Differences

This shows you the differences between two versions of the page.

--- userspace:msi-package_opsi-client-agent [2012/12/21 15:05] – created frisoft_DD
+++ userspace:msi-package_opsi-client-agent [2022/12/19 14:51] (current) – wolfbardo
@@ Line 1: / Line 1: @@
-here in the future the scripts and changes for install the opsi-client-agent via msi (deploying via GPO over AD)
+====== official msi-Package opsi-client-agent can be found at ======
+https://download.uib.de/4.2/stable/misc/opsi-client-agent.msi
+====== msi-Package opsi-client-agent 4.0.2.1 ======
+this is my cusomized setup for opsi-client-agent to deploy himself via GPO over AD. Comments are welcome
+TODO:
+- complete the the parametering install via msi propertys
+- added a more detailed description ( at the moment, i have a small docu in source-code
+this program used MakeMSI(Dennis Bareis) to generate the msi-package
+Tested with opsi 4.0.2\\
+requiredWinstVersion >= 4.10.8.12\\
+Files can be downloaded at http://www.libe.net/version/MakeMsi_latest_Version.php
+By   --- //[[thomas.fritzsche@itl-dresden.de|frisoft_DD]] 2012/12/21 15:31//
+Tree:\\
+<code>
+D:.
+├───extended-scripts
+├───files
+│   ├───opsi
+├───out
+│   └───OPSI-CLIENT-ITL.mm
+│       │
+│       └───MSI
+└───utils
+</code>
+for developing you copy all files form opsi-server/opsi_depot/opsi-client-agent to yout develop-path on your windows machine
+==== Steps ====
+  - download and install MakeMSI
+  - copy all the content fron directory opsi-client-agent to your develop directory
+  - copy from the makeMSI - sample directory the files with extention mm and ver
+  - edit the file with extention ver (you must change the guid) for this doing, in the MakeMSI package are an GUID-Generator
+  - edit the file mm with your favorite text - editor
+  - after finish changing all the files click with the right mouse-button on the file mm and select build msi(production)
+  - check on a other machine
+[[nix|Change the following headlines to the names of your scripts]]
+==== setup.ins ====
+<code winst>
+[Actions]
+requiredWinstVersion >= "4.10.8.12"
+Message=opsi-client-agent installation
+ShowBitmap "%scriptpath%\uninst\opsi.png" "opsi-client-agent"
+; Variables:
+; Config Variables with prefixes
+; GEN = general
+; SHI = share information
+; OCD = opsiclientd
+; OLB = opsiLoginBlocker
+; INST = used while installation
+; Script variables with prefix INST
+;******** installation vars **********
+DefVar $INST_AktGina$
+DefVar $INST_AllowReboot$
+DefVar $INST_Authenticated$
+DefVar $INST_BaseDir$
+DefVar $INST_Cfgini$
+DefVar $INST_ClientExists$
+DefVar $INST_ClientId$
+DefVar $INST_ComputerName$
+DefVar $INST_Debug$
+DefVar $INST_DepotServer$
+DefVar $INST_DnsDomainName$
+DefVar $INST_Error$
+DefVar $INST_ExitCode$
+DefVar $INST_IPAddress$
+DefVar $INST_ImmediateRebootFlag$
+DefVar $INST_MAC$
+DefVar $INST_MinorOS$
+DefVar $INST_NTVersion$
+DefVar $INST_Modus$
+DefVar $INST_NetBootProductname$
+DefVar $INST_NicIndex$
+DefVar $INST_NotifierDir$
+DefVar $INST_OS$
+DefVar $INST_OpensslConfigFile$
+DefVar $INST_OpsiClientdCertificateFile$
+DefVar $INST_OpsiclientdDir$
+DefVar $INST_OpsiclientdConf$
+DefVar $INST_OpsiclientdRPCDir$
+DefVar $INST_OpsiUtilitiesdDir$
+DefVar $INST_ActionProcessorStarterDir$
+DefVar $INST_Paramstr$
+DefVar $INST_Pcname$
+DefVar $INST_RebootFlag$
+DefVar $INST_Result$
+DefVar $INST_SetAclDir$
+DefVar $INST_ServiceName$
+DefVar $INST_Service_Password$
+DefVar $INST_Service_User$
+DefVar $INST_ShortServiceUrl$
+DefVar $INST_SubModus$
+DefVar $INST_Sysconfini$
+DefVar $INST_SystemType$
+DefVar $INST_WinstDir$
+DefVar $INST_WinstRegKey$
+DefVar $INST_gina_to_chain$
+; ******************************************************************************
+; *** changed ****** for implementing SOPHOS Safe Guard Easy *****************
+; *** the changing only needed for OS before Windows Vista *********************
+DefVar $INST_sophos$
+; *** changed for ITL to implement the DATEV - Login Blocker *******************
+DefVar $INST_DATEV$
+; ******************************************************************************
+DefVar $INST_old_reg_gina_installed$
+DefVar $INST_preloginvistaInstalled$
+DefVar $INST_preloginloaderInstalled$
+DefVar $INST_GinaDll$
+DefVar $INST_service_hidden_password$
+DefVar $INST_DefaultLoglevel$
+DefVar $INST_PasswdLogLevel$
+DefVar $INST_ConfigServerIP$
+DefVar $INST_ConfigServerPort$
+DefVar $INST_ProductType$
+DefVar $INST_vcredistx86_installed$
+DefVar $INST_uac_level$
+DefVar $ProductVersion$
+DefVar $INST_tmpstr$
+DefVar $INST_create_software_on_demand_menue_entry$
+DefVar $INST_SearchKey$
+DefVar $INST_SearchValue$
+DefVar $INST_SearchResult$
+DefStringlist $INST_Adapterlist$
+DefStringList $INST_ServiceResult$
+DefStringList $INST_ResultList$
+DefStringList $INST_ResultList2$
+DefStringList $INST_ResultList3$
+DefStringList $INST_ParamstrList$
+;******** Sektion general **********
+DefVar $GEN_bootmode$
+;******** Sektion shareinfo **********
+DefVar $SHI_pckey$
+;******** Sektion opsiclientd **********
+DefVar $OCD_global.log_level$
+DefVar $OCD_config_service.url$
+DefVar $OCD_config_service.connection_timeout$
+DefVar $OCD_control_server.port$
+DefVar $OCD_notification_server.port$
+DefVar $OCD_open_firewall_for_control_server$
+DefVar $OCD_OpsiVarDir$
+; *************************************************************************************************
+; added to customizing the installation via msi-parameters
+; *************************************************************************************************
+DefVar $OCD_Domain$
+; *************************************************************************************************
+;******** Sektion opsiLoginBlocker **********
+;DefVar $OLB_ServiceConnectionTimeout$
+DefVar $OLB_LogLevel$
+DefVar $OLB_LoginBlockerStart$
+DefVar $OLB_LoginBlockerTimeoutConnect$
+;DefVar $OLB_LoginBlockerTimeoutInstall$
+;opsiServiceType=0 (default), 1 (prelogin.exe/pcptch.exe), 2 (opsiclientd)
+DefVar $OLB_opsiServiceType$
+;******** Sektion preloginloader **********
+DefVar $PLG_BaseDir$
+DefVar $PLG_CfgDir$
+DefVar $PLG_DebugOutput$
+DefVar $PLG_PcptchExe$
+DefVar $PLG_RebootOnBootmodeReins$
+DefVar $PLG_RebootOnServicePackChange$
+DefVar $PLG_RunWithUser$
+DefVar $PLG_RunWithUserDelay$
+DefVar $PLG_RunWithUserPassword$
+DefVar $PLG_RunWithUserReboot$
+DefVar $PLG_RunWithUserTask$
+DefVar $PLG_RunWithUserTaskParms$
+DefVar $PLG_RunWithUserUsername$
+DefVar $PLG_UtilsDir$
+DefVar $PLG_WinstRegKey$
+DefVar $PLG_RunServiceAs$
+DefVar $PLG_RunServiceAsDom$
+DefVar $PLG_RunServiceAsUsr$
+DefVar $PLG_RunServiceAsPas$
+;******** Sektion shareinfo **********
+DefVar $SHI_pckey_file$
+DefVar $SHI_user$
+DefVar $SHI_smbusername1$
+DefVar $SHI_try_secondary_user$
+;******** Sektion pcptch **********
+DefVar $PCP_Bitmap1$
+DefVar $PCP_Bitmap2$
+DefVar $PCP_button_stopnetworking$
+DefVar $PCP_copyDefaultUser$
+DefVar $PCP_label1$
+DefVar $PCP_label2$
+DefVar $PCP_loadBitmap$
+DefVar $PCP_makeLocalCopyOfIniFile$
+DefVar $PCP_makeLocalWinst$
+DefVar $PCP_mountdrive$
+DefVar $PCP_opsiServiceURL$
+DefVar $PCP_patchleveltyp$
+DefVar $PCP_pcprotoname$
+DefVar $PCP_opsiServerType$
+DefVar $PCP_winstLocalDirectory$
+DefVar $PCP_SecsUntilConnectionTimeOut$
+DefVar $PCP_pingcheck$
+;******** Sektionen Ende **********
+;*********************************************************
+; static initial values for variables
+;*********************************************************
+Set $INST_Debug$ = "off"
+Set $INST_AktGina$ = ""
+set $INST_service_hidden_password$ =""
+Set $INST_AllowReboot$ = "true"
+Set $INST_BaseDir$   = "%ProgramFilesDir%\opsi.org\opsi-client-agent"
+Set $INST_OpsiclientdDir$   = $INST_BaseDir$+"\opsiclientd"
+Set $INST_OpsiUtilitiesdDir$   = $INST_BaseDir$+"\utilities"
+Set $INST_Cfgini$ = "%ScriptPath%\cfg\config.ini"
+Set $INST_DepotServer$ = ""
+Set $INST_IPAddress$ = ""
+Set $INST_ImmediateRebootFlag$ = ""
+Set $INST_MAC$ = ""
+Set $INST_NetBootProductname$ = ""
+Set $INST_NicIndex$ = ""
+Set $INST_NotifierDir$ = $INST_BaseDir$+"\notifier"
+Set $INST_OpensslConfigFile$ = "c:\tmp\opsiclientd.cnf"
+Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"\opsiclientd.pem"
+Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+"\opsiclientd.conf"
+Set $INST_OpsiclientdRPCDir$ = $INST_BaseDir$+"\opsiclientd_rpc"
+Set $INST_ActionProcessorStarterDir$ = $INST_BaseDir$+"\action_processor_starter"
+Set $INST_Pcname$ = EnvVar ("COMPUTERNAME")
+Set $INST_RebootFlag$ = ""
+Set $INST_Service_Password$ = "pcpatch"
+Set $INST_Service_User$ = "pcpatch"
+;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.3.0\SetACL 2.3.0\Command line version\x86"
+; The setacl.exe 2.3.0 hangs some times
+Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$
+;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
+Set $INST_Sysconfini$ = "%ScriptPath%\cfg\sysconf.ini"
+Set $INST_SystemType$ = GetSystemType
+Set $INST_WinstDir$   = $INST_BaseDir$+"\opsi-winst"
+Set $INST_WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst"
+set $INST_gina_to_chain$ = "msgina.dll"
+Set $INST_preloginvistaInstalled$ = 'false'
+set $INST_preloginloaderInstalled$ = 'false'
+if $INST_debug$ = "off"
+	set $INST_DefaultLoglevel$ = "7"
+	Set $INST_PasswdLogLevel$="7"
+else
+	set $INST_DefaultLoglevel$ = "6"
+	comment " set $INST_PasswdLogLevel$ to 2 for production"
+	Set $INST_PasswdLogLevel$="2"
+endif
+set $ProductVersion$ = "%installingProdVersion%"
+set $OCD_OpsiVarDir$ = "c:\opsi.org"
+set $INST_uac_level$ = "2"
+set $INST_create_software_on_demand_menue_entry$ = "true"
+set $INST_sophos$ = "0"
+set $INST_DATEV$ = "0"
+SetLogLevel=$INST_DefaultLoglevel$
+;******** Sektion general **********
+Set $GEN_bootmode$    = "BKSTD"
+;******** Sektion opsiclientd **********
+Set $OCD_config_service.url$         = ""
+set $OCD_config_service.connection_timeout$ = "10"
+Set $OLB_LoginBlockerStart$          = "1"
+Set $OLB_LoginBlockerTimeoutConnect$ = "120"
+;Set $OLB_LoginBlockerTimeoutInstall$ = "180"
+Set $OLB_opsiServiceType$            = "2"
+;******** Sektion prelogin **********
+Set $PLG_UtilsDir$ = $INST_BaseDir$+"\prelogin"
+;******** Sektion preloginloader **********
+Set $PLG_BaseDir$                    = $INST_BaseDir$
+Set $PLG_UtilsDir$                   = $PLG_BaseDir$+"\prelogin"
+Set $PLG_CfgDir$                     = $PLG_BaseDir$+"\cfg"
+Set $PLG_DebugOutput$                = "0"
+Set $PLG_PcptchExe$                  = $PLG_UtilsDir$+"\pcptch.exe"
+Set $PLG_RebootOnBootmodeReins$      = "1"
+Set $PLG_RebootOnServicePackChange$  = "1"
+Set $PLG_RunWithUser$                = "0"
