====== official msi-Package opsi-client-agent can be found at ======
https://download.uib.de/4.2/stable/misc/opsi-client-agent.msi
====== msi-Package opsi-client-agent 4.0.2.1 ======
this is my cusomized setup for opsi-client-agent to deploy himself via GPO over AD. Comments are welcome
TODO:
- complete the the parametering install via msi propertys
- added a more detailed description ( at the moment, i have a small docu in source-code
this program used MakeMSI(Dennis Bareis) to generate the msi-package
Tested with opsi 4.0.2\\
requiredWinstVersion >= 4.10.8.12\\
Files can be downloaded at http://www.libe.net/version/MakeMsi_latest_Version.php
By --- //[[thomas.fritzsche@itl-dresden.de|frisoft_DD]] 2012/12/21 15:31//
Tree:\\
D:.
├───extended-scripts
├───files
│ ├───opsi
├───out
│ └───OPSI-CLIENT-ITL.mm
│ │
│ └───MSI
└───utils
for developing you copy all files form opsi-server/opsi_depot/opsi-client-agent to yout develop-path on your windows machine
==== Steps ====
- download and install MakeMSI
- copy all the content fron directory opsi-client-agent to your develop directory
- copy from the makeMSI - sample directory the files with extention mm and ver
- edit the file with extention ver (you must change the guid) for this doing, in the MakeMSI package are an GUID-Generator
- edit the file mm with your favorite text - editor
- after finish changing all the files click with the right mouse-button on the file mm and select build msi(production)
- check on a other machine
[[nix|Change the following headlines to the names of your scripts]]
==== setup.ins ====
[Actions]
requiredWinstVersion >= "4.10.8.12"
Message=opsi-client-agent installation
ShowBitmap "%scriptpath%\uninst\opsi.png" "opsi-client-agent"
; Variables:
; Config Variables with prefixes
; GEN = general
; SHI = share information
; OCD = opsiclientd
; OLB = opsiLoginBlocker
; INST = used while installation
; Script variables with prefix INST
;******** installation vars **********
DefVar $INST_AktGina$
DefVar $INST_AllowReboot$
DefVar $INST_Authenticated$
DefVar $INST_BaseDir$
DefVar $INST_Cfgini$
DefVar $INST_ClientExists$
DefVar $INST_ClientId$
DefVar $INST_ComputerName$
DefVar $INST_Debug$
DefVar $INST_DepotServer$
DefVar $INST_DnsDomainName$
DefVar $INST_Error$
DefVar $INST_ExitCode$
DefVar $INST_IPAddress$
DefVar $INST_ImmediateRebootFlag$
DefVar $INST_MAC$
DefVar $INST_MinorOS$
DefVar $INST_NTVersion$
DefVar $INST_Modus$
DefVar $INST_NetBootProductname$
DefVar $INST_NicIndex$
DefVar $INST_NotifierDir$
DefVar $INST_OS$
DefVar $INST_OpensslConfigFile$
DefVar $INST_OpsiClientdCertificateFile$
DefVar $INST_OpsiclientdDir$
DefVar $INST_OpsiclientdConf$
DefVar $INST_OpsiclientdRPCDir$
DefVar $INST_OpsiUtilitiesdDir$
DefVar $INST_ActionProcessorStarterDir$
DefVar $INST_Paramstr$
DefVar $INST_Pcname$
DefVar $INST_RebootFlag$
DefVar $INST_Result$
DefVar $INST_SetAclDir$
DefVar $INST_ServiceName$
DefVar $INST_Service_Password$
DefVar $INST_Service_User$
DefVar $INST_ShortServiceUrl$
DefVar $INST_SubModus$
DefVar $INST_Sysconfini$
DefVar $INST_SystemType$
DefVar $INST_WinstDir$
DefVar $INST_WinstRegKey$
DefVar $INST_gina_to_chain$
; ******************************************************************************
; *** changed ****** for implementing SOPHOS Safe Guard Easy *****************
; *** the changing only needed for OS before Windows Vista *********************
DefVar $INST_sophos$
; *** changed for ITL to implement the DATEV - Login Blocker *******************
DefVar $INST_DATEV$
; ******************************************************************************
DefVar $INST_old_reg_gina_installed$
DefVar $INST_preloginvistaInstalled$
DefVar $INST_preloginloaderInstalled$
DefVar $INST_GinaDll$
DefVar $INST_service_hidden_password$
DefVar $INST_DefaultLoglevel$
DefVar $INST_PasswdLogLevel$
DefVar $INST_ConfigServerIP$
DefVar $INST_ConfigServerPort$
DefVar $INST_ProductType$
DefVar $INST_vcredistx86_installed$
DefVar $INST_uac_level$
DefVar $ProductVersion$
DefVar $INST_tmpstr$
DefVar $INST_create_software_on_demand_menue_entry$
DefVar $INST_SearchKey$
DefVar $INST_SearchValue$
DefVar $INST_SearchResult$
DefStringlist $INST_Adapterlist$
DefStringList $INST_ServiceResult$
DefStringList $INST_ResultList$
DefStringList $INST_ResultList2$
DefStringList $INST_ResultList3$
DefStringList $INST_ParamstrList$
;******** Sektion general **********
DefVar $GEN_bootmode$
;******** Sektion shareinfo **********
DefVar $SHI_pckey$
;******** Sektion opsiclientd **********
DefVar $OCD_global.log_level$
DefVar $OCD_config_service.url$
DefVar $OCD_config_service.connection_timeout$
DefVar $OCD_control_server.port$
DefVar $OCD_notification_server.port$
DefVar $OCD_open_firewall_for_control_server$
DefVar $OCD_OpsiVarDir$
; *************************************************************************************************
; added to customizing the installation via msi-parameters
; *************************************************************************************************
DefVar $OCD_Domain$
; *************************************************************************************************
;******** Sektion opsiLoginBlocker **********
;DefVar $OLB_ServiceConnectionTimeout$
DefVar $OLB_LogLevel$
DefVar $OLB_LoginBlockerStart$
DefVar $OLB_LoginBlockerTimeoutConnect$
;DefVar $OLB_LoginBlockerTimeoutInstall$
;opsiServiceType=0 (default), 1 (prelogin.exe/pcptch.exe), 2 (opsiclientd)
DefVar $OLB_opsiServiceType$
;******** Sektion preloginloader **********
DefVar $PLG_BaseDir$
DefVar $PLG_CfgDir$
DefVar $PLG_DebugOutput$
DefVar $PLG_PcptchExe$
DefVar $PLG_RebootOnBootmodeReins$
DefVar $PLG_RebootOnServicePackChange$
DefVar $PLG_RunWithUser$
DefVar $PLG_RunWithUserDelay$
DefVar $PLG_RunWithUserPassword$
DefVar $PLG_RunWithUserReboot$
DefVar $PLG_RunWithUserTask$
DefVar $PLG_RunWithUserTaskParms$
DefVar $PLG_RunWithUserUsername$
DefVar $PLG_UtilsDir$
DefVar $PLG_WinstRegKey$
DefVar $PLG_RunServiceAs$
DefVar $PLG_RunServiceAsDom$
DefVar $PLG_RunServiceAsUsr$
DefVar $PLG_RunServiceAsPas$
;******** Sektion shareinfo **********
DefVar $SHI_pckey_file$
DefVar $SHI_user$
DefVar $SHI_smbusername1$
DefVar $SHI_try_secondary_user$
;******** Sektion pcptch **********
DefVar $PCP_Bitmap1$
DefVar $PCP_Bitmap2$
DefVar $PCP_button_stopnetworking$
DefVar $PCP_copyDefaultUser$
DefVar $PCP_label1$
DefVar $PCP_label2$
DefVar $PCP_loadBitmap$
DefVar $PCP_makeLocalCopyOfIniFile$
DefVar $PCP_makeLocalWinst$
DefVar $PCP_mountdrive$
DefVar $PCP_opsiServiceURL$
DefVar $PCP_patchleveltyp$
DefVar $PCP_pcprotoname$
DefVar $PCP_opsiServerType$
DefVar $PCP_winstLocalDirectory$
DefVar $PCP_SecsUntilConnectionTimeOut$
DefVar $PCP_pingcheck$
;******** Sektionen Ende **********
;*********************************************************
; static initial values for variables
;*********************************************************
Set $INST_Debug$ = "off"
Set $INST_AktGina$ = ""
set $INST_service_hidden_password$ =""
Set $INST_AllowReboot$ = "true"
Set $INST_BaseDir$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent"
Set $INST_OpsiclientdDir$ = $INST_BaseDir$+"\opsiclientd"
Set $INST_OpsiUtilitiesdDir$ = $INST_BaseDir$+"\utilities"
Set $INST_Cfgini$ = "%ScriptPath%\cfg\config.ini"
Set $INST_DepotServer$ = ""
Set $INST_IPAddress$ = ""
Set $INST_ImmediateRebootFlag$ = ""
Set $INST_MAC$ = ""
Set $INST_NetBootProductname$ = ""
Set $INST_NicIndex$ = ""
Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier"
Set $INST_OpensslConfigFile$ = "c:\tmp\opsiclientd.cnf"
Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"\opsiclientd.pem"
Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf"
Set $INST_OpsiclientdRPCDir$ = $INST_BaseDir$+"\opsiclientd_rpc"
Set $INST_ActionProcessorStarterDir$ = $INST_BaseDir$+"\action_processor_starter"
Set $INST_Pcname$ = EnvVar ("COMPUTERNAME")
Set $INST_RebootFlag$ = ""
Set $INST_Service_Password$ = "pcpatch"
Set $INST_Service_User$ = "pcpatch"
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.3.0\SetACL 2.3.0\Command line version\x86"
; The setacl.exe 2.3.0 hangs some times
Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
Set $INST_Sysconfini$ = "%ScriptPath%\cfg\sysconf.ini"
Set $INST_SystemType$ = GetSystemType
Set $INST_WinstDir$ = $INST_BaseDir$+"\opsi-winst"
Set $INST_WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst"
set $INST_gina_to_chain$ = "msgina.dll"
Set $INST_preloginvistaInstalled$ = 'false'
set $INST_preloginloaderInstalled$ = 'false'
if $INST_debug$ = "off"
set $INST_DefaultLoglevel$ = "7"
Set $INST_PasswdLogLevel$="7"
else
set $INST_DefaultLoglevel$ = "6"
comment " set $INST_PasswdLogLevel$ to 2 for production"
Set $INST_PasswdLogLevel$="2"
endif
set $ProductVersion$ = "%installingProdVersion%"
set $OCD_OpsiVarDir$ = "c:\opsi.org"
set $INST_uac_level$ = "2"
set $INST_create_software_on_demand_menue_entry$ = "true"
set $INST_sophos$ = "0"
set $INST_DATEV$ = "0"
SetLogLevel=$INST_DefaultLoglevel$
;******** Sektion general **********
Set $GEN_bootmode$ = "BKSTD"
;******** Sektion opsiclientd **********
Set $OCD_config_service.url$ = ""
set $OCD_config_service.connection_timeout$ = "10"
Set $OLB_LoginBlockerStart$ = "1"
Set $OLB_LoginBlockerTimeoutConnect$ = "120"
;Set $OLB_LoginBlockerTimeoutInstall$ = "180"
Set $OLB_opsiServiceType$ = "2"
;******** Sektion prelogin **********
Set $PLG_UtilsDir$ = $INST_BaseDir$+"\prelogin"
;******** Sektion preloginloader **********
Set $PLG_BaseDir$ = $INST_BaseDir$
Set $PLG_UtilsDir$ = $PLG_BaseDir$+"\prelogin"
Set $PLG_CfgDir$ = $PLG_BaseDir$+"\cfg"
Set $PLG_DebugOutput$ = "0"
Set $PLG_PcptchExe$ = $PLG_UtilsDir$+"\pcptch.exe"
Set $PLG_RebootOnBootmodeReins$ = "1"
Set $PLG_RebootOnServicePackChange$ = "1"
Set $PLG_RunWithUser$ = "0"
Set $PLG_RunWithUserDelay$ = "1000"
Set $PLG_RunWithUserPassword$ = ""
Set $PLG_RunWithUserReboot$ = "0"
Set $PLG_RunWithUserTask$ = ""
