Fix mismatch between user and builtinaccount (#387)

nickgw · web-flow · commit 6c3f2fd76723 · 2022-11-23T19:15:44.000+13:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- ScheduledTask
+  - No longer conflates resource parameter `BuiltInAccount` and `*-ScheduledTask` parameter `user` - Fixes [Issue #385](https://github.com/dsccommunity/ComputerManagementDsc/issues/385)
+
 ### Added
 
 - Computer
diff --git a/source/DSCResources/DSC_ScheduledTask/DSC_ScheduledTask.psm1 b/source/DSCResources/DSC_ScheduledTask/DSC_ScheduledTask.psm1
@@ -792,7 +792,7 @@ function Set-TargetResource
                 non-null value to be 'LOCAL SERVICE', 'NETWORK SERVICE' or
                 'SYSTEM'
             #>
-            $username = 'NT AUTHORITY\' + $BuiltInAccount
+            $username = Set-DomainNameInAccountName -AccountName $BuiltInAccount -DomainName 'NT AUTHORITY'
             $registerArguments.Add('User', $username)
             $LogonType = 'ServiceAccount'
         }
@@ -804,7 +804,6 @@ function Set-TargetResource
         elseif ($PSBoundParameters.ContainsKey('ExecuteAsCredential'))
         {
             $username = $ExecuteAsCredential.UserName
-
             # If the LogonType is not specified then set it to password
             if ([System.String]::IsNullOrEmpty($LogonType))
             {
@@ -829,7 +828,7 @@ function Set-TargetResource
                 privileges, should we default to 'NT AUTHORITY\LOCAL SERVICE'
                 instead?
             #>
-            $username = 'NT AUTHORITY\SYSTEM'
+            $username = Set-DomainNameInAccountName -AccountName 'SYSTEM' -DomainName 'NT AUTHORITY'
             $registerArguments.Add('User', $username)
             $LogonType = 'ServiceAccount'
         }
@@ -1423,16 +1422,17 @@ function Test-TargetResource
 
     if ($PSBoundParameters.ContainsKey('BuiltInAccount'))
     {
-        $PSBoundParameters.User = $BuiltInAccount
-        $currentValues.User = $BuiltInAccount
+        $user = Set-DomainNameInAccountName -AccountName 'SYSTEM' -DomainName 'NT AUTHORITY'
+        $PSBoundParameters.User = $user
+        $currentValues.User = $user
 
         $PSBoundParameters.ExecuteAsCredential = $BuiltInAccount
         $currentValues.ExecuteAsCredential = $BuiltInAccount
 
         $PSBoundParameters['LogonType'] = 'ServiceAccount'
         $currentValues['LogonType'] = 'ServiceAccount'
 
-        $PSBoundParameters['BuiltInAccount'] = 'NT AUTHORITY\' + $BuiltInAccount
+        $PSBoundParameters['BuiltInAccount'] = $BuiltInAccount
     }
     elseif ($PSBoundParameters.ContainsKey('ExecuteAsCredential'))
     {
@@ -1464,6 +1464,16 @@ function Test-TargetResource
     }
     else
     {
+        $user = Set-DomainNameInAccountName -AccountName 'SYSTEM' -DomainName 'NT AUTHORITY'
+        $PSBoundParameters.User = $user
+        $currentValues.User = $user
+
+        $PSBoundParameters.ExecuteAsCredential = 'SYSTEM'
+        $currentValues.ExecuteAsCredential = 'SYSTEM'
+
+        $PSBoundParameters.Add('BuiltInAccount', $BuiltInAccount)
+        $currentValues.BuiltInAccount = $BuiltInAccount
+
         # Must be running as System, login type is ServiceAccount
         $PSBoundParameters['LogonType'] = 'ServiceAccount'
         $currentValues['LogonType'] = 'ServiceAccount'
@@ -1915,9 +1925,15 @@ function Get-CurrentResource
             Delay                           = ConvertTo-TimeSpanStringFromScheduledTaskString -TimeSpan $trigger.Delay
         }
 
-        if (($result.ContainsKey('LogonType')) -and ($result['LogonType'] -ieq 'ServiceAccount'))
+        if (
+            (($result.ContainsKey('LogonType')) -and ($result['LogonType'] -ieq 'ServiceAccount')) -or
+            $result.Principal.UserID -in @('SYSTEM', 'LOCAL SERVICE', 'NETWORK SERVICE')
+            )
         {
-            $builtInAccount = Set-DomainNameInAccountName -AccountName $task.Principal.UserId -DomainName 'NT AUTHORITY'
+            $result.User = Set-DomainNameInAccountName `
+                -AccountName $task.Principal.UserId `
+                -DomainName 'NT AUTHORITY'
+            $builtInAccount = $task.Principal.UserId
             $result.Add('BuiltInAccount', $builtInAccount)
         }
     }
diff --git a/tests/Unit/DSC_ScheduledTask.Tests.ps1 b/tests/Unit/DSC_ScheduledTask.Tests.ps1
@@ -1788,6 +1788,15 @@ try
                     }
                 }
 
