User Tools

Site Tools


userspace:msi-package_opsi-client-agent

official msi-Package opsi-client-agent can be found at

msi-Package opsi-client-agent 4.0.2.1

this is my cusomized setup for opsi-client-agent to deploy himself via GPO over AD. Comments are welcome

TODO: - complete the the parametering install via msi propertys - added a more detailed description ( at the moment, i have a small docu in source-code

this program used MakeMSI(Dennis Bareis) to generate the msi-package Tested with opsi 4.0.2
requiredWinstVersion >= 4.10.8.12
Files can be downloaded at http://www.libe.net/version/MakeMsi_latest_Version.php

By — frisoft_DD 2012/12/21 15:31

Tree:

D:.
├───extended-scripts
├───files
│   ├───opsi
├───out
│   └───OPSI-CLIENT-ITL.mm
│       │
│       └───MSI
└───utils

for developing you copy all files form opsi-server/opsi_depot/opsi-client-agent to yout develop-path on your windows machine

Steps

  1. download and install MakeMSI
  2. copy all the content fron directory opsi-client-agent to your develop directory
  3. copy from the makeMSI - sample directory the files with extention mm and ver
  4. edit the file with extention ver (you must change the guid) for this doing, in the MakeMSI package are an GUID-Generator
  5. edit the file mm with your favorite text - editor
  6. after finish changing all the files click with the right mouse-button on the file mm and select build msi(production)
  7. check on a other machine

Change the following headlines to the names of your scripts

setup.ins

[Actions]
requiredWinstVersion >= "4.10.8.12"
Message=opsi-client-agent installation
ShowBitmap "%scriptpath%\uninst\opsi.png" "opsi-client-agent"
 
; Variables:
; Config Variables with prefixes
; GEN = general
; SHI = share information
; OCD = opsiclientd
; OLB = opsiLoginBlocker
; INST = used while installation
; Script variables with prefix INST
 
;******** installation vars **********
DefVar $INST_AktGina$
DefVar $INST_AllowReboot$
DefVar $INST_Authenticated$
DefVar $INST_BaseDir$
DefVar $INST_Cfgini$
DefVar $INST_ClientExists$
DefVar $INST_ClientId$
DefVar $INST_ComputerName$
DefVar $INST_Debug$
DefVar $INST_DepotServer$
DefVar $INST_DnsDomainName$
DefVar $INST_Error$
DefVar $INST_ExitCode$
DefVar $INST_IPAddress$
DefVar $INST_ImmediateRebootFlag$
DefVar $INST_MAC$
DefVar $INST_MinorOS$
DefVar $INST_NTVersion$
DefVar $INST_Modus$
DefVar $INST_NetBootProductname$
DefVar $INST_NicIndex$
DefVar $INST_NotifierDir$
DefVar $INST_OS$
DefVar $INST_OpensslConfigFile$
DefVar $INST_OpsiClientdCertificateFile$
DefVar $INST_OpsiclientdDir$
DefVar $INST_OpsiclientdConf$
DefVar $INST_OpsiclientdRPCDir$
DefVar $INST_OpsiUtilitiesdDir$
DefVar $INST_ActionProcessorStarterDir$
DefVar $INST_Paramstr$
DefVar $INST_Pcname$
DefVar $INST_RebootFlag$
DefVar $INST_Result$
DefVar $INST_SetAclDir$
DefVar $INST_ServiceName$
DefVar $INST_Service_Password$
DefVar $INST_Service_User$
DefVar $INST_ShortServiceUrl$
DefVar $INST_SubModus$
DefVar $INST_Sysconfini$
DefVar $INST_SystemType$
DefVar $INST_WinstDir$
DefVar $INST_WinstRegKey$
DefVar $INST_gina_to_chain$
; ******************************************************************************
; *** changed ****** for implementing SOPHOS Safe Guard Easy *****************
; *** the changing only needed for OS before Windows Vista *********************
DefVar $INST_sophos$
; *** changed for ITL to implement the DATEV - Login Blocker *******************
DefVar $INST_DATEV$
; ******************************************************************************
DefVar $INST_old_reg_gina_installed$
DefVar $INST_preloginvistaInstalled$
DefVar $INST_preloginloaderInstalled$
DefVar $INST_GinaDll$
DefVar $INST_service_hidden_password$
DefVar $INST_DefaultLoglevel$
DefVar $INST_PasswdLogLevel$
DefVar $INST_ConfigServerIP$
DefVar $INST_ConfigServerPort$
DefVar $INST_ProductType$
DefVar $INST_vcredistx86_installed$
DefVar $INST_uac_level$
DefVar $ProductVersion$
DefVar $INST_tmpstr$
DefVar $INST_create_software_on_demand_menue_entry$
 
 
 
DefVar $INST_SearchKey$
DefVar $INST_SearchValue$
DefVar $INST_SearchResult$
 
DefStringlist $INST_Adapterlist$
DefStringList $INST_ServiceResult$
DefStringList $INST_ResultList$
DefStringList $INST_ResultList2$
DefStringList $INST_ResultList3$
DefStringList $INST_ParamstrList$
 
 
 
;******** Sektion general **********
 
DefVar $GEN_bootmode$
 
 
;******** Sektion shareinfo **********
 
DefVar $SHI_pckey$
 
;******** Sektion opsiclientd **********
 
DefVar $OCD_global.log_level$
DefVar $OCD_config_service.url$
DefVar $OCD_config_service.connection_timeout$
DefVar $OCD_control_server.port$
DefVar $OCD_notification_server.port$
DefVar $OCD_open_firewall_for_control_server$
DefVar $OCD_OpsiVarDir$
; *************************************************************************************************
; added to customizing the installation via msi-parameters
; *************************************************************************************************
DefVar $OCD_Domain$
; *************************************************************************************************
 
;******** Sektion opsiLoginBlocker **********
;DefVar $OLB_ServiceConnectionTimeout$
DefVar $OLB_LogLevel$
DefVar $OLB_LoginBlockerStart$
DefVar $OLB_LoginBlockerTimeoutConnect$
;DefVar $OLB_LoginBlockerTimeoutInstall$
;opsiServiceType=0 (default), 1 (prelogin.exe/pcptch.exe), 2 (opsiclientd)
DefVar $OLB_opsiServiceType$
 
 
;******** Sektion preloginloader **********
 
DefVar $PLG_BaseDir$
DefVar $PLG_CfgDir$
DefVar $PLG_DebugOutput$
DefVar $PLG_PcptchExe$
DefVar $PLG_RebootOnBootmodeReins$
DefVar $PLG_RebootOnServicePackChange$
DefVar $PLG_RunWithUser$
DefVar $PLG_RunWithUserDelay$
DefVar $PLG_RunWithUserPassword$
DefVar $PLG_RunWithUserReboot$
DefVar $PLG_RunWithUserTask$
DefVar $PLG_RunWithUserTaskParms$
DefVar $PLG_RunWithUserUsername$
DefVar $PLG_UtilsDir$
DefVar $PLG_WinstRegKey$
DefVar $PLG_RunServiceAs$
DefVar $PLG_RunServiceAsDom$
DefVar $PLG_RunServiceAsUsr$
DefVar $PLG_RunServiceAsPas$
 
;******** Sektion shareinfo **********
 
DefVar $SHI_pckey_file$
DefVar $SHI_user$
DefVar $SHI_smbusername1$
DefVar $SHI_try_secondary_user$
 
;******** Sektion pcptch **********
 
DefVar $PCP_Bitmap1$
DefVar $PCP_Bitmap2$
DefVar $PCP_button_stopnetworking$
DefVar $PCP_copyDefaultUser$
DefVar $PCP_label1$
DefVar $PCP_label2$
DefVar $PCP_loadBitmap$
DefVar $PCP_makeLocalCopyOfIniFile$
DefVar $PCP_makeLocalWinst$
DefVar $PCP_mountdrive$
DefVar $PCP_opsiServiceURL$
DefVar $PCP_patchleveltyp$
DefVar $PCP_pcprotoname$
DefVar $PCP_opsiServerType$
DefVar $PCP_winstLocalDirectory$
DefVar $PCP_SecsUntilConnectionTimeOut$
DefVar $PCP_pingcheck$
 
 
 
;******** Sektionen Ende **********
 
;*********************************************************
; static initial values for variables
;*********************************************************
 
Set $INST_Debug$ = "off"
 
Set $INST_AktGina$ = ""
set $INST_service_hidden_password$ =""
Set $INST_AllowReboot$ = "true"
Set $INST_BaseDir$   = "%ProgramFilesDir%\opsi.org\opsi-client-agent"
Set $INST_OpsiclientdDir$   = $INST_BaseDir$+"\opsiclientd"
Set $INST_OpsiUtilitiesdDir$   = $INST_BaseDir$+"\utilities"
Set $INST_Cfgini$ = "%ScriptPath%\cfg\config.ini"
Set $INST_DepotServer$ = ""
Set $INST_IPAddress$ = ""
Set $INST_ImmediateRebootFlag$ = ""
Set $INST_MAC$ = ""
Set $INST_NetBootProductname$ = ""
Set $INST_NicIndex$ = ""
Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier"
Set $INST_OpensslConfigFile$ = "c:\tmp\opsiclientd.cnf"
Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"\opsiclientd.pem"
Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf"
Set $INST_OpsiclientdRPCDir$ = $INST_BaseDir$+"\opsiclientd_rpc"
Set $INST_ActionProcessorStarterDir$ = $INST_BaseDir$+"\action_processor_starter"
Set $INST_Pcname$ = EnvVar ("COMPUTERNAME")
Set $INST_RebootFlag$ = ""
Set $INST_Service_Password$ = "pcpatch"
Set $INST_Service_User$ = "pcpatch"
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.3.0\SetACL 2.3.0\Command line version\x86"
; The setacl.exe 2.3.0 hangs some times
Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$
;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
Set $INST_Sysconfini$ = "%ScriptPath%\cfg\sysconf.ini"
Set $INST_SystemType$ = GetSystemType
Set $INST_WinstDir$   = $INST_BaseDir$+"\opsi-winst"
Set $INST_WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst"
set $INST_gina_to_chain$ = "msgina.dll"
Set $INST_preloginvistaInstalled$ = 'false'
set $INST_preloginloaderInstalled$ = 'false'
if $INST_debug$ = "off"
	set $INST_DefaultLoglevel$ = "7"
	Set $INST_PasswdLogLevel$="7"
else
	set $INST_DefaultLoglevel$ = "6"
	comment " set $INST_PasswdLogLevel$ to 2 for production"
	Set $INST_PasswdLogLevel$="2"
endif
set $ProductVersion$ = "%installingProdVersion%"
set $OCD_OpsiVarDir$ = "c:\opsi.org"
set $INST_uac_level$ = "2"
set $INST_create_software_on_demand_menue_entry$ = "true"
 
set $INST_sophos$ = "0"
set $INST_DATEV$ = "0"
 