Set $PLG_RunWithUserTaskParms$ = ""
Set $PLG_RunWithUserUsername$ = "pcpatch"
Set $PLG_WinstRegKey$ = "SOFTWARE\opsi.org\winst"
Set $PLG_RunServiceAs$ = "1"
Set $PLG_RunServiceAsDom$ = ""
Set $PLG_RunServiceAsUsr$ = ""
Set $PLG_RunServiceAsPas$ = ""
;******** Sektion shareinfo **********
Set $SHI_pckey$ = ""
Set $SHI_pckey_file$ = $PLG_CfgDir$+"\locked.cfg"
Set $SHI_user$ = ""
Set $SHI_smbusername1$= ""
Set $SHI_try_secondary_user$="0"
;******** Sektion pcptch **********
Set $PCP_Bitmap1$ = ""
Set $PCP_Bitmap2$ = ""
Set $PCP_button_stopnetworking$ = ""
Set $PCP_copyDefaultUser$ = ""
Set $PCP_label1$ = ""
Set $PCP_label2$ = ""
Set $PCP_loadBitmap$ = ""
Set $PCP_makeLocalCopyOfIniFile$ = ""
Set $PCP_makeLocalWinst$ = ""
Set $PCP_mountdrive$ = ""
Set $PCP_opsiServiceURL$ = ""
Set $PCP_patchleveltyp$ = ""
Set $PCP_pcprotoname$ = ""
Set $PCP_opsiServerType$ = "service"
Set $PCP_winstLocalDirectory$ = $INST_WinstDir$
Set $PCP_SecsUntilConnectionTimeOut$ = "180"
Set $PCP_pingcheck$ = ""
;******** Sektionen Ende **********
;*********************************************************
; Let's work
;*********************************************************
set $INST_OS$ = GetOS
set $INST_MinorOS$ = GetNTVersion
set $INST_NTVersion$ = GetMsVersionInfo
set $INST_Resultlist$ = getMSVersionMap
set $INST_ProductType$ = getValue("product_type_nr",$INST_Resultlist$)
set $INST_vcredistx86_installed$ = "false"
if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] DisplayVersion") = "9.0.30729.4148"
comment "vcredistx86 Version 9.0.30729.4148 is installed"
set $INST_vcredistx86_installed$ = "true"
endif
if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}] DisplayVersion") = "9.0.21022"
comment "vcredistx86 Version 9.0.21022 is installed"
set $INST_vcredistx86_installed$ = "true"
endif
if $INST_NTVersion$ <= "4"
logError "Installation aborted: wrong OS version: only win2k and above alowed"
isFatalError
endif
if not (HasMinimumSpace ("%systemdrive%", "10 MB"))
logError "Not enough space on drive %systemdrive% (we need 10 MB): Aborting"
isFatalError
endif
;if ($INST_NTVersion$ = "6.1") and ($INST_ProductType$ > "1") and ($INST_SystemType$ = "64 Bit System") and ($INST_vcredistx86_installed$ = "false")
; LogError "we are on 2008r2 and vcredist is not installed - please install vcredist32 manually before installing opsi-client-agent"
; isFatalError
; ;;;DosInAnIcon_open_winsxs
;endif
if $INST_vcredistx86_installed$ = "false"
comment "vc_redist not found - install it"
comment "install via msi"
ExecWith_autoit_vc_redist "%SCRIPTPATH%\autoit3.exe" WINST /letThemGo /EscapeStrings
Winbatch_vc_redist_msi
Sub_check_exitcode
killtask "autoit3.exe"
endif
;*********************************************************
comment "set mode"
;*********************************************************
Set $INST_Paramstr$=PARAMSTR
set $INST_ParamstrList$ = splitstring($INST_Paramstr$, ":")
comment "Modus normally set by commandline argument"
Set $INST_MODUS$=takestring(0,$INST_ParamstrList$)
Set $INST_SubModus$=takestring(1,$INST_ParamstrList$)
Set $INST_tmpstr$ = takestring(2,$INST_ParamstrList$)
if lower(trim($INST_tmpstr$)) = "noreboot"
Set $INST_AllowReboot$ = "false"
else
if lower(trim($INST_tmpstr$)) = "reboot"
Set $INST_AllowReboot$ = "true"
endif
endif
;**************************************************************************************************
; at this point, we can add the additional parameters for customizing the installation
; here we patch the domain and the opsi-server-url
; so , in this case we can installed any client in a multi-domain and multi-server-environment
;**************************************************************************************************
Set $OCD_config_service.url$ = takestring(3,$INST_ParamstrList$)
Set $OCD_Domain$ = takestring(4,$INST_ParamstrList$)
; *************************************************************************************************
comment "old Modes are remaped for backward compatibility"
if $INST_MODUS$ = "LOCAL"
Set $INST_MODUS$="INSTALL"
endif
if $INST_MODUS$ = "LOCAL_REINSTALL"
Set $INST_MODUS$="INSTALL"
endif
if $INST_MODUS$ = "SERVICE_INTERACTIVE"
Set $INST_MODUS$="INSTALL"
Set $INST_SubModus$="CREATE_CLIENT"
endif
if $INST_MODUS$ = "TFTP"
Set $INST_MODUS$="INSTALL"
Set $INST_SubModus$="BOOTIMAGE"
endif
comment "default submode of INSTALL is CONFIG_INI"
if $INST_MODUS$ = "INSTALL"
if $INST_SubModus$ = ""
Set $INST_SubModus$="CONFIG_INI"
endif
endif
comment "map Mode REMOTEDEPLOY"
if $INST_MODUS$ = "REMOTEDEPLOY"
Set $INST_MODUS$="INSTALL"
Set $INST_SubModus$="CONFIG_INI"
Set $INST_AllowReboot$ = "false"
endif
comment "if no commandline argument we default to update"
if $INST_MODUS$ = ""
Set $INST_MODUS$="UPDATE"
endif
;if ($INST_MODUS$ = "UPDATE")
; if GetProductProperty("forceConfigurationUpdate","off") = "on"
; Set $INST_MODUS$="INSTALL"
; endif
;endif
if $INST_SubModus$ = "BOOTIMAGE"
comment "do not reboot in BOOTIMAGE mode because:"
comment " opsi-client-agent installation is part of the postinst.d mechanism"
comment " if the machine reboots no script will run after the opsi-client-agent script"
Set $INST_AllowReboot$ = "false"
else
Set $INST_AllowReboot$ = GetProductProperty("allow_reboot", $INST_AllowReboot$)
endif
sub_read_configuration
sub_copy_files
sub_write_configuration
sub_set_installation_status
comment "changing/customizing the UI to ********* CI "
; change ******** to customize the loginblocker - UI
; **********************************************************************************
sub "%ScriptPath%\Update_sub.ins"
; **********************************************************************************
comment "all is done but make a reboot after terminating with the script"
sub_clean_up
if ($INST_AllowReboot$ = "true")
ExitWindows /Reboot
endif
;******************************End main action***************************************
;*********************************************************************
;*********************************************************************
[DosInAnIcon_open_winsxs]
takeown /r /f c:\windows\winsxs
"%SCRIPTPATH%\xcacls" c:\windows\winsxs /t /e /g %USERNAME%:F /y
move C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.orig
;*****************************start of main sub sections ****************************************
;***************************read configuration***************************************
[sub_read_configuration]
comment "get installed gina"
; *** delete the reading processes from the main file and outsourcing in a sub process *********
sub "%ScriptPath%\Read_Gina.ins"
; **********************************************************************************************
Set $GEN_bootmode$ = GetValueFromInifile($INST_cfgini$, "general", "bootmode", $GEN_bootmode$)
comment "Getting dns domain from config file"
Set $INST_DnsDomainName$ = GetValueFromInifile($INST_cfgini$, "general", "dnsdomain", $INST_DnsDomainName$)
if ($INST_DnsDomainName$ = "")
comment "Failed to get dns from config file, trying dns domain from wmic"
Set $INST_ResultList$ = getOutStreamFromSection("DosInAnIcon_getDnsByWmic")
Set $INST_DnsDomainName$ = TakeString(1,splitString(TakeString(0,$INST_ResultList$),"="))
endif
; dont log the pckey
SetLogLevel=$INST_PasswdLogLevel$
Set $SHI_pckey$ = GetValueFromInifile($INST_cfgini$, "shareinfo", "pckey", "")
; start logging again
SetLogLevel=$INST_DefaultLoglevel$
Set $OCD_global.log_level$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "global.log_level", $OCD_global.log_level$)
Set $OCD_config_service.url$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", $OCD_config_service.url$)
Set $OCD_config_service.connection_timeout$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.connection_timeout", $OCD_config_service.connection_timeout$)
Set $OCD_control_server.port$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "control_server.port", $OCD_control_server.port$)
Set $OCD_notification_server.port$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "notification_server.port", $OCD_notification_server.port$)
Set $OCD_open_firewall_for_control_server$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "open_firewall_for_control_server", $OCD_open_firewall_for_control_server$)
Set $OLB_LogLevel$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LogLevel", $OLB_LogLevel$)
Set $OLB_LoginBlockerStart$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerStart", $OLB_LoginBlockerStart$)
Set $OLB_LoginBlockerTimeoutConnect$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutConnect", $OLB_LoginBlockerTimeoutConnect$)
;Set $OLB_ServiceConnectionTimeout$ = $OLB_LoginBlockerTimeoutConnect$
;Set $OLB_LoginBlockerTimeoutInstall$ = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutInstall", $OLB_LoginBlockerTimeoutInstall$)
;Set $OLB_opsiServiceType$ GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "opsiServiceType", "")
; change value given by config.ini only if property present
if GetProductProperty ("LoginBlockerStart","") = "on"
Set $OLB_LoginBlockerStart$ = "1"
endif
if GetProductProperty ("LoginBlockerStart","") = "off"
Set $OLB_LoginBlockerStart$ = "0"
endif
Set $INST_Service_User$ = GetValueFromInifile($INST_cfgini$, "installation", "service_user", $INST_Service_User$)
Set $INST_Service_Password$ = GetValueFromInifile($INST_cfgini$, "installation", "service_password", $INST_Service_Password$)
Set $INST_service_hidden_password$ = GetValueFromInifile($INST_cfgini$, "installation", "service_hidden_password", $INST_service_hidden_password$)
if not ($INST_service_hidden_password$ = "")
SetLogLevel=$INST_PasswdLogLevel$
Set $INST_Service_Password$ = base64DecodeStr($INST_service_hidden_password$)
SetLogLevel=$INST_DefaultLoglevel$
endif
; ******* sysconfini wird bei PXE-basierter Grundinstallation vom Bootimage angelegt.
