This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
userspace:msi-package_opsi-client-agent [2012/12/21 14:05] frisoft_DD created |
userspace:msi-package_opsi-client-agent [2022/12/19 13:51] (current) wolfbardo |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | here in the future | + | ====== official msi-Package opsi-client-agent can be found at ====== |
+ | |||
+ | https:// | ||
+ | |||
+ | ====== msi-Package opsi-client-agent 4.0.2.1 ====== | ||
+ | |||
+ | this is my cusomized setup for opsi-client-agent to deploy himself via GPO over AD. Comments are welcome | ||
+ | |||
+ | TODO: | ||
+ | - complete | ||
+ | - added a more detailed description ( at the moment, i have a small docu in source-code | ||
+ | |||
+ | |||
+ | this program used MakeMSI(Dennis Bareis) to generate the msi-package | ||
+ | Tested with opsi 4.0.2\\ | ||
+ | requiredWinstVersion >= 4.10.8.12\\ | ||
+ | Files can be downloaded at http:// | ||
+ | |||
+ | By --- // | ||
+ | |||
+ | Tree:\\ | ||
+ | < | ||
+ | D:. | ||
+ | ├───extended-scripts | ||
+ | ├───files | ||
+ | │ | ||
+ | ├───out | ||
+ | │ | ||
+ | │ │ | ||
+ | │ | ||
+ | └───utils | ||
+ | </ | ||
+ | for developing you copy all files form opsi-server/ | ||
+ | |||
+ | ==== Steps ==== | ||
+ | - download | ||
+ | - copy all the content fron directory opsi-client-agent to your develop directory | ||
+ | - copy from the makeMSI - sample directory the files with extention mm and ver | ||
+ | - edit the file with extention ver (you must change the guid) for this doing, in the MakeMSI package are an GUID-Generator | ||
+ | - edit the file mm with your favorite text - editor | ||
+ | - after finish changing all the files click with the right mouse-button on the file mm and select build msi(production) | ||
+ | - check on a other machine | ||
+ | |||
+ | [[nix|Change the following headlines to the names of your scripts]] | ||
+ | |||
+ | ==== setup.ins ==== | ||
+ | <code winst> | ||
+ | [Actions] | ||
+ | requiredWinstVersion >= " | ||
+ | Message=opsi-client-agent installation | ||
+ | ShowBitmap " | ||
+ | |||
+ | ; Variables: | ||
+ | ; Config Variables with prefixes | ||
+ | ; GEN = general | ||
+ | ; SHI = share information | ||
+ | ; OCD = opsiclientd | ||
+ | ; OLB = opsiLoginBlocker | ||
+ | ; INST = used while installation | ||
+ | ; Script variables with prefix INST | ||
+ | |||
+ | ;******** installation vars ********** | ||
+ | DefVar $INST_AktGina$ | ||
+ | DefVar $INST_AllowReboot$ | ||
+ | DefVar $INST_Authenticated$ | ||
+ | DefVar $INST_BaseDir$ | ||
+ | DefVar $INST_Cfgini$ | ||
+ | DefVar $INST_ClientExists$ | ||
+ | DefVar $INST_ClientId$ | ||
+ | DefVar $INST_ComputerName$ | ||
+ | DefVar $INST_Debug$ | ||
+ | DefVar $INST_DepotServer$ | ||
+ | DefVar $INST_DnsDomainName$ | ||
+ | DefVar $INST_Error$ | ||
+ | DefVar $INST_ExitCode$ | ||
+ | DefVar $INST_IPAddress$ | ||
+ | DefVar $INST_ImmediateRebootFlag$ | ||
+ | DefVar $INST_MAC$ | ||
+ | DefVar $INST_MinorOS$ | ||
+ | DefVar $INST_NTVersion$ | ||
+ | DefVar $INST_Modus$ | ||
+ | DefVar $INST_NetBootProductname$ | ||
+ | DefVar $INST_NicIndex$ | ||
+ | DefVar $INST_NotifierDir$ | ||
+ | DefVar $INST_OS$ | ||
+ | DefVar $INST_OpensslConfigFile$ | ||
+ | DefVar $INST_OpsiClientdCertificateFile$ | ||
+ | DefVar $INST_OpsiclientdDir$ | ||
+ | DefVar $INST_OpsiclientdConf$ | ||
+ | DefVar $INST_OpsiclientdRPCDir$ | ||
+ | DefVar $INST_OpsiUtilitiesdDir$ | ||
+ | DefVar $INST_ActionProcessorStarterDir$ | ||
+ | DefVar $INST_Paramstr$ | ||
+ | DefVar $INST_Pcname$ | ||
+ | DefVar $INST_RebootFlag$ | ||
+ | DefVar $INST_Result$ | ||
+ | DefVar $INST_SetAclDir$ | ||
+ | DefVar $INST_ServiceName$ | ||
+ | DefVar $INST_Service_Password$ | ||
+ | DefVar $INST_Service_User$ | ||
+ | DefVar $INST_ShortServiceUrl$ | ||
+ | DefVar $INST_SubModus$ | ||
+ | DefVar $INST_Sysconfini$ | ||
+ | DefVar $INST_SystemType$ | ||
+ | DefVar $INST_WinstDir$ | ||
+ | DefVar $INST_WinstRegKey$ | ||
+ | DefVar $INST_gina_to_chain$ | ||
+ | ; ****************************************************************************** | ||
+ | ; *** changed ****** for implementing SOPHOS Safe Guard Easy ***************** | ||
+ | ; *** the changing only needed for OS before Windows Vista ********************* | ||
+ | DefVar $INST_sophos$ | ||
+ | ; *** changed for ITL to implement the DATEV - Login Blocker ******************* | ||
+ | DefVar $INST_DATEV$ | ||
+ | ; ****************************************************************************** | ||
+ | DefVar $INST_old_reg_gina_installed$ | ||