SetLogLevel=$INST_DefaultLoglevel$
 
 
 
 
;******** Sektion general **********
 
Set $GEN_bootmode$    = "BKSTD"
 
 
;******** Sektion opsiclientd **********
 
Set $OCD_config_service.url$         = ""
set $OCD_config_service.connection_timeout$ = "10"
 
Set $OLB_LoginBlockerStart$          = "1"
Set $OLB_LoginBlockerTimeoutConnect$ = "120"
;Set $OLB_LoginBlockerTimeoutInstall$ = "180"
Set $OLB_opsiServiceType$            = "2"
 
;******** Sektion prelogin **********
Set $PLG_UtilsDir$ = $INST_BaseDir$+"\prelogin"
 
;******** Sektion preloginloader **********
 
Set $PLG_BaseDir$                    = $INST_BaseDir$
Set $PLG_UtilsDir$                   = $PLG_BaseDir$+"\prelogin"
Set $PLG_CfgDir$                     = $PLG_BaseDir$+"\cfg"
Set $PLG_DebugOutput$                = "0"
Set $PLG_PcptchExe$                  = $PLG_UtilsDir$+"\pcptch.exe"
Set $PLG_RebootOnBootmodeReins$      = "1"
Set $PLG_RebootOnServicePackChange$  = "1"
Set $PLG_RunWithUser$                = "0"
Set $PLG_RunWithUserDelay$           = "1000"
Set $PLG_RunWithUserPassword$        = ""
Set $PLG_RunWithUserReboot$          = "0"
Set $PLG_RunWithUserTask$            = ""
Set $PLG_RunWithUserTaskParms$       = ""
Set $PLG_RunWithUserUsername$        = "pcpatch"
Set $PLG_WinstRegKey$                = "SOFTWARE\opsi.org\winst"
Set $PLG_RunServiceAs$               = "1"
Set $PLG_RunServiceAsDom$            = ""
Set $PLG_RunServiceAsUsr$            = ""
Set $PLG_RunServiceAsPas$            = ""
 
 
;******** Sektion shareinfo **********
 
Set $SHI_pckey$       = ""
Set $SHI_pckey_file$  = $PLG_CfgDir$+"\locked.cfg"
Set $SHI_user$        = ""
Set $SHI_smbusername1$= ""
Set $SHI_try_secondary_user$="0"
 
 
;******** Sektion pcptch **********
 
Set $PCP_Bitmap1$                = ""
Set $PCP_Bitmap2$                = ""
Set $PCP_button_stopnetworking$  = ""
Set $PCP_copyDefaultUser$        = ""
Set $PCP_label1$                 = ""
Set $PCP_label2$                 = ""
Set $PCP_loadBitmap$             = ""
Set $PCP_makeLocalCopyOfIniFile$ = ""
Set $PCP_makeLocalWinst$         = ""
Set $PCP_mountdrive$             = ""
Set $PCP_opsiServiceURL$ 	  = ""
Set $PCP_patchleveltyp$          = ""
Set $PCP_pcprotoname$            = ""
Set $PCP_opsiServerType$ 		  = "service"
Set $PCP_winstLocalDirectory$    = $INST_WinstDir$
Set $PCP_SecsUntilConnectionTimeOut$ = "180"
Set $PCP_pingcheck$		= ""
 
 
;******** Sektionen Ende **********
 
;*********************************************************
; Let's work
;*********************************************************
 
set $INST_OS$ = GetOS
set $INST_MinorOS$ = GetNTVersion
set $INST_NTVersion$ = GetMsVersionInfo
set $INST_Resultlist$ = getMSVersionMap
set $INST_ProductType$ = getValue("product_type_nr",$INST_Resultlist$)
set $INST_vcredistx86_installed$ = "false"
if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] DisplayVersion") = "9.0.30729.4148"
	comment "vcredistx86 Version 9.0.30729.4148 is installed"
	set $INST_vcredistx86_installed$ = "true"
endif
if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}] DisplayVersion") = "9.0.21022"
	comment "vcredistx86 Version 9.0.21022 is installed"
	set $INST_vcredistx86_installed$ = "true"
endif
 
if $INST_NTVersion$ <= "4"
	logError "Installation aborted: wrong OS version: only win2k and above alowed"
	isFatalError
endif
 
if not (HasMinimumSpace ("%systemdrive%", "10 MB"))
	logError "Not enough space on drive %systemdrive% (we need 10 MB): Aborting"
	isFatalError
endif
 
;if ($INST_NTVersion$ = "6.1") and ($INST_ProductType$ > "1") and ($INST_SystemType$ = "64 Bit System") and ($INST_vcredistx86_installed$ = "false")
;	LogError "we are on 2008r2 and vcredist is not installed - please install vcredist32 manually before installing opsi-client-agent"
;	isFatalError
;	;;;DosInAnIcon_open_winsxs
;endif
 
if $INST_vcredistx86_installed$ = "false"
	comment "vc_redist not found - install it"
		comment "install via msi"
		ExecWith_autoit_vc_redist "%SCRIPTPATH%\autoit3.exe" WINST /letThemGo /EscapeStrings
		Winbatch_vc_redist_msi
		Sub_check_exitcode
		killtask "autoit3.exe"
endif
 
;*********************************************************
comment "set mode"
;*********************************************************
 
Set $INST_Paramstr$=PARAMSTR
set $INST_ParamstrList$ = splitstring($INST_Paramstr$, ":")
 
comment "Modus normally set by commandline argument"
Set $INST_MODUS$=takestring(0,$INST_ParamstrList$)
Set $INST_SubModus$=takestring(1,$INST_ParamstrList$)
Set $INST_tmpstr$ = takestring(2,$INST_ParamstrList$)
if lower(trim($INST_tmpstr$)) = "noreboot"
	Set $INST_AllowReboot$ = "false"
else
	if lower(trim($INST_tmpstr$)) = "reboot"
		Set $INST_AllowReboot$ = "true"
	endif
endif
;**************************************************************************************************
; at this point, we can add the additional parameters for customizing the installation 
; here we patch the domain and the opsi-server-url
; so , in this case we can installed any client in a multi-domain and multi-server-environment
;**************************************************************************************************
Set $OCD_config_service.url$ = takestring(3,$INST_ParamstrList$)
Set $OCD_Domain$ = takestring(4,$INST_ParamstrList$)
; *************************************************************************************************
 
comment "old Modes are remaped for backward compatibility"
if $INST_MODUS$ = "LOCAL"
	Set $INST_MODUS$="INSTALL"
endif
if $INST_MODUS$ = "LOCAL_REINSTALL"
	Set $INST_MODUS$="INSTALL"
endif
if $INST_MODUS$ = "SERVICE_INTERACTIVE"
	Set $INST_MODUS$="INSTALL"
	Set $INST_SubModus$="CREATE_CLIENT"
endif
if $INST_MODUS$ = "TFTP"
	Set $INST_MODUS$="INSTALL"
	Set $INST_SubModus$="BOOTIMAGE"
endif
 
comment "default submode of INSTALL is CONFIG_INI"
if $INST_MODUS$ = "INSTALL"
	if $INST_SubModus$ = ""
		Set $INST_SubModus$="CONFIG_INI"
	endif
endif
 
comment "map Mode REMOTEDEPLOY"
if $INST_MODUS$ = "REMOTEDEPLOY"
	Set $INST_MODUS$="INSTALL"
	Set $INST_SubModus$="CONFIG_INI"
	Set $INST_AllowReboot$ = "false"
endif
 
comment "if no commandline argument we default to update"
if $INST_MODUS$ = ""
	Set $INST_MODUS$="UPDATE"
endif
 
;if ($INST_MODUS$ = "UPDATE")
;	if GetProductProperty("forceConfigurationUpdate","off") = "on"
;		Set $INST_MODUS$="INSTALL"
;	endif
;endif
 
if $INST_SubModus$ = "BOOTIMAGE"
	comment "do not reboot in BOOTIMAGE mode because:"
	comment "    opsi-client-agent installation is part of the postinst.d mechanism"
	comment "    if the machine reboots no script will run after the opsi-client-agent script"
	Set $INST_AllowReboot$ = "false"
else
	Set $INST_AllowReboot$ = GetProductProperty("allow_reboot", $INST_AllowReboot$)
endif
 
sub_read_configuration
sub_copy_files
sub_write_configuration
sub_set_installation_status
 
comment "changing/customizing the UI to ********* CI "
; change ******** to customize the loginblocker - UI
; **********************************************************************************
sub "%ScriptPath%\Update_sub.ins"
; **********************************************************************************
comment "all is done but make a reboot after terminating with the script"
sub_clean_up
 
if ($INST_AllowReboot$ = "true")
	ExitWindows /Reboot
endif
 
 
;******************************End main action***************************************
;*********************************************************************
;*********************************************************************
 
[DosInAnIcon_open_winsxs]
takeown /r /f c:\windows\winsxs
"%SCRIPTPATH%\xcacls" c:\windows\winsxs /t /e /g %USERNAME%:F /y
move C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.orig
 
;*****************************start of main sub sections ****************************************
 
;***************************read configuration***************************************
 
[sub_read_configuration]
comment "get installed gina"
; *** delete the reading processes from the main file and outsourcing in a sub process *********
sub "%ScriptPath%\Read_Gina.ins"
; **********************************************************************************************
Set $GEN_bootmode$    	 = GetValueFromInifile($INST_cfgini$, "general", "bootmode", $GEN_bootmode$)
 
comment "Getting dns domain from config file"
Set $INST_DnsDomainName$ = GetValueFromInifile($INST_cfgini$, "general", "dnsdomain", $INST_DnsDomainName$)
if ($INST_DnsDomainName$ = "")
	comment "Failed to get dns from config file, trying dns domain from wmic"
	Set $INST_ResultList$ = getOutStreamFromSection("DosInAnIcon_getDnsByWmic")
	Set $INST_DnsDomainName$ = TakeString(1,splitString(TakeString(0,$INST_ResultList$),"="))
endif
 
; dont log the pckey
SetLogLevel=$INST_PasswdLogLevel$
Set $SHI_pckey$ = GetValueFromInifile($INST_cfgini$, "shareinfo", "pckey", "")
; start logging again
SetLogLevel=$INST_DefaultLoglevel$
 