if (FileExists ($INST_sysconfini$))
DefVar $DepotUrl$
Set $INST_NetBootProductname$ = GetValueFromInifile($INST_sysconfini$, "general", "productid", $INST_NetBootProductname$)
Set $INST_pcname$ = GetValueFromInifile($INST_sysconfini$, "general", "pcname", $INST_pcname$)
Set $INST_DnsDomainName$ = GetValueFromInifile($INST_sysconfini$, "general", "dnsdomain", $INST_DnsDomainName$)
Set $DepotUrl$ = GetValueFromInifile($INST_sysconfini$, "general", "depoturl", $DepotUrl$)
set $INST_DepotServer$ = takeString(2,splitString($DepotUrl$,"/"))
endif
if $INST_pcname$ = ""
set $INST_pcname$ = %pcname%
endif
Set $INST_pcname$ = lower($INST_pcname$)
if not ($INST_DnsDomainName$ = "")
Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
endif
if $GEN_bootmode$ = ""
Set $GEN_bootmode$ = "BKSTD"
endif
if $INST_Modus$ = "INSTALL"
if $INST_SubModus$ = "BOOTIMAGE"
Set $GEN_bootmode$ = "REINS"
endif ; BOOTIMAGE
if $INST_SubModus$ = "CREATE_CLIENT"
sub_sub_create_client
endif ; CREATE_CLIENT
endif ; INSTALL
if (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
; dont log the pckey
SetLogLevel=$INST_PasswdLogLevel$
if FileExists ($INST_OpsiclientdConf$)
Set $SHI_pckey$ = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "opsi_host_key", $SHI_pckey$)
Set $INST_ClientId$ = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "host_id", $INST_ClientId$)
Set $INST_pcname$ = TakeString(0,SplitString($INST_ClientId$,"."))
else
if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf")
Set $SHI_pckey$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "opsi_host_key", $SHI_pckey$)
Set $INST_ClientId$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "host_id", $INST_ClientId$)
Set $INST_pcname$ = TakeString(0,SplitString($INST_ClientId$,"."))
else
if FileExists ($INST_BaseDir$+"\cfg\locked.cfg")
Set $SHI_pckey$ = GetvalueFromInifile($INST_BaseDir$+"\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
else
if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg")
Set $SHI_pckey$ = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
else
SetLogLevel=$INST_DefaultLoglevel$
logError "pckey not found - please reinstall opsi-client-agent"
isFatalError
endif
endif
endif
endif
; start logging again
SetLogLevel=$INST_DefaultLoglevel$
endif
set $INST_uac_level$ = GetProductProperty ("UAC_level", $INST_uac_level$)
set $INST_create_software_on_demand_menue_entry$ = GetProductProperty ("create_software_on_demand_menue_entry", $INST_create_software_on_demand_menue_entry$)
if $INST_MAC$ = ""
sub_sub_try_to_get_my_mac
endif
if ($INST_DepotServer$ = "")
sub_sub_get_depot_netbiosname
endif
sub_sub_read_preloginvista_installation_state
sub_sub_read_preloginloader_installation_state
; show what we have
comment "$INST_AllowReboot$ -> "+ $INST_AllowReboot$
comment "$INST_BaseDir$ -> "+ $INST_BaseDir$
comment "$INST_Cfgini$ -> "+ $INST_Cfgini$
comment "$INST_ClientExists$ -> "+ $INST_ClientExists$
comment "$INST_ClientId$ -> "+ $INST_ClientId$
comment "$INST_ComputerName$ -> "+ $INST_ComputerName$
comment "$INST_Debug$ -> "+ $INST_Debug$
comment "$INST_DepotServer$ -> "+ $INST_DepotServer$
comment "$INST_DnsDomainName$ -> "+ $INST_DnsDomainName$
comment "$INST_IPAddress$ -> "+ $INST_IPAddress$
comment "$INST_ImmediateRebootFlag$ -> "+ $INST_ImmediateRebootFlag$
comment "$INST_MAC$ -> "+ $INST_MAC$
comment "$INST_MinorOS$ -> "+ $INST_MinorOS$
comment "$INST_Modus$ -> "+ $INST_Modus$
comment "$INST_NetBootProductname$ -> "+ $INST_NetBootProductname$
comment "$INST_NicIndex$ -> "+ $INST_NicIndex$
comment "$INST_NotifierDir$ -> "+ $INST_NotifierDir$
comment "$INST_NTVersion$ -> "+ $INST_NTVersion$
comment "$INST_ProductType$ -> "+ $INST_ProductType$
comment "$INST_OS$ -> "+ $INST_OS$
comment "$INST_OpensslConfigFile$ -> "+ $INST_OpensslConfigFile$
comment "$INST_OpsiClientdCertificateFile$ -> "+$INST_OpsiClientdCertificateFile$
comment "$INST_OpsiclientdDir$ -> "+ $INST_OpsiclientdDir$
comment "$INST_OpsiclientdConf$ -> "+ $INST_OpsiclientdConf$
comment "$INST_OpsiclientdRPCDir$ -> "+ $INST_OpsiclientdRPCDir$
comment "$INST_ActionProcessorStarterDir$ -> "+ $INST_ActionProcessorStarterDir$
comment "$INST_Paramstr$ -> "+ $INST_Paramstr$
comment "$INST_Pcname$ -> "+ $INST_Pcname$
comment "$INST_RebootFlag$ -> "+ $INST_RebootFlag$
comment "$INST_Result$ -> "+ $INST_Result$
comment "$INST_SYSTEMDRIVE$ -> "+ $INST_SYSTEMDRIVE$
comment "$INST_SYSTEMROOT$ -> "+ $INST_SYSTEMROOT$
comment "$INST_SYSTEMSYS$ -> "+ $INST_SYSTEMSYS$
comment "$INST_ServiceName$ -> "+ $INST_ServiceName$
comment "$INST_Service_User$ -> "+ $INST_Service_User$
comment "$INST_service_hidden_password$ -> "+ $INST_service_hidden_password$
if not ($INST_service_hidden_password$ = "")
SetLogLevel=$INST_PasswdLogLevel$
comment "$INST_Service_Password$ -> "+ $INST_Service_Password$
SetLogLevel=$INST_DefaultLoglevel$
endif
comment "$INST_ShortServiceUrl$ -> "+ $INST_ShortServiceUrl$
comment "$INST_SubModus$ -> "+ $INST_SubModus$
comment "$INST_Sysconfini$ -> "+ $INST_Sysconfini$
comment "$INST_SystemType$ -> "+ $INST_SystemType$
comment "$INST_WinstDir$ -> "+ $INST_WinstDir$
comment "$INST_WinstRegKey$ -> "+ $INST_WinstRegKey$
comment "$INST_AktGina$ -> "+ $INST_AktGina$
comment "$INST_gina_to_chain$ -> "+ $INST_gina_to_chain$
comment "$INST_preloginvistaInstalled$ -> "+ $INST_preloginvistaInstalled$
comment "$INST_preloginloaderInstalled$ -> "+ $INST_preloginloaderInstalled$
comment "$INST_vcredistx86_installed$ -> "+ $INST_vcredistx86_installed$
comment "$INST_uac_level$ -> "+ $INST_uac_level$
comment "$INST_create_software_on_demand_menue_entry$ -> "+ $INST_create_software_on_demand_menue_entry$
;******** Sektion general **********
comment "$GEN_bootmode$ -> "+ $GEN_bootmode$
;******** Sektion shareinfo **********
if ($INST_debug$ = "on")
comment "$SHI_pckey$ -> "+$SHI_pckey$
endif
;******** Sektion opsiclientd **********
comment "$OCD_global.log_level$ -> "+ $OCD_global.log_level$
comment "$OCD_config_service.url$ -> "+ $OCD_config_service.url$
comment "$OCD_config_service.connection_timeout$ -> "+ $OCD_config_service.connection_timeout$
comment "$OCD_control_server.port$ -> "+ $OCD_control_server.port$
comment "$OCD_open_firewall_for_control_server$ -> "+ $OCD_open_firewall_for_control_server$
comment "$OCD_notification_server.port$ -> "+ $OCD_notification_server.port$
;******** Sektion opsiLoginBlocker **********
;comment "$OLB_ServiceConnectionTimeout$ -> "+ $OLB_ServiceConnectionTimeout$
comment "$OLB_LogLevel$ -> "+ $OLB_LogLevel$
comment "$OLB_LoginBlockerStart$ -> "+ $OLB_LoginBlockerStart$
comment "$OLB_LoginBlockerTimeoutConnect$ -> "+ $OLB_LoginBlockerTimeoutConnect$
;comment "$OLB_LoginBlockerTimeoutInstall$ -> "+ $OLB_LoginBlockerTimeoutInstall$
comment "$OLB_opsiServiceType$ -> "+ $OLB_opsiServiceType$
;******** Sektion prelogin **********
comment "$PLG_UtilsDir$ -> "+ $PLG_UtilsDir$
;*********************************************************************
[sub_sub_create_client]
if ($OCD_config_service.url$ = "")
set $OCD_config_service.url$ = "https://:4447"
endif
comment "Connect to service....."