+ | DefVar $INST_preloginvistaInstalled$ | ||
+ | DefVar $INST_preloginloaderInstalled$ | ||
+ | DefVar $INST_GinaDll$ | ||
+ | DefVar $INST_service_hidden_password$ | ||
+ | DefVar $INST_DefaultLoglevel$ | ||
+ | DefVar $INST_PasswdLogLevel$ | ||
+ | DefVar $INST_ConfigServerIP$ | ||
+ | DefVar $INST_ConfigServerPort$ | ||
+ | DefVar $INST_ProductType$ | ||
+ | DefVar $INST_vcredistx86_installed$ | ||
+ | DefVar $INST_uac_level$ | ||
+ | DefVar $ProductVersion$ | ||
+ | DefVar $INST_tmpstr$ | ||
+ | DefVar $INST_create_software_on_demand_menue_entry$ | ||
+ | |||
+ | |||
+ | |||
+ | DefVar $INST_SearchKey$ | ||
+ | DefVar $INST_SearchValue$ | ||
+ | DefVar $INST_SearchResult$ | ||
+ | |||
+ | DefStringlist $INST_Adapterlist$ | ||
+ | DefStringList $INST_ServiceResult$ | ||
+ | DefStringList $INST_ResultList$ | ||
+ | DefStringList $INST_ResultList2$ | ||
+ | DefStringList $INST_ResultList3$ | ||
+ | DefStringList $INST_ParamstrList$ | ||
+ | |||
+ | |||
+ | |||
+ | ;******** Sektion general ********** | ||
+ | |||
+ | DefVar $GEN_bootmode$ | ||
+ | |||
+ | |||
+ | ;******** Sektion shareinfo ********** | ||
+ | |||
+ | DefVar $SHI_pckey$ | ||
+ | |||
+ | ;******** Sektion opsiclientd ********** | ||
+ | |||
+ | DefVar $OCD_global.log_level$ | ||
+ | DefVar $OCD_config_service.url$ | ||
+ | DefVar $OCD_config_service.connection_timeout$ | ||
+ | DefVar $OCD_control_server.port$ | ||
+ | DefVar $OCD_notification_server.port$ | ||
+ | DefVar $OCD_open_firewall_for_control_server$ | ||
+ | DefVar $OCD_OpsiVarDir$ | ||
+ | ; ************************************************************************************************* | ||
+ | ; added to customizing the installation via msi-parameters | ||
+ | ; ************************************************************************************************* | ||
+ | DefVar $OCD_Domain$ | ||
+ | ; ************************************************************************************************* | ||
+ | |||
+ | ;******** Sektion opsiLoginBlocker ********** | ||
+ | ;DefVar $OLB_ServiceConnectionTimeout$ | ||
+ | DefVar $OLB_LogLevel$ | ||
+ | DefVar $OLB_LoginBlockerStart$ | ||
+ | DefVar $OLB_LoginBlockerTimeoutConnect$ | ||
+ | ;DefVar $OLB_LoginBlockerTimeoutInstall$ | ||
+ | ; | ||
+ | DefVar $OLB_opsiServiceType$ | ||
+ | |||
+ | |||
+ | ;******** Sektion preloginloader ********** | ||
+ | |||
+ | DefVar $PLG_BaseDir$ | ||
+ | DefVar $PLG_CfgDir$ | ||
+ | DefVar $PLG_DebugOutput$ | ||
+ | DefVar $PLG_PcptchExe$ | ||
+ | DefVar $PLG_RebootOnBootmodeReins$ | ||
+ | DefVar $PLG_RebootOnServicePackChange$ | ||
+ | DefVar $PLG_RunWithUser$ | ||
+ | DefVar $PLG_RunWithUserDelay$ | ||
+ | DefVar $PLG_RunWithUserPassword$ | ||
+ | DefVar $PLG_RunWithUserReboot$ | ||
+ | DefVar $PLG_RunWithUserTask$ | ||
+ | DefVar $PLG_RunWithUserTaskParms$ | ||
+ | DefVar $PLG_RunWithUserUsername$ | ||
+ | DefVar $PLG_UtilsDir$ | ||
+ | DefVar $PLG_WinstRegKey$ | ||
+ | DefVar $PLG_RunServiceAs$ | ||
+ | DefVar $PLG_RunServiceAsDom$ | ||
+ | DefVar $PLG_RunServiceAsUsr$ | ||
+ | DefVar $PLG_RunServiceAsPas$ | ||
+ | |||
+ | ;******** Sektion shareinfo ********** | ||
+ | |||
+ | DefVar $SHI_pckey_file$ | ||
+ | DefVar $SHI_user$ | ||
+ | DefVar $SHI_smbusername1$ | ||
+ | DefVar $SHI_try_secondary_user$ | ||
+ | |||
+ | ;******** Sektion pcptch ********** | ||
+ | |||
+ | DefVar $PCP_Bitmap1$ | ||
+ | DefVar $PCP_Bitmap2$ | ||
+ | DefVar $PCP_button_stopnetworking$ | ||
+ | DefVar $PCP_copyDefaultUser$ | ||
+ | DefVar $PCP_label1$ | ||
+ | DefVar $PCP_label2$ | ||
+ | DefVar $PCP_loadBitmap$ | ||
+ | DefVar $PCP_makeLocalCopyOfIniFile$ | ||
+ | DefVar $PCP_makeLocalWinst$ | ||
+ | DefVar $PCP_mountdrive$ | ||
+ | DefVar $PCP_opsiServiceURL$ | ||
+ | DefVar $PCP_patchleveltyp$ | ||
+ | DefVar $PCP_pcprotoname$ | ||
+ | DefVar $PCP_opsiServerType$ | ||
+ | DefVar $PCP_winstLocalDirectory$ | ||
+ | DefVar $PCP_SecsUntilConnectionTimeOut$ | ||
+ | DefVar $PCP_pingcheck$ | ||
+ | |||
+ | |||
+ | |||
+ | ;******** Sektionen Ende ********** | ||
+ | |||
+ | ; | ||
+ | ; static initial values for variables | ||
+ | ; | ||
+ | |||
+ | Set $INST_Debug$ = " | ||
+ | |||
+ | Set $INST_AktGina$ = "" | ||
+ | set $INST_service_hidden_password$ ="" | ||
+ | Set $INST_AllowReboot$ = " | ||
+ | Set $INST_BaseDir$ | ||
+ | Set $INST_OpsiclientdDir$ | ||
+ | Set $INST_OpsiUtilitiesdDir$ | ||
+ | Set $INST_Cfgini$ = " | ||
+ | Set $INST_DepotServer$ = "" | ||
+ | Set $INST_IPAddress$ = "" | ||
+ | Set $INST_ImmediateRebootFlag$ = "" | ||