Set $OCD_global.log_level$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "global.log_level", $OCD_global.log_level$)
Set $OCD_config_service.url$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", $OCD_config_service.url$)
Set $OCD_config_service.connection_timeout$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.connection_timeout", $OCD_config_service.connection_timeout$)
Set $OCD_control_server.port$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "control_server.port", $OCD_control_server.port$)
Set $OCD_notification_server.port$ 	    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "notification_server.port", $OCD_notification_server.port$)
Set $OCD_open_firewall_for_control_server$  = GetValueFromInifile($INST_cfgini$, "opsiclientd", "open_firewall_for_control_server", $OCD_open_firewall_for_control_server$)
Set $OLB_LogLevel$ 			    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LogLevel", $OLB_LogLevel$)
Set $OLB_LoginBlockerStart$          	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerStart", $OLB_LoginBlockerStart$)
Set $OLB_LoginBlockerTimeoutConnect$	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutConnect", $OLB_LoginBlockerTimeoutConnect$)
;Set $OLB_ServiceConnectionTimeout$ 	    = $OLB_LoginBlockerTimeoutConnect$
;Set $OLB_LoginBlockerTimeoutInstall$	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutInstall", $OLB_LoginBlockerTimeoutInstall$)
;Set $OLB_opsiServiceType$	             GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "opsiServiceType", "")
 
; change value given by config.ini only if property present
if GetProductProperty ("LoginBlockerStart","") = "on"
	Set $OLB_LoginBlockerStart$ = "1"
endif
if GetProductProperty ("LoginBlockerStart","") = "off"
	Set $OLB_LoginBlockerStart$ = "0"
endif
 
Set $INST_Service_User$          	= GetValueFromInifile($INST_cfgini$, "installation", "service_user", $INST_Service_User$)
Set $INST_Service_Password$      	= GetValueFromInifile($INST_cfgini$, "installation", "service_password", $INST_Service_Password$)
Set $INST_service_hidden_password$      	= GetValueFromInifile($INST_cfgini$, "installation", "service_hidden_password", $INST_service_hidden_password$)
 
if not ($INST_service_hidden_password$ = "")
	SetLogLevel=$INST_PasswdLogLevel$
	Set $INST_Service_Password$ = base64DecodeStr($INST_service_hidden_password$)
	SetLogLevel=$INST_DefaultLoglevel$
endif
 
; ******* sysconfini wird bei PXE-basierter Grundinstallation vom Bootimage angelegt.
if (FileExists ($INST_sysconfini$))
	DefVar $DepotUrl$
	Set $INST_NetBootProductname$ = GetValueFromInifile($INST_sysconfini$, "general", "productid", $INST_NetBootProductname$)
	Set $INST_pcname$             = GetValueFromInifile($INST_sysconfini$, "general", "pcname", $INST_pcname$)
	Set $INST_DnsDomainName$      = GetValueFromInifile($INST_sysconfini$, "general", "dnsdomain", $INST_DnsDomainName$)
	Set $DepotUrl$                = GetValueFromInifile($INST_sysconfini$, "general", "depoturl", $DepotUrl$)
	set $INST_DepotServer$ = takeString(2,splitString($DepotUrl$,"/"))
endif
 
if $INST_pcname$ = ""
	set $INST_pcname$ = %pcname%
endif
Set $INST_pcname$ = lower($INST_pcname$)
if not ($INST_DnsDomainName$ = "")
	Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
endif
 
if $GEN_bootmode$ = ""
	Set $GEN_bootmode$ = "BKSTD"
endif
 
if $INST_Modus$ = "INSTALL"
	if $INST_SubModus$ = "BOOTIMAGE"
		Set $GEN_bootmode$    = "REINS"
	endif ; BOOTIMAGE
 
	if $INST_SubModus$ = "CREATE_CLIENT"
		sub_sub_create_client
	endif ; CREATE_CLIENT
endif ; INSTALL  
 
if (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
	; dont log the pckey
	SetLogLevel=$INST_PasswdLogLevel$
	if FileExists ($INST_OpsiclientdConf$)
		Set $SHI_pckey$       = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "opsi_host_key", $SHI_pckey$)
		Set $INST_ClientId$   = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "host_id", $INST_ClientId$)
		Set $INST_pcname$     = TakeString(0,SplitString($INST_ClientId$,"."))
	else
		if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf")
			Set $SHI_pckey$       = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "opsi_host_key", $SHI_pckey$)
			Set $INST_ClientId$   = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "host_id", $INST_ClientId$)
			Set $INST_pcname$     = TakeString(0,SplitString($INST_ClientId$,"."))
		else
			if FileExists ($INST_BaseDir$+"\cfg\locked.cfg")
				Set $SHI_pckey$       = GetvalueFromInifile($INST_BaseDir$+"\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
			else
				if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg")
					Set $SHI_pckey$       = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
				else
					SetLogLevel=$INST_DefaultLoglevel$
					logError "pckey not found - please reinstall opsi-client-agent"
					isFatalError
				endif
			endif
		endif
	endif
	; start logging again
	SetLogLevel=$INST_DefaultLoglevel$
endif
set $INST_uac_level$ = GetProductProperty ("UAC_level", $INST_uac_level$)
set $INST_create_software_on_demand_menue_entry$ = GetProductProperty ("create_software_on_demand_menue_entry", $INST_create_software_on_demand_menue_entry$)
 
if $INST_MAC$ = ""
	sub_sub_try_to_get_my_mac
endif
 
if ($INST_DepotServer$ = "")
	sub_sub_get_depot_netbiosname
endif
sub_sub_read_preloginvista_installation_state
sub_sub_read_preloginloader_installation_state
 
; show what we have
comment "$INST_AllowReboot$ -> "+               $INST_AllowReboot$
comment "$INST_BaseDir$ -> "+                   $INST_BaseDir$
comment "$INST_Cfgini$ -> "+                    $INST_Cfgini$
comment "$INST_ClientExists$ -> "+              $INST_ClientExists$
comment "$INST_ClientId$ -> "+                  $INST_ClientId$
comment "$INST_ComputerName$ -> "+              $INST_ComputerName$
comment "$INST_Debug$ -> "+                     $INST_Debug$
comment "$INST_DepotServer$ -> "+               $INST_DepotServer$
comment "$INST_DnsDomainName$ -> "+             $INST_DnsDomainName$
comment "$INST_IPAddress$ -> "+                 $INST_IPAddress$
comment "$INST_ImmediateRebootFlag$ -> "+       $INST_ImmediateRebootFlag$
comment "$INST_MAC$ -> "+                       $INST_MAC$
comment "$INST_MinorOS$ -> "+                   $INST_MinorOS$
comment "$INST_Modus$ -> "+                     $INST_Modus$
comment "$INST_NetBootProductname$ -> "+        $INST_NetBootProductname$
comment "$INST_NicIndex$ -> "+                  $INST_NicIndex$
comment "$INST_NotifierDir$ -> "+               $INST_NotifierDir$
comment "$INST_NTVersion$ -> "+                 $INST_NTVersion$
comment "$INST_ProductType$ -> "+               $INST_ProductType$
comment "$INST_OS$ -> "+                        $INST_OS$
comment "$INST_OpensslConfigFile$ -> "+         $INST_OpensslConfigFile$
comment "$INST_OpsiClientdCertificateFile$ -> "+$INST_OpsiClientdCertificateFile$
comment "$INST_OpsiclientdDir$ -> "+            $INST_OpsiclientdDir$
comment "$INST_OpsiclientdConf$ -> "+           $INST_OpsiclientdConf$
comment "$INST_OpsiclientdRPCDir$ -> "+         $INST_OpsiclientdRPCDir$
comment "$INST_ActionProcessorStarterDir$ -> "+ $INST_ActionProcessorStarterDir$
comment "$INST_Paramstr$ -> "+                  $INST_Paramstr$
comment "$INST_Pcname$ -> "+                    $INST_Pcname$
comment "$INST_RebootFlag$ -> "+                $INST_RebootFlag$
comment "$INST_Result$ -> "+                    $INST_Result$
comment "$INST_SYSTEMDRIVE$ -> "+               $INST_SYSTEMDRIVE$
comment "$INST_SYSTEMROOT$ -> "+                $INST_SYSTEMROOT$
comment "$INST_SYSTEMSYS$ -> "+                 $INST_SYSTEMSYS$
comment "$INST_ServiceName$ -> "+               $INST_ServiceName$
comment "$INST_Service_User$ -> "+              $INST_Service_User$
comment "$INST_service_hidden_password$ -> "+   $INST_service_hidden_password$
if not ($INST_service_hidden_password$ = "")
	SetLogLevel=$INST_PasswdLogLevel$
	comment "$INST_Service_Password$ -> "+          $INST_Service_Password$
	SetLogLevel=$INST_DefaultLoglevel$
endif
 
comment "$INST_ShortServiceUrl$ -> "+           $INST_ShortServiceUrl$
comment "$INST_SubModus$ -> "+                  $INST_SubModus$
comment "$INST_Sysconfini$ -> "+                $INST_Sysconfini$
comment "$INST_SystemType$ -> "+                $INST_SystemType$
comment "$INST_WinstDir$ -> "+                  $INST_WinstDir$
comment "$INST_WinstRegKey$ -> "+               $INST_WinstRegKey$
comment "$INST_AktGina$ -> "+                   $INST_AktGina$
comment "$INST_gina_to_chain$ -> "+             $INST_gina_to_chain$
 
comment "$INST_preloginvistaInstalled$ -> "+    $INST_preloginvistaInstalled$
comment "$INST_preloginloaderInstalled$ -> "+   $INST_preloginloaderInstalled$
comment "$INST_vcredistx86_installed$ -> "+     $INST_vcredistx86_installed$
comment "$INST_uac_level$ -> "+                 $INST_uac_level$
comment "$INST_create_software_on_demand_menue_entry$ -> "+  $INST_create_software_on_demand_menue_entry$
 
;******** Sektion general **********      
 
comment "$GEN_bootmode$ -> "+                   $GEN_bootmode$
 
;******** Sektion shareinfo **********         
if  ($INST_debug$ = "on")
	comment "$SHI_pckey$ -> "+$SHI_pckey$
endif
 
;******** Sektion opsiclientd **********     
 
comment "$OCD_global.log_level$ -> "+                   $OCD_global.log_level$
comment "$OCD_config_service.url$ -> "+                 $OCD_config_service.url$
comment "$OCD_config_service.connection_timeout$ -> "+  $OCD_config_service.connection_timeout$
comment "$OCD_control_server.port$ -> "+                $OCD_control_server.port$
comment "$OCD_open_firewall_for_control_server$ -> "+   $OCD_open_firewall_for_control_server$
comment "$OCD_notification_server.port$ -> "+           $OCD_notification_server.port$
 
;******** Sektion opsiLoginBlocker **********   
;comment "$OLB_ServiceConnectionTimeout$ -> "+           $OLB_ServiceConnectionTimeout$
comment "$OLB_LogLevel$ -> "+                           $OLB_LogLevel$
comment "$OLB_LoginBlockerStart$ -> "+                  $OLB_LoginBlockerStart$
comment "$OLB_LoginBlockerTimeoutConnect$ -> "+         $OLB_LoginBlockerTimeoutConnect$
;comment "$OLB_LoginBlockerTimeoutInstall$ -> "+         $OLB_LoginBlockerTimeoutInstall$
comment "$OLB_opsiServiceType$ -> "+                    $OLB_opsiServiceType$
 