markErrorNumber
opsiservicecall_authenticated
if errorsOccuredSinceMark > 0
set $INST_error$ = "true"
comment "was not authenticated -> retry scripted login by default user/password"
else
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
endif
if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
comment "was not authenticated as admin-> retry scripted login by default user/password"
markErrorNumber
set $INST_error$ = "false"
SetLogLevel=$INST_PasswdLogLevel$
opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
SetLogLevel=$INST_DefaultLoglevel$
if errorsOccuredSinceMark > 0
set $INST_error$ = "true"
comment "scripted login by default user/password failed -> retry interactive"
else
markErrorNumber
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
if errorsOccuredSinceMark > 0
set $INST_error$ = "true"
comment "check for user is admin failed failed -> retry interactive"
endif
endif
if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
set $INST_error$ = "false"
;markErrorNumber
SetLogLevel=$INST_PasswdLogLevel$
opsiservicecall_authenticated /interactive /serviceurl $OCD_config_service.url$
SetLogLevel=$INST_DefaultLoglevel$
; we don't check for errors because /interactive loops at wrong logins
; and increment errors
;if errorsOccuredSinceMark > 0
; set $INST_error$ = "true"
; comment "interactive login by default user/password failed -> retry interactive"
;else
; Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
;endif
markErrorNumber
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
if errorsOccuredSinceMark > 0
set $INST_error$ = "true"
comment "check for user is admin failed failed -> abort"
endif
if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
logerror "No admin login"
pause "Error: No admin login - exiting"
isFatalError
endif
else
;comment "logged in as admin"
endif
endif
comment "logged in as admin"
comment "get MAC and IP for Service connection"
sub_sub_try_to_get_my_mac
if ($INST_DnsDomainName$ = "")
comment "*** Get domain ***"
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDomain')
Set $INST_DnsDomainName$ = takestring(0, $INST_ServiceResult$)
endif
comment "*** does the client exist? ***"
Set $INST_pcname$ = lower($INST_pcname$)
Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
if ("" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getClientIds_list'), $INST_ClientId$))
comment "*** Create client ***"
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
endif
; *** Get active service url ***
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkconfig_hash')
set $OCD_config_service.url$ = takestring(1, splitString(takeFirstStringContaining($INST_ServiceResult$,"nextBootServiceURL"), '='))
if $OCD_config_service.url$ = ""
Set $OCD_config_service.url$ = GetvalueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", "")
endif
; *** Get hostkey1 ***
SetLogLevel=$INST_PasswdLogLevel$
markErrorNumber
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
SetLogLevel=$INST_DefaultLoglevel$
if errorsOccuredSinceMark > 0
; *** Get hostkey1 ***
SetLogLevel=$INST_PasswdLogLevel$
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
markErrorNumber
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
if errorsOccuredSinceMark > 0
LogError "Could not get hostkey - aborting"
Pause "Could not get hostkey - aborting"
isFatalError
else
Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
SetLogLevel=$INST_DefaultLoglevel$
endif
endif
;********************** end read configuration ******************************
;***************************copy files***************************************
[sub_copy_files]
DosInAnIcon_Stop_Preloginloader_Service
Registry_DeletePreloginloader
if ($INST_Modus$ = "INSTALL")
comment "clean all up"
if FileExists($INST_BaseDir$+"\")
comment "Stopping and removing existing services...."
DosInAnIcon_Stop_opsiclientd_Service
DosInAnIcon_unregister_opsiclientd_service
Registry_DeleteOpsiclientd
comment "Deleting old files...."
Files_Delete_OCA_BaseDir
endif
endif ; INSTALL
markErrorNumber
Files_copy_winst
Files_copy_uninst
if errorsOccuredSinceMark > 0
comment "copy failed - let us abort"
logerror "Copy of files are failed -exiting"
pause "Error: Copy of files are failed - Try again after reboot - aborting"
isFatalError
endif
if ($INST_SystemType$ = "64 Bit System") and ($INST_NTVersion$ < "6")
comment "we need vc_redist X64 at xp64 and 2003x64 to run the loginblocker"
Winbatch_vc_redist_exe_64
;Sub_check_exitcode
comment "Test for installation success via exit code"
set $INST_ExitCode$ = getLastExitCode
if not (($INST_ExitCode$ = "0") or ($INST_ExitCode$ = "1603"))
comment "installation seems to be failed - lets try with msi"
Winbatch_vc_redist_msi_64
;Sub_check_exitcode
endif
endif
comment "installing opsiclientd py2exe files and required libraries"
Files_copy_py2exe
comment "install openssl ...."
Files_copy_shining_light_OpenSSL_exe
;http://innounp.sourceforge.net/
DosInAnIcon_shining_light_OpenSSL_unpack
Files_copy_shining_light_OpenSSL_files
Registry_shining_light_OpenSSL
if (FileExists($INST_BaseDir$+"\utils") or FileExists($INST_BaseDir$+"\prelogin"))
comment "removing detected old prelogin files..."
DosInAnIcon_Stop_Preloginloader_Service
Registry_DeletePreloginloader
Files_del_utils
Files_del_prelogin
endif
comment "copying loginblocker"
if $INST_NTVersion$ >= "6.0"
if ($INST_SystemType$ = "64 Bit System")
Files_copy_vista_loginblocker_64 /Sysnative
else
Files_copy_vista_loginblocker_32
Files_del_cmd64
endif
endif
if $INST_NTVersion$ < "6.0"
if ($INST_SystemType$ = "64 Bit System")
Files_copy_xp_loginblocker_64
else
if $INST_NTVersion$ = "5.0"
Files_copy_xp_loginblocker_win2k
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.2.0\SetACL 2.2.0\Command line version\x86"
Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
else
Files_copy_xp_loginblocker_32
endif
Files_del_cmd64
endif
endif
;**************************** end copy files *****************************************
;***************************write configuration***************************************
[sub_write_configuration]
if $INST_Modus$ = "INSTALL"
Registry_SetGeneralEntries
if ($INST_debug$ = "on")
Files_save_config_for_debug
endif
;if $INST_MinorOS$ = "WinXP"
if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
if $INST_AktGina$ = ""
Registry_SetRemoveMsginaOnDeinst
endif
endif ; winxp
endif ; INSTALL
;*********************************************************
comment "configurations we do also at update mode"
;*********************************************************
comment "uninstall registry entries"
Registry_SetUninstallEntries
comment "standard registry entries"
Registry_SetGeneralEntries
comment "add registry key for shutdown requests"
Registry_add_shutdown_key
comment "make all depotshares trusted for the 32 Bit opsi-client-agent"
comment "get all depot servers :"
if $INST_SubModus$ = "BOOTIMAGE"
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$')
else
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares')
endif
comment " take the string :"
set $INST_Result$ = takeString(0, $INST_ServiceResult$)
comment " remove trailing brackets and quote :"
set $INST_Result$ = takeString(0, splitstring($INST_Result$,'"]'))
comment " remove heading brackets and quote :"
set $INST_Result$ = takeString(1, splitstring($INST_Result$,'["'))
comment " split servers in to list :"
set $INST_ResultList$ = splitstring($INST_Result$,'","')
comment "write all depots to the registry :"
for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted
for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted /Sysnative
comment "get netbiosnames from depots :"
comment "first clear the resultlist:"
set $INST_ResultList2$ = getsubList(0:0,$INST_ResultList2$)
; this is a dirty hack. It is used until we can ask host_getObjects with filter
; so we assume, that the first part of the fqdn is identical with the netbiosname
for %depotId% in $INST_ResultList$ do set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted
for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted /Sysnative
comment "tell server my mac address"
if not ($INST_MAC$ = "")
opsiservicecall_setMacAddress
endif
comment "Open c:\tmp worldwide writable"
Files_create_ctmp
DosInAnIcon_open_ctmp
comment "create c:\opsi.org"
Files_create_c_opsiorg
comment "lock c:\opsi.org -> for administrators only"
DosInAnIcon_lock_c_opsiorg
Patches_opsiclientd_conf_rest $INST_OpsiclientdConf$
if not (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
comment "dont log the pckey"
SetLogLevel=$INST_PasswdLogLevel$
Patches_opsiclientd_conf_key $INST_OpsiclientdConf$
comment "start logging again"
SetLogLevel=$INST_DefaultLoglevel$
endif
Patches_opsiclientd_cnf $INST_opensslConfigFile$
DosInAnIcon_generate_opsiclientdCertificate
DosInAnIcon_opsiclientd_register_service_exe
comment "set start to auto (2) if it was deactivated (4)"
Registry_ActivateOpsiclientd
if ($INST_NTVersion$ = "5.0")
else
if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
else
if ($INST_NTVersion$ >= "6.0")
comment "setting UAC Level to: "+$INST_uac_level$
if $INST_uac_level$ = "1"
Registry_UAC_on_1 /Sysnative
else
if $INST_uac_level$ = "2"
Registry_UAC_on_2 /Sysnative
else
if $INST_uac_level$ = "3"
Registry_UAC_on_3 /Sysnative
else
if $INST_uac_level$ = "4"
Registry_UAC_on_4 /Sysnative
else
LogWarning("no or unknown $INST_uac_level$ set: "+$INST_uac_level$)
endif
endif
endif
endif
;Registry_UAC_on_special /Sysnative
;Registry_UAC_off /Sysnative
else
LogError "unknown OS: "+$INST_MinorOS$+ " Version: "+$INST_NTVersion$
endif
endif
endif
if $OCD_open_firewall_for_control_server$ = "1"
if ($INST_NTVersion$ >= "6.0")
DosInAnIcon_open_firewall_for_control_server_nt6
else
DosInAnIcon_open_firewall_for_control_server
endif
else
if ($INST_NTVersion$ >= "6.0")
DosInAnIcon_close_firewall_for_control_server_nt6
else
DosInAnIcon_close_firewall_for_control_server
endif
endif
;;; comment "enable login logging - needed to detect logins by wmi"
;;; comment "export the existing policy"
;;; ;DosInAnIcon_export_security_policy
;;; comment "patch the exported policy: login monitoring: success,failed"
;;; ;Patches_secedit_pll "c:\tmp\secedit_pll.ini"