+ | Set $INST_MAC$ = "" | ||
+ | Set $INST_NetBootProductname$ = "" | ||
+ | Set $INST_NicIndex$ = "" | ||
+ | Set $INST_NotifierDir$ = $INST_BaseDir$+" | ||
+ | Set $INST_OpensslConfigFile$ = " | ||
+ | Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+" | ||
+ | Set $INST_OpsiclientdConf$ = $INST_OpsiclientdDir$+" | ||
+ | Set $INST_OpsiclientdRPCDir$ = $INST_BaseDir$+" | ||
+ | Set $INST_ActionProcessorStarterDir$ = $INST_BaseDir$+" | ||
+ | Set $INST_Pcname$ = EnvVar (" | ||
+ | Set $INST_RebootFlag$ = "" | ||
+ | Set $INST_Service_Password$ = " | ||
+ | Set $INST_Service_User$ = " | ||
+ | ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + " | ||
+ | ; The setacl.exe 2.3.0 hangs some times | ||
+ | Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ | ||
+ | ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + " | ||
+ | Set $INST_Sysconfini$ = " | ||
+ | Set $INST_SystemType$ = GetSystemType | ||
+ | Set $INST_WinstDir$ | ||
+ | Set $INST_WinstRegKey$ = " | ||
+ | set $INST_gina_to_chain$ = " | ||
+ | Set $INST_preloginvistaInstalled$ = ' | ||
+ | set $INST_preloginloaderInstalled$ = ' | ||
+ | if $INST_debug$ = " | ||
+ | set $INST_DefaultLoglevel$ = " | ||
+ | Set $INST_PasswdLogLevel$=" | ||
+ | else | ||
+ | set $INST_DefaultLoglevel$ = " | ||
+ | comment " set $INST_PasswdLogLevel$ to 2 for production" | ||
+ | Set $INST_PasswdLogLevel$=" | ||
+ | endif | ||
+ | set $ProductVersion$ = " | ||
+ | set $OCD_OpsiVarDir$ = " | ||
+ | set $INST_uac_level$ = " | ||
+ | set $INST_create_software_on_demand_menue_entry$ = " | ||
+ | |||
+ | set $INST_sophos$ = " | ||
+ | set $INST_DATEV$ = " | ||
+ | |||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ;******** Sektion general ********** | ||
+ | |||
+ | Set $GEN_bootmode$ | ||
+ | |||
+ | |||
+ | ;******** Sektion opsiclientd ********** | ||
+ | |||
+ | Set $OCD_config_service.url$ | ||
+ | set $OCD_config_service.connection_timeout$ = " | ||
+ | |||
+ | Set $OLB_LoginBlockerStart$ | ||
+ | Set $OLB_LoginBlockerTimeoutConnect$ = " | ||
+ | ;Set $OLB_LoginBlockerTimeoutInstall$ = " | ||
+ | Set $OLB_opsiServiceType$ | ||
+ | |||
+ | ;******** Sektion prelogin ********** | ||
+ | Set $PLG_UtilsDir$ = $INST_BaseDir$+" | ||
+ | |||
+ | ;******** Sektion preloginloader ********** | ||
+ | |||
+ | Set $PLG_BaseDir$ | ||
+ | Set $PLG_UtilsDir$ | ||
+ | Set $PLG_CfgDir$ | ||
+ | Set $PLG_DebugOutput$ | ||
+ | Set $PLG_PcptchExe$ | ||
+ | Set $PLG_RebootOnBootmodeReins$ | ||
+ | Set $PLG_RebootOnServicePackChange$ | ||
+ | Set $PLG_RunWithUser$ | ||
+ | Set $PLG_RunWithUserDelay$ | ||
+ | Set $PLG_RunWithUserPassword$ | ||
+ | Set $PLG_RunWithUserReboot$ | ||
+ | Set $PLG_RunWithUserTask$ | ||
+ | Set $PLG_RunWithUserTaskParms$ | ||
+ | Set $PLG_RunWithUserUsername$ | ||
+ | Set $PLG_WinstRegKey$ | ||
+ | Set $PLG_RunServiceAs$ | ||
+ | Set $PLG_RunServiceAsDom$ | ||
+ | Set $PLG_RunServiceAsUsr$ | ||
+ | Set $PLG_RunServiceAsPas$ | ||
+ | |||
+ | |||
+ | ;******** Sektion shareinfo ********** | ||
+ | |||
+ | Set $SHI_pckey$ | ||
+ | Set $SHI_pckey_file$ | ||
+ | Set $SHI_user$ | ||
+ | Set $SHI_smbusername1$= "" | ||
+ | Set $SHI_try_secondary_user$=" | ||
+ | |||
+ | |||
+ | ;******** Sektion pcptch ********** | ||
+ | |||
+ | Set $PCP_Bitmap1$ | ||
+ | Set $PCP_Bitmap2$ | ||
+ | Set $PCP_button_stopnetworking$ | ||
+ | Set $PCP_copyDefaultUser$ | ||
+ | Set $PCP_label1$ | ||
+ | Set $PCP_label2$ | ||
+ | Set $PCP_loadBitmap$ | ||
+ | Set $PCP_makeLocalCopyOfIniFile$ = "" | ||
+ | Set $PCP_makeLocalWinst$ | ||
+ | Set $PCP_mountdrive$ | ||
+ | Set $PCP_opsiServiceURL$ = "" | ||
+ | Set $PCP_patchleveltyp$ | ||
+ | Set $PCP_pcprotoname$ | ||
+ | Set $PCP_opsiServerType$ = " | ||
+ | Set $PCP_winstLocalDirectory$ | ||
+ | Set $PCP_SecsUntilConnectionTimeOut$ = " | ||
+ | Set $PCP_pingcheck$ = "" | ||
+ | |||
+ | |||
+ | ;******** Sektionen Ende ********** | ||
+ | |||
+ | ; | ||
+ | ; Let's work | ||
+ | ; | ||
+ | |||
+ | set $INST_OS$ = GetOS | ||
+ | set $INST_MinorOS$ = GetNTVersion | ||
+ | set $INST_NTVersion$ = GetMsVersionInfo | ||
+ | set $INST_Resultlist$ = getMSVersionMap | ||
+ | set $INST_ProductType$ = getValue(" | ||
+ | set $INST_vcredistx86_installed$ = " | ||
+ | if GetRegistryStringValue(" | ||
+ | comment " | ||
+ | set $INST_vcredistx86_installed$ = " | ||
+ | endif | ||
+ | if GetRegistryStringValue(" | ||
+ | comment " | ||
+ | set $INST_vcredistx86_installed$ = " | ||
+ | endif | ||
+ | |||
+ | if $INST_NTVersion$ <= " | ||
+ | logError " | ||