+                $testParameters.Add('User', 'WrongUser')
+
+                It 'Should Disregard User and Set User to the BuiltInAccount' {
+                    Set-TargetResource @testParameters
+                    Assert-MockCalled -CommandName Register-ScheduledTask -Times 1 -Scope It -ParameterFilter {
+                        $User -ieq ('NT AUTHORITY\' + $testParameters['BuiltInAccount'])
+                    }
+                }
+
                 $testParameters.Add('LogonType', 'Password')
 
                 It 'Should overwrite LogonType to "ServiceAccount"' {
@@ -1799,14 +1808,16 @@ try
 
                 Mock -CommandName Get-ScheduledTask -MockWith {
                     @{
-                        TaskName  = $testParameters.TaskName
-                        TaskPath  = $testParameters.TaskPath
-                        Actions   = @(
+                        Description = '+'
+                        TaskName    = $testParameters.TaskName
+                        TaskPath    = $testParameters.TaskPath
+                        Actions     = @(
                             [pscustomobject] @{
                                 Execute = $testParameters.ActionExecutable
                             }
                         )
-                        Triggers  = @(
+                        ActionArguments = '-File "C:\something\right.ps1"'
+                        Triggers    = @(
                             [pscustomobject] @{
                                 Repetition = @{
                                     Duration = "PT$([System.TimeSpan]::Parse($testParameters.RepetitionDuration).TotalHours)H"
@@ -1817,12 +1828,12 @@ try
                                 }
                             }
                         )
-                        Settings = [pscustomobject] @{
+                        Settings    = [pscustomobject] @{
                             Enabled = $true
                             MultipleInstances = 'IgnoreNew'
                         }
-                        Principal = [pscustomobject] @{
-                            UserId    = 'NT AUTHORITY\' + $testParameters.BuiltInAccount
+                        Principal   = [pscustomobject] @{
+                            UserId    = $testParameters.BuiltInAccount
                             LogonType = 'ServiceAccount'
                         }
                     }

Original file line number	Diff line number	Diff line change
`@@ -1788,6 +1788,15 @@ try`
`1788`	`1788`	`}`
`1789`	`1789`	`}`
`1790`	`1790`
	`1791`	`+ $testParameters.Add('User', 'WrongUser')`
	`1792`	`+`
	`1793`	`+ It 'Should Disregard User and Set User to the BuiltInAccount' {`
	`1794`	`+ Set-TargetResource @testParameters`
	`1795`	`+ Assert-MockCalled -CommandName Register-ScheduledTask -Times 1 -Scope It -ParameterFilter {`
	`1796`	`+ $User -ieq ('NT AUTHORITY\' + $testParameters['BuiltInAccount'])`
	`1797`	`+ }`
	`1798`	`+ }`
	`1799`	`+`
`1791`	`1800`	`$testParameters.Add('LogonType', 'Password')`
`1792`	`1801`
`1793`	`1802`	`It 'Should overwrite LogonType to "ServiceAccount"' {`
`@@ -1799,14 +1808,16 @@ try`
`1799`	`1808`
`1800`	`1809`	`Mock -CommandName Get-ScheduledTask -MockWith {`
`1801`	`1810`	`@{`
`1802`		`- TaskName = $testParameters.TaskName`
`1803`		`- TaskPath = $testParameters.TaskPath`
`1804`		`- Actions = @(`
	`1811`	`+ Description = '+'`
	`1812`	`+ TaskName = $testParameters.TaskName`
	`1813`	`+ TaskPath = $testParameters.TaskPath`
	`1814`	`+ Actions = @(`
`1805`	`1815`	`[pscustomobject] @{`
`1806`	`1816`	`Execute = $testParameters.ActionExecutable`
`1807`	`1817`	`}`
`1808`	`1818`	`)`
`1809`		`- Triggers = @(`
	`1819`	`+ ActionArguments = '-File "C:\something\right.ps1"'`
	`1820`	`+ Triggers = @(`
`1810`	`1821`	`[pscustomobject] @{`
`1811`	`1822`	`Repetition = @{`
`1812`	`1823`	`Duration = "PT$([System.TimeSpan]::Parse($testParameters.RepetitionDuration).TotalHours)H"`
`@@ -1817,12 +1828,12 @@ try`
`1817`	`1828`	`}`
`1818`	`1829`	`}`
`1819`	`1830`	`)`
`1820`		`- Settings = [pscustomobject] @{`
	`1831`	`+ Settings = [pscustomobject] @{`
`1821`	`1832`	`Enabled = $true`
`1822`	`1833`	`MultipleInstances = 'IgnoreNew'`
`1823`	`1834`	`}`
`1824`		`- Principal = [pscustomobject] @{`
`1825`		`- UserId = 'NT AUTHORITY\' + $testParameters.BuiltInAccount`
	`1835`	`+ Principal = [pscustomobject] @{`
	`1836`	`+ UserId = $testParameters.BuiltInAccount`
`1826`	`1837`	`LogonType = 'ServiceAccount'`
`1827`	`1838`	`}`
`1828`	`1839`	`}`