;;; comment "reimport the patched policy"
;;; ;DosInAnIcon_enable_login_looging
;;; DosInAnIcon_auditpol_enable_login_looging
comment "disable Data Execution Prevention (DEP) for opsiclientd.exe"
comment "This should be prevent problems on win2003"
DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy
Registry_disable_dep_opsiclientd /Sysnative
comment "make opsiclientd depending ond dhcp and dnscache services"
Registry_opsiclientd_Service_depend_dhcp_dns
if ($INST_NTVersion$ >= "6.0")
if $OLB_LoginBlockerStart$ = "1"
Registry_vista_loginblocker /Sysnative
else
Registry_vista_del_loginblocker /Sysnative
endif
endif ; win vista
;if ($INST_MinorOS$ = "WinXP") or ($INST_MinorOS$ = "Win2k")
if ($INST_NTVersion$ < "6.0")
if $OLB_LoginBlockerStart$ = "1"
Registry_opsigina_opsi_Config /Sysnative
Registry_set_loginblocker_start /Sysnative
else
Registry_set_loginblocker_start /Sysnative
endif ; loginblocker start
if ($INST_SystemType$ = "64 Bit System")
winbatch_test_opsigina_64
else
winbatch_test_opsigina_32
endif
set $INST_ExitCode$ = getLastExitCode
if $INST_ExitCode$ = "0"
comment "opsigina test passed - install it"
; *** changed to implement the SOPHOS SafeGuard Engine and DATEV (for ITL) **************
sub "%ScriptPath%\write_Gina.ins"
; ***************************************************************************************
else
LogError "opsigina test failed, so we don't install it. Test Exitcode was: " + $INST_ExitCode$
endif
endif ; winXP
comment "protect opsi-clientagent against non administrative manipulations"
DosInAnIcon_lock_opsiclientagent
;comment "do the lock on every installation"
;DosInAnIcon_lock_opsiclientd_conf
if $INST_create_software_on_demand_menue_entry$ = "true"
opsiservicecall_setOption_addConfigStateDefaults_true
Set $INST_ResultList$ = getReturnListFromSection('opsiservicecall_get_configState_software-on-demand.active')
if (TakeString(0,SplitString(TakeString(1,SplitString(TakeString(0,$INST_ResultList$), '"values":[')), ']')) = "true")
LinkFolder_install_softwareOnDemand
endif
else
LinkFolder_uninstall_softwareOnDemand
endif
;*****************************end write configuration****************************************
;*****************************clean up****************************************
[sub_clean_up]
if fileExists("c:\tmp\opsi")
Files_Delete_ctmpopsi
endif
if fileExists("c:\tmp\opsi-client-agent")
Files_Delete_ctmpopsi-client-agent
endif
if fileExists("c:\tmp\python")
Files_Delete_ctmppython
endif
Files_del_utils
if FileExists("%ProgramFilesDir%\opsi.org\preloginloader\")
Files_Delete_PLG_BaseDir
endif
if fileExists("c:\tmp\ssl_tmp")
Files_Delete_ctmpssl
endif
Files_redist_cleanup
;***********************
[Files_Delete_ctmpopsi]
delete -s -f "c:\tmp\opsi\"
[Files_Delete_ctmpssl]
delete -s -f "C:\tmp\ssl_tmp\"
[Files_Delete_ctmppython]
delete -s -f "c:\tmp\python\"
[Files_Delete_ctmpopsi-client-agent]
delete -s -f "c:\tmp\opsi-client-agent\"
[Files_del_utils]
delete -s -f "$INST_BaseDir$\utils\"
[Files_del_prelogin]
delete -s -f "$INST_BaseDir$\prelogin\"
[Files_redist_cleanup]
delete c:\eula*.*
delete c:\install*.*
delete c:\vc_red.*
delete c:\vcredist.bmp
delete c:\.rnd
delete c:\globdata.ini
delete d:\eula*.*
delete d:\install*.*
delete d:\vc_red.*
delete d:\vcredist.bmp
delete d:\.rnd
delete d:\globdata.ini
;*****************************end clean up****************************************
;**************************** end of main sub sections*****************************************
;*********************************************************************
;*********************************************************************
;*************************** basic sections******************************************
[Files_copy_winst]
; do not use -V because it leads to broken winst on downgrade
copy -sc "%SCRIPTPATH%\opsi-winst\*.*" "$INST_WinstDir$"
copy -sVc "%SCRIPTPATH%\utilities\*.*" "$INST_BaseDir$\utilities\"
[Files_copy_uninst]
copy -sVc "%SCRIPTPATH%\uninst\*.*" "$INST_BaseDir$\uninst\"
[Files_Delete_OCA_BaseDir]
delete -sf "$INST_BaseDir$\"
[Files_Delete_PLG_BaseDir]
delete -sf "%ProgramFilesDir%\opsi.org\preloginloader\"
[Registry_SetGeneralEntries]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\general]
Set "opsiconf"=REG_DWORD:1
Set "configlocal"=REG_DWORD:0
Set "bootmode" = "$GEN_bootmode$"
[Registry_SetUninstallEntries]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-preloginloader]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-client-agent]
set "DisplayName" = "opsi-client-agent"
set "DisplayVersion" = "$ProductVersion$"
set "DisplayIcon" = "$INST_WinstDir$\winst32.exe"
set "DisplayPublisher" = "uib gmbh, Mainz, Germany"
set "UninstallString" = '"$INST_WinstDir$\winst32.exe" /batch "$INST_BaseDir$\uninst\uninstall.ins" "c:\tmp\deinstall_opsi-client-agent.log" /PARAMETER DEINSTALL'
set "URLInfoAbout" = "http://opsi.org"
set "HelpLink" = "http://www.opsi.org/support/"
[DosInAnIcon_lock_opsiclientagent]
rem see http://setacl.sourceforge.net/
rem set rights for the base dir
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
rem set the complete dir full access for admin and (read and execute) only for user
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem revoke users access for configuration file (opsi-hostkey)
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem revoke users access for uninst
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem revoke users access for utilities
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem grant user execute to the winst directory
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
rem therefore remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem therefore set new rights
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read_ex;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
;*************************** end basic sections******************************************
;***************************vista sections******************************************
; Registry and UAC
;http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2526.htm
;http://www.winfaq.de/faq_html/Content/tip2000/onlinefaq.php?h=tip2217.htm
;http://msdn.microsoft.com/en-us/library/cc232761%28v=prot.10%29.aspx
;http://www.rawcomputing.co.uk/vistatips36.html
;http://www.win-tipps-tweaks.de/cms/vista-tipps/vista-sicherheit/benutzerkontensteuerung-deaktivieren-teil-2.html
[Registry_UAC_off]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000000
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000000
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_UAC_on_special]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000001
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000001
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_UAC_on_1]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000002
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000001
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000001
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_UAC_on_2]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000001
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000001
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_UAC_on_3]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000001
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000000
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_UAC_on_4]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection" = REG_DWORD:00000001
Set "EnableLUA" = REG_DWORD:00000000
Set "EnableVirtualization" = REG_DWORD:00000001
Set "PromptOnSecureDesktop" = REG_DWORD:00000000
Set "FilterAdministratorToken" = REG_DWORD:00000000
[Registry_hklm_set_depotshare_trusted]
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%depotId%]
set "file"=reg_dword:0x00000001
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
set "AutoDetect"=reg_dword:0x00000000
set "IntranetName"=reg_dword:0x00000001
set "ProxyByPass"=reg_dword:0x00000001
set "UNCAsIntranet"=reg_dword:0x00000001
;***************************end vista sections******************************************
; ******************** login blockers sections*****************************************
; ******************** credential provider login blockers sections********************
[Files_copy_vista_loginblocker_32]
copy -Vc "%SCRIPTPATH%\opsiloginblocker\32bit\*.dll" "%SYSTEM%"
[Files_copy_vista_loginblocker_64]
copy -Vc "%SCRIPTPATH%\opsiloginblocker\64bit\*.dll" "%SYSTEM%"
[Registry_vista_loginblocker]
;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
;set ""="OpsiLoginBlocker"
openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
set ""="OpsiLoginBlocker"
openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32]
set ""="OpsiLoginBlocker.dll"
set "ThreadingModel"="Apartment"
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
set ""="OpsiLoginBlocker"
set "LoginBlockerTimeoutConnect"=reg_dword:$OLB_LoginBlockerTimeoutConnect$
set "StartOpsiCredentialProvider"=reg_dword:0x00000000
set "LoginBlockerLogLevel"=reg_dword:$OLB_LogLevel$
[Registry_vista_del_loginblocker]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
; ******************** end credential provider login blockers sections********************
;************************ opsigina loginblocker sections **********************
[Files_copy_xp_loginblocker_32]
copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
[Files_copy_xp_loginblocker_win2k]
;copy -Vc "%SCRIPTPATH%\opsigina\win2k\opsigina.dll" "$INST_BaseDir$\opsigina\"
copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
[Files_copy_xp_loginblocker_64]
copy -Vc "%SCRIPTPATH%\opsigina\64bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
[Registry_SetRemoveMsginaOnDeinst]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "RemoveMsginaOnDeinst"=REG_DWORD:1
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "RemoveMsginaOnDeinst"=REG_DWORD:1
[Registry_opsigina_opsi_Config]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "NextGina" = "$INST_gina_to_chain$"
set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
Set "opsiServiceType" = REG_DWORD:$OLB_opsiServiceType$