+ | isFatalError | ||
+ | endif | ||
+ | |||
+ | if not (HasMinimumSpace (" | ||
+ | logError "Not enough space on drive %systemdrive% (we need 10 MB): Aborting" | ||
+ | isFatalError | ||
+ | endif | ||
+ | |||
+ | ;if ($INST_NTVersion$ = " | ||
+ | ; LogError "we are on 2008r2 and vcredist is not installed - please | ||
+ | ; | ||
+ | ; | ||
+ | ;endif | ||
+ | |||
+ | if $INST_vcredistx86_installed$ = " | ||
+ | comment " | ||
+ | comment " | ||
+ | ExecWith_autoit_vc_redist " | ||
+ | Winbatch_vc_redist_msi | ||
+ | Sub_check_exitcode | ||
+ | killtask " | ||
+ | endif | ||
+ | |||
+ | ; | ||
+ | comment "set mode" | ||
+ | ; | ||
+ | |||
+ | Set $INST_Paramstr$=PARAMSTR | ||
+ | set $INST_ParamstrList$ = splitstring($INST_Paramstr$, | ||
+ | |||
+ | comment "Modus normally set by commandline argument" | ||
+ | Set $INST_MODUS$=takestring(0, | ||
+ | Set $INST_SubModus$=takestring(1, | ||
+ | Set $INST_tmpstr$ = takestring(2, | ||
+ | if lower(trim($INST_tmpstr$)) = " | ||
+ | Set $INST_AllowReboot$ = " | ||
+ | else | ||
+ | if lower(trim($INST_tmpstr$)) = " | ||
+ | Set $INST_AllowReboot$ = " | ||
+ | endif | ||
+ | endif | ||
+ | ; | ||
+ | ; at this point, we can add the additional parameters for customizing the installation | ||
+ | ; here we patch the domain and the opsi-server-url | ||
+ | ; so , in this case we can installed any client in a multi-domain and multi-server-environment | ||
+ | ; | ||
+ | Set $OCD_config_service.url$ = takestring(3, | ||
+ | Set $OCD_Domain$ = takestring(4, | ||
+ | ; ************************************************************************************************* | ||
+ | |||
+ | comment "old Modes are remaped for backward compatibility" | ||
+ | if $INST_MODUS$ = " | ||
+ | Set $INST_MODUS$=" | ||
+ | endif | ||
+ | if $INST_MODUS$ = " | ||
+ | Set $INST_MODUS$=" | ||
+ | endif | ||
+ | if $INST_MODUS$ = " | ||
+ | Set $INST_MODUS$=" | ||
+ | Set $INST_SubModus$=" | ||
+ | endif | ||
+ | if $INST_MODUS$ = " | ||
+ | Set $INST_MODUS$=" | ||
+ | Set $INST_SubModus$=" | ||
+ | endif | ||
+ | |||
+ | comment " | ||
+ | if $INST_MODUS$ = " | ||
+ | if $INST_SubModus$ = "" | ||
+ | Set $INST_SubModus$=" | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | comment "map Mode REMOTEDEPLOY" | ||
+ | if $INST_MODUS$ = " | ||
+ | Set $INST_MODUS$=" | ||
+ | Set $INST_SubModus$=" | ||
+ | Set $INST_AllowReboot$ = " | ||
+ | endif | ||
+ | |||
+ | comment "if no commandline argument we default to update" | ||
+ | if $INST_MODUS$ = "" | ||
+ | Set $INST_MODUS$=" | ||
+ | endif | ||
+ | |||
+ | ;if ($INST_MODUS$ = " | ||
+ | ; if GetProductProperty(" | ||
+ | ; Set $INST_MODUS$=" | ||
+ | ; endif | ||
+ | ;endif | ||
+ | |||
+ | if $INST_SubModus$ = " | ||
+ | comment "do not reboot in BOOTIMAGE mode because:" | ||
+ | comment " | ||
+ | comment " | ||
+ | Set $INST_AllowReboot$ = " | ||
+ | else | ||
+ | Set $INST_AllowReboot$ = GetProductProperty(" | ||
+ | endif | ||
+ | |||
+ | sub_read_configuration | ||
+ | sub_copy_files | ||
+ | sub_write_configuration | ||
+ | sub_set_installation_status | ||
+ | |||
+ | comment " | ||
+ | ; change ******** to customize the loginblocker - UI | ||
+ | ; ********************************************************************************** | ||
+ | sub " | ||
+ | ; ********************************************************************************** | ||
+ | comment "all is done but make a reboot after terminating with the script" | ||
+ | sub_clean_up | ||
+ | |||
+ | if ($INST_AllowReboot$ = " | ||
+ | ExitWindows /Reboot | ||
+ | endif | ||
+ | |||
+ | |||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | [DosInAnIcon_open_winsxs] | ||
+ | takeown /r /f c: | ||
+ | " | ||
+ | move C: | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | |||
+ | [sub_read_configuration] | ||
+ | comment "get installed gina" | ||
+ | ; *** delete the reading processes from the main file and outsourcing in a sub process ********* | ||
+ | sub " | ||
+ | ; ********************************************************************************************** | ||
+ | Set $GEN_bootmode$ | ||
+ | |||
+ | comment " | ||
+ | Set $INST_DnsDomainName$ = GetValueFromInifile($INST_cfgini$, | ||
+ | if ($INST_DnsDomainName$ = "" | ||
+ | comment " | ||
+ | Set $INST_ResultList$ = getOutStreamFromSection(" | ||
+ | Set $INST_DnsDomainName$ = TakeString(1, | ||
+ | endif | ||
+ | |||
+ | ; dont log the pckey | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | Set $SHI_pckey$ = GetValueFromInifile($INST_cfgini$, | ||