;******** Sektion prelogin **********
comment "$PLG_UtilsDir$ -> "+                           $PLG_UtilsDir$
 
 
;*********************************************************************
 
 
 
[sub_sub_create_client]
if ($OCD_config_service.url$ = "")
	set $OCD_config_service.url$ = "https://<opsiserver>:4447"
endif
 
comment "Connect to service....."
markErrorNumber
opsiservicecall_authenticated 
if errorsOccuredSinceMark > 0
	set $INST_error$ = "true"
	comment "was not authenticated -> retry scripted login by default user/password"
else
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
endif 
if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true") 
	comment "was not authenticated as admin-> retry scripted login by default user/password"
	markErrorNumber
	set $INST_error$ = "false"
	SetLogLevel=$INST_PasswdLogLevel$
	opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
	SetLogLevel=$INST_DefaultLoglevel$
	if errorsOccuredSinceMark > 0
		set $INST_error$ = "true"
		comment "scripted login by default user/password failed -> retry interactive"
	else
		markErrorNumber
		Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
		if errorsOccuredSinceMark > 0
			set $INST_error$ = "true"
			comment "check for user is admin failed failed -> retry interactive"
		endif
	endif	
	if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
		set $INST_error$ = "false"
		;markErrorNumber
		SetLogLevel=$INST_PasswdLogLevel$
		opsiservicecall_authenticated /interactive /serviceurl $OCD_config_service.url$
		SetLogLevel=$INST_DefaultLoglevel$
		; we don't check for errors because /interactive loops at wrong logins
		; and increment errors
		;if errorsOccuredSinceMark > 0
		;  set $INST_error$ = "true"
		;  comment "interactive login by default user/password failed -> retry interactive"
		;else
		;  Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
		;endif
		markErrorNumber
		Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
		if errorsOccuredSinceMark > 0
			set $INST_error$ = "true"
			comment "check for user is admin failed failed -> abort"
		endif
		if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
			logerror "No admin login"
			pause "Error: No admin login - exiting"
			isFatalError
		endif
	else
		;comment "logged in as admin"
	endif
endif
comment "logged in as admin"
 
comment "get MAC and IP for Service connection"
sub_sub_try_to_get_my_mac
 
if ($INST_DnsDomainName$ = "")
    comment "*** Get domain ***"
    Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDomain')
    Set $INST_DnsDomainName$ = takestring(0, $INST_ServiceResult$)
endif
 
comment "*** does the client exist? ***"
Set $INST_pcname$ = lower($INST_pcname$)
Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
 
if ("" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getClientIds_list'), $INST_ClientId$))
	 comment "*** Create client ***"
	 Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
endif
 
; *** Get active service url ***
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkconfig_hash')
set $OCD_config_service.url$ = takestring(1, splitString(takeFirstStringContaining($INST_ServiceResult$,"nextBootServiceURL"), '='))
if $OCD_config_service.url$ = ""
	Set $OCD_config_service.url$ = GetvalueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", "")
endif
 
; *** Get hostkey1 ***
	SetLogLevel=$INST_PasswdLogLevel$
markErrorNumber
Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
SetLogLevel=$INST_DefaultLoglevel$
if errorsOccuredSinceMark > 0
	; *** Get hostkey1 ***
	SetLogLevel=$INST_PasswdLogLevel$
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
	markErrorNumber
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
	if errorsOccuredSinceMark > 0
		LogError "Could not get hostkey - aborting"
		Pause "Could not get hostkey - aborting"
		isFatalError
	else
		Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
		SetLogLevel=$INST_DefaultLoglevel$
	endif
endif
 
;********************** end read configuration ******************************      
 
;***************************copy files***************************************
[sub_copy_files]
DosInAnIcon_Stop_Preloginloader_Service
Registry_DeletePreloginloader
if ($INST_Modus$ = "INSTALL")
	comment "clean all up"
	if FileExists($INST_BaseDir$+"\")
		comment "Stopping and removing existing services...."
		DosInAnIcon_Stop_opsiclientd_Service
		DosInAnIcon_unregister_opsiclientd_service
		Registry_DeleteOpsiclientd
		comment "Deleting old files...."
		Files_Delete_OCA_BaseDir
	endif
endif ; INSTALL
markErrorNumber
Files_copy_winst
Files_copy_uninst
if errorsOccuredSinceMark > 0
	comment "copy failed - let us abort"
	logerror "Copy of files are failed -exiting"
	pause "Error: Copy of files are failed - Try again after reboot - aborting"
	isFatalError
endif
 
if ($INST_SystemType$ = "64 Bit System") and ($INST_NTVersion$ < "6")
	comment "we need vc_redist X64 at xp64 and 2003x64 to run the loginblocker"
	Winbatch_vc_redist_exe_64
	;Sub_check_exitcode
	comment "Test for installation success via exit code"
	set $INST_ExitCode$ = getLastExitCode
	if not (($INST_ExitCode$ = "0") or ($INST_ExitCode$ = "1603"))
		comment "installation seems to be failed - lets try with msi"
		Winbatch_vc_redist_msi_64
		;Sub_check_exitcode
	endif
endif
 
 
comment "installing opsiclientd py2exe files and required libraries"
Files_copy_py2exe
comment "install openssl ...."
Files_copy_shining_light_OpenSSL_exe
;http://innounp.sourceforge.net/
DosInAnIcon_shining_light_OpenSSL_unpack
Files_copy_shining_light_OpenSSL_files
Registry_shining_light_OpenSSL
if (FileExists($INST_BaseDir$+"\utils") or FileExists($INST_BaseDir$+"\prelogin"))
	comment "removing detected old prelogin files..."
	DosInAnIcon_Stop_Preloginloader_Service
	Registry_DeletePreloginloader
	Files_del_utils
	Files_del_prelogin
endif
 
comment "copying loginblocker"
if $INST_NTVersion$ >= "6.0"
	if ($INST_SystemType$ = "64 Bit System")
		Files_copy_vista_loginblocker_64 /Sysnative
	else
		Files_copy_vista_loginblocker_32
		Files_del_cmd64
	endif
endif
 
if $INST_NTVersion$ < "6.0"
	if ($INST_SystemType$ = "64 Bit System")
		Files_copy_xp_loginblocker_64
	else
		if $INST_NTVersion$ = "5.0"
			Files_copy_xp_loginblocker_win2k
			;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.2.0\SetACL 2.2.0\Command line version\x86"
			Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ 
			;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
		else
			Files_copy_xp_loginblocker_32
		endif
		Files_del_cmd64
	endif
endif
 
;**************************** end copy files *****************************************
 
;***************************write configuration***************************************
[sub_write_configuration]
if $INST_Modus$ = "INSTALL"
	Registry_SetGeneralEntries
	if ($INST_debug$ = "on") 
		Files_save_config_for_debug
	endif 
 
	;if $INST_MinorOS$ = "WinXP"
	if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
		if $INST_AktGina$ = ""
			Registry_SetRemoveMsginaOnDeinst
		endif
	endif ; winxp
endif ; INSTALL  
 
;*********************************************************
comment "configurations we do also at update mode"
;*********************************************************
comment "uninstall registry entries"
Registry_SetUninstallEntries
comment "standard registry entries"
Registry_SetGeneralEntries
comment "add registry key for shutdown requests"
Registry_add_shutdown_key
comment "make all depotshares trusted for the 32 Bit opsi-client-agent"
comment "get all depot servers :"
if $INST_SubModus$ = "BOOTIMAGE"
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$')
else
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares')
endif 
comment " take the string :"
set $INST_Result$ = takeString(0, $INST_ServiceResult$)
comment " remove trailing brackets and quote :"
set $INST_Result$ = takeString(0, splitstring($INST_Result$,'"]'))
comment " remove heading brackets and quote :"
set $INST_Result$ = takeString(1, splitstring($INST_Result$,'["'))
comment " split servers in to list :"
set $INST_ResultList$ = splitstring($INST_Result$,'","')
comment "write all depots to the registry :"
for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted
for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted /Sysnative
comment "get netbiosnames from depots :"
comment "first clear the resultlist:"
set $INST_ResultList2$ = getsubList(0:0,$INST_ResultList2$)
; this is a dirty hack. It is used until we can ask host_getObjects with filter
; so we assume, that the first part of the fqdn is identical with the netbiosname
for %depotId% in $INST_ResultList$ do set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted
for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted /Sysnative
 
comment "tell server my mac address"
if not ($INST_MAC$ = "")
	opsiservicecall_setMacAddress
endif
comment "Open c:\tmp worldwide writable"
Files_create_ctmp
DosInAnIcon_open_ctmp
comment "create c:\opsi.org"
Files_create_c_opsiorg
comment "lock c:\opsi.org -> for administrators only"
DosInAnIcon_lock_c_opsiorg
 
Patches_opsiclientd_conf_rest $INST_OpsiclientdConf$
if not (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
	comment "dont log the pckey"
	SetLogLevel=$INST_PasswdLogLevel$
	Patches_opsiclientd_conf_key $INST_OpsiclientdConf$
	comment "start logging again"
	SetLogLevel=$INST_DefaultLoglevel$
endif
Patches_opsiclientd_cnf $INST_opensslConfigFile$
DosInAnIcon_generate_opsiclientdCertificate
DosInAnIcon_opsiclientd_register_service_exe
comment "set start to auto (2) if it was deactivated (4)"
Registry_ActivateOpsiclientd
if ($INST_NTVersion$ = "5.0")
else
	if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
	else
		if ($INST_NTVersion$ >= "6.0")
		  comment "setting UAC Level to: "+$INST_uac_level$
			if $INST_uac_level$ = "1"
				Registry_UAC_on_1 /Sysnative
			else
				if $INST_uac_level$ = "2"
					Registry_UAC_on_2 /Sysnative
			  else
			  	if $INST_uac_level$ = "3"
			  		Registry_UAC_on_3 /Sysnative
			  	else
			  		if $INST_uac_level$ = "4"
			  			Registry_UAC_on_4 /Sysnative
			  		else
			  			LogWarning("no or unknown $INST_uac_level$ set: "+$INST_uac_level$)
			  		endif
			  	endif
			  endif
			endif				
		  ;Registry_UAC_on_special /Sysnative
			;Registry_UAC_off /Sysnative
		else
			LogError "unknown OS: "+$INST_MinorOS$+ " Version: "+$INST_NTVersion$
		endif
	endif
endif
if $OCD_open_firewall_for_control_server$ = "1"
	if ($INST_NTVersion$ >= "6.0")
		DosInAnIcon_open_firewall_for_control_server_nt6
	else
		DosInAnIcon_open_firewall_for_control_server
	endif
else
	if ($INST_NTVersion$ >= "6.0")
		DosInAnIcon_close_firewall_for_control_server_nt6
	else
		DosInAnIcon_close_firewall_for_control_server
	endif
endif
;;; comment "enable login logging - needed to detect logins by wmi"
;;; comment "export the existing policy"
;;; ;DosInAnIcon_export_security_policy
;;; comment "patch the exported policy: login monitoring: success,failed"
;;; ;Patches_secedit_pll "c:\tmp\secedit_pll.ini"
;;; comment "reimport the patched policy"
;;; ;DosInAnIcon_enable_login_looging
;;; DosInAnIcon_auditpol_enable_login_looging
comment "disable Data Execution Prevention (DEP) for opsiclientd.exe"
comment "This should be prevent problems on win2003"
DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy
Registry_disable_dep_opsiclientd /Sysnative
comment "make opsiclientd depending ond dhcp and dnscache services"
Registry_opsiclientd_Service_depend_dhcp_dns
 
if ($INST_NTVersion$ >= "6.0")
	if $OLB_LoginBlockerStart$ = "1"
		Registry_vista_loginblocker /Sysnative
	else
		Registry_vista_del_loginblocker /Sysnative
	endif
endif ; win vista
 