+Set $PLG_RunWithUserDelay$           = "1000"
+Set $PLG_RunWithUserPassword$        = ""
+Set $PLG_RunWithUserReboot$          = "0"
+Set $PLG_RunWithUserTask$            = ""
+Set $PLG_RunWithUserTaskParms$       = ""
+Set $PLG_RunWithUserUsername$        = "pcpatch"
+Set $PLG_WinstRegKey$                = "SOFTWARE\opsi.org\winst"
+Set $PLG_RunServiceAs$               = "1"
+Set $PLG_RunServiceAsDom$            = ""
+Set $PLG_RunServiceAsUsr$            = ""
+Set $PLG_RunServiceAsPas$            = ""
+;******** Sektion shareinfo **********
+Set $SHI_pckey$       = ""
+Set $SHI_pckey_file$  = $PLG_CfgDir$+"\locked.cfg"
+Set $SHI_user$        = ""
+Set $SHI_smbusername1$= ""
+Set $SHI_try_secondary_user$="0"
+;******** Sektion pcptch **********
+Set $PCP_Bitmap1$                = ""
+Set $PCP_Bitmap2$                = ""
+Set $PCP_button_stopnetworking$  = ""
+Set $PCP_copyDefaultUser$        = ""
+Set $PCP_label1$                 = ""
+Set $PCP_label2$                 = ""
+Set $PCP_loadBitmap$             = ""
+Set $PCP_makeLocalCopyOfIniFile$ = ""
+Set $PCP_makeLocalWinst$         = ""
+Set $PCP_mountdrive$             = ""
+Set $PCP_opsiServiceURL$ 	  = ""
+Set $PCP_patchleveltyp$          = ""
+Set $PCP_pcprotoname$            = ""
+Set $PCP_opsiServerType$ 		  = "service"
+Set $PCP_winstLocalDirectory$    = $INST_WinstDir$
+Set $PCP_SecsUntilConnectionTimeOut$ = "180"
+Set $PCP_pingcheck$		= ""
+;******** Sektionen Ende **********
+;*********************************************************
+; Let's work
+;*********************************************************
+set $INST_OS$ = GetOS
+set $INST_MinorOS$ = GetNTVersion
+set $INST_NTVersion$ = GetMsVersionInfo
+set $INST_Resultlist$ = getMSVersionMap
+set $INST_ProductType$ = getValue("product_type_nr",$INST_Resultlist$)
+set $INST_vcredistx86_installed$ = "false"
+if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] DisplayVersion") = "9.0.30729.4148"
+	comment "vcredistx86 Version 9.0.30729.4148 is installed"
+	set $INST_vcredistx86_installed$ = "true"
+endif
+if GetRegistryStringValue("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}] DisplayVersion") = "9.0.21022"
+	comment "vcredistx86 Version 9.0.21022 is installed"
+	set $INST_vcredistx86_installed$ = "true"
+endif
+if $INST_NTVersion$ <= "4"
+	logError "Installation aborted: wrong OS version: only win2k and above alowed"
+	isFatalError
+endif
+if not (HasMinimumSpace ("%systemdrive%", "10 MB"))
+	logError "Not enough space on drive %systemdrive% (we need 10 MB): Aborting"
+	isFatalError
+endif
+;if ($INST_NTVersion$ = "6.1") and ($INST_ProductType$ > "1") and ($INST_SystemType$ = "64 Bit System") and ($INST_vcredistx86_installed$ = "false")
+;	LogError "we are on 2008r2 and vcredist is not installed - please install vcredist32 manually before installing opsi-client-agent"
+;	isFatalError
+;	;;;DosInAnIcon_open_winsxs
+;endif
+if $INST_vcredistx86_installed$ = "false"
+	comment "vc_redist not found - install it"
+		comment "install via msi"
+		ExecWith_autoit_vc_redist "%SCRIPTPATH%\autoit3.exe" WINST /letThemGo /EscapeStrings
+		Winbatch_vc_redist_msi
+		Sub_check_exitcode
+		killtask "autoit3.exe"
+endif
+;*********************************************************
+comment "set mode"
+;*********************************************************
+Set $INST_Paramstr$=PARAMSTR
+set $INST_ParamstrList$ = splitstring($INST_Paramstr$, ":")
+comment "Modus normally set by commandline argument"
+Set $INST_MODUS$=takestring(0,$INST_ParamstrList$)
+Set $INST_SubModus$=takestring(1,$INST_ParamstrList$)
+Set $INST_tmpstr$ = takestring(2,$INST_ParamstrList$)
+if lower(trim($INST_tmpstr$)) = "noreboot"
+	Set $INST_AllowReboot$ = "false"
+else
+	if lower(trim($INST_tmpstr$)) = "reboot"
+		Set $INST_AllowReboot$ = "true"
+	endif
+endif
+;**************************************************************************************************
+; at this point, we can add the additional parameters for customizing the installation
+; here we patch the domain and the opsi-server-url
+; so , in this case we can installed any client in a multi-domain and multi-server-environment
+;**************************************************************************************************
+Set $OCD_config_service.url$ = takestring(3,$INST_ParamstrList$)
+Set $OCD_Domain$ = takestring(4,$INST_ParamstrList$)
+; *************************************************************************************************
+comment "old Modes are remaped for backward compatibility"
+if $INST_MODUS$ = "LOCAL"
+	Set $INST_MODUS$="INSTALL"
+endif
+if $INST_MODUS$ = "LOCAL_REINSTALL"
+	Set $INST_MODUS$="INSTALL"
+endif
+if $INST_MODUS$ = "SERVICE_INTERACTIVE"
+	Set $INST_MODUS$="INSTALL"
+	Set $INST_SubModus$="CREATE_CLIENT"
+endif
+if $INST_MODUS$ = "TFTP"
+	Set $INST_MODUS$="INSTALL"
+	Set $INST_SubModus$="BOOTIMAGE"
+endif
+comment "default submode of INSTALL is CONFIG_INI"
+if $INST_MODUS$ = "INSTALL"
+	if $INST_SubModus$ = ""
+		Set $INST_SubModus$="CONFIG_INI"
+	endif
+endif
+comment "map Mode REMOTEDEPLOY"
+if $INST_MODUS$ = "REMOTEDEPLOY"
+	Set $INST_MODUS$="INSTALL"
+	Set $INST_SubModus$="CONFIG_INI"
+	Set $INST_AllowReboot$ = "false"
+endif
+comment "if no commandline argument we default to update"
+if $INST_MODUS$ = ""
+	Set $INST_MODUS$="UPDATE"
+endif
+;if ($INST_MODUS$ = "UPDATE")
+;	if GetProductProperty("forceConfigurationUpdate","off") = "on"
+;		Set $INST_MODUS$="INSTALL"
+;	endif
+;endif
+if $INST_SubModus$ = "BOOTIMAGE"
+	comment "do not reboot in BOOTIMAGE mode because:"
+	comment "    opsi-client-agent installation is part of the postinst.d mechanism"
+	comment "    if the machine reboots no script will run after the opsi-client-agent script"
+	Set $INST_AllowReboot$ = "false"
+else
+	Set $INST_AllowReboot$ = GetProductProperty("allow_reboot", $INST_AllowReboot$)
+endif
+sub_read_configuration
+sub_copy_files
+sub_write_configuration
+sub_set_installation_status
+comment "changing/customizing the UI to ********* CI "
+; change ******** to customize the loginblocker - UI
+; **********************************************************************************
+sub "%ScriptPath%\Update_sub.ins"
+; **********************************************************************************
+comment "all is done but make a reboot after terminating with the script"
+sub_clean_up
+if ($INST_AllowReboot$ = "true")
+	ExitWindows /Reboot
+endif
+;******************************End main action***************************************
+;*********************************************************************
+;*********************************************************************
+[DosInAnIcon_open_winsxs]
+takeown /r /f c:\windows\winsxs
+"%SCRIPTPATH%\xcacls" c:\windows\winsxs /t /e /g %USERNAME%:F /y
+move C:\windows\winsxs\pending.xml C:\windows\winsxs\pending.xml.orig
+;*****************************start of main sub sections ****************************************
+;***************************read configuration***************************************
+[sub_read_configuration]
+comment "get installed gina"
+; *** delete the reading processes from the main file and outsourcing in a sub process *********
+sub "%ScriptPath%\Read_Gina.ins"
+; **********************************************************************************************
+Set $GEN_bootmode$    	 = GetValueFromInifile($INST_cfgini$, "general", "bootmode", $GEN_bootmode$)
+comment "Getting dns domain from config file"
+Set $INST_DnsDomainName$ = GetValueFromInifile($INST_cfgini$, "general", "dnsdomain", $INST_DnsDomainName$)
+if ($INST_DnsDomainName$ = "")
+	comment "Failed to get dns from config file, trying dns domain from wmic"
+	Set $INST_ResultList$ = getOutStreamFromSection("DosInAnIcon_getDnsByWmic")
+	Set $INST_DnsDomainName$ = TakeString(1,splitString(TakeString(0,$INST_ResultList$),"="))
+endif
+; dont log the pckey
+SetLogLevel=$INST_PasswdLogLevel$
+Set $SHI_pckey$ = GetValueFromInifile($INST_cfgini$, "shareinfo", "pckey", "")
+; start logging again
+SetLogLevel=$INST_DefaultLoglevel$
+Set $OCD_global.log_level$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "global.log_level", $OCD_global.log_level$)
+Set $OCD_config_service.url$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", $OCD_config_service.url$)
+Set $OCD_config_service.connection_timeout$ = GetValueFromInifile($INST_cfgini$, "opsiclientd", "config_service.connection_timeout", $OCD_config_service.connection_timeout$)
+Set $OCD_control_server.port$ 		    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "control_server.port", $OCD_control_server.port$)
+Set $OCD_notification_server.port$ 	    = GetValueFromInifile($INST_cfgini$, "opsiclientd", "notification_server.port", $OCD_notification_server.port$)
+Set $OCD_open_firewall_for_control_server$  = GetValueFromInifile($INST_cfgini$, "opsiclientd", "open_firewall_for_control_server", $OCD_open_firewall_for_control_server$)
+Set $OLB_LogLevel$ 			    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LogLevel", $OLB_LogLevel$)
+Set $OLB_LoginBlockerStart$          	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerStart", $OLB_LoginBlockerStart$)
+Set $OLB_LoginBlockerTimeoutConnect$	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutConnect", $OLB_LoginBlockerTimeoutConnect$)
+;Set $OLB_ServiceConnectionTimeout$ 	    = $OLB_LoginBlockerTimeoutConnect$
+;Set $OLB_LoginBlockerTimeoutInstall$	    = GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "LoginBlockerTimeoutInstall", $OLB_LoginBlockerTimeoutInstall$)
+;Set $OLB_opsiServiceType$	             GetValueFromInifile($INST_cfgini$, "opsiLoginBlocker", "opsiServiceType", "")
+; change value given by config.ini only if property present
+if GetProductProperty ("LoginBlockerStart","") = "on"
+	Set $OLB_LoginBlockerStart$ = "1"
+endif
+if GetProductProperty ("LoginBlockerStart","") = "off"
+	Set $OLB_LoginBlockerStart$ = "0"
+endif
+Set $INST_Service_User$          	= GetValueFromInifile($INST_cfgini$, "installation", "service_user", $INST_Service_User$)
+Set $INST_Service_Password$      	= GetValueFromInifile($INST_cfgini$, "installation", "service_password", $INST_Service_Password$)
+Set $INST_service_hidden_password$      	= GetValueFromInifile($INST_cfgini$, "installation", "service_hidden_password", $INST_service_hidden_password$)
+if not ($INST_service_hidden_password$ = "")
+	SetLogLevel=$INST_PasswdLogLevel$
+	Set $INST_Service_Password$ = base64DecodeStr($INST_service_hidden_password$)
+	SetLogLevel=$INST_DefaultLoglevel$
+endif
+; ******* sysconfini wird bei PXE-basierter Grundinstallation vom Bootimage angelegt.