+ | ; start logging again | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | |||
+ | Set $OCD_global.log_level$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OCD_config_service.url$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OCD_config_service.connection_timeout$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OCD_control_server.port$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OCD_notification_server.port$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OCD_open_firewall_for_control_server$ | ||
+ | Set $OLB_LogLevel$ = GetValueFromInifile($INST_cfgini$, | ||
+ | Set $OLB_LoginBlockerStart$ | ||
+ | Set $OLB_LoginBlockerTimeoutConnect$ | ||
+ | ;Set $OLB_ServiceConnectionTimeout$ = $OLB_LoginBlockerTimeoutConnect$ | ||
+ | ;Set $OLB_LoginBlockerTimeoutInstall$ | ||
+ | ;Set $OLB_opsiServiceType$ | ||
+ | |||
+ | ; change value given by config.ini only if property present | ||
+ | if GetProductProperty (" | ||
+ | Set $OLB_LoginBlockerStart$ = " | ||
+ | endif | ||
+ | if GetProductProperty (" | ||
+ | Set $OLB_LoginBlockerStart$ = " | ||
+ | endif | ||
+ | |||
+ | Set $INST_Service_User$ | ||
+ | Set $INST_Service_Password$ | ||
+ | Set $INST_service_hidden_password$ | ||
+ | |||
+ | if not ($INST_service_hidden_password$ = "" | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | Set $INST_Service_Password$ = base64DecodeStr($INST_service_hidden_password$) | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | endif | ||
+ | |||
+ | ; ******* sysconfini wird bei PXE-basierter Grundinstallation vom Bootimage angelegt. | ||
+ | if (FileExists ($INST_sysconfini$)) | ||
+ | DefVar $DepotUrl$ | ||
+ | Set $INST_NetBootProductname$ = GetValueFromInifile($INST_sysconfini$, | ||
+ | Set $INST_pcname$ | ||
+ | Set $INST_DnsDomainName$ | ||
+ | Set $DepotUrl$ | ||
+ | set $INST_DepotServer$ = takeString(2, | ||
+ | endif | ||
+ | |||
+ | if $INST_pcname$ = "" | ||
+ | set $INST_pcname$ = %pcname% | ||
+ | endif | ||
+ | Set $INST_pcname$ = lower($INST_pcname$) | ||
+ | if not ($INST_DnsDomainName$ = "" | ||
+ | Set $INST_ClientId$ = $INST_pcname$ + " | ||
+ | endif | ||
+ | |||
+ | if $GEN_bootmode$ = "" | ||
+ | Set $GEN_bootmode$ = " | ||
+ | endif | ||
+ | |||
+ | if $INST_Modus$ = " | ||
+ | if $INST_SubModus$ = " | ||
+ | Set $GEN_bootmode$ | ||
+ | endif ; BOOTIMAGE | ||
+ | |||
+ | if $INST_SubModus$ = " | ||
+ | sub_sub_create_client | ||
+ | endif ; CREATE_CLIENT | ||
+ | endif ; INSTALL | ||
+ | |||
+ | if (($SHI_pckey$ = "" | ||
+ | ; dont log the pckey | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | if FileExists ($INST_OpsiclientdConf$) | ||
+ | Set $SHI_pckey$ | ||
+ | Set $INST_ClientId$ | ||
+ | Set $INST_pcname$ | ||
+ | else | ||
+ | if FileExists (" | ||
+ | Set $SHI_pckey$ | ||
+ | Set $INST_ClientId$ | ||
+ | Set $INST_pcname$ | ||
+ | else | ||
+ | if FileExists ($INST_BaseDir$+" | ||
+ | Set $SHI_pckey$ | ||
+ | else | ||
+ | if FileExists (" | ||
+ | Set $SHI_pckey$ | ||
+ | else | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | logError "pckey not found - please reinstall opsi-client-agent" | ||
+ | isFatalError | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | ; start logging again | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | endif | ||
+ | set $INST_uac_level$ = GetProductProperty (" | ||
+ | set $INST_create_software_on_demand_menue_entry$ = GetProductProperty (" | ||
+ | |||
+ | if $INST_MAC$ = "" | ||
+ | sub_sub_try_to_get_my_mac | ||
+ | endif | ||
+ | |||
+ | if ($INST_DepotServer$ = "" | ||
+ | sub_sub_get_depot_netbiosname | ||
+ | endif | ||
+ | sub_sub_read_preloginvista_installation_state | ||
+ | sub_sub_read_preloginloader_installation_state | ||
+ | |||
+ | ; show what we have | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | if not ($INST_service_hidden_password$ = "" | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | comment " | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | endif | ||
+ | |||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | |||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | |||
+ | ;******** Sektion general ********** | ||
+ | |||
+ | comment " | ||
+ | |||
+ | ;******** Sektion shareinfo ********** | ||
+ | if ($INST_debug$ = " | ||
+ | comment " | ||
+ | endif | ||
+ | |||
+ | ;******** Sektion opsiclientd ********** | ||
+ | |||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | |||
+ | ;******** Sektion opsiLoginBlocker ********** | ||
+ | ;comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | comment " | ||