;if ($INST_MinorOS$ = "WinXP") or ($INST_MinorOS$ = "Win2k")
if ($INST_NTVersion$ < "6.0")
	if $OLB_LoginBlockerStart$ = "1"
		Registry_opsigina_opsi_Config /Sysnative
		Registry_set_loginblocker_start /Sysnative
	else
		Registry_set_loginblocker_start /Sysnative
	endif ; loginblocker start
	if ($INST_SystemType$ = "64 Bit System")
		winbatch_test_opsigina_64
	else
		winbatch_test_opsigina_32
	endif
	set $INST_ExitCode$ = getLastExitCode
	if $INST_ExitCode$ = "0"
		comment "opsigina test passed - install it"
; *** changed to implement the SOPHOS SafeGuard Engine and DATEV (for ITL) **************
		sub "%ScriptPath%\write_Gina.ins"
; ***************************************************************************************
	else
		LogError "opsigina test failed, so we don't install it. Test Exitcode was: " + $INST_ExitCode$
	endif
endif ; winXP
comment "protect opsi-clientagent against non administrative manipulations"
DosInAnIcon_lock_opsiclientagent
;comment "do the lock on every installation"
;DosInAnIcon_lock_opsiclientd_conf
 
if $INST_create_software_on_demand_menue_entry$ = "true"
	opsiservicecall_setOption_addConfigStateDefaults_true
	Set $INST_ResultList$ = getReturnListFromSection('opsiservicecall_get_configState_software-on-demand.active')
	if (TakeString(0,SplitString(TakeString(1,SplitString(TakeString(0,$INST_ResultList$), '"values":[')), ']')) = "true")
		LinkFolder_install_softwareOnDemand
	endif
else
	LinkFolder_uninstall_softwareOnDemand
endif
 
;*****************************end write configuration****************************************
 
;*****************************clean up****************************************
 
[sub_clean_up]
if fileExists("c:\tmp\opsi")
 Files_Delete_ctmpopsi
endif
if fileExists("c:\tmp\opsi-client-agent")
 Files_Delete_ctmpopsi-client-agent
endif
if fileExists("c:\tmp\python")
 Files_Delete_ctmppython
endif
Files_del_utils
if FileExists("%ProgramFilesDir%\opsi.org\preloginloader\")
	Files_Delete_PLG_BaseDir
endif
if fileExists("c:\tmp\ssl_tmp")
 Files_Delete_ctmpssl
endif
Files_redist_cleanup
 
 
;***********************
 
[Files_Delete_ctmpopsi]
delete -s -f "c:\tmp\opsi\"
 
[Files_Delete_ctmpssl]
delete -s -f "C:\tmp\ssl_tmp\"
 
[Files_Delete_ctmppython]
delete -s -f "c:\tmp\python\"
 
[Files_Delete_ctmpopsi-client-agent]
delete -s -f "c:\tmp\opsi-client-agent\"
 
[Files_del_utils]
delete -s -f "$INST_BaseDir$\utils\"
 
[Files_del_prelogin]
delete -s -f "$INST_BaseDir$\prelogin\"
 
[Files_redist_cleanup]
delete c:\eula*.*
delete c:\install*.*
delete c:\vc_red.*
delete c:\vcredist.bmp
delete c:\.rnd
delete c:\globdata.ini
delete d:\eula*.*
delete d:\install*.*
delete d:\vc_red.*
delete d:\vcredist.bmp
delete d:\.rnd
delete d:\globdata.ini
 
;*****************************end clean up****************************************
 
;**************************** end of main sub sections*****************************************
;*********************************************************************
;*********************************************************************
 
;*************************** basic sections******************************************
[Files_copy_winst]
; do not use -V because it leads to broken winst on downgrade
copy -sc "%SCRIPTPATH%\opsi-winst\*.*" "$INST_WinstDir$"
copy -sVc "%SCRIPTPATH%\utilities\*.*" "$INST_BaseDir$\utilities\"
 
[Files_copy_uninst]
copy -sVc "%SCRIPTPATH%\uninst\*.*" "$INST_BaseDir$\uninst\"
 
[Files_Delete_OCA_BaseDir]
delete -sf "$INST_BaseDir$\"
 
[Files_Delete_PLG_BaseDir]
delete -sf "%ProgramFilesDir%\opsi.org\preloginloader\"
 
[Registry_SetGeneralEntries]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\general]
Set "opsiconf"=REG_DWORD:1
Set "configlocal"=REG_DWORD:0
Set "bootmode" = "$GEN_bootmode$"
 
[Registry_SetUninstallEntries]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-preloginloader]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-client-agent]
set "DisplayName" = "opsi-client-agent"
set "DisplayVersion" = "$ProductVersion$"
set "DisplayIcon" = "$INST_WinstDir$\winst32.exe"
set "DisplayPublisher" = "uib gmbh, Mainz, Germany"
set "UninstallString" = '"$INST_WinstDir$\winst32.exe" /batch "$INST_BaseDir$\uninst\uninstall.ins" "c:\tmp\deinstall_opsi-client-agent.log" /PARAMETER DEINSTALL'
set "URLInfoAbout" = "http://opsi.org"
set "HelpLink" = "http://www.opsi.org/support/"
 
[DosInAnIcon_lock_opsiclientagent]
rem see http://setacl.sourceforge.net/
 
 
rem set rights for the base dir
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
rem set the complete dir full access for admin and (read and execute) only for user
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
 
rem revoke users access for configuration file (opsi-hostkey)
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
 
rem revoke users access for uninst
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
 
rem revoke users access for utilities
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
 
 
rem grant user execute to the winst directory
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
rem therefore remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem therefore set new rights
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read_ex;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
 
 
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
 
 
 
;*************************** end basic sections******************************************
 
;***************************vista sections******************************************
; Registry and UAC
;http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2526.htm
;http://www.winfaq.de/faq_html/Content/tip2000/onlinefaq.php?h=tip2217.htm
;http://msdn.microsoft.com/en-us/library/cc232761%28v=prot.10%29.aspx
;http://www.rawcomputing.co.uk/vistatips36.html
;http://www.win-tipps-tweaks.de/cms/vista-tipps/vista-sicherheit/benutzerkontensteuerung-deaktivieren-teil-2.html
 
 
[Registry_UAC_off]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000000
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
[Registry_UAC_on_special]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000001
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
 
[Registry_UAC_on_1]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000002
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000001
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
[Registry_UAC_on_2]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000001
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
[Registry_UAC_on_3]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000001
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
[Registry_UAC_on_4]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
Set "EnableInstallerDetection"   = REG_DWORD:00000001
Set "EnableLUA"                  = REG_DWORD:00000000
Set "EnableVirtualization"       = REG_DWORD:00000001
Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
Set "FilterAdministratorToken"   = REG_DWORD:00000000
 
 
[Registry_hklm_set_depotshare_trusted]
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%depotId%] 
set "file"=reg_dword:0x00000001 
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
set "AutoDetect"=reg_dword:0x00000000 
set "IntranetName"=reg_dword:0x00000001 
set "ProxyByPass"=reg_dword:0x00000001 
set "UNCAsIntranet"=reg_dword:0x00000001 
 
;***************************end vista sections******************************************
 
; ******************** login blockers sections*****************************************
; ******************** credential provider login blockers sections********************
 
[Files_copy_vista_loginblocker_32]
copy -Vc "%SCRIPTPATH%\opsiloginblocker\32bit\*.dll" "%SYSTEM%"
 
[Files_copy_vista_loginblocker_64]
copy -Vc "%SCRIPTPATH%\opsiloginblocker\64bit\*.dll" "%SYSTEM%"
 
[Registry_vista_loginblocker]
;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
;set ""="OpsiLoginBlocker"
openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
set ""="OpsiLoginBlocker"
openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32]
set ""="OpsiLoginBlocker.dll"
set "ThreadingModel"="Apartment"
openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
set ""="OpsiLoginBlocker"
set "LoginBlockerTimeoutConnect"=reg_dword:$OLB_LoginBlockerTimeoutConnect$
set "StartOpsiCredentialProvider"=reg_dword:0x00000000
set "LoginBlockerLogLevel"=reg_dword:$OLB_LogLevel$
 
[Registry_vista_del_loginblocker]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
 
; ******************** end credential provider login blockers sections********************
;************************ opsigina loginblocker sections **********************
 
[Files_copy_xp_loginblocker_32]
copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
 
[Files_copy_xp_loginblocker_win2k]
;copy -Vc "%SCRIPTPATH%\opsigina\win2k\opsigina.dll" "$INST_BaseDir$\opsigina\"
copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
 
[Files_copy_xp_loginblocker_64]
copy -Vc "%SCRIPTPATH%\opsigina\64bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
 
[Registry_SetRemoveMsginaOnDeinst]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "RemoveMsginaOnDeinst"=REG_DWORD:1 
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "RemoveMsginaOnDeinst"=REG_DWORD:1 
 
[Registry_opsigina_opsi_Config]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "NextGina" = "$INST_gina_to_chain$"
set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
Set "opsiServiceType"            = REG_DWORD:$OLB_opsiServiceType$
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "NextGina" = "$INST_gina_to_chain$"
set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
Set "opsiServiceType"            = REG_DWORD:$OLB_opsiServiceType$
 
; *************************************************************************************************
; *** outsourcing the chapter Registry_opsigina_winlogon_Config to separate file write_gina.ins ***
; *************************************************************************************************
 
