====== official msi-Package opsi-client-agent can be found at ====== https://download.uib.de/4.2/stable/misc/opsi-client-agent.msi ====== msi-Package opsi-client-agent 4.0.2.1 ====== this is my cusomized setup for opsi-client-agent to deploy himself via GPO over AD. Comments are welcome TODO: - complete the the parametering install via msi propertys - added a more detailed description ( at the moment, i have a small docu in source-code this program used MakeMSI(Dennis Bareis) to generate the msi-package Tested with opsi 4.0.2\\ requiredWinstVersion >= 4.10.8.12\\ Files can be downloaded at http://www.libe.net/version/MakeMsi_latest_Version.php By --- //[[thomas.fritzsche@itl-dresden.de|frisoft_DD]] 2012/12/21 15:31// Tree:\\ D:. ├───extended-scripts ├───files │ ├───opsi ├───out │ └───OPSI-CLIENT-ITL.mm │ │ │ └───MSI └───utils for developing you copy all files form opsi-server/opsi_depot/opsi-client-agent to yout develop-path on your windows machine ==== Steps ==== - download and install MakeMSI - copy all the content fron directory opsi-client-agent to your develop directory - copy from the makeMSI - sample directory the files with extention mm and ver - edit the file with extention ver (you must change the guid) for this doing, in the MakeMSI package are an GUID-Generator - edit the file mm with your favorite text - editor - after finish changing all the files click with the right mouse-button on the file mm and select build msi(production) - check on a other machine [[nix|Change the following headlines to the names of your scripts]] ==== setup.ins ==== [Actions] requiredWinstVersion >= "4.10.8.12" Message=opsi-client-agent installation ShowBitmap "%scriptpath%\uninst\opsi.png" "opsi-client-agent" ; Variables: ; Config Variables with prefixes ; GEN = general ; SHI = share information ; OCD = opsiclientd ; OLB = opsiLoginBlocker ; INST = used while installation ; Script variables with prefix INST ;******** installation vars ********** DefVar $INST_AktGina$ DefVar $INST_AllowReboot$ DefVar $INST_Authenticated$ DefVar $INST_BaseDir$ DefVar $INST_Cfgini$ DefVar $INST_ClientExists$ DefVar $INST_ClientId$ DefVar $INST_ComputerName$ DefVar $INST_Debug$ DefVar $INST_DepotServer$ DefVar $INST_DnsDomainName$ DefVar $INST_Error$ DefVar $INST_ExitCode$ DefVar $INST_IPAddress$ DefVar $INST_ImmediateRebootFlag$ DefVar $INST_MAC$ DefVar $INST_MinorOS$ DefVar $INST_NTVersion$ DefVar $INST_Modus$ DefVar $INST_NetBootProductname$ DefVar $INST_NicIndex$ DefVar $INST_NotifierDir$ DefVar $INST_OS$ DefVar $INST_OpensslConfigFile$ DefVar $INST_OpsiClientdCertificateFile$ DefVar $INST_OpsiclientdDir$ DefVar $INST_OpsiclientdConf$ DefVar $INST_OpsiclientdRPCDir$ DefVar $INST_OpsiUtilitiesdDir$ DefVar $INST_ActionProcessorStarterDir$ DefVar $INST_Paramstr$ DefVar $INST_Pcname$ DefVar $INST_RebootFlag$ DefVar $INST_Result$ DefVar $INST_SetAclDir$ DefVar $INST_ServiceName$ DefVar $INST_Service_Password$ DefVar $INST_Service_User$ DefVar $INST_ShortServiceUrl$ DefVar $INST_SubModus$ DefVar $INST_Sysconfini$ DefVar $INST_SystemType$ DefVar $INST_WinstDir$ DefVar $INST_WinstRegKey$ DefVar $INST_gina_to_chain$ ; ****************************************************************************** ; *** changed ****** for implementing SOPHOS Safe Guard Easy ***************** ; *** the changing only needed for OS before Windows Vista ********************* DefVar $INST_sophos$ ; *** changed for ITL to implement the DATEV - Login Blocker ******************* DefVar $INST_DATEV$ ; ****************************************************************************** DefVar $INST_old_reg_gina_installed$ DefVar $INST_preloginvistaInstalled$ DefVar $INST_preloginloaderInstalled$ DefVar $INST_GinaDll$ DefVar $INST_service_hidden_password$ DefVar $INST_DefaultLoglevel$ DefVar $INST_PasswdLogLevel$ DefVar $INST_ConfigServerIP$ DefVar $INST_ConfigServerPort$ DefVar $INST_ProductType$ DefVar $INST_vcredistx86_installed$ DefVar $INST_uac_level$ DefVar $ProductVersion$ DefVar $INST_tmpstr$ DefVar $INST_create_software_on_demand_menue_entry$ DefVar $INST_SearchKey$ DefVar $INST_SearchValue$ DefVar $INST_SearchResult$ DefStringlist $INST_Adapterlist$ DefStringList $INST_ServiceResult$ DefStringList $INST_ResultList$ DefStringList $INST_ResultList2$ DefStringList $INST_ResultList3$ DefStringList $INST_ParamstrList$ ;******** Sektion general ********** DefVar $GEN_bootmode$ ;******** Sektion shareinfo ********** DefVar $SHI_pckey$ ;******** Sektion opsiclientd ********** DefVar $OCD_global.log_level$ DefVar $OCD_config_service.url$ DefVar $OCD_config_service.connection_timeout$ DefVar $OCD_control_server.port$ DefVar $OCD_notification_server.port$ DefVar $OCD_open_firewall_for_control_server$ DefVar $OCD_OpsiVarDir$ ; ************************************************************************************************* ; added to customizing the installation via msi-parameters ; ************************************************************************************************* DefVar $OCD_Domain$ ; ************************************************************************************************* ;******** Sektion opsiLoginBlocker ********** ;DefVar $OLB_ServiceConnectionTimeout$ DefVar $OLB_LogLevel$ DefVar $OLB_LoginBlockerStart$ DefVar $OLB_LoginBlockerTimeoutConnect$ ;DefVar $OLB_LoginBlockerTimeoutInstall$ ;opsiServiceType=0 (default), 1 (prelogin.exe/pcptch.exe), 2 (opsiclientd) DefVar $OLB_opsiServiceType$ ;******** Sektion preloginloader ********** DefVar $PLG_BaseDir$ DefVar $PLG_CfgDir$ DefVar $PLG_DebugOutput$ DefVar $PLG_PcptchExe$ DefVar $PLG_RebootOnBootmodeReins$ DefVar $PLG_RebootOnServicePackChange$ DefVar $PLG_RunWithUser$ DefVar $PLG_RunWithUserDelay$ DefVar $PLG_RunWithUserPassword$ DefVar $PLG_RunWithUserReboot$ DefVar $PLG_RunWithUserTask$ DefVar $PLG_RunWithUserTaskParms$ DefVar $PLG_RunWithUserUsername$ DefVar $PLG_UtilsDir$ DefVar $PLG_WinstRegKey$ DefVar $PLG_RunServiceAs$ DefVar $PLG_RunServiceAsDom$ DefVar $PLG_RunServiceAsUsr$ DefVar $PLG_RunServiceAsPas$ ;******** Sektion shareinfo ********** DefVar $SHI_pckey_file$ DefVar $SHI_user$ DefVar $SHI_smbusername1$ DefVar $SHI_try_secondary_user$ ;******** Sektion pcptch ********** DefVar $PCP_Bitmap1$ DefVar $PCP_Bitmap2$ DefVar $PCP_button_stopnetworking$ DefVar $PCP_copyDefaultUser$ DefVar $PCP_label1$ DefVar $PCP_label2$ DefVar $PCP_loadBitmap$ DefVar $PCP_makeLocalCopyOfIniFile$ DefVar $PCP_makeLocalWinst$ DefVar $PCP_mountdrive$ DefVar $PCP_opsiServiceURL$ DefVar $PCP_patchleveltyp$ DefVar $PCP_pcprotoname$ DefVar $PCP_opsiServerType$ DefVar $PCP_winstLocalDirectory$ DefVar $PCP_SecsUntilConnectionTimeOut$ DefVar $PCP_pingcheck$ ;******** Sektionen Ende ********** ;********************************************************* ; static initial values for variables ;********************************************************* Set $INST_Debug$ = "off" Set $INST_AktGina$ = "" set $INST_service_hidden_password$ ="" Set $INST_AllowReboot$ = "true" Set $INST_BaseDir$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent" Set $INST_OpsiclientdDir$ = $INST_BaseDir$+"\opsiclientd" Set $INST_OpsiUtilitiesdDir$ = $INST_BaseDir$+"\utilities" Set $INST_Cfgini$ = "%ScriptPath%\cfg\config.ini" Set $INST_DepotServer$ = "" Set $INST_IPAddress$ = "" Set $INST_ImmediateRebootFlag$ = "" Set $INST_MAC$ = "" Set $INST_NetBootProductname$ = "" Set $INST_NicIndex$ = "" Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier" Set $INST_OpensslConfigFile$ = "c:\tmp\opsiclientd.cnf" Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"\opsiclientd.pem" Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf" Set $INST_OpsiclientdRPCDir$ = $INST_BaseDir$+"\opsiclientd_rpc" Set $INST_ActionProcessorStarterDir$ = $INST_BaseDir$+"\action_processor_starter" Set $INST_Pcname$ = EnvVar ("COMPUTERNAME") Set $INST_RebootFlag$ = "" Set $INST_Service_Password$ = "pcpatch" Set $INST_Service_User$ = "pcpatch" ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.3.0\SetACL 2.3.0\Command line version\x86" ; The setacl.exe 2.3.0 hangs some times Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86" Set $INST_Sysconfini$ = "%ScriptPath%\cfg\sysconf.ini" Set $INST_SystemType$ = GetSystemType Set $INST_WinstDir$ = $INST_BaseDir$+"\opsi-winst" Set $INST_WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst" set $INST_gina_to_chain$ = "msgina.dll" Set $INST_preloginvistaInstalled$ = 'false' set $INST_preloginloaderInstalled$ = 'false' if $INST_debug$ = "off" set $INST_DefaultLoglevel$ = "7" Set $INST_PasswdLogLevel$="7" else set $INST_DefaultLoglevel$ = "6" comment " set $INST_PasswdLogLevel$ to 2 for production" Set $INST_PasswdLogLevel$="2" endif set $ProductVersion$ = "%installingProdVersion%" set $OCD_OpsiVarDir$ = "c:\opsi.org" set $INST_uac_level$ = "2" set $INST_create_software_on_demand_menue_entry$ = "true" set $INST_sophos$ = "0" set $INST_DATEV$ = "0" SetLogLevel=$INST_DefaultLoglevel$ ;******** Sektion general ********** Set $GEN_bootmode$ = "BKSTD" ;******** Sektion opsiclientd ********** Set $OCD_config_service.url$ = "" set $OCD_config_service.connection_timeout$ = "10" Set $OLB_LoginBlockerStart$ = "1" Set $OLB_LoginBlockerTimeoutConnect$ = "120" ;Set $OLB_LoginBlockerTimeoutInstall$ = "180" Set $OLB_opsiServiceType$ = "2" ;******** Sektion prelogin ********** Set $PLG_UtilsDir$ = $INST_BaseDir$+"\prelogin" ;******** Sektion preloginloader ********** Set $PLG_BaseDir$ = $INST_BaseDir$ Set $PLG_UtilsDir$ = $PLG_BaseDir$+"\prelogin" Set $PLG_CfgDir$ = $PLG_BaseDir$+"\cfg" Set $PLG_DebugOutput$ = "0" Set $PLG_PcptchExe$ = $PLG_UtilsDir$+"\pcptch.exe" Set $PLG_RebootOnBootmodeReins$ = "1" Set $PLG_RebootOnServicePackChange$ = "1" Set $PLG_RunWithUser$ = "0" Set $PLG_RunWithUserDelay$ = "1000" Set $PLG_RunWithUserPassword$ = "" Set $PLG_RunWithUserReboot$ = "0" Set $PLG_RunWithUserTask$ = "" Set $PLG_RunWithUserTaskParms$ = "" Set $PLG_RunWithUserUsername$ = "pcpatch" Set $PLG_WinstRegKey$ = "SOFTWARE\opsi.org\winst" Set $PLG_RunServiceAs$ = "1" Set $PLG_RunServiceAsDom$ = "" Set $PLG_RunServiceAsUsr$ = "" Set $PLG_RunServiceAsPas$ = "" ;******** Sektion shareinfo ********** Set $SHI_pckey$ = "" Set $SHI_pckey_file$ = $PLG_CfgDir$+"\locked.cfg" Set $SHI_user$ = "" Set $SHI_smbusername1$= "" Set $SHI_try_secondary_user$="0" ;******** Sektion pcptch ********** Set $PCP_Bitmap1$ = "" Set $PCP_Bitmap2$ = "" Set $PCP_button_stopnetworking$ = "" Set $PCP_copyDefaultUser$ = "" Set $PCP_label1$ = "" Set $PCP_label2$ = "" Set $PCP_loadBitmap$ = "" Set $PCP_makeLocalCopyOfIniFile$ = "" Set $PCP_makeLocalWinst$ = "" Set $PCP_mountdrive$ = "" Set $PCP_opsiServiceURL$ = "" Set $PCP_patchleveltyp$ = "" Set $PCP_pcprotoname$ = "" Set $PCP_opsiServerType$ = "service" Set $PCP_winstLocalDirectory$ = $INST_WinstDir$ Set $PCP_SecsUntilConnectionTimeOut$ = "180" Set $PCP_pingcheck$ = "" ;******** Sektionen Ende ********** ;********************************************************* ; Let's work ;********************************************************* set $INST_OS$ = GetOS set $INST_MinorOS$ = GetNTVersion set $INST_NTVersion$ = GetMsVersionInfo set $INST_Resultlist$ = getMSVersionMap set $INST_ProductType$ = getValue("product_type_nr",$INST_Resultlist$) set $INST_vcredistx86_installed$ = "false" if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] DisplayVersion") = "9.0.30729.4148" comment "vcredistx86 Version 9.0.30729.4148 is installed" set $INST_vcredistx86_installed$ = "true" endif if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}] DisplayVersion") = "9.0.21022" comment "vcredistx86 Version 9.0.21022 is installed" set $INST_vcredistx86_installed$ = "true" endif if $INST_NTVersion$ <= "4" logError "Installation aborted: wrong OS version: only win2k and above alowed" isFatalError endif if not (HasMinimumSpace ("%systemdrive%", "10 MB")) logError "Not enough space on drive %systemdrive% (we need 10 MB): Aborting" isFatalError endif ;if ($INST_NTVersion$ = "6.1") and ($INST_ProductType$ > "1") and ($INST_SystemType$ = "64 Bit System") and ($INST_vcredistx86_installed$ = "false") ; LogError "we are on 2008r2 and vcredist is not installed - please install vcredist32 manually before installing opsi-client-agent" ; isFatalError ; ;;;DosInAnIcon_open_winsxs ;endif if $INST_vcredistx86_installed$ = "false" comment "vc_redist not found - install it" comment "install via msi" ExecWith_autoit_vc_redist "%SCRIPTPATH%\autoit3.exe" WINST /letThemGo /EscapeStrings Winbatch_vc_redist_msi Sub_check_exitcode killtask "autoit3.exe" endif ;********************************************************* comment "set mode" ;********************************************************* Set $INST_Paramstr$=PARAMSTR set $INST_ParamstrList$ = splitstring($INST_Paramstr$, ":") comment "Modus normally set by commandline argument" Set $INST_MODUS$=takestring(0,$INST_ParamstrList$) Set $INST_SubModus$=takestring(1,$INST_ParamstrList$) Set $INST_tmpstr$ = takestring(2,$INST_ParamstrList$) if lower(trim($INST_tmpstr$)) = "noreboot" Set $INST_AllowReboot$ = "false" else if lower(trim($INST_tmpstr$)) = "reboot" Set $INST_AllowReboot$ = "true" endif endif ;************************************************************************************************** ; at this point, we can add the additional parameters for customizing the installation ; here we patch the domain and the opsi-server-url ; so , in this case we can installed any client in a multi-domain and multi-server-environment ;************************************************************************************************** Set $OCD_config_service.url$ = takestring(3,$INST_ParamstrList$) Set $OCD_Domain$ = takestring(4,$INST_ParamstrList$) ; ************************************************************************************************* comment "old Modes are remaped for backward compatibility" if $INST_MODUS$ = "LOCAL" Set $INST_MODUS$="INSTALL" endif if $INST_MODUS$ = "LOCAL_REINSTALL" Set $INST_MODUS$="INSTALL" endif if $INST_MODUS$ = "SERVICE_INTERACTIVE" Set $INST_MODUS$="INSTALL" Set $INST_SubModus$="CREATE_CLIENT" endif if $INST_MODUS$ = "TFTP" Set $INST_MODUS$="INSTALL" Set $INST_SubModus$="BOOTIMAGE" endif comment "default submode of INSTALL is CONFIG_INI" if $INST_MODUS$ = "INSTALL" if $INST_SubModus$ = "" Set $INST_SubModus$="CONFIG_INI" endif endif comment "map Mode REMOTEDEPLOY" if $INST_MODUS$ = "REMOTEDEPLOY" Set $INST_MODUS$="INSTALL" Set $INST_SubModus$="CONFIG_INI" Set $INST_AllowReboot$ = "false" endif comment "if no commandline argument we default to update" if $INST_MODUS$ = "" Set $INST_MODUS$="UPDATE" endif ;if ($INST_MODUS$ = "UPDATE") ; if GetProductProperty("forceConfigurationUpdate","off") = "on" ; Set $INST_MODUS$="INSTALL" ; endif ;endif if $INST_SubModus$ = "BOOTIMAGE" comment "do not reboot in BOOTIMAGE mode because:" comment " opsi-client-agent installation is part of the postinst.d mechanism" comment " if the machine reboots no script will run after the opsi-client-agent script" Set $INST_AllowReboot$ = "false" else Set $INST_AllowReboot$ = GetProductProperty("allow_reboot", $INST_AllowReboot$) endif sub_read_configuration sub_copy_files sub_write_configuration sub_set_installation_status comment "changing/customizing the UI to ********* CI " ; change ******** to customize the loginblocker - UI ; ********************************************************************************** sub "%ScriptPath%\Update_sub.ins" ; ********************************************************************************** comment "all is done but make a reboot after terminating with the script" sub_clean_up if ($INST_AllowReboot$ = "true") ExitWindows /Reboot endif ;******************************End main action*************************************** ;********************************************************************* ;********************************************************************* [DosInAnIcon_open_winsxs] takeown /r /f c:\windows\winsxs "%SCRIPTPATH%\xcacls" c:\windows\winsxs /t /e /g %USERNAME%:F /y move C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.orig ;*****************************start of main sub sections **************************************** ;***************************read configuration*************************************** [sub_read_configuration] comment "get installed gina" ; *** delete the reading processes from the main file and outsourcing in a sub process ********* sub "%ScriptPath%\Read_Gina.ins" ; ********************************************************************************************** Set $GEN_bootmode$ = GetValueFromInifile($INST_cfgini$, "general", "bootmode", $GEN_bootmode$) comment "Getting dns domain from config file" Set $INST_DnsDomainName$ = GetValueFromInifile($INST_cfgini$, "general", "dnsdomain", $INST_DnsDomainName$) if ($INST_DnsDomainName$ = "") comment "Failed to get dns from config file, trying dns domain from wmic" Set $INST_ResultList$ = getOutStreamFromSection("DosInAnIcon_getDnsByWmic") Set $INST_DnsDomainName$ = TakeString(1,splitString(TakeString(0,$INST_ResultList$),"=")) endif ; dont log the pckey SetLogLevel=$INST_PasswdLogLevel$ Set $SHI_pckey$ = GetValueFromInifile($INST_cfgini$, "shareinfo", "pckey", "") ; start logging again SetLogLevel=$INST_DefaultLoglevel$ Set $OCD_global.log_level$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "global.log_level", $OCD_global.log_level$) Set $OCD_config_service.url$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", $OCD_config_service.url$) Set $OCD_config_service.connection_timeout$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.connection_timeout", $OCD_config_service.connection_timeout$) Set $OCD_control_server.port$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "control_server.port", $OCD_control_server.port$) Set $OCD_notification_server.port$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "notification_server.port", $OCD_notification_server.port$) Set $OCD_open_firewall_for_control_server$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "open_firewall_for_control_server", $OCD_open_firewall_for_control_server$) Set $OLB_LogLevel$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LogLevel", $OLB_LogLevel$) Set $OLB_LoginBlockerStart$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerStart", $OLB_LoginBlockerStart$) Set $OLB_LoginBlockerTimeoutConnect$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutConnect", $OLB_LoginBlockerTimeoutConnect$) ;Set $OLB_ServiceConnectionTimeout$ = $OLB_LoginBlockerTimeoutConnect$ ;Set $OLB_LoginBlockerTimeoutInstall$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutInstall", $OLB_LoginBlockerTimeoutInstall$) ;Set $OLB_opsiServiceType$ GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "opsiServiceType", "") ; change value given by config.ini only if property present if GetProductProperty ("LoginBlockerStart","") = "on" Set $OLB_LoginBlockerStart$ = "1" endif if GetProductProperty ("LoginBlockerStart","") = "off" Set $OLB_LoginBlockerStart$ = "0" endif Set $INST_Service_User$ = GetValueFromInifile($INST_cfgini$, "installation", "service_user", $INST_Service_User$) Set $INST_Service_Password$ = GetValueFromInifile($INST_cfgini$, "installation", "service_password", $INST_Service_Password$) Set $INST_service_hidden_password$ = GetValueFromInifile($INST_cfgini$, "installation", "service_hidden_password", $INST_service_hidden_password$) if not ($INST_service_hidden_password$ = "") SetLogLevel=$INST_PasswdLogLevel$ Set $INST_Service_Password$ = base64DecodeStr($INST_service_hidden_password$) SetLogLevel=$INST_DefaultLoglevel$ endif ; ******* sysconfini wird bei PXE-basierter Grundinstallation