+if (FileExists ($INST_sysconfini$))
+	DefVar $DepotUrl$
+	Set $INST_NetBootProductname$ = GetValueFromInifile($INST_sysconfini$, "general", "productid", $INST_NetBootProductname$)
+	Set $INST_pcname$             = GetValueFromInifile($INST_sysconfini$, "general", "pcname", $INST_pcname$)
+	Set $INST_DnsDomainName$      = GetValueFromInifile($INST_sysconfini$, "general", "dnsdomain", $INST_DnsDomainName$)
+	Set $DepotUrl$                = GetValueFromInifile($INST_sysconfini$, "general", "depoturl", $DepotUrl$)
+	set $INST_DepotServer$ = takeString(2,splitString($DepotUrl$,"/"))
+endif
+if $INST_pcname$ = ""
+	set $INST_pcname$ = %pcname%
+endif
+Set $INST_pcname$ = lower($INST_pcname$)
+if not ($INST_DnsDomainName$ = "")
+	Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
+endif
+if $GEN_bootmode$ = ""
+	Set $GEN_bootmode$ = "BKSTD"
+endif
+if $INST_Modus$ = "INSTALL"
+	if $INST_SubModus$ = "BOOTIMAGE"
+		Set $GEN_bootmode$    = "REINS"
+	endif ; BOOTIMAGE
+	if $INST_SubModus$ = "CREATE_CLIENT"
+		sub_sub_create_client
+	endif ; CREATE_CLIENT
+endif ; INSTALL
+if (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
+	; dont log the pckey
+	SetLogLevel=$INST_PasswdLogLevel$
+	if FileExists ($INST_OpsiclientdConf$)
+		Set $SHI_pckey$       = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "opsi_host_key", $SHI_pckey$)
+		Set $INST_ClientId$   = GetvalueFromInifile($INST_OpsiclientdConf$, "global", "host_id", $INST_ClientId$)
+		Set $INST_pcname$     = TakeString(0,SplitString($INST_ClientId$,"."))
+	else
+		if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf")
+			Set $SHI_pckey$       = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "opsi_host_key", $SHI_pckey$)
+			Set $INST_ClientId$   = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\opsiclientd\opsiclientd.conf", "global", "host_id", $INST_ClientId$)
+			Set $INST_pcname$     = TakeString(0,SplitString($INST_ClientId$,"."))
+		else
+			if FileExists ($INST_BaseDir$+"\cfg\locked.cfg")
+				Set $SHI_pckey$       = GetvalueFromInifile($INST_BaseDir$+"\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
+			else
+				if FileExists ("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg")
+					Set $SHI_pckey$       = GetvalueFromInifile("%ProgramFilesDir%\opsi.org\preloginloader\cfg\locked.cfg", "shareinfo", "pckey", $SHI_pckey$)
+				else
+					SetLogLevel=$INST_DefaultLoglevel$
+					logError "pckey not found - please reinstall opsi-client-agent"
+					isFatalError
+				endif
+			endif
+		endif
+	endif
+	; start logging again
+	SetLogLevel=$INST_DefaultLoglevel$
+endif
+set $INST_uac_level$ = GetProductProperty ("UAC_level", $INST_uac_level$)
+set $INST_create_software_on_demand_menue_entry$ = GetProductProperty ("create_software_on_demand_menue_entry", $INST_create_software_on_demand_menue_entry$)
+if $INST_MAC$ = ""
+	sub_sub_try_to_get_my_mac
+endif
+if ($INST_DepotServer$ = "")
+	sub_sub_get_depot_netbiosname
+endif
+sub_sub_read_preloginvista_installation_state
+sub_sub_read_preloginloader_installation_state
+; show what we have
+comment "$INST_AllowReboot$ -> "+               $INST_AllowReboot$
+comment "$INST_BaseDir$ -> "+                   $INST_BaseDir$
+comment "$INST_Cfgini$ -> "+                    $INST_Cfgini$
+comment "$INST_ClientExists$ -> "+              $INST_ClientExists$
+comment "$INST_ClientId$ -> "+                  $INST_ClientId$
+comment "$INST_ComputerName$ -> "+              $INST_ComputerName$
+comment "$INST_Debug$ -> "+                     $INST_Debug$
+comment "$INST_DepotServer$ -> "+               $INST_DepotServer$
+comment "$INST_DnsDomainName$ -> "+             $INST_DnsDomainName$
+comment "$INST_IPAddress$ -> "+                 $INST_IPAddress$
+comment "$INST_ImmediateRebootFlag$ -> "+       $INST_ImmediateRebootFlag$
+comment "$INST_MAC$ -> "+                       $INST_MAC$
+comment "$INST_MinorOS$ -> "+                   $INST_MinorOS$
+comment "$INST_Modus$ -> "+                     $INST_Modus$
+comment "$INST_NetBootProductname$ -> "+        $INST_NetBootProductname$
+comment "$INST_NicIndex$ -> "+                  $INST_NicIndex$
+comment "$INST_NotifierDir$ -> "+               $INST_NotifierDir$
+comment "$INST_NTVersion$ -> "+                 $INST_NTVersion$
+comment "$INST_ProductType$ -> "+               $INST_ProductType$
+comment "$INST_OS$ -> "+                        $INST_OS$
+comment "$INST_OpensslConfigFile$ -> "+         $INST_OpensslConfigFile$
+comment "$INST_OpsiClientdCertificateFile$ -> "+$INST_OpsiClientdCertificateFile$
+comment "$INST_OpsiclientdDir$ -> "+            $INST_OpsiclientdDir$
+comment "$INST_OpsiclientdConf$ -> "+           $INST_OpsiclientdConf$
+comment "$INST_OpsiclientdRPCDir$ -> "+         $INST_OpsiclientdRPCDir$
+comment "$INST_ActionProcessorStarterDir$ -> "+ $INST_ActionProcessorStarterDir$
+comment "$INST_Paramstr$ -> "+                  $INST_Paramstr$
+comment "$INST_Pcname$ -> "+                    $INST_Pcname$
+comment "$INST_RebootFlag$ -> "+                $INST_RebootFlag$
+comment "$INST_Result$ -> "+                    $INST_Result$
+comment "$INST_SYSTEMDRIVE$ -> "+               $INST_SYSTEMDRIVE$
+comment "$INST_SYSTEMROOT$ -> "+                $INST_SYSTEMROOT$
+comment "$INST_SYSTEMSYS$ -> "+                 $INST_SYSTEMSYS$
+comment "$INST_ServiceName$ -> "+               $INST_ServiceName$
+comment "$INST_Service_User$ -> "+              $INST_Service_User$
+comment "$INST_service_hidden_password$ -> "+   $INST_service_hidden_password$
+if not ($INST_service_hidden_password$ = "")
+	SetLogLevel=$INST_PasswdLogLevel$
+	comment "$INST_Service_Password$ -> "+          $INST_Service_Password$
+	SetLogLevel=$INST_DefaultLoglevel$
+endif
+comment "$INST_ShortServiceUrl$ -> "+           $INST_ShortServiceUrl$
+comment "$INST_SubModus$ -> "+                  $INST_SubModus$
+comment "$INST_Sysconfini$ -> "+                $INST_Sysconfini$
+comment "$INST_SystemType$ -> "+                $INST_SystemType$
+comment "$INST_WinstDir$ -> "+                  $INST_WinstDir$
+comment "$INST_WinstRegKey$ -> "+               $INST_WinstRegKey$
+comment "$INST_AktGina$ -> "+                   $INST_AktGina$
+comment "$INST_gina_to_chain$ -> "+             $INST_gina_to_chain$
+comment "$INST_preloginvistaInstalled$ -> "+    $INST_preloginvistaInstalled$
+comment "$INST_preloginloaderInstalled$ -> "+   $INST_preloginloaderInstalled$
+comment "$INST_vcredistx86_installed$ -> "+     $INST_vcredistx86_installed$
+comment "$INST_uac_level$ -> "+                 $INST_uac_level$
+comment "$INST_create_software_on_demand_menue_entry$ -> "+  $INST_create_software_on_demand_menue_entry$
+;******** Sektion general **********
+comment "$GEN_bootmode$ -> "+                   $GEN_bootmode$
+;******** Sektion shareinfo **********
+if  ($INST_debug$ = "on")
+	comment "$SHI_pckey$ -> "+$SHI_pckey$
+endif
+;******** Sektion opsiclientd **********
+comment "$OCD_global.log_level$ -> "+                   $OCD_global.log_level$
+comment "$OCD_config_service.url$ -> "+                 $OCD_config_service.url$
+comment "$OCD_config_service.connection_timeout$ -> "+  $OCD_config_service.connection_timeout$
+comment "$OCD_control_server.port$ -> "+                $OCD_control_server.port$
+comment "$OCD_open_firewall_for_control_server$ -> "+   $OCD_open_firewall_for_control_server$
+comment "$OCD_notification_server.port$ -> "+           $OCD_notification_server.port$
+;******** Sektion opsiLoginBlocker **********
+;comment "$OLB_ServiceConnectionTimeout$ -> "+           $OLB_ServiceConnectionTimeout$
+comment "$OLB_LogLevel$ -> "+                           $OLB_LogLevel$
+comment "$OLB_LoginBlockerStart$ -> "+                  $OLB_LoginBlockerStart$
+comment "$OLB_LoginBlockerTimeoutConnect$ -> "+         $OLB_LoginBlockerTimeoutConnect$
+;comment "$OLB_LoginBlockerTimeoutInstall$ -> "+         $OLB_LoginBlockerTimeoutInstall$
+comment "$OLB_opsiServiceType$ -> "+                    $OLB_opsiServiceType$
+;******** Sektion prelogin **********
+comment "$PLG_UtilsDir$ -> "+                           $PLG_UtilsDir$
+;*********************************************************************
+[sub_sub_create_client]
+if ($OCD_config_service.url$ = "")
+	set $OCD_config_service.url$ = "https://<opsiserver>:4447"
+endif
+comment "Connect to service....."