+ | ;comment " | ||
+ | comment " | ||
+ | |||
+ | ;******** Sektion prelogin ********** | ||
+ | comment " | ||
+ | |||
+ | |||
+ | ; | ||
+ | |||
+ | |||
+ | |||
+ | [sub_sub_create_client] | ||
+ | if ($OCD_config_service.url$ = "" | ||
+ | set $OCD_config_service.url$ = " | ||
+ | endif | ||
+ | |||
+ | comment " | ||
+ | markErrorNumber | ||
+ | opsiservicecall_authenticated | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | set $INST_error$ = " | ||
+ | comment "was not authenticated -> retry scripted login by default user/ | ||
+ | else | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | endif | ||
+ | if (takeString(0, | ||
+ | comment "was not authenticated as admin-> retry scripted login by default user/ | ||
+ | markErrorNumber | ||
+ | set $INST_error$ = " | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$ | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | set $INST_error$ = " | ||
+ | comment " | ||
+ | else | ||
+ | markErrorNumber | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | set $INST_error$ = " | ||
+ | comment "check for user is admin failed failed -> retry interactive" | ||
+ | endif | ||
+ | endif | ||
+ | if (takeString(0, | ||
+ | set $INST_error$ = " | ||
+ | ; | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | opsiservicecall_authenticated / | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | ; we don't check for errors because / | ||
+ | ; and increment errors | ||
+ | ;if errorsOccuredSinceMark > 0 | ||
+ | ; set $INST_error$ = " | ||
+ | ; comment " | ||
+ | ;else | ||
+ | ; Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | ;endif | ||
+ | markErrorNumber | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | set $INST_error$ = " | ||
+ | comment "check for user is admin failed failed -> abort" | ||
+ | endif | ||
+ | if (takeString(0, | ||
+ | logerror "No admin login" | ||
+ | pause " | ||
+ | isFatalError | ||
+ | endif | ||
+ | else | ||
+ | ;comment " | ||
+ | endif | ||
+ | endif | ||
+ | comment " | ||
+ | |||
+ | comment "get MAC and IP for Service connection" | ||
+ | sub_sub_try_to_get_my_mac | ||
+ | |||
+ | if ($INST_DnsDomainName$ = "" | ||
+ | comment "*** Get domain ***" | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | Set $INST_DnsDomainName$ = takestring(0, | ||
+ | endif | ||
+ | |||
+ | comment "*** does the client exist? ***" | ||
+ | Set $INST_pcname$ = lower($INST_pcname$) | ||
+ | Set $INST_ClientId$ = $INST_pcname$ + " | ||
+ | |||
+ | if ("" | ||
+ | comment "*** Create client ***" | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | endif | ||
+ | |||
+ | ; *** Get active service url *** | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | set $OCD_config_service.url$ = takestring(1, | ||
+ | if $OCD_config_service.url$ = "" | ||
+ | Set $OCD_config_service.url$ = GetvalueFromInifile($INST_cfgini$, | ||
+ | endif | ||
+ | |||
+ | ; *** Get hostkey1 *** | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | markErrorNumber | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | Set $SHI_pckey$ = takestring(0, | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | ; *** Get hostkey1 *** | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | markErrorNumber | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | LogError "Could not get hostkey - aborting" | ||
+ | Pause "Could not get hostkey - aborting" | ||
+ | isFatalError | ||
+ | else | ||
+ | Set $SHI_pckey$ = takestring(0, | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | [sub_copy_files] | ||
+ | DosInAnIcon_Stop_Preloginloader_Service | ||
+ | Registry_DeletePreloginloader | ||
+ | if ($INST_Modus$ = " | ||
+ | comment "clean all up" | ||
+ | if FileExists($INST_BaseDir$+" | ||
+ | comment " | ||
+ | DosInAnIcon_Stop_opsiclientd_Service | ||
+ | DosInAnIcon_unregister_opsiclientd_service | ||
+ | Registry_DeleteOpsiclientd | ||
+ | comment " | ||
+ | Files_Delete_OCA_BaseDir | ||
+ | endif | ||
+ | endif ; INSTALL | ||
+ | markErrorNumber | ||
+ | Files_copy_winst | ||
+ | Files_copy_uninst | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | comment "copy failed - let us abort" | ||
+ | logerror "Copy of files are failed -exiting" | ||
+ | pause " | ||
+ | isFatalError | ||
+ | endif | ||
+ | |||
+ | if ($INST_SystemType$ = "64 Bit System" | ||
+ | comment "we need vc_redist X64 at xp64 and 2003x64 to run the loginblocker" | ||
+ | Winbatch_vc_redist_exe_64 | ||
+ | ; | ||
+ | comment "Test for installation success | ||