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "NextGina" = "$INST_gina_to_chain$"
set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
Set "opsiServiceType" = REG_DWORD:$OLB_opsiServiceType$
; *************************************************************************************************
; *** outsourcing the chapter Registry_opsigina_winlogon_Config to separate file write_gina.ins ***
; *************************************************************************************************
[Registry_set_loginblocker_start]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
[winbatch_test_opsigina_64]
"%SCRIPTPATH%\opsigina\test\64bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
[winbatch_test_opsigina_32]
"%SCRIPTPATH%\opsigina\test\32bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
; ******************** end opsigina loginblocker sections *****************************************
; ******************** end loginblockers sections *****************************************
; ******************** opsiclientd sections *****************************************
[Patches_opsiclientd_conf_key]
Set [global] opsi_host_key=$SHI_pckey$
Set [global] host_id=$INST_ClientId$
[Patches_opsiclientd_conf_rest]
Set [config_service] url=$OCD_config_service.url$/rpc
Set [config_service] connection_timeout=$OCD_config_service.connection_timeout$
Set [control_server] port=$OCD_control_server.port$
Set [notification_server] port=$OCD_notification_server.port$
Set [global] log_level=$OCD_global.log_level$
[DosInAnIcon_lock_opsiclientd_conf]
rem this should work not only on german systems
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
[Patches_opsiclientd_cnf]
Add [req] default_bits = 1024
Add [req] encrypt_key = yes
Add [req] distinguished_name = req_dn
Add [req] x509_extensions = cert_type
Add [req] prompt = no
Add [req_dn] C = DE
Add [req_dn] ST = RP
Add [req_dn] L = Mainz
Add [req_dn] O = UIB
Add [req_dn] OU = -
Set [req_dn] CN = $INST_ClientId$
Add [req_dn] emailAddress = info@uib.de
Add [cert_type] nsCertType = server
[DosInAnIcon_generate_opsiclientdCertificate]
"%ProgramFilesDir%\OpenSSL\bin\openssl" req -new -x509 -days 1000 -nodes -config "$INST_opensslConfigFile$" -out "$INST_opsiclientdCertificateFile$" -keyout "$INST_opsiclientdCertificateFile$"
[DosInAnIcon_Stop_opsiclientd_Service]
net stop opsiclientd
[DosInAnIcon_unregister_opsiclientd_service]
"$INST_OpsiclientdDir$\opsiclientd.py" remove
"$INST_BaseDir$\opsiclientd.exe" -remove
[DosInAnIcon_open_firewall_for_control_server]
netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
[DosInAnIcon_close_firewall_for_control_server]
netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
[DosInAnIcon_open_firewall_for_control_server_nt6]
rem netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
netsh advfirewall firewall add rule name="opsiclientd-control-port" dir=in action=allow protocol=TCP localport=$OCD_control_server.port$
[DosInAnIcon_close_firewall_for_control_server_nt6]
rem netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
netsh advfirewall firewall delete rule name="opsiclientd-control-port" name protocol=TCP localport=$OCD_control_server.port$
[Registry_DeleteOpsiclientd]
DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
[Registry_DeactivateOpsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "Start" = REG_DWORD:4
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opsiclientd]
Set "Start" = REG_DWORD:4
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\opsiclientd]
Set "Start" = REG_DWORD:4
[Registry_ActivateOpsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "Start" = REG_DWORD:2
set "ImagePath" = '"$INST_BaseDir$\opsiclientd.exe"'
[DosInAnIcon_opsiclientd_register_service_exe]
"$INST_BaseDir$\opsiclientd.exe" -auto -install
[Registry_opsiclientd_Service_depend_win2k]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt"
[Registry_opsiclientd_Service_depend_winxp]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|Nla"
[Registry_opsiclientd_Service_depend_winvista]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|NlaSvc"
[Registry_opsiclientd_Service_depend_dhcp_dns]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Dhcp|Dnscache"
[Registry_opsiclientd_Service_set_timeout]
; default timeout is 30000 millis increase to 60000 millis
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Set "ServicesPipeTimeout" = REG_DWORD:60000
[DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy]
@echo off
wmic os get DataExecutionPrevention_SupportPolicy
[Registry_disable_dep_opsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
set "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd.exe" = "DisableNXShowUI"
; ******************** end opsiclientd sections *****************************************
; ******************** Install helpers sections *****************************************
[Files_del_cmd64]
delete -f "%SYSTEMROOT%\cmd64.exe"
[Files_save_config_for_debug]
copy "%ScriptPath%\cfg\*.*" "c:\tmp\cfg"
[sub_set_installation_status]
if $INST_SubModus$ = "BOOTIMAGE"
opsiservicecall_setNetbootInstallationStatus /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
endif
opsiservicecall_setOpsiclientagentInstallationStatus
if $INST_preloginvistaInstalled$ = 'true'
opsiservicecall_setPreloginvistaInstallationStatus_off
endif
if $INST_preloginloaderInstalled$ = 'true'
opsiservicecall_setpreloginloaderInstallationStatus_off
endif
[sub_sub_read_preloginloader_installation_state]
if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginloader")
set $INST_preloginloaderInstalled$ = 'false'
else
set $INST_preloginloaderInstalled$ = 'true'
endif
[sub_sub_read_preloginvista_installation_state]
if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginvista")
set $INST_preloginvistaInstalled$ = 'false'
else
set $INST_preloginvistaInstalled$ = 'true'
endif
[Registry_add_shutdown_key]
openKey [$INST_WinstRegKey$]
add "ShutdownRequested" = REG_DWORD:0
[Files_create_ctmp]
CheckTargetPath = "c:\tmp"
[DosInAnIcon_open_ctmp]
rem C:\utils\xcacls c:\tmp /T /C /G ADMINISTRATOREN:F "ERSTELLER-BESITZER":F JEDER:R HAUPTBENUTZER:F SYSTEM:F /Y
rem show setacl-version
rem "$INST_SetAclDir$\setacl.exe" -help
rem this should work not only on german systems
rem open c:\tmp for everyone
"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn setprot -op "dacl:np;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-1-0;s:y" -actn ace -ace "n:S-1-1-0;p:full;s:y"
rem "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn list -lst "s:b"
[Files_create_c_opsiorg]
CheckTargetPath = "$OCD_OpsiVarDir$"
[DosInAnIcon_lock_c_opsiorg]
rem this should work not only on german systems
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
rem "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
[sub_get_depot_netbiosnames]
set %depotId%
set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
[Sub_check_exitcode]
comment "Test for installation success via exit code"
set $INST_ExitCode$ = getLastExitCode
; informations to exit codes see
; http://msdn.microsoft.com/en-us/library/aa372835(VS.85).aspx
; http://msdn.microsoft.com/en-us/library/aa368542.aspx
if ($INST_ExitCode$ = "0")
comment "Looks good: setup program gives exitcode zero"
else
comment "Setup program gives a exitcode unequal zero: " + $INST_ExitCode$
if ($INST_ExitCode$ = "1603")
comment "File is in use - seems not to be a problem (at vc_redist installation)"
else
if ($INST_ExitCode$ = "1605")
comment "ERROR_UNKNOWN_PRODUCT 1605 This action is only valid for products that are currently installed."
comment "Uninstall of a not installed product failed - no problem"
else
if ($INST_ExitCode$ = "1641")
comment "looks good: setup program gives exitcode 1641"
comment "ERROR_SUCCESS_REBOOT_INITIATED 1641 The installer has initiated a restart. This message is indicative of a success."
else
if ($INST_ExitCode$ = "3010")
comment "looks good: setup program gives exitcode 3010"
comment "ERROR_SUCCESS_REBOOT_REQUIRED 3010 A restart is required to complete the install. This message is indicative of a success."
else
logError "Fatal: Setup program gives an unknown exitcode unequal zero: " + $INST_ExitCode$
;isFatalError
endif
endif
endif
endif
endif
; ******************** End Install helpers sections *****************************************
; ******************** create client sections *****************************************
[sub_sub_try_to_get_my_mac]
Set $INST_ShortServiceUrl$ = takestring(1, splitString($OCD_config_service.url$,"//"))
set $INST_ConfigServerIP$ = takestring(0, splitString($INST_ShortServiceUrl$,":"))
set $INST_ConfigServerPort$ = takestring(1, splitString($INST_ShortServiceUrl$,":"))
comment "we need a IP-Numer at sub_getServiceConnection for analyzing the netstat output"
Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIPbyName')
set $INST_ExitCode$ = getLastExitCode
if "Error" = takestring(0, splitStringOnWhitespace(takestring(0,$INST_ServiceResult$)))
LogWarning "MAC Address could not detected because config server could not resolved"
else
set $INST_ConfigServerIP$ = takestring(0,$INST_ServiceResult$)
set $INST_ShortServiceUrl$ = $INST_ConfigServerIP$+":"+$INST_ConfigServerPort$
comment "let us try to guess the ip number by getbestinterface windows api ..."
Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIpByTarget')
set $INST_IPAddress$ = takestring(0, $INST_ServiceResult$)
set $INST_IPAddress$ = takestring(1, splitString($INST_IPAddress$,"found:"))
if $INST_IPAddress$ = ""
LogWarning "failed to get own IP number - giving up to get mac"
else
set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_WMI_running')
if ("" = takeFirstStringContaining($INST_ServiceResult$,"RUNNING")) and (GetMsVersionInfo >= "5.1")
LogWarning "WMI service not running - giving up to get mac"
else
comment "WMI is running or we are at win2k and we only hope that it is running"
Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
if $INST_MAC$ = ""
LogWarning "no MAC found"
endif
endif
endif
endif
;comment "Do we have a connection to the server ?"
;markErrorNumber
;opsiservicecall_authenticated
;if errorsOccuredSinceMark > 0
; comment "No - we have no connection to the server."