+markErrorNumber
+opsiservicecall_authenticated
+if errorsOccuredSinceMark > 0
+	set $INST_error$ = "true"
+	comment "was not authenticated -> retry scripted login by default user/password"
+else
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
+endif
+if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
+	comment "was not authenticated as admin-> retry scripted login by default user/password"
+	markErrorNumber
+	set $INST_error$ = "false"
+	SetLogLevel=$INST_PasswdLogLevel$
+	opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
+	SetLogLevel=$INST_DefaultLoglevel$
+	if errorsOccuredSinceMark > 0
+		set $INST_error$ = "true"
+		comment "scripted login by default user/password failed -> retry interactive"
+	else
+		markErrorNumber
+		Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
+		if errorsOccuredSinceMark > 0
+			set $INST_error$ = "true"
+			comment "check for user is admin failed failed -> retry interactive"
+		endif
+	endif
+	if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
+		set $INST_error$ = "false"
+		;markErrorNumber
+		SetLogLevel=$INST_PasswdLogLevel$
+		opsiservicecall_authenticated /interactive /serviceurl $OCD_config_service.url$
+		SetLogLevel=$INST_DefaultLoglevel$
+		; we don't check for errors because /interactive loops at wrong logins
+		; and increment errors
+		;if errorsOccuredSinceMark > 0
+		;  set $INST_error$ = "true"
+		;  comment "interactive login by default user/password failed -> retry interactive"
+		;else
+		;  Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
+		;endif
+		markErrorNumber
+		Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_UserIsAdmin')
+		if errorsOccuredSinceMark > 0
+			set $INST_error$ = "true"
+			comment "check for user is admin failed failed -> abort"
+		endif
+		if (takeString(0,$INST_ServiceResult$) = "false") or ($INST_error$ = "true")
+			logerror "No admin login"
+			pause "Error: No admin login - exiting"
+			isFatalError
+		endif
+	else
+		;comment "logged in as admin"
+	endif
+endif
+comment "logged in as admin"
+comment "get MAC and IP for Service connection"
+sub_sub_try_to_get_my_mac
+if ($INST_DnsDomainName$ = "")
+    comment "*** Get domain ***"
+    Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDomain')
+    Set $INST_DnsDomainName$ = takestring(0, $INST_ServiceResult$)
+endif
+comment "*** does the client exist? ***"
+Set $INST_pcname$ = lower($INST_pcname$)
+Set $INST_ClientId$ = $INST_pcname$ + "." + $INST_DnsDomainName$
+if ("" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getClientIds_list'), $INST_ClientId$))
+	 comment "*** Create client ***"
+	 Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
+endif
+; *** Get active service url ***
+Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkconfig_hash')
+set $OCD_config_service.url$ = takestring(1, splitString(takeFirstStringContaining($INST_ServiceResult$,"nextBootServiceURL"), '='))
+if $OCD_config_service.url$ = ""
+	Set $OCD_config_service.url$ = GetvalueFromInifile($INST_cfgini$, "opsiclientd", "config_service.url", "")
+endif
+; *** Get hostkey1 ***
+	SetLogLevel=$INST_PasswdLogLevel$
+markErrorNumber
+Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
+Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
+SetLogLevel=$INST_DefaultLoglevel$
+if errorsOccuredSinceMark > 0
+	; *** Get hostkey1 ***
+	SetLogLevel=$INST_PasswdLogLevel$
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_createClient')
+	markErrorNumber
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getOpsiHostKey')
+	if errorsOccuredSinceMark > 0
+		LogError "Could not get hostkey - aborting"
+		Pause "Could not get hostkey - aborting"
+		isFatalError
+	else
+		Set $SHI_pckey$ = takestring(0, $INST_ServiceResult$)
+		SetLogLevel=$INST_DefaultLoglevel$
+	endif
+endif
+;********************** end read configuration ******************************
+;***************************copy files***************************************
+[sub_copy_files]
+DosInAnIcon_Stop_Preloginloader_Service
+Registry_DeletePreloginloader
+if ($INST_Modus$ = "INSTALL")
+	comment "clean all up"
+	if FileExists($INST_BaseDir$+"\")
+		comment "Stopping and removing existing services...."
+		DosInAnIcon_Stop_opsiclientd_Service
+		DosInAnIcon_unregister_opsiclientd_service
+		Registry_DeleteOpsiclientd
+		comment "Deleting old files...."
+		Files_Delete_OCA_BaseDir
+	endif
+endif ; INSTALL
+markErrorNumber
+Files_copy_winst
+Files_copy_uninst
+if errorsOccuredSinceMark > 0
+	comment "copy failed - let us abort"
+	logerror "Copy of files are failed -exiting"
+	pause "Error: Copy of files are failed - Try again after reboot - aborting"
+	isFatalError
+endif
+if ($INST_SystemType$ = "64 Bit System") and ($INST_NTVersion$ < "6")
+	comment "we need vc_redist X64 at xp64 and 2003x64 to run the loginblocker"
+	Winbatch_vc_redist_exe_64
+	;Sub_check_exitcode
+	comment "Test for installation success via exit code"
+	set $INST_ExitCode$ = getLastExitCode
+	if not (($INST_ExitCode$ = "0") or ($INST_ExitCode$ = "1603"))
+		comment "installation seems to be failed - lets try with msi"
+		Winbatch_vc_redist_msi_64
+		;Sub_check_exitcode
+	endif
+endif
+comment "installing opsiclientd py2exe files and required libraries"
+Files_copy_py2exe
+comment "install openssl ...."
+Files_copy_shining_light_OpenSSL_exe
+;http://innounp.sourceforge.net/
+DosInAnIcon_shining_light_OpenSSL_unpack
+Files_copy_shining_light_OpenSSL_files
+Registry_shining_light_OpenSSL
+if (FileExists($INST_BaseDir$+"\utils") or FileExists($INST_BaseDir$+"\prelogin"))
+	comment "removing detected old prelogin files..."
+	DosInAnIcon_Stop_Preloginloader_Service
+	Registry_DeletePreloginloader
+	Files_del_utils
+	Files_del_prelogin
+endif
+comment "copying loginblocker"
+if $INST_NTVersion$ >= "6.0"
+	if ($INST_SystemType$ = "64 Bit System")
+		Files_copy_vista_loginblocker_64 /Sysnative
+	else
+		Files_copy_vista_loginblocker_32
+		Files_del_cmd64
+	endif
+endif
+if $INST_NTVersion$ < "6.0"
+	if ($INST_SystemType$ = "64 Bit System")
+		Files_copy_xp_loginblocker_64
+	else
+		if $INST_NTVersion$ = "5.0"
+			Files_copy_xp_loginblocker_win2k
+			;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.2.0\SetACL 2.2.0\Command line version\x86"
+			Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$
+			;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + "\SetACL 2.1.1\SetACL 2.1.1\Command line version\x86"
+		else
+			Files_copy_xp_loginblocker_32
+		endif
+		Files_del_cmd64
+	endif
+endif
+;**************************** end copy files *****************************************
+;***************************write configuration***************************************
+[sub_write_configuration]
+if $INST_Modus$ = "INSTALL"
+	Registry_SetGeneralEntries
+	if ($INST_debug$ = "on")
+		Files_save_config_for_debug
+	endif
+	;if $INST_MinorOS$ = "WinXP"
+	if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
+		if $INST_AktGina$ = ""
+			Registry_SetRemoveMsginaOnDeinst
+		endif
+	endif ; winxp
+endif ; INSTALL
+;*********************************************************
+comment "configurations we do also at update mode"
+;*********************************************************
+comment "uninstall registry entries"
+Registry_SetUninstallEntries
+comment "standard registry entries"
+Registry_SetGeneralEntries
+comment "add registry key for shutdown requests"
+Registry_add_shutdown_key
+comment "make all depotshares trusted for the 32 Bit opsi-client-agent"
+comment "get all depot servers :"
+if $INST_SubModus$ = "BOOTIMAGE"
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$')
+else
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getDepotshares')
+endif
+comment " take the string :"
+set $INST_Result$ = takeString(0, $INST_ServiceResult$)
+comment " remove trailing brackets and quote :"
+set $INST_Result$ = takeString(0, splitstring($INST_Result$,'"]'))
+comment " remove heading brackets and quote :"
+set $INST_Result$ = takeString(1, splitstring($INST_Result$,'["'))
+comment " split servers in to list :"
+set $INST_ResultList$ = splitstring($INST_Result$,'","')
+comment "write all depots to the registry :"
+for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted
+for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted /Sysnative
+comment "get netbiosnames from depots :"
+comment "first clear the resultlist:"
+set $INST_ResultList2$ = getsubList(0:0,$INST_ResultList2$)
+; this is a dirty hack. It is used until we can ask host_getObjects with filter
+; so we assume, that the first part of the fqdn is identical with the netbiosname
+for %depotId% in $INST_ResultList$ do set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
+for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted
+for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted /Sysnative
+comment "tell server my mac address"
+if not ($INST_MAC$ = "")
+	opsiservicecall_setMacAddress
+endif
+comment "Open c:\tmp worldwide writable"
+Files_create_ctmp
+DosInAnIcon_open_ctmp
+comment "create c:\opsi.org"
+Files_create_c_opsiorg
+comment "lock c:\opsi.org -> for administrators only"
+DosInAnIcon_lock_c_opsiorg
+Patches_opsiclientd_conf_rest $INST_OpsiclientdConf$
+if not (($SHI_pckey$ = "") or ($SHI_pckey$ = "#@PCKEY#"))
+	comment "dont log the pckey"
+	SetLogLevel=$INST_PasswdLogLevel$
+	Patches_opsiclientd_conf_key $INST_OpsiclientdConf$
+	comment "start logging again"
+	SetLogLevel=$INST_DefaultLoglevel$
+endif
+Patches_opsiclientd_cnf $INST_opensslConfigFile$
+DosInAnIcon_generate_opsiclientdCertificate
+DosInAnIcon_opsiclientd_register_service_exe
+comment "set start to auto (2) if it was deactivated (4)"
+Registry_ActivateOpsiclientd
+if ($INST_NTVersion$ = "5.0")
+else
+	if ($INST_NTVersion$ = "5.1") or ($INST_NTVersion$ = "5.2")
+	else
+		if ($INST_NTVersion$ >= "6.0")
+		  comment "setting UAC Level to: "+$INST_uac_level$
+			if $INST_uac_level$ = "1"
+				Registry_UAC_on_1 /Sysnative
+			else
+				if $INST_uac_level$ = "2"
+					Registry_UAC_on_2 /Sysnative
+			  else
+			  	if $INST_uac_level$ = "3"
+			  		Registry_UAC_on_3 /Sysnative
+			  	else
+			  		if $INST_uac_level$ = "4"
+			  			Registry_UAC_on_4 /Sysnative
+			  		else
+			  			LogWarning("no or unknown $INST_uac_level$ set: "+$INST_uac_level$)
+			  		endif
+			  	endif
+			  endif
+			endif
+		  ;Registry_UAC_on_special /Sysnative
+			;Registry_UAC_off /Sysnative
+		else
+			LogError "unknown OS: "+$INST_MinorOS$+ " Version: "+$INST_NTVersion$
+		endif
+	endif
+endif
+if $OCD_open_firewall_for_control_server$ = "1"
+	if ($INST_NTVersion$ >= "6.0")
+		DosInAnIcon_open_firewall_for_control_server_nt6
+	else
+		DosInAnIcon_open_firewall_for_control_server
+	endif
+else
+	if ($INST_NTVersion$ >= "6.0")
+		DosInAnIcon_close_firewall_for_control_server_nt6
+	else
+		DosInAnIcon_close_firewall_for_control_server
+	endif
+endif
+;;; comment "enable login logging - needed to detect logins by wmi"
+;;; comment "export the existing policy"
+;;; ;DosInAnIcon_export_security_policy
+;;; comment "patch the exported policy: login monitoring: success,failed"
+;;; ;Patches_secedit_pll "c:\tmp\secedit_pll.ini"
+;;; comment "reimport the patched policy"
+;;; ;DosInAnIcon_enable_login_looging
+;;; DosInAnIcon_auditpol_enable_login_looging
+comment "disable Data Execution Prevention (DEP) for opsiclientd.exe"
+comment "This should be prevent problems on win2003"
+DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy
+Registry_disable_dep_opsiclientd /Sysnative
+comment "make opsiclientd depending ond dhcp and dnscache services"
+Registry_opsiclientd_Service_depend_dhcp_dns
+if ($INST_NTVersion$ >= "6.0")
+	if $OLB_LoginBlockerStart$ = "1"
+		Registry_vista_loginblocker /Sysnative