[Registry_set_loginblocker_start]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
 
[winbatch_test_opsigina_64]
"%SCRIPTPATH%\opsigina\test\64bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
 
[winbatch_test_opsigina_32]
"%SCRIPTPATH%\opsigina\test\32bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
 
 
 
; ******************** end opsigina loginblocker sections *****************************************
; ******************** end loginblockers sections *****************************************
 
 
; ******************** opsiclientd sections *****************************************
[Patches_opsiclientd_conf_key]
Set [global] opsi_host_key=$SHI_pckey$
Set [global] host_id=$INST_ClientId$
 
[Patches_opsiclientd_conf_rest]
Set [config_service] url=$OCD_config_service.url$/rpc
Set [config_service] connection_timeout=$OCD_config_service.connection_timeout$
Set [control_server] port=$OCD_control_server.port$
Set [notification_server] port=$OCD_notification_server.port$
Set [global] log_level=$OCD_global.log_level$
 
[DosInAnIcon_lock_opsiclientd_conf]
rem this should work not only on german systems
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
 
[Patches_opsiclientd_cnf]
Add [req] default_bits = 1024
Add [req] encrypt_key = yes
Add [req] distinguished_name = req_dn
Add [req] x509_extensions = cert_type
Add [req] prompt = no
Add [req_dn] C = DE
Add [req_dn] ST = RP
Add [req_dn] L = Mainz
Add [req_dn] O = UIB
Add [req_dn] OU = -
Set [req_dn] CN = $INST_ClientId$
Add [req_dn] emailAddress = info@uib.de
Add [cert_type] nsCertType = server
 
[DosInAnIcon_generate_opsiclientdCertificate]
"%ProgramFilesDir%\OpenSSL\bin\openssl" req -new -x509 -days 1000 -nodes -config "$INST_opensslConfigFile$" -out "$INST_opsiclientdCertificateFile$" -keyout "$INST_opsiclientdCertificateFile$"
 
[DosInAnIcon_Stop_opsiclientd_Service]
net stop opsiclientd
 
[DosInAnIcon_unregister_opsiclientd_service]
"$INST_OpsiclientdDir$\opsiclientd.py" remove
"$INST_BaseDir$\opsiclientd.exe" -remove
 
[DosInAnIcon_open_firewall_for_control_server]
netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
 
[DosInAnIcon_close_firewall_for_control_server]
netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
 
[DosInAnIcon_open_firewall_for_control_server_nt6]
rem netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
netsh advfirewall firewall add rule name="opsiclientd-control-port" dir=in action=allow protocol=TCP localport=$OCD_control_server.port$
 
[DosInAnIcon_close_firewall_for_control_server_nt6]
rem netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
netsh advfirewall firewall delete rule name="opsiclientd-control-port" name protocol=TCP localport=$OCD_control_server.port$
 
 
[Registry_DeleteOpsiclientd]
DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
 
[Registry_DeactivateOpsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "Start" = REG_DWORD:4
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opsiclientd]
Set "Start" = REG_DWORD:4
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\opsiclientd]
Set "Start" = REG_DWORD:4
 
[Registry_ActivateOpsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "Start" = REG_DWORD:2
set "ImagePath" = '"$INST_BaseDir$\opsiclientd.exe"'
 
[DosInAnIcon_opsiclientd_register_service_exe]
"$INST_BaseDir$\opsiclientd.exe" -auto -install
 
[Registry_opsiclientd_Service_depend_win2k]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt"
 
[Registry_opsiclientd_Service_depend_winxp]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|Nla"
 
[Registry_opsiclientd_Service_depend_winvista]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|NlaSvc"
 
[Registry_opsiclientd_Service_depend_dhcp_dns]
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
Set "DependOnService" = REG_MULTI_SZ:"Dhcp|Dnscache"
 
[Registry_opsiclientd_Service_set_timeout]
; default timeout is 30000 millis increase to 60000 millis
OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Set "ServicesPipeTimeout" = REG_DWORD:60000
 
[DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy]
@echo off
wmic os get DataExecutionPrevention_SupportPolicy
 
[Registry_disable_dep_opsiclientd]
OpenKey [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
set "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd.exe" = "DisableNXShowUI"
 
; ******************** end opsiclientd sections *****************************************
 
; ******************** Install helpers sections *****************************************
 
[Files_del_cmd64]
delete -f "%SYSTEMROOT%\cmd64.exe"
 
[Files_save_config_for_debug]
copy "%ScriptPath%\cfg\*.*"       "c:\tmp\cfg"
 
[sub_set_installation_status]
if $INST_SubModus$ = "BOOTIMAGE"
	opsiservicecall_setNetbootInstallationStatus /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
endif 
opsiservicecall_setOpsiclientagentInstallationStatus
if $INST_preloginvistaInstalled$ = 'true'
	opsiservicecall_setPreloginvistaInstallationStatus_off
endif
if $INST_preloginloaderInstalled$ = 'true'
	opsiservicecall_setpreloginloaderInstallationStatus_off
endif
 
[sub_sub_read_preloginloader_installation_state]
if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginloader")
	set $INST_preloginloaderInstalled$ = 'false'
else
	set $INST_preloginloaderInstalled$ = 'true'
endif
 
[sub_sub_read_preloginvista_installation_state]
if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginvista")
	set $INST_preloginvistaInstalled$ = 'false'
else
	set $INST_preloginvistaInstalled$ = 'true'
endif
 
[Registry_add_shutdown_key]
openKey [$INST_WinstRegKey$]
add "ShutdownRequested" = REG_DWORD:0
 
[Files_create_ctmp]
CheckTargetPath = "c:\tmp"
 
[DosInAnIcon_open_ctmp]
rem C:\utils\xcacls c:\tmp /T /C /G ADMINISTRATOREN:F "ERSTELLER-BESITZER":F JEDER:R HAUPTBENUTZER:F SYSTEM:F /Y
rem show setacl-version
rem "$INST_SetAclDir$\setacl.exe" -help 
rem this should work not only on german systems
rem open c:\tmp for everyone
"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn setprot -op "dacl:np;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-1-0;s:y" -actn ace -ace "n:S-1-1-0;p:full;s:y"
rem "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn list -lst "s:b"
 
[Files_create_c_opsiorg]
CheckTargetPath = "$OCD_OpsiVarDir$"
 
[DosInAnIcon_lock_c_opsiorg]
rem this should work not only on german systems
rem make the dacl not inherited
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
rem "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
rem remove users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
rem remove power users from dacl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
rem show the resulting acl
"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
 
[sub_get_depot_netbiosnames]
set %depotId%
set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
 
 
[Sub_check_exitcode]
comment "Test for installation success via exit code"
set $INST_ExitCode$ = getLastExitCode
; informations to exit codes see
; http://msdn.microsoft.com/en-us/library/aa372835(VS.85).aspx
; http://msdn.microsoft.com/en-us/library/aa368542.aspx
if ($INST_ExitCode$ = "0")
	comment "Looks good: setup program gives exitcode zero"
else
	comment "Setup program gives a exitcode unequal zero: " + $INST_ExitCode$
	if ($INST_ExitCode$ = "1603")
		comment "File is in use - seems not to be a problem (at vc_redist installation)"
	else
		if ($INST_ExitCode$ = "1605")
			comment "ERROR_UNKNOWN_PRODUCT	1605	This action is only valid for products that are currently installed."
			comment "Uninstall of a not installed product failed - no problem"
		else
			if ($INST_ExitCode$ = "1641")
				comment "looks good: setup program gives exitcode 1641"
				comment "ERROR_SUCCESS_REBOOT_INITIATED	1641	The installer has initiated a restart. This message is indicative of a success."
			else
				if ($INST_ExitCode$ = "3010")
					comment "looks good: setup program gives exitcode 3010"
					comment "ERROR_SUCCESS_REBOOT_REQUIRED	3010	A restart is required to complete the install. This message is indicative of a success."
				else
					logError "Fatal: Setup program gives an unknown exitcode unequal zero: " + $INST_ExitCode$
					;isFatalError
				endif
			endif
		endif
	endif
endif
 
; ******************** End Install helpers sections *****************************************
 
; ******************** create client sections *****************************************
 
[sub_sub_try_to_get_my_mac]
Set $INST_ShortServiceUrl$ = takestring(1, splitString($OCD_config_service.url$,"//"))
set $INST_ConfigServerIP$ = takestring(0, splitString($INST_ShortServiceUrl$,":"))
set $INST_ConfigServerPort$ = takestring(1, splitString($INST_ShortServiceUrl$,":"))
comment "we need a IP-Numer at sub_getServiceConnection for analyzing the netstat output"
Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIPbyName')
set $INST_ExitCode$ = getLastExitCode
if "Error" = takestring(0, splitStringOnWhitespace(takestring(0,$INST_ServiceResult$)))
	LogWarning "MAC Address could not detected because config server could not resolved"
else
	set $INST_ConfigServerIP$ = takestring(0,$INST_ServiceResult$)
	set $INST_ShortServiceUrl$ = $INST_ConfigServerIP$+":"+$INST_ConfigServerPort$
	comment "let us try to guess the ip number by getbestinterface windows api ..."
	Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIpByTarget')
	set $INST_IPAddress$ = takestring(0, $INST_ServiceResult$)
	set $INST_IPAddress$ = takestring(1, splitString($INST_IPAddress$,"found:"))
	if $INST_IPAddress$ = ""
		LogWarning "failed to get own IP number - giving up to get mac"
	else
		set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_WMI_running')
		if ("" = takeFirstStringContaining($INST_ServiceResult$,"RUNNING")) and (GetMsVersionInfo >= "5.1")
			LogWarning "WMI service not running - giving up to get mac"
		else
			comment "WMI is running or we are at win2k and we only hope that it is running"
			Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
			set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
			if $INST_MAC$ = ""
				LogWarning "no MAC found"
			endif
		endif
	endif
endif
 
 
	;comment "Do we have a connection to the server ?"
	;markErrorNumber
	;opsiservicecall_authenticated 
	;if errorsOccuredSinceMark > 0
	;	comment "No - we have no connection to the server."
	;	comment "Let us try to connect the server ...."
	;	SetLogLevel=$INST_PasswdLogLevel$
	;	markErrorNumber
	;	opsiservicecall_authenticated /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
	;	SetLogLevel=$INST_DefaultLoglevel$
	;	if errorsOccuredSinceMark > 0
	;		LogWarning "We have still no connection to the server. This may affect the detection of the MAC."
	;	endif
	;else
	;	comment "Yes - we have a connection to the server."
	;	opsiservicecall_getNetworkConfig_hash
	;endif
	;comment "Now calling netstat ...."
	;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getServiceConnection')
	;set $INST_IPAddress$ = takestring(2, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$, $INST_ShortServiceUrl$)))
	;set $INST_IPAddress$ = takestring(0, splitString($INST_IPAddress$,":"))
	;if $INST_IPAddress$ = ""
	;	LogWarning "failed to get own IP number by netstat - using winst information (may be wrong at multiple network interfaces)"
	;	set $INST_IPAddress$ = "%IPAddress%"
	;endif
	;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
	;set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
	;if $INST_MAC$ = ""
	;	LogWarning "no MAC found"
	;endif
;endif
 
[DosInAnIcon_getServiceConnection]
@echo off
netstat -n
 
[DosInAnIcon_getMac_by_exe]
@echo off
"%ScriptPath%\ip2mac\ip2mac.exe"
 
[DosInAnIcon_getDnsByWmic]
@echo off
wmic path win32_NetworkAdapterConfiguration get DnsDomain /value | findstr "=."
 