+ | set $INST_ExitCode$ = getLastExitCode | ||
+ | if not (($INST_ExitCode$ = " | ||
+ | comment " | ||
+ | Winbatch_vc_redist_msi_64 | ||
+ | ; | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | |||
+ | comment " | ||
+ | Files_copy_py2exe | ||
+ | comment " | ||
+ | Files_copy_shining_light_OpenSSL_exe | ||
+ | ; | ||
+ | DosInAnIcon_shining_light_OpenSSL_unpack | ||
+ | Files_copy_shining_light_OpenSSL_files | ||
+ | Registry_shining_light_OpenSSL | ||
+ | if (FileExists($INST_BaseDir$+" | ||
+ | comment " | ||
+ | DosInAnIcon_Stop_Preloginloader_Service | ||
+ | Registry_DeletePreloginloader | ||
+ | Files_del_utils | ||
+ | Files_del_prelogin | ||
+ | endif | ||
+ | |||
+ | comment " | ||
+ | if $INST_NTVersion$ >= " | ||
+ | if ($INST_SystemType$ = "64 Bit System" | ||
+ | Files_copy_vista_loginblocker_64 / | ||
+ | else | ||
+ | Files_copy_vista_loginblocker_32 | ||
+ | Files_del_cmd64 | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | if $INST_NTVersion$ < " | ||
+ | if ($INST_SystemType$ = "64 Bit System" | ||
+ | Files_copy_xp_loginblocker_64 | ||
+ | else | ||
+ | if $INST_NTVersion$ = " | ||
+ | Files_copy_xp_loginblocker_win2k | ||
+ | ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + " | ||
+ | Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ | ||
+ | ;Set $INST_SetAclDir$ = $INST_OpsiUtilitiesdDir$ + " | ||
+ | else | ||
+ | Files_copy_xp_loginblocker_32 | ||
+ | endif | ||
+ | Files_del_cmd64 | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | [sub_write_configuration] | ||
+ | if $INST_Modus$ = " | ||
+ | Registry_SetGeneralEntries | ||
+ | if ($INST_debug$ = " | ||
+ | Files_save_config_for_debug | ||
+ | endif | ||
+ | |||
+ | ;if $INST_MinorOS$ = " | ||
+ | if ($INST_NTVersion$ = " | ||
+ | if $INST_AktGina$ = "" | ||
+ | Registry_SetRemoveMsginaOnDeinst | ||
+ | endif | ||
+ | endif ; winxp | ||
+ | endif ; INSTALL | ||
+ | |||
+ | ; | ||
+ | comment " | ||
+ | ; | ||
+ | comment " | ||
+ | Registry_SetUninstallEntries | ||
+ | comment " | ||
+ | Registry_SetGeneralEntries | ||
+ | comment "add registry key for shutdown requests" | ||
+ | Registry_add_shutdown_key | ||
+ | comment "make all depotshares trusted for the 32 Bit opsi-client-agent" | ||
+ | comment "get all depot servers :" | ||
+ | if $INST_SubModus$ = " | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | else | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | endif | ||
+ | comment " take the string :" | ||
+ | set $INST_Result$ = takeString(0, | ||
+ | comment " remove trailing brackets and quote :" | ||
+ | set $INST_Result$ = takeString(0, | ||
+ | comment " remove heading brackets and quote :" | ||
+ | set $INST_Result$ = takeString(1, | ||
+ | comment " split servers in to list :" | ||
+ | set $INST_ResultList$ = splitstring($INST_Result$,'","' | ||
+ | comment "write all depots to the registry :" | ||
+ | for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted | ||
+ | for %depotId% in $INST_ResultList$ do Registry_hklm_set_depotshare_trusted / | ||
+ | comment "get netbiosnames from depots :" | ||
+ | comment "first clear the resultlist:" | ||
+ | set $INST_ResultList2$ = getsubList(0: | ||
+ | ; this is a dirty hack. It is used until we can ask host_getObjects with filter | ||
+ | ; so we assume, that the first part of the fqdn is identical with the netbiosname | ||
+ | for %depotId% in $INST_ResultList$ do set $INST_ResultList2$ = addtolist($INST_ResultList2$, | ||
+ | for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted | ||
+ | for %depotId% in $INST_ResultList2$ do Registry_hklm_set_depotshare_trusted / | ||
+ | |||
+ | comment "tell server my mac address" | ||
+ | if not ($INST_MAC$ = "" | ||
+ | opsiservicecall_setMacAddress | ||
+ | endif | ||
+ | comment "Open c:\tmp worldwide writable" | ||
+ | Files_create_ctmp | ||
+ | DosInAnIcon_open_ctmp | ||
+ | comment " | ||
+ | Files_create_c_opsiorg | ||
+ | comment "lock c:\opsi.org -> for administrators only" | ||
+ | DosInAnIcon_lock_c_opsiorg | ||
+ | |||
+ | Patches_opsiclientd_conf_rest $INST_OpsiclientdConf$ | ||
+ | if not (($SHI_pckey$ = "" | ||
+ | comment "dont log the pckey" | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | Patches_opsiclientd_conf_key $INST_OpsiclientdConf$ | ||
+ | comment "start logging again" | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | endif | ||
+ | Patches_opsiclientd_cnf $INST_opensslConfigFile$ | ||
+ | DosInAnIcon_generate_opsiclientdCertificate | ||
+ | DosInAnIcon_opsiclientd_register_service_exe | ||