; comment "Let us try to connect the server ...."
; SetLogLevel=$INST_PasswdLogLevel$
; markErrorNumber
; opsiservicecall_authenticated /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
; SetLogLevel=$INST_DefaultLoglevel$
; if errorsOccuredSinceMark > 0
; LogWarning "We have still no connection to the server. This may affect the detection of the MAC."
; endif
;else
; comment "Yes - we have a connection to the server."
; opsiservicecall_getNetworkConfig_hash
;endif
;comment "Now calling netstat ...."
;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getServiceConnection')
;set $INST_IPAddress$ = takestring(2, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$, $INST_ShortServiceUrl$)))
;set $INST_IPAddress$ = takestring(0, splitString($INST_IPAddress$,":"))
;if $INST_IPAddress$ = ""
; LogWarning "failed to get own IP number by netstat - using winst information (may be wrong at multiple network interfaces)"
; set $INST_IPAddress$ = "%IPAddress%"
;endif
;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
;set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
;if $INST_MAC$ = ""
; LogWarning "no MAC found"
;endif
;endif
[DosInAnIcon_getServiceConnection]
@echo off
netstat -n
[DosInAnIcon_getMac_by_exe]
@echo off
"%ScriptPath%\ip2mac\ip2mac.exe"
[DosInAnIcon_getDnsByWmic]
@echo off
wmic path win32_NetworkAdapterConfiguration get DnsDomain /value | findstr "=."
[DosInAnIcon_getIPbyName]
@echo off
"%ScriptPath%\gethostbyname\get_host_by_name.exe" $INST_ConfigServerIP$
[DosInAnIcon_getIpByTarget]
@echo off
"%ScriptPath%\getIpByTarget\getipbytarget.exe" --target=$INST_ConfigServerIP$
[DosInAnIcon_WMI_running]
@echo off
sc query Winmgmt
[sub_sub_get_depot_netbiosname]
set $INST_Authenticated$ = "false"
markErrorNumber
opsiservicecall_authenticated
if errorsOccuredSinceMark > 0
comment "was not authenticated -> retry scripted login by default user/password"
markErrorNumber
SetLogLevel=$INST_PasswdLogLevel$
opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
SetLogLevel=$INST_DefaultLoglevel$
if errorsOccuredSinceMark > 0
comment "scripted login by default user/password failed -> we don't retry interactive"
comment "giving up"
else
comment "now authenticated "
set $INST_Authenticated$ = "true"
endif
else
comment "was authenticated "
set $INST_Authenticated$ = "true"
endif
if $INST_Authenticated$ = "true"
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkConfig_hash')
set $INST_DepotServer$ = takeString(2,splitString(takeFirstStringContaining($INST_ServiceResult$, "depotUrl="),"/"))
endif
; ******************** End create client sections *****************************************
;***********************py2exe and open ssl sections ************************************************
[Files_copy_py2exe]
copy -sVc "%SCRIPTPATH%\dist\*.*" "$INST_BaseDir$\"
[Winbatch_shining_light_OpenSSL]
"%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" /SILENT /NOCANCEL /SUPPRESSMSGBOXES /NORESTART /SP- /LOG="c:\tmp\shining_light_OpenSSL.log" /DIR="%ProgramFilesDir%\OpenSSL"
[Files_copy_shining_light_OpenSSL_exe]
copy "%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" "C:\tmp\ssl_tmp"
copy "%ScriptPath%\deps\innounp.exe" "C:\tmp\ssl_tmp"
[DosInAnIcon_shining_light_OpenSSL_unpack]
rem ;http://innounp.sourceforge.net/
c:
cd "C:\tmp\ssl_tmp"
mkdir tmp
innounp.exe -x -m -b -dtmp Win32OpenSSL_Light-1_0_0i.exe
[Files_copy_shining_light_OpenSSL_files]
copy -sV "C:\tmp\ssl_tmp\tmp\{app}\*.*" "%Programfilesdir%\openssl"
;copy -V "C:\tmp\ssl_tmp\tmp\{app}\*.dll" "%system%"
delete -sf "C:\tmp\ssl_tmp\tmp\"
[Registry_shining_light_OpenSSL]
openkey [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
set "OPENSSL_CONF"="%Programfilesdir%\openssl\bin\openssl.cfg"
[Winbatch_vc_redist_exe]
;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*v "c:\tmp\vcredist.log" ALLUSERS=2"
"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*c:\tmp\vcredist_exe.log ALLUSERS=2"
;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"VCREDI~1.EXE /q:a /c:""msiexec /i vcredist.msi /qb!"" "
;"%ScriptPath%\deps\vcredist_x86.exe" /Q
[Winbatch_vc_redist_exe_64]
"%ScriptPath%\vcredistx64\vcredist_x64.exe" /Q
[Winbatch_vc_redist_msi_64]
msiexec /i "%ScriptPath%\vcredistx64\VC_RED.MSI" /qb-! /l*v "c:\tmp\vcredist_x64_msi.log" ALLUSERS=2
[Winbatch_vc_redist_msi]
;msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l*vx "c:\tmp\vcredist.log" ALLUSERS=2 DISABLEROLLBACK=1 VSEXTUI=1
msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l* "c:\tmp\vcredist_msi.log" ALLUSERS=2
[ExecWith_autoit_vc_redist]
WinWait("Microsoft Visual C++", "Opsi Dialog")
Send("{TAB}")
Send("{TAB}")
Send("{ENTER}")
exit
[LinkFolder_install_softwareOnDemand]
set_basefolder common_programs
set_subfolder opsi.org
set_link
name: software on demand
target: https://localhost:4441/swondemand
parameters:
working_dir:
icon_file:
icon_index:
end_link
[LinkFolder_uninstall_softwareOnDemand]
set_basefolder common_programs
delete_subfolder opsi.org
;***************************** end py2exe and open ssl sections ******************************************
;*************************** prelogin sections ********************************************
[Registry_DeletePreloginloader]
DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PreLoginLoader]
[DosInAnIcon_Stop_Preloginloader_Service]
net stop preloginloader
;**************************** end prelogin sections *******************************************
;******** Service sections **********
[opsiservicecall_authenticated]
"method": "authenticated"
"params": [
]
[opsiservicecall_getDomain]
"method": "getDomain"
"params": [
]
[opsiservicecall_getHost_hash]
"method": "getHost_hash"
"params": [
"$INST_ClientId$"
]
[opsiservicecall_getClientIds_list]
"method": "getClientIds_list"
"params": [
]
[opsiservicecall_createClient]
"method": "createClient"
"params": [
"$INST_pcname$",
"$INST_DnsDomainName$",
"",
"",
"$INST_IPAddress$",
"$INST_MAC$"
]
[opsiservicecall_getServerId]
"method": "getServerId"
"params": [
"$INST_ClientId$"
]
[opsiservicecall_getOpsiHostKey]
"method": "getOpsiHostKey"
"params": [
"$INST_ClientId$"
]
[opsiservicecall_setNetbootInstallationStatus]
"method": "setProductInstallationStatus"
"params": [
"$INST_NetBootProductname$",
"$INST_ClientId$",
"installed"
]
[opsiservicecall_setPreloginloaderInstallationStatus_off]
"method": "setProductInstallationStatus"
"params": [
"preloginloader",
"$INST_ClientId$",
"not_installed"
]
[opsiservicecall_setPreloginvistaInstallationStatus_off]
"method": "setProductInstallationStatus"
"params": [
"preloginvista",
"$INST_ClientId$",
"not_installed"
]
[opsiservicecall_setOpsiclientagentInstallationStatus]
"method": "setProductInstallationStatus"
"params": [
"opsi-client-agent",
"$INST_ClientId$",
"installed"
]
[opsiservicecall_getNetworkConfig_hash]
"method": "getNetworkConfig_hash"
"params": [
"$INST_ClientId$"
]
[opsiservicecall_userIsAdmin]
"method": "userIsAdmin"
"params": [
]
[opsiservicecall_setMacAddress]
"method": "setMacAddress"
"params": [
"$INST_ClientId$",
"$INST_MAC$"
]
[opsiservicecall_getInstalledLocalBootProductIds_list]
"method": "getInstalledLocalBootProductIds_list"
"params": [
"$INST_ClientId$"
]
[opsiservicecall_getDepotshares]
"method": "host_getIdents"
"params": [
'[]',
'{"type":"OpsiDepotserver"}',
]
[opsiservicecall_getDepot_properties]
"method": "host_getObjects"
"params": [
'[]',
'{"type":"OpsiDepotserver"}',
]
[opsiservicecall_setOption_addConfigStateDefaults_true]
"method": "backend_setOptions"
"params": [
'{"addConfigStateDefaults":true}'
]
[opsiservicecall_get_configState_software-on-demand.active]
"method": "configState_getObjects"
"params": [
'',
'{"configId":"software-on-demand.active","objectId":"$INST_ClientId$"}',
]
;**************************************************
;**************************************************
==== read_gina.ins ====
this file is for implementing a gina chain for sophos and DATEV on XP-Machines (not needed for OS Vista and younger)
set $INST_AktGina$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] GinaDLL")
comment "get nextgina to chain"
set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
if $INST_gina_to_chain$ = ""
comment "no nextGina entry at opsi-client-agent - let us look at the old preloginloader key"
set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] NextGina")
endif
if $INST_gina_to_chain$ = ""
comment "no new opsigina installed - let us look for opsi pgina installation"
set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] pathMSGina")
endif
if $INST_gina_to_chain$ = ""
comment "no new opsi pgina installed - let us look for legacy opsi installation"
set $INST_old_reg_gina_installed$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina\Opsi] Installed")
if $INST_old_reg_gina_installed$ = "1"
set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina] pathMSGina")
endif
endif
if ($INST_gina_to_chain$ = "") and ("64 Bit System" = GetSystemType)
comment "perhaps opsi-client-agent previously installed into wrong registry tree with 32-bit settings"
set $INST_gina_to_chain$ = GetRegistryStringValue32("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
endif
if $INST_NTVersion$ < "6.0"
if ($INST_AktGina$ = "")
comment "opsigina seems not be installed and we are on a fresh XP"
set $INST_gina_to_chain$ = "msgina.dll"
else
if ($INST_gina_to_chain$ = "")
; *************************** Implementing the SOPHOS Safe GUARD Easy Engine *********************************************
if ($INST_AktGina$ = "sggina.dll")
set $INST_sophos$ = "1"
set $INST_gina_to_chain$ = "msgina.dll"
else
; ****************************************************************************************
; *** implementation fpr DATEV client ( for ITL) *****************************************
if ($INST_AktGina$ = "C:\WINDOWS\system32\dvinesasdgina.dll")
set $INST_DATEV$ = "1"
set $INST_gina_to_chain$ = "msgina.dll"
else
; ****************************************************************************************
; *** the original block
; ****************************************************************************************
comment "opsigina seems not be installed and there is active gina"
set $INST_gina_to_chain$ = $INST_AktGina$
; ****************************************************************************************
endif
endif
; ************************************************************************************************************************
else
comment "opsigina seems be installed and so don't change the gina to chain"
endif
endif
endif ; winxp / win2k
==== write_gina.ins ====
if ($INST_sophos$ = "1")
Registry_opsigina_winlogon_SOPHOS /Sysnative
else
if ($INST_DATEV = "1")
Registry_opsigina_winlogon_DATEV /Sysnative
else
Registry_opsigina_winlogon_Config /Sysnative
; *********************************************************************************
; *** the original block **********************************************************
; *********************************************************************************
endif
endif
[Registry_opsigina_winlogon_Config]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Set "GinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
set "DisableCAD" = REG_DWORD:0
[Registry_opsigina_winlogon_DATEV]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "ASDOrgGinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
[Registry_opsigina_winlogon_SOPHOS]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication]
set "GinaDLLRepair" = REG_DWORD:0
set "KnownGina" = REG_DWORD:1
set "OriginalGina" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
==== update_sub.ins ====
this file is for customizing the UI from opsi-client-agent.