+	else
+		Registry_vista_del_loginblocker /Sysnative
+	endif
+endif ; win vista
+;if ($INST_MinorOS$ = "WinXP") or ($INST_MinorOS$ = "Win2k")
+if ($INST_NTVersion$ < "6.0")
+	if $OLB_LoginBlockerStart$ = "1"
+		Registry_opsigina_opsi_Config /Sysnative
+		Registry_set_loginblocker_start /Sysnative
+	else
+		Registry_set_loginblocker_start /Sysnative
+	endif ; loginblocker start
+	if ($INST_SystemType$ = "64 Bit System")
+		winbatch_test_opsigina_64
+	else
+		winbatch_test_opsigina_32
+	endif
+	set $INST_ExitCode$ = getLastExitCode
+	if $INST_ExitCode$ = "0"
+		comment "opsigina test passed - install it"
+; *** changed to implement the SOPHOS SafeGuard Engine and DATEV (for ITL) **************
+		sub "%ScriptPath%\write_Gina.ins"
+; ***************************************************************************************
+	else
+		LogError "opsigina test failed, so we don't install it. Test Exitcode was: " + $INST_ExitCode$
+	endif
+endif ; winXP
+comment "protect opsi-clientagent against non administrative manipulations"
+DosInAnIcon_lock_opsiclientagent
+;comment "do the lock on every installation"
+;DosInAnIcon_lock_opsiclientd_conf
+if $INST_create_software_on_demand_menue_entry$ = "true"
+	opsiservicecall_setOption_addConfigStateDefaults_true
+	Set $INST_ResultList$ = getReturnListFromSection('opsiservicecall_get_configState_software-on-demand.active')
+	if (TakeString(0,SplitString(TakeString(1,SplitString(TakeString(0,$INST_ResultList$), '"values":[')), ']')) = "true")
+		LinkFolder_install_softwareOnDemand
+	endif
+else
+	LinkFolder_uninstall_softwareOnDemand
+endif
+;*****************************end write configuration****************************************
+;*****************************clean up****************************************
+[sub_clean_up]
+if fileExists("c:\tmp\opsi")
+ Files_Delete_ctmpopsi
+endif
+if fileExists("c:\tmp\opsi-client-agent")
+ Files_Delete_ctmpopsi-client-agent
+endif
+if fileExists("c:\tmp\python")
+ Files_Delete_ctmppython
+endif
+Files_del_utils
+if FileExists("%ProgramFilesDir%\opsi.org\preloginloader\")
+	Files_Delete_PLG_BaseDir
+endif
+if fileExists("c:\tmp\ssl_tmp")
+ Files_Delete_ctmpssl
+endif
+Files_redist_cleanup
+;***********************
+[Files_Delete_ctmpopsi]
+delete -s -f "c:\tmp\opsi\"
+[Files_Delete_ctmpssl]
+delete -s -f "C:\tmp\ssl_tmp\"
+[Files_Delete_ctmppython]
+delete -s -f "c:\tmp\python\"
+[Files_Delete_ctmpopsi-client-agent]
+delete -s -f "c:\tmp\opsi-client-agent\"
+[Files_del_utils]
+delete -s -f "$INST_BaseDir$\utils\"
+[Files_del_prelogin]
+delete -s -f "$INST_BaseDir$\prelogin\"
+[Files_redist_cleanup]
+delete c:\eula*.*
+delete c:\install*.*
+delete c:\vc_red.*
+delete c:\vcredist.bmp
+delete c:\.rnd
+delete c:\globdata.ini
+delete d:\eula*.*
+delete d:\install*.*
+delete d:\vc_red.*
+delete d:\vcredist.bmp
+delete d:\.rnd
+delete d:\globdata.ini
+;*****************************end clean up****************************************
+;**************************** end of main sub sections*****************************************
+;*********************************************************************
+;*********************************************************************
+;*************************** basic sections******************************************
+[Files_copy_winst]
+; do not use -V because it leads to broken winst on downgrade
+copy -sc "%SCRIPTPATH%\opsi-winst\*.*" "$INST_WinstDir$"
+copy -sVc "%SCRIPTPATH%\utilities\*.*" "$INST_BaseDir$\utilities\"
+[Files_copy_uninst]
+copy -sVc "%SCRIPTPATH%\uninst\*.*" "$INST_BaseDir$\uninst\"
+[Files_Delete_OCA_BaseDir]
+delete -sf "$INST_BaseDir$\"
+[Files_Delete_PLG_BaseDir]
+delete -sf "%ProgramFilesDir%\opsi.org\preloginloader\"
+[Registry_SetGeneralEntries]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\general]
+Set "opsiconf"=REG_DWORD:1
+Set "configlocal"=REG_DWORD:0
+Set "bootmode" = "$GEN_bootmode$"
+[Registry_SetUninstallEntries]
+deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-preloginloader]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-client-agent]
+set "DisplayName" = "opsi-client-agent"
+set "DisplayVersion" = "$ProductVersion$"
+set "DisplayIcon" = "$INST_WinstDir$\winst32.exe"
+set "DisplayPublisher" = "uib gmbh, Mainz, Germany"
+set "UninstallString" = '"$INST_WinstDir$\winst32.exe" /batch "$INST_BaseDir$\uninst\uninstall.ins" "c:\tmp\deinstall_opsi-client-agent.log" /PARAMETER DEINSTALL'
+set "URLInfoAbout" = "http://opsi.org"
+set "HelpLink" = "http://www.opsi.org/support/"
+[DosInAnIcon_lock_opsiclientagent]
+rem see http://setacl.sourceforge.net/
+rem set rights for the base dir
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
+rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
+rem remove users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem remove power users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
+rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
+rem set the complete dir full access for admin and (read and execute) only for user
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem revoke users access for configuration file (opsi-hostkey)
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem revoke users access for uninst
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\uninst" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem revoke users access for utilities
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem "$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$\utilities" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem grant user execute to the winst directory
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc" -rec cont_obj
+rem therefore remove users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem therefore set new rights
+"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -ace "n:S-1-5-32-545;p:read_ex;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem show the resulting acl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_BaseDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
+"$INST_SetAclDir$\setacl.exe" -on "$INST_WinstDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
+;*************************** end basic sections******************************************
+;***************************vista sections******************************************
+; Registry and UAC
+;http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2526.htm
+;http://www.winfaq.de/faq_html/Content/tip2000/onlinefaq.php?h=tip2217.htm
+;http://msdn.microsoft.com/en-us/library/cc232761%28v=prot.10%29.aspx
+;http://www.rawcomputing.co.uk/vistatips36.html
+;http://www.win-tipps-tweaks.de/cms/vista-tipps/vista-sicherheit/benutzerkontensteuerung-deaktivieren-teil-2.html
+[Registry_UAC_off]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000000
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_UAC_on_special]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000001
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_UAC_on_1]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000002
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000001
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_UAC_on_2]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000001
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000001
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_UAC_on_3]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000005
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000001
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_UAC_on_4]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+Set "ConsentPromptBehaviorAdmin" = REG_DWORD:00000000
+Set "EnableInstallerDetection"   = REG_DWORD:00000001
+Set "EnableLUA"                  = REG_DWORD:00000000
+Set "EnableVirtualization"       = REG_DWORD:00000001
+Set "PromptOnSecureDesktop"      = REG_DWORD:00000000
+Set "FilterAdministratorToken"   = REG_DWORD:00000000
+[Registry_hklm_set_depotshare_trusted]
+openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%depotId%]
+set "file"=reg_dword:0x00000001
+openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
+set "AutoDetect"=reg_dword:0x00000000
+set "IntranetName"=reg_dword:0x00000001
+set "ProxyByPass"=reg_dword:0x00000001
+set "UNCAsIntranet"=reg_dword:0x00000001
+;***************************end vista sections******************************************
+; ******************** login blockers sections*****************************************
+; ******************** credential provider login blockers sections********************
+[Files_copy_vista_loginblocker_32]
+copy -Vc "%SCRIPTPATH%\opsiloginblocker\32bit\*.dll" "%SYSTEM%"
+[Files_copy_vista_loginblocker_64]
+copy -Vc "%SCRIPTPATH%\opsiloginblocker\64bit\*.dll" "%SYSTEM%"
+[Registry_vista_loginblocker]
+;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+;set ""="OpsiLoginBlocker"
+openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+set ""="OpsiLoginBlocker"
+openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32]
+set ""="OpsiLoginBlocker.dll"
+set "ThreadingModel"="Apartment"
+openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+set ""="OpsiLoginBlocker"
+set "LoginBlockerTimeoutConnect"=reg_dword:$OLB_LoginBlockerTimeoutConnect$
+set "StartOpsiCredentialProvider"=reg_dword:0x00000000
+set "LoginBlockerLogLevel"=reg_dword:$OLB_LogLevel$
+[Registry_vista_del_loginblocker]
+deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}]
+; ******************** end credential provider login blockers sections********************
+;************************ opsigina loginblocker sections **********************
+[Files_copy_xp_loginblocker_32]
+copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
+[Files_copy_xp_loginblocker_win2k]
+;copy -Vc "%SCRIPTPATH%\opsigina\win2k\opsigina.dll" "$INST_BaseDir$\opsigina\"
+copy -Vc "%SCRIPTPATH%\opsigina\32bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
+[Files_copy_xp_loginblocker_64]
+copy -Vc "%SCRIPTPATH%\opsigina\64bit\opsigina.dll" "$INST_BaseDir$\opsigina\"
+[Registry_SetRemoveMsginaOnDeinst]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
+Set "RemoveMsginaOnDeinst"=REG_DWORD:1
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
+Set "RemoveMsginaOnDeinst"=REG_DWORD:1
+[Registry_opsigina_opsi_Config]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
+Set "NextGina" = "$INST_gina_to_chain$"
+set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
+Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
+Set "opsiServiceType"            = REG_DWORD:$OLB_opsiServiceType$
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
+Set "NextGina" = "$INST_gina_to_chain$"
+set "LoginBlockerLogLevel" = REG_DWORD:$OLB_LogLevel$
+Set "LoginBlockerTimeoutConnect" = REG_DWORD:$OLB_LoginBlockerTimeoutConnect$
+Set "opsiServiceType"            = REG_DWORD:$OLB_opsiServiceType$
+; *************************************************************************************************
+; *** outsourcing the chapter Registry_opsigina_winlogon_Config to separate file write_gina.ins ***
+; *************************************************************************************************
+[Registry_set_loginblocker_start]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader]
+Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent]
+Set "LoginBlockerStart" = REG_DWORD:$OLB_LoginBlockerStart$
+[winbatch_test_opsigina_64]
+"%SCRIPTPATH%\opsigina\test\64bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
+[winbatch_test_opsigina_32]
+"%SCRIPTPATH%\opsigina\test\32bit\opsiginatest.exe" --testdll="$INST_BaseDir$\opsigina\opsigina.dll"
+; ******************** end opsigina loginblocker sections *****************************************