[DosInAnIcon_getIPbyName]
@echo off
"%ScriptPath%\gethostbyname\get_host_by_name.exe" $INST_ConfigServerIP$
 
[DosInAnIcon_getIpByTarget]
@echo off
"%ScriptPath%\getIpByTarget\getipbytarget.exe" --target=$INST_ConfigServerIP$
 
[DosInAnIcon_WMI_running]
@echo off
sc query Winmgmt
 
 
[sub_sub_get_depot_netbiosname]
set $INST_Authenticated$ = "false"
markErrorNumber
opsiservicecall_authenticated 
if errorsOccuredSinceMark > 0
	comment "was not authenticated -> retry scripted login by default user/password"
	markErrorNumber
	SetLogLevel=$INST_PasswdLogLevel$
	opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
	SetLogLevel=$INST_DefaultLoglevel$
	if errorsOccuredSinceMark > 0
		comment "scripted login by default user/password failed -> we don't retry interactive"
		comment "giving up"
	else
			comment "now authenticated "
			set $INST_Authenticated$ = "true"
	endif
else
	comment "was authenticated "
	set $INST_Authenticated$ = "true"
endif 
 
if $INST_Authenticated$ = "true"
	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkConfig_hash')
	set $INST_DepotServer$ = takeString(2,splitString(takeFirstStringContaining($INST_ServiceResult$, "depotUrl="),"/"))
endif
 
; ******************** End create client sections *****************************************
 
;***********************py2exe and open ssl sections ************************************************
[Files_copy_py2exe]
copy -sVc "%SCRIPTPATH%\dist\*.*" "$INST_BaseDir$\"
 
[Winbatch_shining_light_OpenSSL]
"%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" /SILENT /NOCANCEL /SUPPRESSMSGBOXES /NORESTART /SP- /LOG="c:\tmp\shining_light_OpenSSL.log" /DIR="%ProgramFilesDir%\OpenSSL"
 
[Files_copy_shining_light_OpenSSL_exe]
copy "%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" "C:\tmp\ssl_tmp"
copy "%ScriptPath%\deps\innounp.exe" "C:\tmp\ssl_tmp"
 
[DosInAnIcon_shining_light_OpenSSL_unpack]
rem ;http://innounp.sourceforge.net/
c:
cd "C:\tmp\ssl_tmp"
mkdir tmp
innounp.exe -x -m -b -dtmp Win32OpenSSL_Light-1_0_0i.exe
 
[Files_copy_shining_light_OpenSSL_files]
copy -sV "C:\tmp\ssl_tmp\tmp\{app}\*.*" "%Programfilesdir%\openssl"
;copy -V "C:\tmp\ssl_tmp\tmp\{app}\*.dll" "%system%"
delete -sf "C:\tmp\ssl_tmp\tmp\"
 
[Registry_shining_light_OpenSSL]
openkey [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
set "OPENSSL_CONF"="%Programfilesdir%\openssl\bin\openssl.cfg"
 
[Winbatch_vc_redist_exe]
;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*v "c:\tmp\vcredist.log" ALLUSERS=2"
"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*c:\tmp\vcredist_exe.log ALLUSERS=2"
;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"VCREDI~1.EXE /q:a /c:""msiexec /i vcredist.msi /qb!"" "
;"%ScriptPath%\deps\vcredist_x86.exe" /Q
 
[Winbatch_vc_redist_exe_64]
"%ScriptPath%\vcredistx64\vcredist_x64.exe" /Q
 
[Winbatch_vc_redist_msi_64]
msiexec /i "%ScriptPath%\vcredistx64\VC_RED.MSI" /qb-! /l*v "c:\tmp\vcredist_x64_msi.log" ALLUSERS=2
 
[Winbatch_vc_redist_msi]
;msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l*vx "c:\tmp\vcredist.log" ALLUSERS=2 DISABLEROLLBACK=1 VSEXTUI=1
msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l* "c:\tmp\vcredist_msi.log" ALLUSERS=2
 
[ExecWith_autoit_vc_redist]
WinWait("Microsoft Visual C++", "Opsi Dialog")
Send("{TAB}")
Send("{TAB}")
Send("{ENTER}")
exit
 
 
 
 
[LinkFolder_install_softwareOnDemand]
set_basefolder common_programs
set_subfolder opsi.org
 
set_link
	name: software on demand
	target: https://localhost:4441/swondemand
	parameters:
	working_dir:
	icon_file:
	icon_index:
end_link
 
[LinkFolder_uninstall_softwareOnDemand]
set_basefolder common_programs
delete_subfolder opsi.org
 
;***************************** end py2exe and open ssl sections ******************************************
 
;*************************** prelogin sections ********************************************
 
[Registry_DeletePreloginloader]
DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PreLoginLoader]
 
[DosInAnIcon_Stop_Preloginloader_Service]
net stop preloginloader
 
;**************************** end prelogin sections *******************************************
 
 
;******** Service sections **********
[opsiservicecall_authenticated]
"method": "authenticated"
"params": [
					]
 
[opsiservicecall_getDomain]
"method": "getDomain"
"params": [
					]
 
[opsiservicecall_getHost_hash]
"method": "getHost_hash"
"params": [
					"$INST_ClientId$"
					]
 
[opsiservicecall_getClientIds_list]
"method": "getClientIds_list"
"params": [
					]
 
[opsiservicecall_createClient]
"method": "createClient"
"params": [
					"$INST_pcname$",
					"$INST_DnsDomainName$",
					"",
					"",
					"$INST_IPAddress$",
					"$INST_MAC$"
					]
 
[opsiservicecall_getServerId]
"method": "getServerId"
"params": [
					"$INST_ClientId$"
					]
 
[opsiservicecall_getOpsiHostKey]
"method": "getOpsiHostKey"
"params": [
					"$INST_ClientId$"
					]
 
[opsiservicecall_setNetbootInstallationStatus]
"method": "setProductInstallationStatus"
"params": [
					"$INST_NetBootProductname$",
					"$INST_ClientId$",
					"installed"
					]
 
[opsiservicecall_setPreloginloaderInstallationStatus_off]
"method": "setProductInstallationStatus"
"params": [
					"preloginloader",
					"$INST_ClientId$",
					"not_installed"
					]
 
[opsiservicecall_setPreloginvistaInstallationStatus_off]
"method": "setProductInstallationStatus"
"params": [
					"preloginvista",
					"$INST_ClientId$",
					"not_installed"
					]
 
[opsiservicecall_setOpsiclientagentInstallationStatus]
"method": "setProductInstallationStatus"
"params": [
					"opsi-client-agent",
					"$INST_ClientId$",
					"installed"
					]
 
[opsiservicecall_getNetworkConfig_hash]
"method": "getNetworkConfig_hash"
"params": [
					"$INST_ClientId$"
					]
 
[opsiservicecall_userIsAdmin]
"method": "userIsAdmin"
"params": [
					]
 
[opsiservicecall_setMacAddress]
"method": "setMacAddress"
"params": [
					"$INST_ClientId$",
					"$INST_MAC$"
		]	  
 
[opsiservicecall_getInstalledLocalBootProductIds_list]
"method": "getInstalledLocalBootProductIds_list"
"params": [
					"$INST_ClientId$"
		]	  
 
[opsiservicecall_getDepotshares]
"method": "host_getIdents"
"params": [
					'[]',
					'{"type":"OpsiDepotserver"}',
		]	  
 
[opsiservicecall_getDepot_properties]
"method": "host_getObjects"
"params": [
					'[]',
					'{"type":"OpsiDepotserver"}',
		]	  
 
[opsiservicecall_setOption_addConfigStateDefaults_true]
"method": "backend_setOptions"
"params": [
	'{"addConfigStateDefaults":true}'
]
 
[opsiservicecall_get_configState_software-on-demand.active]
"method": "configState_getObjects"
"params": [
	'',
	'{"configId":"software-on-demand.active","objectId":"$INST_ClientId$"}',
]
 
;**************************************************
;**************************************************

read_gina.ins

this file is for implementing a gina chain for sophos and DATEV on XP-Machines (not needed for OS Vista and younger)

set $INST_AktGina$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] GinaDLL")
 
comment "get nextgina to chain"
set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
 
if $INST_gina_to_chain$ = ""
	comment "no nextGina entry at opsi-client-agent - let us look at the old preloginloader key"
	set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] NextGina")
endif
 
if $INST_gina_to_chain$ = ""
	comment "no new opsigina installed - let us look for opsi pgina installation"
	set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] pathMSGina")
endif
 
if $INST_gina_to_chain$ = ""
	comment "no new opsi pgina installed - let us look for legacy opsi installation"
	set $INST_old_reg_gina_installed$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina\Opsi] Installed")
	if $INST_old_reg_gina_installed$ = "1"
		set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina] pathMSGina")
	endif
endif
 
if ($INST_gina_to_chain$ = "") and ("64 Bit System" = GetSystemType)
	comment "perhaps opsi-client-agent previously installed into wrong registry tree with 32-bit settings"
	set $INST_gina_to_chain$ = GetRegistryStringValue32("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
endif
 
 
if $INST_NTVersion$ < "6.0"
	if ($INST_AktGina$ = "")
		comment "opsigina seems not be installed and we are on a fresh XP"
		set $INST_gina_to_chain$ = "msgina.dll"
	else
		if ($INST_gina_to_chain$ = "")
; *************************** Implementing the SOPHOS Safe GUARD Easy Engine *********************************************
			if ($INST_AktGina$ = "sggina.dll")
				set $INST_sophos$ = "1"
				set $INST_gina_to_chain$ = "msgina.dll"
			else
				; ****************************************************************************************
				; *** implementation fpr DATEV client ( for ITL) *****************************************
				if ($INST_AktGina$ = "C:\WINDOWS\system32\dvinesasdgina.dll")
					set $INST_DATEV$ = "1"
					set $INST_gina_to_chain$ = "msgina.dll"
				else
					; ****************************************************************************************
					; *** the original block
					; ****************************************************************************************
					comment "opsigina seems not be installed and there is active gina"
					set $INST_gina_to_chain$ = $INST_AktGina$
					; ****************************************************************************************
				endif
			endif
; ************************************************************************************************************************
		else
			comment "opsigina seems be installed and so don't change the gina to chain"
		endif
	endif
endif ; winxp / win2k

write_gina.ins

if ($INST_sophos$ = "1")
	Registry_opsigina_winlogon_SOPHOS /Sysnative
else
	if ($INST_DATEV = "1")
		Registry_opsigina_winlogon_DATEV /Sysnative
	else
		Registry_opsigina_winlogon_Config /Sysnative
		; *********************************************************************************
		; *** the original block **********************************************************
		; *********************************************************************************
	endif
endif
 
[Registry_opsigina_winlogon_Config]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Set "GinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
set "DisableCAD" = REG_DWORD:0
 
[Registry_opsigina_winlogon_DATEV]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "ASDOrgGinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
 
[Registry_opsigina_winlogon_SOPHOS]
OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication]
set "GinaDLLRepair" = REG_DWORD:0
set "KnownGina" = REG_DWORD:1
set "OriginalGina" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"

update_sub.ins

this file is for customizing the UI from opsi-client-agent.