vom Bootimage angelegt. if (FileExists ($INST_sysconfini$)) DefVar $DepotUrl$ Set $INST_NetBootProductname$ = GetValueFromInifile($INST_sysconfini$, "general", "productid", $INST_NetBootProductname$) Set $INST_pcname$ = GetValueFromInifile($INST_sysconfini$, "general", "pcname", $INST_pcname$) Set $INST_DnsDomainName$ = GetValueFromInifile($INST_sysconfini$, "general", "dnsdomain", $INST_DnsDomainName$) Set $DepotUrl$ = GetValueFromInifile($INST_sysconfini$, "general", "depoturl", $DepotUrl$) set $INST_DepotServer$ = takeString(2,splitString($DepotUrl$,"/")) endif if $INST_pcname$ = "" set $INST_pcname$ = %pcname% endif Set $INST_pcname$ = lower($INST_pcname$) if not ($INST_DnsDomainName$ = "") Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$ endif if $GEN_bootmode$ = "" Set $GEN_bootmode$ = "BKSTD" endif if $INST_Modus$ = "INSTALL" if $INST_SubModus$ = "BOOTIMAGE" Set $GEN_bootmode$ = "REINS" endif ; BOOTIMAGE if $INST_SubModus$ = "CREATE_CLIENT" sub_sub_create_client endif ; CREATE_CLIENT endif ; INSTALL if (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#")) ; dont log the pckey SetLogLevel=$INST_PasswdLogLevel$ if FileExists ($INST_OpsiclientdConf$) Set $SHI_pckey$ = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "opsi_host_key", $SHI_pckey$) Set $INST_ClientId$ = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "host_id", $INST_ClientId$) Set $INST_pcname$ = TakeString(0,SplitString($INST_ClientId$,".")) else if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf") Set $SHI_pckey$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "opsi_host_key", $SHI_pckey$) Set $INST_ClientId$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "host_id", $INST_ClientId$) Set $INST_pcname$ = TakeString(0,SplitString($INST_ClientId$,".")) else if FileExists ($INST_BaseDir$+"\cfg\locked.cfg") Set $SHI_pckey$ = GetvalueFromInifile($INST_BaseDir$+"\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$) else if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg") Set $SHI_pckey$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$) else SetLogLevel=$INST_DefaultLoglevel$ logError "pckey not found - please reinstall opsi-client-agent" isFatalError endif endif endif endif ; start logging again SetLogLevel=$INST_DefaultLoglevel$ endif set $INST_uac_level$ = GetProductProperty ("UAC_level", $INST_uac_level$) set $INST_create_software_on_demand_menue_entry$ = GetProductProperty ("create_software_on_demand_menue_entry", $INST_create_software_on_demand_menue_entry$) if $INST_MAC$ = "" sub_sub_try_to_get_my_mac endif if ($INST_DepotServer$ = "") sub_sub_get_depot_netbiosname endif sub_sub_read_preloginvista_installation_state sub_sub_read_preloginloader_installation_state ; show what we have comment "$INST_AllowReboot$ -> "+ $INST_AllowReboot$ comment "$INST_BaseDir$ -> "+ $INST_BaseDir$ comment "$INST_Cfgini$ -> "+ $INST_Cfgini$ comment "$INST_ClientExists$ -> "+ $INST_ClientExists$ comment "$INST_ClientId$ -> "+ $INST_ClientId$ comment "$INST_ComputerName$ -> "+ $INST_ComputerName$ comment "$INST_Debug$ -> "+ $INST_Debug$ comment "$INST_DepotServer$ -> "+ $INST_DepotServer$ comment "$INST_DnsDomainName$ -> "+ $INST_DnsDomainName$ comment "$INST_IPAddress$ -> "+ $INST_IPAddress$ comment "$INST_ImmediateRebootFlag$ -> "+ $INST_ImmediateRebootFlag$ comment "$INST_MAC$ -> "+ $INST_MAC$ comment "$INST_MinorOS$ -> "+ $INST_MinorOS$ comment "$INST_Modus$ -> "+ $INST_Modus$ comment "$INST_NetBootProductname$ -> "+ $INST_NetBootProductname$ comment "$INST_NicIndex$ -> "+ $INST_NicIndex$ comment "$INST_NotifierDir$ -> "+ $INST_NotifierDir$ comment "$INST_NTVersion$ -> "+ $INST_NTVersion$ comment "$INST_ProductType$ -> "+ $INST_ProductType$ comment "$INST_OS$ -> "+ $INST_OS$ comment "$INST_OpensslConfigFile$ -> "+ $INST_OpensslConfigFile$ comment "$INST_OpsiClientdCertificateFile$ -> "+$INST_OpsiClientdCertificateFile$ comment "$INST_OpsiclientdDir$ -> "+ $INST_OpsiclientdDir$ comment "$INST_OpsiclientdConf$ -> "+ $INST_OpsiclientdConf$ comment "$INST_OpsiclientdRPCDir$ -> "+ $INST_OpsiclientdRPCDir$ comment "$INST_ActionProcessorStarterDir$ -> "+ $INST_ActionProcessorStarterDir$ comment "$INST_Paramstr$ -> "+ $INST_Paramstr$ comment "$INST_Pcname$ -> "+ $INST_Pcname$ comment "$INST_RebootFlag$ -> "+ $INST_RebootFlag$ comment "$INST_Result$ -> "+ $INST_Result$ comment "$INST_SYSTEMDRIVE$ -> "+ $INST_SYSTEMDRIVE$ comment "$INST_SYSTEMROOT$ -> "+ $INST_SYSTEMROOT$ comment "$INST_SYSTEMSYS$ -> "+ $INST_SYSTEMSYS$ comment "$INST_ServiceName$ -> "+ $INST_ServiceName$ comment "$INST_Service_User$ -> "+ $INST_Service_User$ comment "$INST_service_hidden_password$ -> "+ $INST_service_hidden_password$ if not ($INST_service_hidden_password$ = "") SetLogLevel=$INST_PasswdLogLevel$ comment "$INST_Service_Password$ -> "+ $INST_Service_Password$ SetLogLevel=$INST_DefaultLoglevel$ endif comment "$INST_ShortServiceUrl$ -> "+ $INST_ShortServiceUrl$ comment "$INST_SubModus$ -> "+ $INST_SubModus$ comment "$INST_Sysconfini$ -> "+ $INST_Sysconfini$ comment "$INST_SystemType$ -> "+ $INST_SystemType$ comment "$INST_WinstDir$ -> "+ $INST_WinstDir$ comment "$INST_WinstRegKey$ -> "+ $INST_WinstRegKey$ comment "$INST_AktGina$ -> "+ $INST_AktGina$ comment "$INST_gina_to_chain$ -> "+ $INST_gina_to_chain$ comment "$INST_preloginvistaInstalled$ -> "+ $INST_preloginvistaInstalled$ comment "$INST_preloginloaderInstalled$ -> "+ $INST_preloginloaderInstalled$ comment "$INST_vcredistx86_installed$ -> "+ $INST_vcredistx86_installed$ comment "$INST_uac_level$ -> "+ $INST_uac_level$ comment "$INST_create_software_on_demand_menue_entry$ -> "+ $INST_create_software_on_demand_menue_entry$ ;******** Sektion general ********** comment "$GEN_bootmode$ -> "+ $GEN_bootmode$ ;******** Sektion shareinfo ********** if ($INST_debug$ = "on") comment "$SHI_pckey$ -> "+$SHI_pckey$ endif ;******** Sektion opsiclientd ********** comment "$OCD_global.log_level$ -> "+ $OCD_global.log_level$ comment "$OCD_config_service.url$ -> "+ $OCD_config_service.url$ comment "$OCD_config_service.connection_timeout$ -> "+ $OCD_config_service.connection_timeout$ comment "$OCD_control_server.port$ -> "+ $OCD_control_server.port$ comment "$OCD_open_firewall_for_control_server$ -> "+ $OCD_open_firewall_for_control_server$ comment "$OCD_notification_server.port$ -> "+ $OCD_notification_server.port$ ;******** Sektion opsiLoginBlocker ********** ;comment "$OLB_ServiceConnectionTimeout$ -> "+ $OLB_ServiceConnectionTimeout$ comment "$OLB_LogLevel$ -> "+ $OLB_LogLevel$ comment "$OLB_LoginBlockerStart$ -> "+ $OLB_LoginBlockerStart$ comment "$OLB_LoginBlockerTimeoutConnect$ -> "+ $OLB_LoginBlockerTimeoutConnect$ ;comment "$OLB_LoginBlockerTimeoutInstall$ -> "+ $OLB_LoginBlockerTimeoutInstall$ comment "$OLB_opsiServiceType$ -> "+ $OLB_opsiServiceType$ ;******** Sektion prelogin ********** comment "$PLG_UtilsDir$ -> "+ $PLG_UtilsDir$ ;********************************************************************* [sub_sub_create_client] if ($OCD_config_service.url$ = "") set $OCD_config_service.url$ = "https://:4447" endif comment "Connect to service....." markErrorNumber opsiservicecall_authenticated if errorsOccuredSinceMark > 0 set $INST_error$ = "true" comment "was not authenticated -> retry scripted login by default user/password" else Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin') endif if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true") comment "was not authenticated as admin-> retry scripted login by default user/password" markErrorNumber set $INST_error$ = "false" SetLogLevel=$INST_PasswdLogLevel$ opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$ SetLogLevel=$INST_DefaultLoglevel$ if errorsOccuredSinceMark > 0 set $INST_error$ = "true" comment "scripted login by default user/password failed -> retry interactive" else markErrorNumber Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin') if errorsOccuredSinceMark > 0 set $INST_error$ = "true" comment "check for user is admin failed failed -> retry interactive" endif endif if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true") set $INST_error$ = "false" ;markErrorNumber SetLogLevel=$INST_PasswdLogLevel$ opsiservicecall_authenticated /interactive /serviceurl $OCD_config_service.url$ SetLogLevel=$INST_DefaultLoglevel$ ; we don't check for errors because /interactive loops at wrong logins ; and increment errors ;if errorsOccuredSinceMark > 0 ; set $INST_error$ = "true" ; comment "interactive login by default user/password failed -> retry interactive" ;else ; Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin') ;endif markErrorNumber Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin') if errorsOccuredSinceMark > 0 set $INST_error$ = "true" comment "check for user is admin failed failed -> abort" endif if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true") logerror "No admin login" pause "Error: No admin login - exiting" isFatalError endif else ;comment "logged in as admin" endif endif comment "logged in as admin" comment "get MAC and IP for Service connection" sub_sub_try_to_get_my_mac if ($INST_DnsDomainName$ = "") comment "*** Get domain ***" Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDomain') Set $INST_DnsDomainName$ = takestring(0, $INST_ServiceResult$) endif comment "*** does the client exist? ***" Set $INST_pcname$ = lower($INST_pcname$) Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$ if ("" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getClientIds_list'), $INST_ClientId$)) comment "*** Create client ***" Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient') endif ; *** Get active service url *** Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkconfig_hash') set $OCD_config_service.url$ = takestring(1, splitString(takeFirstStringContaining($INST_ServiceResult$,"nextBootServiceURL"), '=')) if $OCD_config_service.url$ = "" Set $OCD_config_service.url$ = GetvalueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", "") endif ; *** Get hostkey1 *** SetLogLevel=$INST_PasswdLogLevel$ markErrorNumber Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey') Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$) SetLogLevel=$INST_DefaultLoglevel$ if errorsOccuredSinceMark > 0 ; *** Get hostkey1 *** SetLogLevel=$INST_PasswdLogLevel$ Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient') markErrorNumber Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey') if errorsOccuredSinceMark > 0 LogError "Could not get hostkey - aborting" Pause "Could not get hostkey - aborting" isFatalError else Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$) SetLogLevel=$INST_DefaultLoglevel$ endif endif ;********************** end read configuration ****************************** ;***************************copy files*************************************** [sub_copy_files] DosInAnIcon_Stop_Preloginloader_Service Registry_DeletePreloginloader if ($INST_Modus$ = "INSTALL") comment "clean all up" if FileExists($INST_BaseDir$+"\") comment "Stopping and removing existing services...." DosInAnIcon_Stop_opsiclientd_Service DosInAnIcon_unregister_opsiclientd_service Registry_DeleteOpsiclientd comment "Deleting old files...." Files_Delete_OCA_BaseDir endif endif ; INSTALL markErrorNumber Files_copy_winst Files_copy_uninst if errorsOccuredSinceMark > 0 comment "copy failed - let us abort" logerror "Copy of files are failed -exiting" pause "Error: Copy of files are failed - Try again after reboot - aborting" isFatalError endif if ($INST_SystemType$ = "64 Bit System") and ($INST_NTVersion$ < "6") comment "we need vc_redist X64 at xp64 and 2003x64 to run the loginblocker" Winbatch_vc_redist_exe_64 ;Sub_check_exitcode comment "Test for installation success via exit code" set $INST_ExitCode$ = getLastExitCode if not (($INST_ExitCode$ = "0") or ($INST_ExitCode$ = "1603")) comment "installation seems to be failed - lets try with msi" Winbatch_vc_redist_msi_64 ;Sub_check_exitcode endif endif comment "installing opsiclientd py2exe files and required libraries" Files_copy_py2exe comment "install openssl ...." Files_copy_shining_light_OpenSSL_exe ;http://innounp.sourceforge.net/ DosInAnIcon_shining_light_OpenSSL_unpack Files_copy_shining_light_OpenSSL_files Registry_shining_light_OpenSSL if (FileExists($INST_BaseDir$+"\utils") or FileExists($INST_BaseDir$+"\prelogin")) comment "removing detected old prelogin files..." DosInAnIcon_Stop_Preloginloader_Service Registry_DeletePreloginloader Files_del_utils Files_del_prelogin endif comment "copying loginblocker" if $INST_NTVersion$ >= "6.0" if ($INST_SystemType$ = "64 Bit System") Files_copy_vista_loginblocker_64 /Sysnative else Files_copy_vista_loginblocker_32 Files_del_cmd64 endif endif if $INST_NTVersion$ < "6.0" if ($INST_SystemType$ = "64 Bit System") Files_copy_xp_loginblocker_64 else if $INST_NTVersion$ = "5.0" Files_copy_xp_loginblocker_win2k ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.2.0\SetACL 2.2.0\Command line version\x86" Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86" else Files_copy_xp_loginblocker_32 endif Files_del_cmd64 endif endif ;**************************** end copy files ***************************************** ;***************************write configuration*************************************** [sub_write_configuration] if $INST_Modus$ = "INSTALL" Registry_SetGeneralEntries if ($INST_debug$ = "on") Files_save_config_for_debug endif ;if $INST_MinorOS$ = "WinXP" if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2") if $INST_AktGina$ = "" Registry_SetRemoveMsginaOnDeinst endif endif ; winxp endif ; INSTALL ;********************************************************* comment "configurations we do also at update mode" ;********************************************************* comment "uninstall registry entries" Registry_SetUninstallEntries comment "standard registry entries" Registry_SetGeneralEntries comment "add registry key for shutdown requests" Registry_add_shutdown_key comment "make all depotshares trusted for the 32 Bit opsi-client-agent" comment "get all depot servers :" if $INST_SubModus$ = "BOOTIMAGE" Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$') else Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares') endif comment " take the string :" set $INST_Result$ = takeString(0, $INST_ServiceResult$) comment " remove trailing brackets and quote :" set $INST_Result$ = takeString(0, splitstring($INST_Result$,'"]')) comment " remove heading brackets and quote :" set $INST_Result$ = takeString(1, splitstring($INST_Result$,'["')) comment " split servers in to list :" set $INST_ResultList$ = splitstring($INST_Result$,'","') comment "write all depots to the registry :" for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted /Sysnative comment "get netbiosnames from depots :" comment "first clear the resultlist:" set $INST_ResultList2$ = getsubList(0:0,$INST_ResultList2$) ; this is a dirty hack. It is used until we can ask host_getObjects with filter ; so we assume, that the first part of the fqdn is identical with the netbiosname for %depotId% in $INST_ResultList$ do set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%","."))) for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted /Sysnative comment "tell server my mac address" if not ($INST_MAC$ = "") opsiservicecall_setMacAddress endif comment "Open c:\tmp worldwide writable" Files_create_ctmp DosInAnIcon_open_ctmp comment "create c:\opsi.org" Files_create_c_opsiorg comment "lock c:\opsi.org -> for administrators only" DosInAnIcon_lock_c_opsiorg Patches_opsiclientd_conf_rest $INST_OpsiclientdConf$ if not (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#")) comment "dont log the pckey" SetLogLevel=$INST_PasswdLogLevel$ Patches_opsiclientd_conf_key $INST_OpsiclientdConf$ comment "start logging again" SetLogLevel=$INST_DefaultLoglevel$ endif Patches_opsiclientd_cnf $INST_opensslConfigFile$ DosInAnIcon_generate_opsiclientdCertificate DosInAnIcon_opsiclientd_register_service_exe comment "set start to auto (2) if it was deactivated (4)" Registry_ActivateOpsiclientd if ($INST_NTVersion$ = "5.0") else if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2") else if ($INST_NTVersion$ >= "6.0") comment "setting UAC Level to: "+$INST_uac_level$ if $INST_uac_level$ = "1" Registry_UAC_on_1 /Sysnative else if $INST_uac_level$ = "2" Registry_UAC_on_2 /Sysnative else if $INST_uac_level$ = "3" Registry_UAC_on_3 /Sysnative else if $INST_uac_level$ = "4" Registry_UAC_on_4 /Sysnative else LogWarning("no or unknown $INST_uac_level$ set: "+$INST_uac_level$) endif endif endif endif ;Registry_UAC_on_special /Sysnative ;Registry_UAC_off /Sysnative else LogError "unknown OS: "+$INST_MinorOS$+ " Version: "+$INST_NTVersion$ endif endif endif if $OCD_open_firewall_for_control_server$ = "1" if ($INST_NTVersion$ >= "6.0") DosInAnIcon_open_firewall_for_control_server_nt6 else DosInAnIcon_open_firewall_for_control_server endif else if ($INST_NTVersion$ >= "6.0") DosInAnIcon_close_firewall_for_control_server_nt6 else DosInAnIcon_close_firewall_for_control_server endif endif ;;; comment "enable login logging - needed to detect logins by wmi" ;;; comment "export the existing policy" ;;; ;DosInAnIcon_export_security_policy ;;; comment "patch the exported policy: login monitoring: success,failed" ;;; ;Patches_secedit_pll "c:\tmp\secedit_pll.ini" ;;; comment "reimport the patched policy" ;;; ;DosInAnIcon_enable_login_looging ;;; DosInAnIcon_auditpol_enable_login_looging comment "disable Data Execution Prevention (DEP) for opsiclientd.exe" comment "This should be prevent problems on win2003" DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy Registry_disable_dep_opsiclientd /Sysnative comment "make opsiclientd depending ond dhcp and dnscache services" Registry_opsiclientd_Service_depend_dhcp_dns if ($INST_NTVersion$ >= "6.0") if $OLB_LoginBlockerStart$ = "1" Registry_vista_loginblocker /Sysnative else Registry_vista_del_loginblocker /Sysnative endif endif ; win vista ;if ($INST_MinorOS$ = "WinXP") or ($INST_MinorOS$ = "Win2k") if ($INST_NTVersion$ < "6.0") if $OLB_LoginBlockerStart$ = "1" Registry_opsigina_opsi_Config /Sysnative Registry_set_loginblocker_start /Sysnative else Registry_set_loginblocker_start /Sysnative endif ; loginblocker start if ($INST_SystemType$ = "64 Bit System") winbatch_test_opsigina_64 else winbatch_test_opsigina_32 endif set $INST_ExitCode$ = getLastExitCode if $INST_ExitCode$ = "0" comment "opsigina test passed - install it" ; *** changed to implement the SOPHOS SafeGuard Engine and DATEV (for ITL) ************** sub "%ScriptPath%\write_Gina.ins" ; *************************************************************************************** else LogError "opsigina test failed, so we don't install it. Test Exitcode was: " + $INST_ExitCode$ endif endif ; winXP comment "protect opsi-clientagent against non administrative manipulations" DosInAnIcon_lock_opsiclientagent ;comment "do the lock on every installation" ;DosInAnIcon_lock_opsiclientd_conf if $INST_create_software_on_demand_menue_entry$ = "true" opsiservicecall_setOption_addConfigStateDefaults_true Set $INST_ResultList$ = getReturnListFromSection('opsiservicecall_get_configState_software-on-demand.active') if (TakeString(0,SplitString(TakeString(1,SplitString(TakeString(0,$INST_ResultList$), '"values":[')), ']')) = "true") LinkFolder_install_softwareOnDemand endif else LinkFolder_uninstall_softwareOnDemand endif ;*****************************end write configuration**************************************** ;*****************************clean up**************************************** [sub_clean_up] if fileExists("c:\tmp\opsi") Files_Delete_ctmpopsi endif if fileExists("c:\tmp\opsi-client-agent") Files_Delete_ctmpopsi-client-agent endif if fileExists("c:\tmp\python") Files_Delete_ctmppython endif Files_del_utils if FileExists("%ProgramFilesDir%\opsi.org\preloginloader\") Files_Delete_PLG_BaseDir endif if fileExists("c:\tmp\ssl_tmp") Files_Delete_ctmpssl endif Files_redist_cleanup ;*********************** [Files_Delete_ctmpopsi] delete -s -f "c:\tmp\opsi\" [Files_Delete_ctmpssl] delete -s -f "C:\tmp\ssl_tmp\" [Files_Delete_ctmppython] delete -s -f "c:\tmp\python\" [Files_Delete_ctmpopsi-client-agent] delete -s -f "c:\tmp\opsi-client-agent\" [Files_del_utils] delete -s -f "$INST_BaseDir$\utils\" [Files_del_prelogin] delete -s -f "$INST_BaseDir$\prelogin\" [Files_redist_cleanup] delete c:\eula*.