+; ******************** end loginblockers sections *****************************************
+; ******************** opsiclientd sections *****************************************
+[Patches_opsiclientd_conf_key]
+Set [global] opsi_host_key=$SHI_pckey$
+Set [global] host_id=$INST_ClientId$
+[Patches_opsiclientd_conf_rest]
+Set [config_service] url=$OCD_config_service.url$/rpc
+Set [config_service] connection_timeout=$OCD_config_service.connection_timeout$
+Set [control_server] port=$OCD_control_server.port$
+Set [notification_server] port=$OCD_notification_server.port$
+Set [global] log_level=$OCD_global.log_level$
+[DosInAnIcon_lock_opsiclientd_conf]
+rem this should work not only on german systems
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
+rem "$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
+rem remove users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem remove power users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
+rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem show the resulting acl
+"$INST_SetAclDir$\setacl.exe" -on "$INST_OpsiclientdDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
+[Patches_opsiclientd_cnf]
+Add [req] default_bits = 1024
+Add [req] encrypt_key = yes
+Add [req] distinguished_name = req_dn
+Add [req] x509_extensions = cert_type
+Add [req] prompt = no
+Add [req_dn] C = DE
+Add [req_dn] ST = RP
+Add [req_dn] L = Mainz
+Add [req_dn] O = UIB
+Add [req_dn] OU = -
+Set [req_dn] CN = $INST_ClientId$
+Add [req_dn] emailAddress = info@uib.de
+Add [cert_type] nsCertType = server
+[DosInAnIcon_generate_opsiclientdCertificate]
+"%ProgramFilesDir%\OpenSSL\bin\openssl" req -new -x509 -days 1000 -nodes -config "$INST_opensslConfigFile$" -out "$INST_opsiclientdCertificateFile$" -keyout "$INST_opsiclientdCertificateFile$"
+[DosInAnIcon_Stop_opsiclientd_Service]
+net stop opsiclientd
+[DosInAnIcon_unregister_opsiclientd_service]
+"$INST_OpsiclientdDir$\opsiclientd.py" remove
+"$INST_BaseDir$\opsiclientd.exe" -remove
+[DosInAnIcon_open_firewall_for_control_server]
+netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
+[DosInAnIcon_close_firewall_for_control_server]
+netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
+[DosInAnIcon_open_firewall_for_control_server_nt6]
+rem netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port
+netsh advfirewall firewall add rule name="opsiclientd-control-port" dir=in action=allow protocol=TCP localport=$OCD_control_server.port$
+[DosInAnIcon_close_firewall_for_control_server_nt6]
+rem netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$
+netsh advfirewall firewall delete rule name="opsiclientd-control-port" name protocol=TCP localport=$OCD_control_server.port$
+[Registry_DeleteOpsiclientd]
+DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+[Registry_DeactivateOpsiclientd]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "Start" = REG_DWORD:4
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opsiclientd]
+Set "Start" = REG_DWORD:4
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\opsiclientd]
+Set "Start" = REG_DWORD:4
+[Registry_ActivateOpsiclientd]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "Start" = REG_DWORD:2
+set "ImagePath" = '"$INST_BaseDir$\opsiclientd.exe"'
+[DosInAnIcon_opsiclientd_register_service_exe]
+"$INST_BaseDir$\opsiclientd.exe" -auto -install
+[Registry_opsiclientd_Service_depend_win2k]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt"
+[Registry_opsiclientd_Service_depend_winxp]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|Nla"
+[Registry_opsiclientd_Service_depend_winvista]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "DependOnService" = REG_MULTI_SZ:"Tcpip|LanmanWorkstation|Eventlog|winmgmt|NlaSvc"
+[Registry_opsiclientd_Service_depend_dhcp_dns]
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd]
+Set "DependOnService" = REG_MULTI_SZ:"Dhcp|Dnscache"
+[Registry_opsiclientd_Service_set_timeout]
+; default timeout is 30000 millis increase to 60000 millis
+OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
+Set "ServicesPipeTimeout" = REG_DWORD:60000
+[DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy]
+@echo off
+wmic os get DataExecutionPrevention_SupportPolicy
+[Registry_disable_dep_opsiclientd]
+OpenKey [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
+set "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd.exe" = "DisableNXShowUI"
+; ******************** end opsiclientd sections *****************************************
+; ******************** Install helpers sections *****************************************
+[Files_del_cmd64]
+delete -f "%SYSTEMROOT%\cmd64.exe"
+[Files_save_config_for_debug]
+copy "%ScriptPath%\cfg\*.*"       "c:\tmp\cfg"
+[sub_set_installation_status]
+if $INST_SubModus$ = "BOOTIMAGE"
+	opsiservicecall_setNetbootInstallationStatus /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
+endif
+opsiservicecall_setOpsiclientagentInstallationStatus
+if $INST_preloginvistaInstalled$ = 'true'
+	opsiservicecall_setPreloginvistaInstallationStatus_off
+endif
+if $INST_preloginloaderInstalled$ = 'true'
+	opsiservicecall_setpreloginloaderInstallationStatus_off
+endif
+[sub_sub_read_preloginloader_installation_state]
+if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginloader")
+	set $INST_preloginloaderInstalled$ = 'false'
+else
+	set $INST_preloginloaderInstalled$ = 'true'
+endif
+[sub_sub_read_preloginvista_installation_state]
+if "" = takeFirstStringContaining(getReturnListFromSection('opsiservicecall_getInstalledLocalBootProductIds_list'), "preloginvista")
+	set $INST_preloginvistaInstalled$ = 'false'
+else
+	set $INST_preloginvistaInstalled$ = 'true'
+endif
+[Registry_add_shutdown_key]
+openKey [$INST_WinstRegKey$]
+add "ShutdownRequested" = REG_DWORD:0
+[Files_create_ctmp]
+CheckTargetPath = "c:\tmp"
+[DosInAnIcon_open_ctmp]
+rem C:\utils\xcacls c:\tmp /T /C /G ADMINISTRATOREN:F "ERSTELLER-BESITZER":F JEDER:R HAUPTBENUTZER:F SYSTEM:F /Y
+rem show setacl-version
+rem "$INST_SetAclDir$\setacl.exe" -help
+rem this should work not only on german systems
+rem open c:\tmp for everyone
+"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn setprot -op "dacl:np;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-1-0;s:y" -actn ace -ace "n:S-1-1-0;p:full;s:y"
+rem "$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem show the resulting acl
+"$INST_SetAclDir$\setacl.exe" -on "c:\tmp" -ot file -actn list -lst "s:b"
+[Files_create_c_opsiorg]
+CheckTargetPath = "$OCD_OpsiVarDir$"
+[DosInAnIcon_lock_c_opsiorg]
+rem this should work not only on german systems
+rem make the dacl not inherited
+"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn clear -actn setprot -op "dacl:p_c;sacl:nc"
+rem "$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn setprot -op "dacl:so;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544;s:y" -actn ace -ace "n:S-1-5-32-544;p:full;s:y"
+rem remove users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-545;s1:y;ta:remtrst;w:dacl"
+rem remove power users from dacl
+"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn trustee -trst n1:S-1-5-32-547;s1:y;ta:remtrst;w:dacl"
+rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree.
+"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn ace -ace "n:S-1-5-32-544;p:full;s:y" -actn clear -clr "dacl,sacl" -actn rstchldrn -rst "dacl,sacl"
+rem show the resulting acl
+"$INST_SetAclDir$\setacl.exe" -on "$OCD_OpsiVarDir$" -ot file -actn list -lst "f:own;w:d,s,o,g;i:y;s:b"
+[sub_get_depot_netbiosnames]
+set %depotId%
+set $INST_ResultList2$ = addtolist($INST_ResultList2$, takeString(0,splitString("%depotId%",".")))
+[Sub_check_exitcode]
+comment "Test for installation success via exit code"
+set $INST_ExitCode$ = getLastExitCode
+; informations to exit codes see
+; http://msdn.microsoft.com/en-us/library/aa372835(VS.85).aspx
+; http://msdn.microsoft.com/en-us/library/aa368542.aspx
+if ($INST_ExitCode$ = "0")
+	comment "Looks good: setup program gives exitcode zero"
+else
+	comment "Setup program gives a exitcode unequal zero: " + $INST_ExitCode$
+	if ($INST_ExitCode$ = "1603")
+		comment "File is in use - seems not to be a problem (at vc_redist installation)"
+	else
+		if ($INST_ExitCode$ = "1605")
+			comment "ERROR_UNKNOWN_PRODUCT	1605	This action is only valid for products that are currently installed."
+			comment "Uninstall of a not installed product failed - no problem"
+		else
+			if ($INST_ExitCode$ = "1641")
+				comment "looks good: setup program gives exitcode 1641"
+				comment "ERROR_SUCCESS_REBOOT_INITIATED	1641	The installer has initiated a restart. This message is indicative of a success."
+			else
+				if ($INST_ExitCode$ = "3010")
+					comment "looks good: setup program gives exitcode 3010"
+					comment "ERROR_SUCCESS_REBOOT_REQUIRED	3010	A restart is required to complete the install. This message is indicative of a success."
+				else
+					logError "Fatal: Setup program gives an unknown exitcode unequal zero: " + $INST_ExitCode$
+					;isFatalError
+				endif
+			endif
+		endif
+	endif
+endif
+; ******************** End Install helpers sections *****************************************
+; ******************** create client sections *****************************************
+[sub_sub_try_to_get_my_mac]
+Set $INST_ShortServiceUrl$ = takestring(1, splitString($OCD_config_service.url$,"//"))
+set $INST_ConfigServerIP$ = takestring(0, splitString($INST_ShortServiceUrl$,":"))
+set $INST_ConfigServerPort$ = takestring(1, splitString($INST_ShortServiceUrl$,":"))
+comment "we need a IP-Numer at sub_getServiceConnection for analyzing the netstat output"
+Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIPbyName')
+set $INST_ExitCode$ = getLastExitCode
+if "Error" = takestring(0, splitStringOnWhitespace(takestring(0,$INST_ServiceResult$)))
+	LogWarning "MAC Address could not detected because config server could not resolved"
+else
+	set $INST_ConfigServerIP$ = takestring(0,$INST_ServiceResult$)
+	set $INST_ShortServiceUrl$ = $INST_ConfigServerIP$+":"+$INST_ConfigServerPort$
+	comment "let us try to guess the ip number by getbestinterface windows api ..."
+	Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getIpByTarget')
+	set $INST_IPAddress$ = takestring(0, $INST_ServiceResult$)
+	set $INST_IPAddress$ = takestring(1, splitString($INST_IPAddress$,"found:"))
+	if $INST_IPAddress$ = ""
+		LogWarning "failed to get own IP number - giving up to get mac"
+	else
+		set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_WMI_running')
+		if ("" = takeFirstStringContaining($INST_ServiceResult$,"RUNNING")) and (GetMsVersionInfo >= "5.1")
+			LogWarning "WMI service not running - giving up to get mac"
+		else
+			comment "WMI is running or we are at win2k and we only hope that it is running"
+			Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
+			set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
+			if $INST_MAC$ = ""
+				LogWarning "no MAC found"
+			endif
+		endif
+	endif
+endif
+	;comment "Do we have a connection to the server ?"
+	;markErrorNumber
+	;opsiservicecall_authenticated
+	;if errorsOccuredSinceMark > 0
+	;	comment "No - we have no connection to the server."
+	;	comment "Let us try to connect the server ...."
+	;	SetLogLevel=$INST_PasswdLogLevel$
+	;	markErrorNumber
+	;	opsiservicecall_authenticated /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$
+	;	SetLogLevel=$INST_DefaultLoglevel$
+	;	if errorsOccuredSinceMark > 0
+	;		LogWarning "We have still no connection to the server. This may affect the detection of the MAC."
+	;	endif
+	;else
+	;	comment "Yes - we have a connection to the server."