DefVar	$SrcPath$
DefVar  $block_login$
DefVar  $winst_skin_color$
DefVar  $action_color$
DefVar  $NotifierUpdatePath$
DefVar  $WinstSkinUpdatePath$
DefVar  $informList$
 
 
; ----------------------------------------------------------------
; - Please edit the following values                             -
; ----------------------------------------------------------------
;$ProductId$ should be the name of the product in opsi
; therefore please: only lower letters, no umlauts,
; no white space use '-' as a seperator
Set  $INST_BaseDir$     	=  "%ProgramFilesDir%\opsi.org\opsi-client-agent"
Set  $INST_OpsiclientdDir$	=  $INST_BaseDir$+"\opsiclientd"
Set  $INST_OpsiclientdConf$	=  $INST_OpsiclientdDir$+"\opsiclientd.conf"
Set  $INST_WinstDir$		=  $INST_BaseDir$+"\opsi-winst"
Set  $INST_NotifierDir$		=  $INST_BaseDir$+"\notifier"
Set  $NotifierUpdatePath$	=  "\dist\notifier_update"
Set  $WinstSkinUpdatePath$	=  "\opsi-winst\winstskin_update"
 
;------------------------------------------------------------------
 
 
 
set  $winst_skin_color$	=  "$0000cdbd"
set  $action_color$  	=  "189,205,000"
set  $informList$	= "345"
 
Files_copy_images
 
Patches_action_ini  $INST_NotifierDir$+"\action.ini"
Patches_event_ini  $INST_NotifierDir$+"\event.ini"
Patches_popup_ini  $INST_NotifierDir$+"\popup.ini"
Patches_shutdown_ini  $INST_NotifierDir$+"\shutdown.ini"
Patches_userlogin_ini  $INST_NotifierDir$+"\userlogin.ini"
Patches_winst_skin  $INST_WinstDir$+"\winstskin\skin.ini"
 
ExitWindows /reboot
 
[Files_copy_images]
copy  "%SCRIPTPATH%$NotifierUpdatePath$\*.*"  "$INST_NotifierDir$"
copy  "%SCRIPTPATH%$WinstSkinUpdatePath$\*.*"  "$INST_WinstDir$\winstskin"
 
 
[Patches_action_ini]
Set  [LabelStatus]  FontColor =  $action_color$
set  [LabelMessage]  FontColor  =  $action_color$
set  [ButtonStop]  Top  =  150
set  [ButtonStart]  Top  =  150
 
[Patches_event_ini]
set  [LabelTitle]  FontColor  =  $action_color$
set  [LabelTitle]  Text  =  "********* IT Deployment"
set  [LabelOpsiclientdInfo]  FontColor  =  $action_color$
set  [LabelActionProcessorInfo]  FontColor  =  $action_color$
set  [LabelStatus]  FontColor  =  $action_color$
set  [LabelDetail]  FontColor  =  $action_color$
set  [LabelConfigServiceUrl]  FontColor  =  $action_color$
set  [LabelClientId]  FontColor  =  $action_color$
set  [LabelConfigServiceUrl]  Top  =  $informList$
set  [LabelClientId]  Top  =  $informList$
set  [ButtonStop]  Color  =  $action_color$
 
[Patches_popup_ini]
Set  [LabelTitle]  FontColor =  $action_color$
set  [LabelMessage]  FontColor  =  $action_color$
set  [ButtonExit]  Color  =  $action_color$
 
[Patches_shutdown_ini]
Set  [LabelStatus]  FontColor =  $action_color$
set  [LabelMessage]  FontColor  =  $action_color$
set  [ButtonStop]  Top  =  150
set  [ButtonStart]  Top  =  150
 
[Patches_userlogin_ini]
Set  [LabelStatus]  FontColor =  $action_color$
set  [LabelMessage]  FontColor  =  $action_color$
 
[Patches_winst_skin]
set  [Form]  Color = "$00FFFFFF"
set  [LabelVersion]  FontColor  =  $winst_skin_color$
set  [LabelProduct]  FontColor  =  $winst_skin_color$
set  [LabelInfo]  FontColor  =  $winst_skin_color$
set  [LabelDetail]  FontColor  =  $winst_skin_color$
set  [LabelCommand]  FontColor  =  $winst_skin_color$
set  [LabelProgress]  FontColor  =  $winst_skin_color$
set  [ProgressBar]  BarColor  =  $winst_skin_color$
set  [ProgressBar]  StartColor  =  $winst_skin_color$
set  [ProgressBar]  FinalColor  =  $winst_skin_color$
set  [ProgressBar]  ShapeColor  =  $winst_skin_color$

OPSI-CLIENT-ITL.mm

the central control file for MakeMSI

;----------------------------------------------------------------------------
;--- Global Definitions						        -----
;----------------------------------------------------------------------------
#define VALID_MSIVAL2_DIR C:\Programme\MsiVal2  ;;Used before loading MSI header
;--- Include MAKEMSI support (with my customisations and MSI branding) ------
#define VER_FILENAME.VER  version-opsi_prod-ITL.Ver      ;;I only want one VER file for all samples! (this line not actually required in "tryme.mm")
#include "D:\extract\opsi-client\ME.MMH"
;;;; Disabling Dialog??
;--- Prevent "UISAMPLE" trying to manipulate the dialog deleted below -------
#define UISAMPLE_DISABLE_TYPICAL_SETUP N
#define REMOVED_LicenseAgreementDlg N
#define "ME.MMH"

;--- Remove the dialog ------------------------------------------------------
<$DialogRemove "SetupTypeDlg"> ;; do not ask for Typical Custom complete
<$DialogRemove "LicenseAgreementDlg"> ;;ignore lizenz.rtf File
;----------------------------------------------------------------------------

;--- Want to debug (not common) ---------------------------------------------
;#debug on
;#Option DebugLevel=^NONE, +OpSys^
;--- Define default location where file should install and add files --------

;Installdir:
<$DirectoryTree Key="tmpdir" Dir="c:\tmp" MAKE="Y" >
<$Property "SERVICEURL" Value="https://<opsi-Server-url:4447" >
<$Property "DOMAIN" Value="<your dns domain>" >


;----------------------------------------------------------------------------
;--- what should the installation do?					-----
;----------------------------------------------------------------------------

;Example for Filecopy:
<$Files "files\*.*" SubDir="TREE" DestDir="[tmpdir]" >



;----------------------------------------------------------------------------
;--- Add a registry entry (let it create a component - GUID not fixed!) -----
;----------------------------------------------------------------------------
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='ConsentPromptBehaviorAdmin' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableInstallerDetection' Value="00000001" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableLUA' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableSecureUIAPaths' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableVirtualization' Value="00000001" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='PromptOnSecureDesktop' Value="00000000" Type='DWORD'>
<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='FilterAdministratorToken' Value="00000000" Type='DWORD'>


;----------------------------------------------------------------------------
;--- start a batch script				                -----
;----------------------------------------------------------------------------
#(
    ;--- Run after install, ignore return code and don't wait for completion ---
   <$ExeCa
         EXE='[SystemFolder]copy.exe' Args=^"%comspec%" "%systemroot%\cmd64.exe"^
         WorkDir="[tmpdir]"
         SEQ="InstallFinalize-"   Type="immediate ASync AnyRc"
     Condition="<$CONDITION_INSTALL_ONLY>"
  >
 #)
 
;#(
;    ;--- Run after install, ignore return code and wait for completion ---
;   <$ExeCa
;             EXE=^[tmpdir]\opsi\Write_par.cmd^ Args=^[SERVICEURL] [DOMAIN] Test^
;         WorkDir="[tmpdir]"
;             SEQ="InstallFinalize-"   Type="immediate ASync AnyRc"
;      Condition="<$CONDITION_INSTALL_ONLY>"
;   >
; #)

#(
    ;--- Run after install, ignore return code and wait for completion ---
    ;--- for unversal msi package you must use the follow PARAMETER string INSTALL:CREATE_CLIENT:REBOOT:SERVICEURL:DOMAIN
   <$ExeCa
             EXE=^[tmpdir]\opsi\opsi-winst\winst32.exe^ Args=^/batch [tmpdir]\opsi\setup.ins [tmpdir]\opsi-client-agent.log /PARAMETER INSTALL:CREATE_CLIENT:REBOOT^
         WorkDir="[tmpdir]"
             SEQ="InstallFinalize-"   Type="immediate Sync AnyRc"
      Condition="<$CONDITION_INSTALL_ONLY>"
   >
 #)

version-opsi_prod-ITL.ver

before you use this file, you must change Guid.UpgradeCode and MsiName

;----------------------------------------------------------------------------
;
;    MODULE NAME:   unattendend Installation opsi-client proorg.local
;
;        $Author:   USER "Thomas"  $
;      $Revision:   2.0  $
;          $Date:   05 DEC 2012 11:35:32  $
;
;    DESCRIPTION:   deploy the opsi-client-agent ITL via msi-package.
;
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
; ProductName = Installation opsi-Client ITL domain productive
; DESCRIPTION =  opsi Installation ITL
; Licence     = lizenz.rtf
; Installed   = WINDOWS_ALL
; Guid.UpgradeCode = {EXXXXXXX-FXXC-XXXD-XXBC-XXXAXFXBXECE}
; MsiName     = <my package name>
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



;############################################################################
VERSION : 2.0.0
DATE    : 05 Dec 2012
CHANGES : First production release ITL
userspace/msi-package_opsi-client-agent.txt · Last modified: 2022/12/19 13:51 by wolfbardo