DefVar $SrcPath$
DefVar $block_login$
DefVar $winst_skin_color$
DefVar $action_color$
DefVar $NotifierUpdatePath$
DefVar $WinstSkinUpdatePath$
DefVar $informList$
; ----------------------------------------------------------------
; - Please edit the following values -
; ----------------------------------------------------------------
;$ProductId$ should be the name of the product in opsi
; therefore please: only lower letters, no umlauts,
; no white space use '-' as a seperator
Set $INST_BaseDir$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent"
Set $INST_OpsiclientdDir$ = $INST_BaseDir$+"\opsiclientd"
Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf"
Set $INST_WinstDir$ = $INST_BaseDir$+"\opsi-winst"
Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier"
Set $NotifierUpdatePath$ = "\dist\notifier_update"
Set $WinstSkinUpdatePath$ = "\opsi-winst\winstskin_update"
;------------------------------------------------------------------
set $winst_skin_color$ = "$0000cdbd"
set $action_color$ = "189,205,000"
set $informList$ = "345"
Files_copy_images
Patches_action_ini $INST_NotifierDir$+"\action.ini"
Patches_event_ini $INST_NotifierDir$+"\event.ini"
Patches_popup_ini $INST_NotifierDir$+"\popup.ini"
Patches_shutdown_ini $INST_NotifierDir$+"\shutdown.ini"
Patches_userlogin_ini $INST_NotifierDir$+"\userlogin.ini"
Patches_winst_skin $INST_WinstDir$+"\winstskin\skin.ini"
ExitWindows /reboot
[Files_copy_images]
copy "%SCRIPTPATH%$NotifierUpdatePath$\*.*" "$INST_NotifierDir$"
copy "%SCRIPTPATH%$WinstSkinUpdatePath$\*.*" "$INST_WinstDir$\winstskin"
[Patches_action_ini]
Set [LabelStatus] FontColor = $action_color$
set [LabelMessage] FontColor = $action_color$
set [ButtonStop] Top = 150
set [ButtonStart] Top = 150
[Patches_event_ini]
set [LabelTitle] FontColor = $action_color$
set [LabelTitle] Text = "********* IT Deployment"
set [LabelOpsiclientdInfo] FontColor = $action_color$
set [LabelActionProcessorInfo] FontColor = $action_color$
set [LabelStatus] FontColor = $action_color$
set [LabelDetail] FontColor = $action_color$
set [LabelConfigServiceUrl] FontColor = $action_color$
set [LabelClientId] FontColor = $action_color$
set [LabelConfigServiceUrl] Top = $informList$
set [LabelClientId] Top = $informList$
set [ButtonStop] Color = $action_color$
[Patches_popup_ini]
Set [LabelTitle] FontColor = $action_color$
set [LabelMessage] FontColor = $action_color$
set [ButtonExit] Color = $action_color$
[Patches_shutdown_ini]
Set [LabelStatus] FontColor = $action_color$
set [LabelMessage] FontColor = $action_color$
set [ButtonStop] Top = 150
set [ButtonStart] Top = 150
[Patches_userlogin_ini]
Set [LabelStatus] FontColor = $action_color$
set [LabelMessage] FontColor = $action_color$
[Patches_winst_skin]
set [Form] Color = "$00FFFFFF"
set [LabelVersion] FontColor = $winst_skin_color$
set [LabelProduct] FontColor = $winst_skin_color$
set [LabelInfo] FontColor = $winst_skin_color$
set [LabelDetail] FontColor = $winst_skin_color$
set [LabelCommand] FontColor = $winst_skin_color$
set [LabelProgress] FontColor = $winst_skin_color$
set [ProgressBar] BarColor = $winst_skin_color$
set [ProgressBar] StartColor = $winst_skin_color$
set [ProgressBar] FinalColor = $winst_skin_color$
set [ProgressBar] ShapeColor = $winst_skin_color$
==== OPSI-CLIENT-ITL.mm ====
the central control file for MakeMSI
;----------------------------------------------------------------------------
;--- Global Definitions -----
;----------------------------------------------------------------------------
#define VALID_MSIVAL2_DIR C:\Programme\MsiVal2 ;;Used before loading MSI header
;--- Include MAKEMSI support (with my customisations and MSI branding) ------
#define VER_FILENAME.VER version-opsi_prod-ITL.Ver ;;I only want one VER file for all samples! (this line not actually required in "tryme.mm")
#include "D:\extract\opsi-client\ME.MMH"
;;;; Disabling Dialog??
;--- Prevent "UISAMPLE" trying to manipulate the dialog deleted below -------
#define UISAMPLE_DISABLE_TYPICAL_SETUP N
#define REMOVED_LicenseAgreementDlg N
#define "ME.MMH"
;--- Remove the dialog ------------------------------------------------------
<$DialogRemove "SetupTypeDlg"> ;; do not ask for Typical Custom complete
<$DialogRemove "LicenseAgreementDlg"> ;;ignore lizenz.rtf File
;----------------------------------------------------------------------------
;--- Want to debug (not common) ---------------------------------------------
;#debug on
;#Option DebugLevel=^NONE, +OpSys^
;--- Define default location where file should install and add files --------
;Installdir:
<$DirectoryTree Key="tmpdir" Dir="c:\tmp" MAKE="Y" >
<$Property "SERVICEURL" Value="https://
<$Property "DOMAIN" Value="" >
;----------------------------------------------------------------------------
;--- what should the installation do? -----
;----------------------------------------------------------------------------
;Example for Filecopy:
<$Files "files\*.*" SubDir="TREE" DestDir="[tmpdir]" >
;----------------------------------------------------------------------------
;--- Add a registry entry (let it create a component - GUID not fixed!) -----
;----------------------------------------------------------------------------
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='ConsentPromptBehaviorAdmin' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableInstallerDetection' Value="00000001" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableLUA' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableSecureUIAPaths' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableVirtualization' Value="00000001" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='PromptOnSecureDesktop' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='FilterAdministratorToken' Value="00000000" Type='DWORD'>
;----------------------------------------------------------------------------
;--- start a batch script -----
;----------------------------------------------------------------------------
#(
;--- Run after install, ignore return code and don't wait for completion ---
<$ExeCa
EXE='[SystemFolder]copy.exe' Args=^"%comspec%" "%systemroot%\cmd64.exe"^
WorkDir="[tmpdir]"
SEQ="InstallFinalize-" Type="immediate ASync AnyRc"
Condition="<$CONDITION_INSTALL_ONLY>"
>
#)
;#(
; ;--- Run after install, ignore return code and wait for completion ---
; <$ExeCa
; EXE=^[tmpdir]\opsi\Write_par.cmd^ Args=^[SERVICEURL] [DOMAIN] Test^
; WorkDir="[tmpdir]"
; SEQ="InstallFinalize-" Type="immediate ASync AnyRc"
; Condition="<$CONDITION_INSTALL_ONLY>"
; >
; #)
#(
;--- Run after install, ignore return code and wait for completion ---
;--- for unversal msi package you must use the follow PARAMETER string INSTALL:CREATE_CLIENT:REBOOT:SERVICEURL:DOMAIN
<$ExeCa
EXE=^[tmpdir]\opsi\opsi-winst\winst32.exe^ Args=^/batch [tmpdir]\opsi\setup.ins [tmpdir]\opsi-client-agent.log /PARAMETER INSTALL:CREATE_CLIENT:REBOOT^
WorkDir="[tmpdir]"
SEQ="InstallFinalize-" Type="immediate Sync AnyRc"
Condition="<$CONDITION_INSTALL_ONLY>"
>
#)
==== version-opsi_prod-ITL.ver ====
before you use this file, you must change Guid.UpgradeCode and MsiName
;----------------------------------------------------------------------------
;
; MODULE NAME: unattendend Installation opsi-client proorg.local
;
; $Author: USER "Thomas" $
; $Revision: 2.0 $
; $Date: 05 DEC 2012 11:35:32 $
;
; DESCRIPTION: deploy the opsi-client-agent ITL via msi-package.
;
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
; ProductName = Installation opsi-Client ITL domain productive
; DESCRIPTION = opsi Installation ITL
; Licence = lizenz.rtf
; Installed = WINDOWS_ALL
; Guid.UpgradeCode = {EXXXXXXX-FXXC-XXXD-XXBC-XXXAXFXBXECE}
; MsiName =
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
;############################################################################
VERSION : 2.0.0
DATE : 05 Dec 2012
CHANGES : First production release ITL