+	;	opsiservicecall_getNetworkConfig_hash
+	;endif
+	;comment "Now calling netstat ...."
+	;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getServiceConnection')
+	;set $INST_IPAddress$ = takestring(2, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$, $INST_ShortServiceUrl$)))
+	;set $INST_IPAddress$ = takestring(0, splitString($INST_IPAddress$,":"))
+	;if $INST_IPAddress$ = ""
+	;	LogWarning "failed to get own IP number by netstat - using winst information (may be wrong at multiple network interfaces)"
+	;	set $INST_IPAddress$ = "%IPAddress%"
+	;endif
+	;Set $INST_ServiceResult$ = getOutStreamFromSection('DosInAnIcon_getMac_by_exe')
+	;set $INST_MAC$ = lower(takestring(1, splitStringOnWhiteSpace(takeFirstStringContaining($INST_ServiceResult$,$INST_IPAddress$))))
+	;if $INST_MAC$ = ""
+	;	LogWarning "no MAC found"
+	;endif
+;endif
+[DosInAnIcon_getServiceConnection]
+@echo off
+netstat -n
+[DosInAnIcon_getMac_by_exe]
+@echo off
+"%ScriptPath%\ip2mac\ip2mac.exe"
+[DosInAnIcon_getDnsByWmic]
+@echo off
+wmic path win32_NetworkAdapterConfiguration get DnsDomain /value | findstr "=."
+[DosInAnIcon_getIPbyName]
+@echo off
+"%ScriptPath%\gethostbyname\get_host_by_name.exe" $INST_ConfigServerIP$
+[DosInAnIcon_getIpByTarget]
+@echo off
+"%ScriptPath%\getIpByTarget\getipbytarget.exe" --target=$INST_ConfigServerIP$
+[DosInAnIcon_WMI_running]
+@echo off
+sc query Winmgmt
+[sub_sub_get_depot_netbiosname]
+set $INST_Authenticated$ = "false"
+markErrorNumber
+opsiservicecall_authenticated
+if errorsOccuredSinceMark > 0
+	comment "was not authenticated -> retry scripted login by default user/password"
+	markErrorNumber
+	SetLogLevel=$INST_PasswdLogLevel$
+	opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$
+	SetLogLevel=$INST_DefaultLoglevel$
+	if errorsOccuredSinceMark > 0
+		comment "scripted login by default user/password failed -> we don't retry interactive"
+		comment "giving up"
+	else
+			comment "now authenticated "
+			set $INST_Authenticated$ = "true"
+	endif
+else
+	comment "was authenticated "
+	set $INST_Authenticated$ = "true"
+endif
+if $INST_Authenticated$ = "true"
+	Set $INST_ServiceResult$ = getReturnListFromSection('opsiservicecall_getNetworkConfig_hash')
+	set $INST_DepotServer$ = takeString(2,splitString(takeFirstStringContaining($INST_ServiceResult$, "depotUrl="),"/"))
+endif
+; ******************** End create client sections *****************************************
+;***********************py2exe and open ssl sections ************************************************
+[Files_copy_py2exe]
+copy -sVc "%SCRIPTPATH%\dist\*.*" "$INST_BaseDir$\"
+[Winbatch_shining_light_OpenSSL]
+"%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" /SILENT /NOCANCEL /SUPPRESSMSGBOXES /NORESTART /SP- /LOG="c:\tmp\shining_light_OpenSSL.log" /DIR="%ProgramFilesDir%\OpenSSL"
+[Files_copy_shining_light_OpenSSL_exe]
+copy "%ScriptPath%\deps\Win32OpenSSL_Light-1_0_0i.exe" "C:\tmp\ssl_tmp"
+copy "%ScriptPath%\deps\innounp.exe" "C:\tmp\ssl_tmp"
+[DosInAnIcon_shining_light_OpenSSL_unpack]
+rem ;http://innounp.sourceforge.net/
+c:
+cd "C:\tmp\ssl_tmp"
+mkdir tmp
+innounp.exe -x -m -b -dtmp Win32OpenSSL_Light-1_0_0i.exe
+[Files_copy_shining_light_OpenSSL_files]
+copy -sV "C:\tmp\ssl_tmp\tmp\{app}\*.*" "%Programfilesdir%\openssl"
+;copy -V "C:\tmp\ssl_tmp\tmp\{app}\*.dll" "%system%"
+delete -sf "C:\tmp\ssl_tmp\tmp\"
+[Registry_shining_light_OpenSSL]
+openkey [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
+set "OPENSSL_CONF"="%Programfilesdir%\openssl\bin\openssl.cfg"
+[Winbatch_vc_redist_exe]
+;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*v "c:\tmp\vcredist.log" ALLUSERS=2"
+"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qb-! /l*c:\tmp\vcredist_exe.log ALLUSERS=2"
+;"%ScriptPath%\deps\vcredist_x86.exe" /q:a /c:"VCREDI~1.EXE /q:a /c:""msiexec /i vcredist.msi /qb!"" "
+;"%ScriptPath%\deps\vcredist_x86.exe" /Q
+[Winbatch_vc_redist_exe_64]
+"%ScriptPath%\vcredistx64\vcredist_x64.exe" /Q
+[Winbatch_vc_redist_msi_64]
+msiexec /i "%ScriptPath%\vcredistx64\VC_RED.MSI" /qb-! /l*v "c:\tmp\vcredist_x64_msi.log" ALLUSERS=2
+[Winbatch_vc_redist_msi]
+;msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l*vx "c:\tmp\vcredist.log" ALLUSERS=2 DISABLEROLLBACK=1 VSEXTUI=1
+msiexec /i "%ScriptPath%\deps\VC_RED.MSI" /qb-! /l* "c:\tmp\vcredist_msi.log" ALLUSERS=2
+[ExecWith_autoit_vc_redist]
+WinWait("Microsoft Visual C++", "Opsi Dialog")
+Send("{TAB}")
+Send("{TAB}")
+Send("{ENTER}")
+exit
+[LinkFolder_install_softwareOnDemand]
+set_basefolder common_programs
+set_subfolder opsi.org
+set_link
+	name: software on demand
+	target: https://localhost:4441/swondemand
+	parameters:
+	working_dir:
+	icon_file:
+	icon_index:
+end_link
+[LinkFolder_uninstall_softwareOnDemand]
+set_basefolder common_programs
+delete_subfolder opsi.org
+;***************************** end py2exe and open ssl sections ******************************************
+;*************************** prelogin sections ********************************************
+[Registry_DeletePreloginloader]
+DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PreLoginLoader]
+[DosInAnIcon_Stop_Preloginloader_Service]
+net stop preloginloader
+;**************************** end prelogin sections *******************************************
+;******** Service sections **********
+[opsiservicecall_authenticated]
+"method": "authenticated"
+"params": [
+					]
+[opsiservicecall_getDomain]
+"method": "getDomain"
+"params": [
+					]
+[opsiservicecall_getHost_hash]
+"method": "getHost_hash"
+"params": [
+					"$INST_ClientId$"
+					]
+[opsiservicecall_getClientIds_list]
+"method": "getClientIds_list"
+"params": [
+					]
+[opsiservicecall_createClient]
+"method": "createClient"
+"params": [
+					"$INST_pcname$",
+					"$INST_DnsDomainName$",
+					"",
+					"",
+					"$INST_IPAddress$",
+					"$INST_MAC$"
+					]
+[opsiservicecall_getServerId]
+"method": "getServerId"
+"params": [
+					"$INST_ClientId$"
+					]
+[opsiservicecall_getOpsiHostKey]
+"method": "getOpsiHostKey"
+"params": [
+					"$INST_ClientId$"
+					]
+[opsiservicecall_setNetbootInstallationStatus]
+"method": "setProductInstallationStatus"
+"params": [
+					"$INST_NetBootProductname$",
+					"$INST_ClientId$",
+					"installed"
+					]
+[opsiservicecall_setPreloginloaderInstallationStatus_off]
+"method": "setProductInstallationStatus"
+"params": [
+					"preloginloader",
+					"$INST_ClientId$",
+					"not_installed"
+					]
+[opsiservicecall_setPreloginvistaInstallationStatus_off]
+"method": "setProductInstallationStatus"
+"params": [
+					"preloginvista",
+					"$INST_ClientId$",
+					"not_installed"
+					]
+[opsiservicecall_setOpsiclientagentInstallationStatus]
+"method": "setProductInstallationStatus"
+"params": [
+					"opsi-client-agent",
+					"$INST_ClientId$",
+					"installed"
+					]
+[opsiservicecall_getNetworkConfig_hash]
+"method": "getNetworkConfig_hash"
+"params": [
+					"$INST_ClientId$"
+					]
+[opsiservicecall_userIsAdmin]
+"method": "userIsAdmin"
+"params": [
+					]
+[opsiservicecall_setMacAddress]
+"method": "setMacAddress"
+"params": [
+					"$INST_ClientId$",
+					"$INST_MAC$"
+		]
+[opsiservicecall_getInstalledLocalBootProductIds_list]
+"method": "getInstalledLocalBootProductIds_list"
+"params": [
+					"$INST_ClientId$"
+		]
+[opsiservicecall_getDepotshares]
+"method": "host_getIdents"
+"params": [
+					'[]',
+					'{"type":"OpsiDepotserver"}',
+		]
+[opsiservicecall_getDepot_properties]
+"method": "host_getObjects"
+"params": [
+					'[]',
+					'{"type":"OpsiDepotserver"}',
+		]
+[opsiservicecall_setOption_addConfigStateDefaults_true]
+"method": "backend_setOptions"
+"params": [
+	'{"addConfigStateDefaults":true}'
+]
+[opsiservicecall_get_configState_software-on-demand.active]
+"method": "configState_getObjects"
+"params": [
+	'',
+	'{"configId":"software-on-demand.active","objectId":"$INST_ClientId$"}',
+]
+;**************************************************
+;**************************************************
+</code>
+==== read_gina.ins ====
+this file is for implementing a gina chain for sophos and DATEV on XP-Machines (not needed for OS Vista and younger)
+<code winst>
+set $INST_AktGina$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] GinaDLL")
+comment "get nextgina to chain"
+set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
+if $INST_gina_to_chain$ = ""
+	comment "no nextGina entry at opsi-client-agent - let us look at the old preloginloader key"
+	set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] NextGina")
+endif
+if $INST_gina_to_chain$ = ""
+	comment "no new opsigina installed - let us look for opsi pgina installation"
+	set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] pathMSGina")
+endif
+if $INST_gina_to_chain$ = ""
+	comment "no new opsi pgina installed - let us look for legacy opsi installation"
+	set $INST_old_reg_gina_installed$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina\Opsi] Installed")
+	if $INST_old_reg_gina_installed$ = "1"
+		set $INST_gina_to_chain$ = GetRegistryStringValueSysnative("[HKEY_LOCAL_MACHINE\SOFTWARE\pGina] pathMSGina")
+	endif
+endif
+if ($INST_gina_to_chain$ = "") and ("64 Bit System" = GetSystemType)
+	comment "perhaps opsi-client-agent previously installed into wrong registry tree with 32-bit settings"
+	set $INST_gina_to_chain$ = GetRegistryStringValue32("[HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] NextGina")
+endif
+if $INST_NTVersion$ < "6.0"
+	if ($INST_AktGina$ = "")
+		comment "opsigina seems not be installed and we are on a fresh XP"
+		set $INST_gina_to_chain$ = "msgina.dll"
+	else
+		if ($INST_gina_to_chain$ = "")
+; *************************** Implementing the SOPHOS Safe GUARD Easy Engine *********************************************
+			if ($INST_AktGina$ = "sggina.dll")
+				set $INST_sophos$ = "1"
+				set $INST_gina_to_chain$ = "msgina.dll"
+			else
+				; ****************************************************************************************
+				; *** implementation fpr DATEV client ( for ITL) *****************************************
+				if ($INST_AktGina$ = "C:\WINDOWS\system32\dvinesasdgina.dll")
+					set $INST_DATEV$ = "1"
+					set $INST_gina_to_chain$ = "msgina.dll"
+				else
+					; ****************************************************************************************
+					; *** the original block
+					; ****************************************************************************************
+					comment "opsigina seems not be installed and there is active gina"
+					set $INST_gina_to_chain$ = $INST_AktGina$
+					; ****************************************************************************************
+				endif
+			endif
+; ************************************************************************************************************************
+		else
+			comment "opsigina seems be installed and so don't change the gina to chain"
+		endif
+	endif
+endif ; winxp / win2k
+</code>
+==== write_gina.ins ====
+<code winst>
+if ($INST_sophos$ = "1")
+	Registry_opsigina_winlogon_SOPHOS /Sysnative
+else
+	if ($INST_DATEV = "1")
+		Registry_opsigina_winlogon_DATEV /Sysnative
+	else
+		Registry_opsigina_winlogon_Config /Sysnative
+		; *********************************************************************************
+		; *** the original block **********************************************************
+		; *********************************************************************************
+	endif
+endif
+[Registry_opsigina_winlogon_Config]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
+Set "GinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
+set "DisableCAD" = REG_DWORD:0
+[Registry_opsigina_winlogon_DATEV]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
+set "ASDOrgGinaDLL" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
+[Registry_opsigina_winlogon_SOPHOS]
+OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication]
+set "GinaDLLRepair" = REG_DWORD:0
+set "KnownGina" = REG_DWORD:1
+set "OriginalGina" = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsigina\opsigina.dll"
+</code>
+==== update_sub.ins ====
+this file is for customizing the UI from opsi-client-agent.
