
"noderes:tftpserver"=>"noderes:xcatmaster",
@@ -190,6 +191,8 @@ sub subvars {
$inc =~ s/#WINTIMEZONE#/xCAT::TZUtils::get_wintimezone()/eg;
$inc =~ s/#WINPRODKEY:([^#]+)#/get_win_prodkey($1)/eg;
$inc =~ s/#WINADJOIN#/windows_join_data()/eg;
+ $inc =~ s/#WINACCOUNTDATA#/windows_account_data()/eg;
+ $inc =~ s/#WINDISABLENULLADMIN#/windows_disable_null_admin()/eg;
$inc =~ s/#HOSTNAME#/$node/g;
my $nrtab = xCAT::Table->new("noderes");
@@ -259,6 +262,39 @@ sub subvars {
close($outh);
return 0;
}
+sub windows_disable_null_admin {
+#in the event where windows_account_data has not set an administrator user, we explicitly disable the administrator user
+ unless ($localadminenabled) {
+ return '
+
+ 100
+ cmd /c %systemroot%\system32\net.exe user Administrator /active:no
+
+';
+ }
+ return "";
+}
+sub windows_account_data {
+#this will add domain accounts if configured to be in active directory
+#it will also put in an administrator password for local account, *if* specified
+ my $passtab = xCAT::Table->new('passwd',-create=>0);
+ my $useraccountxml="";
+ $localadminenabled=0;
+ if ($passtab) {
+ my $passent = $passtab->getAttribs({key=>"system",username=>"Administrator"},['password']);
+ if ($passent and $passent->{password}) {
+ $useraccountxml="\n".$passent->{password}."\n<![CDATA[true</PlainText>\n</AdministratorPassword>\n";
+ $useraccountxml.="<!-- Plaintext=false would only protect against the most cursory over the shoulder glance, this implementation opts not to even give the illusion of privacy by only doing plaintext. -->\n";
+ $localadminenabled=1;
+ }
+ }
+
+ unless ($::XCATSITEVALS{directoryprovider} eq "activedirectory" and $::XCATSITEVALS{domain}) {
+ return $useraccountxml;
+ }
+ $useraccountxml.="<DomainAccounts><DomainAccountList>\n<DomainAccount wcm:action=\"add\">\n<Group>Administrators</Group>\n<Name>Domain Admins</Name>\n</DomainAccount>\n<Domain>".$::XCATSITEVALS{domain}."</Domain>\n</DomainAccountList>\n</DomainAccounts>\n";
+ return $useraccountxml;
+}
#this will examine table data, decide *if* a Microsoft-Windows-UnattendedJoin is warranted
#there are two variants in how to proceed:
#-Hide domain administrator from node: xCAT will use MACHINEPASSWORD to do joining to AD. Currently requires SSL be enabled on DC. Samba 4 TODO
diff --git a/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl b/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl
index 08569fe28..9f6a45654 100644
--- a/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl
+++ b/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl
@@ -108,6 +108,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
diff --git a/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl.uefi b/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl.uefi
index 070cc9255..8c7fcbb8b 100644
--- a/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl.uefi
+++ b/xCAT-server/share/xcat/install/windows/datacenter.win2012.x86_64.tmpl.uefi
@@ -120,6 +120,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
diff --git a/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl b/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl
index 52d37ea1d..5503e9688 100644
--- a/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl
+++ b/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl
@@ -107,6 +107,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
diff --git a/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl.uefi b/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl.uefi
index 9928fca3b..c483f6b7e 100644
--- a/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl.uefi
+++ b/xCAT-server/share/xcat/install/windows/hypervisor.hyperv2012.x86_64.tmpl.uefi
@@ -117,6 +117,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
diff --git a/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl b/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl
index f208d2040..b4acfd446 100644
--- a/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl
+++ b/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl
@@ -108,6 +108,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
diff --git a/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl.uefi b/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl.uefi
index d189ecb6f..ba8a33645 100644
--- a/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl.uefi
+++ b/xCAT-server/share/xcat/install/windows/standard.win2012.x86_64.tmpl.uefi
@@ -118,6 +118,9 @@
</FirewallGroups>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <RunSynchronous>
+ #WINDISABLENULLADMIN#
+ </RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>#TABLE:nodelist:$NODE:node#</ComputerName>
]]></plaintext></administratorpassword></span>