* delete c:\install*.* delete c:\vc_red.* delete c:\vcredist.bmp delete c:\.rnd delete c:\globdata.ini delete d:\eula*.* delete d:\install*.* delete d:\vc_red.* delete d:\vcredist.bmp delete d:\.rnd delete d:\globdata.ini ;*****************************end clean up**************************************** ;**************************** end of main sub sections***************************************** ;********************************************************************* ;********************************************************************* ;*************************** basic sections****************************************** [Files_copy_winst] ; do not use -V because it leads to broken winst on downgrade copy -sc "%SCRIPTPATH%\opsi-winst\*.*" "$INST_WinstDir$" copy -sVc "%SCRIPTPATH%\utilities\*.*" "$INST_BaseDir$\utilities\" [Files_copy_uninst] copy -sVc "%SCRIPTPATH%\uninst\*.*" "$INST_BaseDir$\uninst\" [Files_Delete_OCA_BaseDir] delete -sf "$INST_BaseDir$\" [Files_Delete_PLG_BaseDir] delete -sf "%ProgramFilesDir%\opsi.org\preloginloader\" [Registry_SetGeneralEntries] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\general] Set "opsiconf"=REG_DWORD:1 Set "configlocal"=REG_DWORD:0 Set "bootmode" = "$GEN_bootmode$" [Registry_SetUninstallEntries] deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-preloginloader] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-client-agent] set "DisplayName" = "opsi-client-agent" set "DisplayVersion" = "$ProductVersion$" set "DisplayIcon" = "$INST_WinstDir$\winst32.exe" set "DisplayPublisher" = "uib gmbh, Mainz, Germany" set "UninstallString" = '"$INST_WinstDir$\winst32.exe" /batch "$INST_BaseDir$\uninst\uninstall.ins" "c:\tmp\deinstall_opsi-client-agent.log" /PARAMETER DEINSTALL' set "URLInfoAbout" = "http://opsi.org" set "HelpLink" = "http://www.opsi.org/support/" [DosInAnIcon_lock_opsiclientagent] rem see http://setacl.sourceforge.net/ rem set rights for the base dir rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y" rem remove users from dacl "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem remove power users from dacl "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl" rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. rem set the complete dir full access for admin and (read and execute) only for user "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem revoke users access for configuration file (opsi-hostkey) rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem revoke users access for uninst rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem revoke users access for utilities rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem grant user execute to the winst directory rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj rem therefore remove users from dacl "$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem therefore set new rights "$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read_ex;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem show the resulting acl "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b" "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b" "$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b" ;*************************** end basic sections****************************************** ;***************************vista sections****************************************** ; Registry and UAC ;http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2526.htm ;http://www.winfaq.de/faq_html/Content/tip2000/onlinefaq.php?h=tip2217.htm ;http://msdn.microsoft.com/en-us/library/cc232761%28v=prot.10%29.aspx ;http://www.rawcomputing.co.uk/vistatips36.html ;http://www.win-tipps-tweaks.de/cms/vista-tipps/vista-sicherheit/benutzerkontensteuerung-deaktivieren-teil-2.html [Registry_UAC_off] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000000 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000000 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_UAC_on_special] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000001 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000001 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_UAC_on_1] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000002 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000001 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000001 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_UAC_on_2] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000001 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000001 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_UAC_on_3] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000001 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000000 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_UAC_on_4] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000 Set "EnableInstallerDetection" = REG_DWORD:00000001 Set "EnableLUA" = REG_DWORD:00000000 Set "EnableVirtualization" = REG_DWORD:00000001 Set "PromptOnSecureDesktop" = REG_DWORD:00000000 Set "FilterAdministratorToken" = REG_DWORD:00000000 [Registry_hklm_set_depotshare_trusted] openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%depotId%] set "file"=reg_dword:0x00000001 openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] set "AutoDetect"=reg_dword:0x00000000 set "IntranetName"=reg_dword:0x00000001 set "ProxyByPass"=reg_dword:0x00000001 set "UNCAsIntranet"=reg_dword:0x00000001 ;***************************end vista sections****************************************** ; ******************** login blockers sections***************************************** ; ******************** credential provider login blockers sections******************** [Files_copy_vista_loginblocker_32] copy -Vc "%SCRIPTPATH%\opsiloginblocker\32bit\*.dll" "%SYSTEM%" [Files_copy_vista_loginblocker_64] copy -Vc "%SCRIPTPATH%\opsiloginblocker\64bit\*.dll" "%SYSTEM%" [Registry_vista_loginblocker] ;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] ;set ""="OpsiLoginBlocker" openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] set ""="OpsiLoginBlocker" openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32] set ""="OpsiLoginBlocker.dll" set "ThreadingModel"="Apartment" openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] set ""="OpsiLoginBlocker" set "LoginBlockerTimeoutConnect"=reg_dword:$OLB_LoginBlockerTimeoutConnect$ set "StartOpsiCredentialProvider"=reg_dword:0x00000000 set "LoginBlockerLogLevel"=reg_dword:$OLB_LogLevel$ [Registry_vista_del_loginblocker] deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] ; ******************** end credential provider login blockers sections******************** ;************************ opsigina loginblocker sections ********************** [Files_copy_xp_loginblocker_32] copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\" [Files_copy_xp_loginblocker_win2k] ;copy -Vc "%SCRIPTPATH%\opsigina\win2k\opsigina.dll" "$INST_BaseDir$\opsigina\" copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\" [Files_copy_xp_loginblocker_64] copy -Vc "%SCRIPTPATH%\opsigina\64bit\opsigina.dll" "$INST_BaseDir$\opsigina\" [Registry_SetRemoveMsginaOnDeinst] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] Set "RemoveMsginaOnDeinst"=REG_DWORD:1 OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] Set "RemoveMsginaOnDeinst"=REG_DWORD:1 [Registry_opsigina_opsi_Config] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] Set "NextGina" = "$INST_gina_to_chain$" set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$ Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$ Set "opsiServiceType" = REG_DWORD:$OLB_opsiServiceType$ OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] Set "NextGina" = "$INST_gina_to_chain$" set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$ Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$ Set "opsiServiceType" = REG_DWORD:$OLB_opsiServiceType$ ; ************************************************************************************************* ; *** outsourcing the chapter Registry_opsigina_winlogon_Config to separate file write_gina.ins *** ; ************************************************************************************************* [Registry_set_loginblocker_start] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$ OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$ [winbatch_test_opsigina_64] "%SCRIPTPATH%\opsigina\test\64bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll" [winbatch_test_opsigina_32] "%SCRIPTPATH%\opsigina\test\32bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll" ; ******************** end opsigina loginblocker sections ***************************************** ; ******************** end loginblockers sections ***************************************** ; ******************** opsiclientd sections ***************************************** [Patches_opsiclientd_conf_key] Set [global] opsi_host_key=$SHI_pckey$ Set [global] host_id=$INST_ClientId$ [Patches_opsiclientd_conf_rest] Set [config_service] url=$OCD_config_service.url$/rpc Set [config_service] connection_timeout=$OCD_config_service.connection_timeout$ Set [control_server] port=$OCD_control_server.port$ Set [notification_server] port=$OCD_notification_server.port$ Set [global] log_level=$OCD_global.log_level$ [DosInAnIcon_lock_opsiclientd_conf] rem this should work not only on german systems rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y" rem remove users from dacl "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem remove power users from dacl "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl" rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem show the resulting acl "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b" [Patches_opsiclientd_cnf] Add [req] default_bits = 1024 Add [req] encrypt_key = yes Add [req] distinguished_name = req_dn Add [req] x509_extensions = cert_type Add [req] prompt = no Add [req_dn] C = DE Add [req_dn] ST = RP Add [req_dn] L = Mainz Add [req_dn] O = UIB Add [req_dn] OU = - Set [req_dn] CN = $INST_ClientId$ Add [req_dn] emailAddress = info@uib.de Add [cert_type] nsCertType = server [DosInAnIcon_generate_opsiclientdCertificate] "%ProgramFilesDir%\OpenSSL\bin\openssl" req -new -x509 -days 1000 -nodes -config "$INST_opensslConfigFile$" -out "$INST_opsiclientdCertificateFile$" -keyout "$INST_opsiclientdCertificateFile$" [DosInAnIcon_Stop_opsiclientd_Service] net stop opsiclientd [DosInAnIcon_unregister_opsiclientd_service] "$INST_OpsiclientdDir$\opsiclientd.py" remove "$INST_BaseDir$\opsiclientd.exe" -remove [DosInAnIcon_open_firewall_for_control_server] netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port [DosInAnIcon_close_firewall_for_control_server] netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$ [DosInAnIcon_open_firewall_for_control_server_nt6] rem netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port netsh advfirewall firewall add rule name="opsiclientd-control-port" dir=in action=allow protocol=TCP localport=$OCD_control_server.port$ [DosInAnIcon_close_firewall_for_control_server_nt6] rem netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$ netsh advfirewall firewall delete rule name="opsiclientd-control-port" name protocol=TCP localport=$OCD_control_server.port$ [Registry_DeleteOpsiclientd] DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] [Registry_DeactivateOpsiclientd] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "Start" = REG_DWORD:4 OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opsiclientd] Set "Start" = REG_DWORD:4 OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\opsiclientd] Set "Start" = REG_DWORD:4 [Registry_ActivateOpsiclientd] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "Start" = REG_DWORD:2 set "ImagePath" = '"$INST_BaseDir$\opsiclientd.exe"' [DosInAnIcon_opsiclientd_register_service_exe] "$INST_BaseDir$\opsiclientd.exe" -auto -install [Registry_opsiclientd_Service_depend_win2k] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt" [Registry_opsiclientd_Service_depend_winxp] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|Nla" [Registry_opsiclientd_Service_depend_winvista] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|NlaSvc" [Registry_opsiclientd_Service_depend_dhcp_dns] OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] Set "DependOnService" = REG_MULTI_SZ:"Dhcp|Dnscache" [Registry_opsiclientd_Service_set_timeout] ; default timeout is 30000 millis increase to 60000 millis OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] Set "ServicesPipeTimeout" = REG_DWORD:60000 [DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy] @echo off wmic os get DataExecutionPrevention_SupportPolicy [Registry_disable_dep_opsiclientd] OpenKey [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] set "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd.exe" = "DisableNXShowUI" ; ******************** end opsiclientd sections ***************************************** ; ******************** Install helpers sections ***************************************** [Files_del_cmd64] delete -f "%SYSTEMROOT%\cmd64.exe" [Files_save_config_for_debug] copy "%ScriptPath%\cfg\*.*" "c:\tmp\cfg" [sub_set_installation_status] if $INST_SubModus$ = "BOOTIMAGE" opsiservicecall_setNetbootInstallationStatus /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$ endif opsiservicecall_setOpsiclientagentInstallationStatus if $INST_preloginvistaInstalled$ = 'true' opsiservicecall_setPreloginvistaInstallationStatus_off endif if $INST_preloginloaderInstalled$ = 'true' opsiservicecall_setpreloginloaderInstallationStatus_off endif [sub_sub_read_preloginloader_installation_state] if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginloader") set $INST_preloginloaderInstalled$ = 'false' else set $INST_preloginloaderInstalled$ = 'true' endif [sub_sub_read_preloginvista_installation_state] if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginvista") set $INST_preloginvistaInstalled$ = 'false' else set $INST_preloginvistaInstalled$ = 'true' endif [Registry_add_shutdown_key] openKey [$INST_WinstRegKey$] add "ShutdownRequested" = REG_DWORD:0 [Files_create_ctmp] CheckTargetPath = "c:\tmp" [DosInAnIcon_open_ctmp] rem C:\utils\xcacls c:\tmp /T /C /G ADMINISTRATOREN:F "ERSTELLER-BESITZER":F JEDER:R HAUPTBENUTZER:F SYSTEM:F /Y rem show setacl-version rem "$INST_SetAclDir$\setacl.exe" -help rem this should work not only on german systems rem open c:\tmp for everyone "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn setprot -op "dacl:np;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-1-0;s:y" -actn ace -ace "n:S-1-1-0;p:full;s:y" rem "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem show the resulting acl "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn list -lst "s:b" [Files_create_c_opsiorg] CheckTargetPath = "$OCD_OpsiVarDir$" [DosInAnIcon_lock_c_opsiorg] rem this should work not only on german systems rem make the dacl not inherited "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" rem "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y" rem remove users from dacl "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl" rem remove power users from dacl "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl" rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl" rem show the resulting acl "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b" [sub_get_depot_netbiosnames] set %depotId% set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%","."))) [Sub_check_exitcode] comment "Test for installation success via exit code" set $INST_ExitCode$ = getLastExitCode ; informations to exit codes see ; http://msdn.microsoft.com/en-us/library/aa372835(VS.85).aspx ; http://msdn.microsoft.com/en-us/library/aa368542.aspx if ($INST_ExitCode$ = "0") comment "Looks good: setup program gives exitcode zero" else comment "Setup program gives a exitcode unequal zero: " + $INST_ExitCode$ if ($INST_ExitCode$ = "1603") comment "File is in use - seems not to be a problem (at vc_redist installation)" else if ($INST_ExitCode$ = "1605") comment "ERROR_UNKNOWN_PRODUCT 1605 This action is only valid for products that are currently installed." comment "Uninstall of a not installed product failed - no problem" else if ($INST_ExitCode$ = "1641") comment "looks good: setup program gives exitcode 1641" comment "ERROR_SUCCESS_REBOOT_INITIATED 1641 The installer has initiated a restart. This message is indicative of a success." else if ($INST_ExitCode$ = "3010") comment "looks good: setup program gives exitcode 3010" comment "ERROR_SUCCESS_REBOOT_REQUIRED 3010 A restart is required to complete the install. This message is indicative of a success." else logError "Fatal: Setup program gives an unknown exitcode unequal zero: " + $INST_ExitCode$ ;isFatalError endif endif endif endif endif ; ******************** End Install helpers sections ***************************************** ; ******************** create client sections ***************************************** [sub_sub_try_to_get_my_mac] Set $INST_ShortServiceUrl$ = takestring(1, splitString($OCD_config_service.url$,"//")) set $INST_ConfigServerIP$ = takestring(0, splitString($INST_ShortServiceUrl$,":")) set $INST_ConfigServerPort$ = takestring(1, splitString($INST_ShortServiceUrl$,":")) comment "we need a IP-Numer at sub_getServiceConnection for analyzing the netstat output" Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIPbyName') set $INST_ExitCode$ = getLastExitCode if "Error" = takestring(0, splitStringOnWhitespace(takestring(0,$INST_ServiceResult$))) LogWarning "MAC Address could not detected because config server could not resolved" else set $INST_ConfigServerIP$ = takestring(0,$INST_ServiceResult$) set $INST_ShortServiceUrl$ = $INST_ConfigServerIP$+":"+$INST_ConfigServerPort$ comment "let us try to guess the ip number by getbestinterface windows api ..." Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIpByTarget') set $INST_IPAddress$ = takestring(0, $INST_ServiceResult$) set $INST_IPAddress$ = takestring(1, splitString($INST_IPAddress$,"found:")) if $INST_IPAddress$ = "" LogWarning "failed to get own IP number - giving up to get mac" else set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_WMI_running') if ("" = takeFirstStringContaining($INST_ServiceResult$,"RUNNING")) and (GetMsVersionInfo >= "5.1") LogWarning "WMI service not running - giving up to get mac" else comment "WMI is running or we are at win2k and we only hope that it is running" Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe') set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$)))) if $INST_MAC$ = "" LogWarning "no MAC found" endif endif endif endif ;comment "Do we have a connection to the server ?" ;markErrorNumber ;opsiservicecall_authenticated ;if errorsOccuredSinceMark > 0 ; comment "No - we have no connection to the server." ; comment "Let us try to connect the server ...." ; SetLogLevel=$INST_PasswdLogLevel$ ; markErrorNumber ; opsiservicecall_authenticated /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$ ; SetLogLevel=$INST_DefaultLoglevel$ ; if errorsOccuredSinceMark > 0 ; LogWarning "We have still no connection to the server. This may affect the detection of the MAC." ; endif ;else ; comment "Yes - we have a connection to the server." ; opsiservicecall_getNetworkConfig_hash ;endif ;comment "Now calling netstat ...." ;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getServiceConnection') ;set $INST_IPAddress$ = takestring(2, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$, $INST_ShortServiceUrl$))) ;set $INST_IPAddress$ = takestring(0, splitString($INST_IPAddress$,":")) ;if $INST_IPAddress$ = "" ; LogWarning "failed to get own IP number by netstat - using winst information (may be wrong at multiple network interfaces)" ; set $INST_IPAddress$ = "%IPAddress%" ;endif ;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe') ;set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$)))) ;if $INST_MAC$ = "" ; LogWarning "no MAC found" ;endif ;endif [DosInAnIcon_getServiceConnection] @echo off netstat -n [DosInAnIcon_getMac_by_exe] @echo off "%ScriptPath%\ip2mac\ip2mac.exe" [DosInAnIcon_getDnsByWmic] @echo off wmic path win32_NetworkAdapterConfiguration get DnsDomain /value | findstr "=." [DosInAnIcon_getIPbyName] @echo off "%ScriptPath%\gethostbyname\get_host_by_name.exe" $INST_ConfigServerIP$ [DosInAnIcon_getIpByTarget] @echo off "%ScriptPath%\getIpByTarget\getipbytarget.exe" --target=$INST_ConfigServerIP$ [DosInAnIcon_WMI_running] @echo off sc query Winmgmt [sub_sub_get_depot_netbiosname] set $INST_Authenticated$ = "false" markErrorNumber opsiservicecall_authenticated if errorsOccuredSinceMark > 0 comment "was not authenticated -> retry scripted login by default user/password" markErrorNumber SetLogLevel=$INST_PasswdLogLevel$ opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$ SetLogLevel=$INST_DefaultLoglevel$ if errorsOccuredSinceMark > 0 comment "scripted login by default user/password failed -> we don't retry interactive" comment "giving up" else comment "now authenticated " set $INST_Authenticated$ = "true" endif else comment "was authenticated " set $INST_Authenticated$ = "true" endif if $INST_Authenticated$ = "true" Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkConfig_hash') set $INST_DepotServer$ = takeString(2,splitString(takeFirstStringContaining($INST_ServiceResult$, "depotUrl="),"/")) endif ; ******************** End create client sections ***************************************** ;***********************py2exe and open ssl sections ************************************************ [Files_copy_py2exe] copy -sVc "%SCRIPTPATH%\dist\*.*" "$INST_BaseDir$\" [Winbatch_shining_light_OpenSSL] "%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" /SILENT /NOCANCEL /SUPPRESSMSGBOXES /NORESTART /SP- /LOG="c:\tmp\shining_light_OpenSSL.log" /DIR="%ProgramFilesDir%\OpenSSL" [Files_copy_shining_light_OpenSSL_exe] copy "%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" "C:\tmp\ssl_tmp" copy "%ScriptPath%\deps\innounp.exe" "C:\tmp\ssl_tmp" [DosInAnIcon_shining_light_OpenSSL_unpack] rem ;http://innounp.sourceforge.net/ c: cd "C:\tmp\ssl_tmp" mkdir tmp innounp.exe -x -m -b -dtmp Win32OpenSSL_Light-1_0_0i.exe [Files_copy_shining_light_OpenSSL_files] copy -sV "C:\tmp\ssl_tmp\tmp\{app}\*.*" "%Programfilesdir%\openssl" ;copy -V "C:\tmp\ssl_tmp\tmp\{app}\*.dll" "%system%" delete -sf "C:\tmp\ssl_tmp\tmp\" [Registry_shining_light_OpenSSL] openkey [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] set "OPENSSL_CONF"="%Programfilesdir%\openssl\bin\openssl.cfg" [Winbatch_vc_redist_exe] ;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*v "c:\tmp\vcredist.log" ALLUSERS=2" "%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*c:\tmp\vcredist_exe.log ALLUSERS=2" ;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"VCREDI~1.EXE /q:a /c:""msiexec /i vcredist.msi /qb!"" " ;"%ScriptPath%\deps\vcredist_x86.exe" /Q [Winbatch_vc_redist_exe_64] "%ScriptPath%\vcredistx64\vcredist_x64.exe" /Q [Winbatch_vc_redist_msi_64] msiexec /i "%ScriptPath%\vcredistx64\VC_RED.MSI" /qb-! /l*v "c:\tmp\vcredist_x64_msi.log" ALLUSERS=2 [Winbatch_vc_redist_msi] ;msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l*vx "c:\tmp\vcredist.log" ALLUSERS=2 DISABLEROLLBACK=1 VSEXTUI=1 msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l* "c:\tmp\vcredist_msi.log" ALLUSERS=2 [ExecWith_autoit_vc_redist] WinWait("Microsoft Visual C++", "Opsi Dialog") Send("{TAB}") Send("{TAB}") Send("{ENTER}") exit [LinkFolder_install_softwareOnDemand] set_basefolder common_programs set_subfolder opsi.org set_link name: software on demand target: https://localhost:4441/swondemand parameters: working_dir: icon_file: icon_index: end_link [LinkFolder_uninstall_softwareOnDemand] set_basefolder common_programs delete_subfolder opsi.org ;***************************** end py2exe and open ssl sections ****************************************** ;*************************** prelogin sections ******************************************** [Registry_DeletePreloginloader] DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PreLoginLoader] [DosInAnIcon_Stop_Preloginloader_Service] net stop preloginloader ;**************************** end prelogin sections ******************************************* ;******** Service sections ********** [opsiservicecall_authenticated] "method": "authenticated" "params": [ ] [opsiservicecall_getDomain] "method": "getDomain" "params": [ ] [opsiservicecall_getHost_hash] "method": "getHost_hash" "params": [ "$INST_ClientId$" ] [opsiservicecall_getClientIds_list] "method": "getClientIds_list" "params": [ ] [opsiservicecall_createClient] "method": "createClient" "params": [ "$INST_pcname$", "$INST_DnsDomainName$", "", "", "$INST_IPAddress$", "$INST_MAC$" ] [opsiservicecall_getServerId] "method": "getServerId" "params": [ "$INST_ClientId$" ] [opsiservicecall_getOpsiHostKey] "method": "getOpsiHostKey" "params": [ "$INST_ClientId$" ] [opsiservicecall_setNetbootInstallationStatus] "method": "setProductInstallationStatus" "params": [ "$INST_NetBootProductname$", "$INST_ClientId$", "installed" ] [opsiservicecall_setPreloginloaderInstallationStatus_off] "method": "setProductInstallationStatus" "params": [ "preloginloader", "$INST_ClientId$", "not_installed" ] [opsiservicecall_setPreloginvistaInstallationStatus_off] "method": "setProductInstallationStatus" "params": [ "preloginvista", "$INST_ClientId$", "not_installed" ] [opsiservicecall_setOpsiclientagentInstallationStatus] "method": "setProductInstallationStatus" "params": [ "opsi-client-agent", "$INST_ClientId$", "installed" ] [opsiservicecall_getNetworkConfig_hash] "method": "getNetworkConfig_hash" "params": [ "$INST_ClientId$" ] [opsiservicecall_userIsAdmin] "method": "userIsAdmin" "params": [ ] [opsiservicecall_setMacAddress] "method": "setMacAddress" "params": [ "$INST_ClientId$", "$INST_MAC$" ] [opsiservicecall_getInstalledLocalBootProductIds_list] "method": "getInstalledLocalBootProductIds_list" "params": [ "$INST_ClientId$" ] [opsiservicecall_getDepotshares] "method": "host_getIdents" "params": [ '[]', '{"type":"OpsiDepotserver"}', ] [opsiservicecall_getDepot_properties] "method": "host_getObjects" "params": [ '[]', '{"type":"OpsiDepotserver"}', ] [opsiservicecall_setOption_addConfigStateDefaults_true] "method": "backend_setOptions" "params": [ '{"addConfigStateDefaults":true}' ] [opsiservicecall_get_configState_software-on-demand.active] "method": "configState_getObjects" "params": [ '', '{"configId":"software-on-demand.active","objectId":"$INST_ClientId$"}', ] ;************************************************** ;************************************************** ==== read_gina.ins ==== this file is for implementing a gina chain for sophos and DATEV on XP-Machines (not needed for OS Vista and younger) set $INST_AktGina$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] GinaDLL") comment "get nextgina to chain" set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina") if $INST_gina_to_chain$ = "" comment "no nextGina entry at opsi-client-agent - let us look at the old preloginloader key" set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] NextGina") endif if $INST_gina_to_chain$ = "" comment "no new opsigina installed - let us look for opsi pgina installation" set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] pathMSGina") endif if $INST_gina_to_chain$ = "" comment "no new opsi pgina installed - let us look for legacy opsi installation" set $INST_old_reg_gina_installed$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina\Opsi] Installed") if $INST_old_reg_gina_installed$ = "1" set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina] pathMSGina") endif endif if ($INST_gina_to_chain$ = "") and ("64 Bit System" = GetSystemType) comment "perhaps opsi-client-agent previously installed into wrong registry tree with 32-bit settings" set $INST_gina_to_chain$ = GetRegistryStringValue32("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina") endif if $INST_NTVersion$ < "6.0" if ($INST_AktGina$ = "") comment "opsigina seems not be installed and we are on a fresh XP" set $INST_gina_to_chain$ = "msgina.dll" else if ($INST_gina_to_chain$ = "") ; *************************** Implementing the SOPHOS Safe GUARD Easy Engine ********************************************* if ($INST_AktGina$ = "sggina.dll") set $INST_sophos$ = "1" set $INST_gina_to_chain$ = "msgina.dll" else ; **************************************************************************************** ; *** implementation fpr DATEV client ( for ITL) ***************************************** if ($INST_AktGina$ = "C:\WINDOWS\system32\dvinesasdgina.dll") set $INST_DATEV$ = "1" set $INST_gina_to_chain$ = "msgina.dll" else ; **************************************************************************************** ; *** the original block ; **************************************************************************************** comment "opsigina seems not be installed and there is active gina" set $INST_gina_to_chain$ = $INST_AktGina$ ; **************************************************************************************** endif endif ; ************************************************************************************************************************ else comment "opsigina seems be installed and so don't change the gina to chain" endif endif endif ; winxp / win2k ==== write_gina.ins ==== if ($INST_sophos$ = "1") Registry_opsigina_winlogon_SOPHOS /Sysnative else if ($INST_DATEV = "1") Registry_opsigina_winlogon_DATEV /Sysnative else Registry_opsigina_winlogon_Config /Sysnative ; ********************************************************************************* ; *** the original block ********************************************************** ; ********************************************************************************* endif endif [Registry_opsigina_winlogon_Config] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Set "GinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll" set "DisableCAD" = REG_DWORD:0 [Registry_opsigina_winlogon_DATEV] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] set "ASDOrgGinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll" [Registry_opsigina_winlogon_SOPHOS] OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication] set "GinaDLLRepair" = REG_DWORD:0 set "KnownGina" = REG_DWORD:1 set "OriginalGina" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll" ==== update_sub.ins ==== this file is for customizing the UI from opsi-client-agent. DefVar $SrcPath$ DefVar $block_login$ DefVar $winst_skin_color$ DefVar $action_color$ DefVar $NotifierUpdatePath$ DefVar $WinstSkinUpdatePath$ DefVar $informList$ ; ---------------------------------------------------------------- ; - Please edit the following values - ; ---------------------------------------------------------------- ;$ProductId$ should be the name of the product in opsi ; therefore please: only lower letters, no umlauts, ; no white space use '-' as a seperator Set $INST_BaseDir$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent" Set $INST_OpsiclientdDir$ = $INST_BaseDir$+"\opsiclientd" Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf" Set $INST_WinstDir$ = $INST_BaseDir$+"\opsi-winst" Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier" Set $NotifierUpdatePath$ = "\dist\notifier_update" Set $WinstSkinUpdatePath$ = "\opsi-winst\winstskin_update" ;------------------------------------------------------------------ set $winst_skin_color$ = "$0000cdbd" set $action_color$ = "189,205,000" set $informList$ = "345" Files_copy_images Patches_action_ini $INST_NotifierDir$+"\action.ini" Patches_event_ini $INST_NotifierDir$+"\event.ini" Patches_popup_ini $INST_NotifierDir$+"\popup.ini" Patches_shutdown_ini $INST_NotifierDir$+"\shutdown.ini" Patches_userlogin_ini $INST_NotifierDir$+"\userlogin.ini" Patches_winst_skin $INST_WinstDir$+"\winstskin\skin.ini" ExitWindows /reboot [Files_copy_images] copy "%SCRIPTPATH%$NotifierUpdatePath$\*.*" "$INST_NotifierDir$" copy "%SCRIPTPATH%$WinstSkinUpdatePath$\*.*" "$INST_WinstDir$\winstskin" [Patches_action_ini] Set [LabelStatus] FontColor = $action_color$ set [LabelMessage] FontColor = $action_color$ set [ButtonStop] Top = 150 set [ButtonStart] Top = 150 [Patches_event_ini] set [LabelTitle] FontColor = $action_color$ set [LabelTitle] Text = "********* IT Deployment" set [LabelOpsiclientdInfo] FontColor = $action_color$ set [LabelActionProcessorInfo] FontColor = $action_color$ set [LabelStatus] FontColor = $action_color$ set [LabelDetail] FontColor = $action_color$ set [LabelConfigServiceUrl] FontColor = $action_color$ set [LabelClientId] FontColor = $action_color$ set [LabelConfigServiceUrl] Top = $informList$ set [LabelClientId] Top = $informList$ set [ButtonStop] Color = $action_color$ [Patches_popup_ini] Set [LabelTitle] FontColor = $action_color$ set [LabelMessage] FontColor = $action_color$ set [ButtonExit] Color = $action_color$ [Patches_shutdown_ini] Set [LabelStatus] FontColor = $action_color$ set [LabelMessage] FontColor = $action_color$ set [ButtonStop] Top = 150 set [ButtonStart] Top = 150 [Patches_userlogin_ini] Set [LabelStatus] FontColor = $action_color$ set [LabelMessage] FontColor = $action_color$ [Patches_winst_skin] set [Form] Color = "$00FFFFFF" set [LabelVersion] FontColor = $winst_skin_color$ set [LabelProduct] FontColor = $winst_skin_color$ set [LabelInfo] FontColor = $winst_skin_color$ set [LabelDetail] FontColor = $winst_skin_color$ set [LabelCommand] FontColor = $winst_skin_color$ set [LabelProgress] FontColor = $winst_skin_color$ set [ProgressBar] BarColor = $winst_skin_color$ set [ProgressBar] StartColor = $winst_skin_color$ set [ProgressBar] FinalColor = $winst_skin_color$ set [ProgressBar] ShapeColor = $winst_skin_color$ ==== OPSI-CLIENT-ITL.mm ==== the central control file for MakeMSI ;---------------------------------------------------------------------------- ;--- Global Definitions ----- ;---------------------------------------------------------------------------- #define VALID_MSIVAL2_DIR C:\Programme\MsiVal2 ;;Used before loading MSI header ;--- Include MAKEMSI support (with my customisations and MSI branding) ------ #define VER_FILENAME.VER version-opsi_prod-ITL.Ver ;;I only want one VER file for all samples! (this line not actually required in "tryme.mm") #include "D:\extract\opsi-client\ME.MMH" ;;;; Disabling Dialog?? ;--- Prevent "UISAMPLE" trying to manipulate the dialog deleted below ------- #define UISAMPLE_DISABLE_TYPICAL_SETUP N #define REMOVED_LicenseAgreementDlg N #define "ME.MMH" ;--- Remove the dialog ------------------------------------------------------ <$DialogRemove "SetupTypeDlg"> ;; do not ask for Typical Custom complete <$DialogRemove "LicenseAgreementDlg"> ;;ignore lizenz.rtf File ;---------------------------------------------------------------------------- ;--- Want to debug (not common) --------------------------------------------- ;#debug on ;#Option DebugLevel=^NONE, +OpSys^ ;--- Define default location where file should install and add files -------- ;Installdir: <$DirectoryTree Key="tmpdir" Dir="c:\tmp" MAKE="Y" > <$Property "SERVICEURL" Value="https:// <$Property "DOMAIN" Value="" > ;---------------------------------------------------------------------------- ;--- what should the installation do? ----- ;---------------------------------------------------------------------------- ;Example for Filecopy: <$Files "files\*.*" SubDir="TREE" DestDir="[tmpdir]" > ;---------------------------------------------------------------------------- ;--- Add a registry entry (let it create a component - GUID not fixed!) ----- ;---------------------------------------------------------------------------- <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='ConsentPromptBehaviorAdmin' Value="00000000" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableInstallerDetection' Value="00000001" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableLUA' Value="00000000" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableSecureUIAPaths' Value="00000000" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableVirtualization' Value="00000001" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='PromptOnSecureDesktop' Value="00000000" Type='DWORD'> <$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='FilterAdministratorToken' Value="00000000" Type='DWORD'> ;---------------------------------------------------------------------------- ;--- start a batch script ----- ;---------------------------------------------------------------------------- #( ;--- Run after install, ignore return code and don't wait for completion --- <$ExeCa EXE='[SystemFolder]copy.exe' Args=^"%comspec%" "%systemroot%\cmd64.exe"^ WorkDir="[tmpdir]" SEQ="InstallFinalize-" Type="immediate ASync AnyRc" Condition="<$CONDITION_INSTALL_ONLY>" > #) ;#( ; ;--- Run after install, ignore return code and wait for completion --- ; <$ExeCa ; EXE=^[tmpdir]\opsi\Write_par.cmd^ Args=^[SERVICEURL] [DOMAIN] Test^ ; WorkDir="[tmpdir]" ; SEQ="InstallFinalize-" Type="immediate ASync AnyRc" ; Condition="<$CONDITION_INSTALL_ONLY>" ; > ; #) #( ;--- Run after install, ignore return code and wait for completion --- ;--- for unversal msi package you must use the follow PARAMETER string INSTALL:CREATE_CLIENT:REBOOT:SERVICEURL:DOMAIN <$ExeCa EXE=^[tmpdir]\opsi\opsi-winst\winst32.exe^ Args=^/batch [tmpdir]\opsi\setup.ins [tmpdir]\opsi-client-agent.log /PARAMETER INSTALL:CREATE_CLIENT:REBOOT^ WorkDir="[tmpdir]" SEQ="InstallFinalize-" Type="immediate Sync AnyRc" Condition="<$CONDITION_INSTALL_ONLY>" > #) ==== version-opsi_prod-ITL.ver ==== before you use this file, you must change Guid.UpgradeCode and MsiName ;---------------------------------------------------------------------------- ; ; MODULE NAME: unattendend Installation opsi-client proorg.local ; ; $Author: USER "Thomas" $ ; $Revision: 2.0 $ ; $Date: 05 DEC 2012 11:35:32 $ ; ; DESCRIPTION: deploy the opsi-client-agent ITL via msi-package. ; ;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ; ProductName = Installation opsi-Client ITL domain productive ; DESCRIPTION = opsi Installation ITL ; Licence = lizenz.rtf ; Installed = WINDOWS_ALL ; Guid.UpgradeCode = {EXXXXXXX-FXXC-XXXD-XXBC-XXXAXFXBXECE} ; MsiName = ;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ;############################################################################ VERSION : 2.0.0 DATE : 05 Dec 2012 CHANGES : First production release ITL