+<code winst>
+DefVar	$SrcPath$
+DefVar  $block_login$
+DefVar  $winst_skin_color$
+DefVar  $action_color$
+DefVar  $NotifierUpdatePath$
+DefVar  $WinstSkinUpdatePath$
+DefVar  $informList$
+; ----------------------------------------------------------------
+; - Please edit the following values                             -
+; ----------------------------------------------------------------
+;$ProductId$ should be the name of the product in opsi
+; therefore please: only lower letters, no umlauts,
+; no white space use '-' as a seperator
+Set  $INST_BaseDir$     	=  "%ProgramFilesDir%\opsi.org\opsi-client-agent"
+Set  $INST_OpsiclientdDir$	=  $INST_BaseDir$+"\opsiclientd"
+Set  $INST_OpsiclientdConf$	=  $INST_OpsiclientdDir$+"\opsiclientd.conf"
+Set  $INST_WinstDir$		=  $INST_BaseDir$+"\opsi-winst"
+Set  $INST_NotifierDir$		=  $INST_BaseDir$+"\notifier"
+Set  $NotifierUpdatePath$	=  "\dist\notifier_update"
+Set  $WinstSkinUpdatePath$	=  "\opsi-winst\winstskin_update"
+;------------------------------------------------------------------
+set  $winst_skin_color$	=  "$0000cdbd"
+set  $action_color$  	=  "189,205,000"
+set  $informList$	= "345"
+Files_copy_images
+Patches_action_ini  $INST_NotifierDir$+"\action.ini"
+Patches_event_ini  $INST_NotifierDir$+"\event.ini"
+Patches_popup_ini  $INST_NotifierDir$+"\popup.ini"
+Patches_shutdown_ini  $INST_NotifierDir$+"\shutdown.ini"
+Patches_userlogin_ini  $INST_NotifierDir$+"\userlogin.ini"
+Patches_winst_skin  $INST_WinstDir$+"\winstskin\skin.ini"
+ExitWindows /reboot
+[Files_copy_images]
+copy  "%SCRIPTPATH%$NotifierUpdatePath$\*.*"  "$INST_NotifierDir$"
+copy  "%SCRIPTPATH%$WinstSkinUpdatePath$\*.*"  "$INST_WinstDir$\winstskin"
+[Patches_action_ini]
+Set  [LabelStatus]  FontColor =  $action_color$
+set  [LabelMessage]  FontColor  =  $action_color$
+set  [ButtonStop]  Top  =  150
+set  [ButtonStart]  Top  =  150
+[Patches_event_ini]
+set  [LabelTitle]  FontColor  =  $action_color$
+set  [LabelTitle]  Text  =  "********* IT Deployment"
+set  [LabelOpsiclientdInfo]  FontColor  =  $action_color$
+set  [LabelActionProcessorInfo]  FontColor  =  $action_color$
+set  [LabelStatus]  FontColor  =  $action_color$
+set  [LabelDetail]  FontColor  =  $action_color$
+set  [LabelConfigServiceUrl]  FontColor  =  $action_color$
+set  [LabelClientId]  FontColor  =  $action_color$
+set  [LabelConfigServiceUrl]  Top  =  $informList$
+set  [LabelClientId]  Top  =  $informList$
+set  [ButtonStop]  Color  =  $action_color$
+[Patches_popup_ini]
+Set  [LabelTitle]  FontColor =  $action_color$
+set  [LabelMessage]  FontColor  =  $action_color$
+set  [ButtonExit]  Color  =  $action_color$
+[Patches_shutdown_ini]
+Set  [LabelStatus]  FontColor =  $action_color$
+set  [LabelMessage]  FontColor  =  $action_color$
+set  [ButtonStop]  Top  =  150
+set  [ButtonStart]  Top  =  150
+[Patches_userlogin_ini]
+Set  [LabelStatus]  FontColor =  $action_color$
+set  [LabelMessage]  FontColor  =  $action_color$
+[Patches_winst_skin]
+set  [Form]  Color = "$00FFFFFF"
+set  [LabelVersion]  FontColor  =  $winst_skin_color$
+set  [LabelProduct]  FontColor  =  $winst_skin_color$
+set  [LabelInfo]  FontColor  =  $winst_skin_color$
+set  [LabelDetail]  FontColor  =  $winst_skin_color$
+set  [LabelCommand]  FontColor  =  $winst_skin_color$
+set  [LabelProgress]  FontColor  =  $winst_skin_color$
+set  [ProgressBar]  BarColor  =  $winst_skin_color$
+set  [ProgressBar]  StartColor  =  $winst_skin_color$
+set  [ProgressBar]  FinalColor  =  $winst_skin_color$
+set  [ProgressBar]  ShapeColor  =  $winst_skin_color$
+</code>
+==== OPSI-CLIENT-ITL.mm ====
+the central control file for MakeMSI
+<code>
+;----------------------------------------------------------------------------
+;--- Global Definitions						        -----
+;----------------------------------------------------------------------------
+#define VALID_MSIVAL2_DIR C:\Programme\MsiVal2  ;;Used before loading MSI header
+;--- Include MAKEMSI support (with my customisations and MSI branding) ------
+#define VER_FILENAME.VER  version-opsi_prod-ITL.Ver      ;;I only want one VER file for all samples! (this line not actually required in "tryme.mm")
+#include "D:\extract\opsi-client\ME.MMH"
+;;;; Disabling Dialog??
+;--- Prevent "UISAMPLE" trying to manipulate the dialog deleted below -------
+#define UISAMPLE_DISABLE_TYPICAL_SETUP N
+#define REMOVED_LicenseAgreementDlg N
+#define "ME.MMH"
+;--- Remove the dialog ------------------------------------------------------
+<$DialogRemove "SetupTypeDlg"> ;; do not ask for Typical Custom complete
+<$DialogRemove "LicenseAgreementDlg"> ;;ignore lizenz.rtf File
+;----------------------------------------------------------------------------
+;--- Want to debug (not common) ---------------------------------------------
+;#debug on
+;#Option DebugLevel=^NONE, +OpSys^
+;--- Define default location where file should install and add files --------
+;Installdir:
+<$DirectoryTree Key="tmpdir" Dir="c:\tmp" MAKE="Y" >
+<$Property "SERVICEURL" Value="https://<opsi-Server-url:4447" >
+<$Property "DOMAIN" Value="<your dns domain>" >
+;----------------------------------------------------------------------------
+;--- what should the installation do?					-----
+;----------------------------------------------------------------------------
+;Example for Filecopy:
+<$Files "files\*.*" SubDir="TREE" DestDir="[tmpdir]" >
+;----------------------------------------------------------------------------
+;--- Add a registry entry (let it create a component - GUID not fixed!) -----
+;----------------------------------------------------------------------------
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='ConsentPromptBehaviorAdmin' Value="00000000" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableInstallerDetection' Value="00000001" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableLUA' Value="00000000" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableSecureUIAPaths' Value="00000000" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='EnableVirtualization' Value="00000001" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='PromptOnSecureDesktop' Value="00000000" Type='DWORD'>
+<$Registry HKEY="LOCAL_MACHINE" Key="Software\Microsoft\Windows\CurrentVersion\Policies\System" Name='FilterAdministratorToken' Value="00000000" Type='DWORD'>
+;----------------------------------------------------------------------------
+;--- start a batch script				                -----
+;----------------------------------------------------------------------------
+#(
+    ;--- Run after install, ignore return code and don't wait for completion ---
+   <$ExeCa
+         EXE='[SystemFolder]copy.exe' Args=^"%comspec%" "%systemroot%\cmd64.exe"^
+         WorkDir="[tmpdir]"
+         SEQ="InstallFinalize-"   Type="immediate ASync AnyRc"
+     Condition="<$CONDITION_INSTALL_ONLY>"
+  >
+ #)
+;#(
+;    ;--- Run after install, ignore return code and wait for completion ---
+;   <$ExeCa
+;             EXE=^[tmpdir]\opsi\Write_par.cmd^ Args=^[SERVICEURL] [DOMAIN] Test^
+;         WorkDir="[tmpdir]"
+;             SEQ="InstallFinalize-"   Type="immediate ASync AnyRc"
+;      Condition="<$CONDITION_INSTALL_ONLY>"
+;   >
+; #)
+#(
+    ;--- Run after install, ignore return code and wait for completion ---
+    ;--- for unversal msi package you must use the follow PARAMETER string INSTALL:CREATE_CLIENT:REBOOT:SERVICEURL:DOMAIN
+   <$ExeCa
+             EXE=^[tmpdir]\opsi\opsi-winst\winst32.exe^ Args=^/batch [tmpdir]\opsi\setup.ins [tmpdir]\opsi-client-agent.log /PARAMETER INSTALL:CREATE_CLIENT:REBOOT^
+         WorkDir="[tmpdir]"
+             SEQ="InstallFinalize-"   Type="immediate Sync AnyRc"
+      Condition="<$CONDITION_INSTALL_ONLY>"
+   >
+ #)
+</code>
+==== version-opsi_prod-ITL.ver ====
+before you use this file, you must change Guid.UpgradeCode and MsiName
+<code>
+;----------------------------------------------------------------------------
+;
+;    MODULE NAME:   unattendend Installation opsi-client proorg.local
+;
+;        $Author:   USER "Thomas"  $
+;      $Revision:   2.0  $
+;          $Date:   05 DEC 2012 11:35:32  $
+;
+;    DESCRIPTION:   deploy the opsi-client-agent ITL via msi-package.
+;
+;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+; ProductName = Installation opsi-Client ITL domain productive
+; DESCRIPTION =  opsi Installation ITL
+; Licence     = lizenz.rtf
+; Installed   = WINDOWS_ALL
+; Guid.UpgradeCode = {EXXXXXXX-FXXC-XXXD-XXBC-XXXAXFXBXECE}
+; MsiName     = <my package name>
+;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+;############################################################################
+VERSION : 2.0.0
+DATE    : 05 Dec 2012
+CHANGES : First production release ITL
+</code>