+ | comment "set start to auto (2) if it was deactivated (4)" | ||
+ | Registry_ActivateOpsiclientd | ||
+ | if ($INST_NTVersion$ = " | ||
+ | else | ||
+ | if ($INST_NTVersion$ = " | ||
+ | else | ||
+ | if ($INST_NTVersion$ >= " | ||
+ | comment " | ||
+ | if $INST_uac_level$ = " | ||
+ | Registry_UAC_on_1 / | ||
+ | else | ||
+ | if $INST_uac_level$ = " | ||
+ | Registry_UAC_on_2 / | ||
+ | else | ||
+ | if $INST_uac_level$ = " | ||
+ | Registry_UAC_on_3 / | ||
+ | else | ||
+ | if $INST_uac_level$ = " | ||
+ | Registry_UAC_on_4 / | ||
+ | else | ||
+ | LogWarning(" | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | ; | ||
+ | ; | ||
+ | else | ||
+ | LogError " | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | if $OCD_open_firewall_for_control_server$ = " | ||
+ | if ($INST_NTVersion$ >= " | ||
+ | DosInAnIcon_open_firewall_for_control_server_nt6 | ||
+ | else | ||
+ | DosInAnIcon_open_firewall_for_control_server | ||
+ | endif | ||
+ | else | ||
+ | if ($INST_NTVersion$ >= " | ||
+ | DosInAnIcon_close_firewall_for_control_server_nt6 | ||
+ | else | ||
+ | DosInAnIcon_close_firewall_for_control_server | ||
+ | endif | ||
+ | endif | ||
+ | ;;; comment " | ||
+ | ;;; comment " | ||
+ | ;;; ; | ||
+ | ;;; comment "patch the exported policy: login monitoring: success, | ||
+ | ;;; ; | ||
+ | ;;; comment " | ||
+ | ;;; ; | ||
+ | ;;; DosInAnIcon_auditpol_enable_login_looging | ||
+ | comment " | ||
+ | comment "This should be prevent problems on win2003" | ||
+ | DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy | ||
+ | Registry_disable_dep_opsiclientd / | ||
+ | comment "make opsiclientd depending ond dhcp and dnscache services" | ||
+ | Registry_opsiclientd_Service_depend_dhcp_dns | ||
+ | |||
+ | if ($INST_NTVersion$ >= " | ||
+ | if $OLB_LoginBlockerStart$ = " | ||
+ | Registry_vista_loginblocker / | ||
+ | else | ||
+ | Registry_vista_del_loginblocker / | ||
+ | endif | ||
+ | endif ; win vista | ||
+ | |||
+ | ;if ($INST_MinorOS$ = " | ||
+ | if ($INST_NTVersion$ < " | ||
+ | if $OLB_LoginBlockerStart$ = " | ||
+ | Registry_opsigina_opsi_Config / | ||
+ | Registry_set_loginblocker_start / | ||
+ | else | ||
+ | Registry_set_loginblocker_start / | ||
+ | endif ; loginblocker start | ||
+ | if ($INST_SystemType$ = "64 Bit System" | ||
+ | winbatch_test_opsigina_64 | ||
+ | else | ||
+ | winbatch_test_opsigina_32 | ||
+ | endif | ||
+ | set $INST_ExitCode$ = getLastExitCode | ||
+ | if $INST_ExitCode$ = " | ||
+ | comment " | ||
+ | ; *** changed to implement the SOPHOS SafeGuard Engine and DATEV (for ITL) ************** | ||
+ | sub " | ||
+ | ; *************************************************************************************** | ||
+ | else | ||
+ | LogError " | ||
+ | endif | ||
+ | endif ; winXP | ||
+ | comment " | ||
+ | DosInAnIcon_lock_opsiclientagent | ||
+ | ;comment "do the lock on every installation" | ||
+ | ; | ||
+ | |||
+ | if $INST_create_software_on_demand_menue_entry$ = " | ||
+ | opsiservicecall_setOption_addConfigStateDefaults_true | ||
+ | Set $INST_ResultList$ = getReturnListFromSection(' | ||
+ | if (TakeString(0, | ||
+ | LinkFolder_install_softwareOnDemand | ||
+ | endif | ||
+ | else | ||
+ | LinkFolder_uninstall_softwareOnDemand | ||
+ | endif | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | |||
+ | [sub_clean_up] | ||
+ | if fileExists(" | ||
+ | | ||
+ | endif | ||
+ | if fileExists(" | ||
+ | | ||
+ | endif | ||
+ | if fileExists(" | ||
+ | | ||
+ | endif | ||
+ | Files_del_utils | ||
+ | if FileExists(" | ||
+ | Files_Delete_PLG_BaseDir | ||
+ | endif | ||
+ | if fileExists(" | ||
+ | | ||
+ | endif | ||
+ | Files_redist_cleanup | ||
+ | |||
+ | |||
+ | ; | ||
+ | |||
+ | [Files_Delete_ctmpopsi] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_Delete_ctmpssl] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_Delete_ctmppython] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_Delete_ctmpopsi-client-agent] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_del_utils] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_del_prelogin] | ||
+ | delete -s -f " | ||
+ | |||
+ | [Files_redist_cleanup] | ||
+ | delete c: | ||
+ | delete c: | ||
+ | delete c: | ||
+ | delete c: | ||
+ | delete c:\.rnd | ||
+ | delete c: | ||
+ | delete d: | ||
+ | delete d: | ||
+ | delete d: | ||
+ | delete d: | ||
+ | delete d:\.rnd | ||
+ | delete d: | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | ; | ||
+ | [Files_copy_winst] | ||
+ | ; do not use -V because it leads to broken winst on downgrade | ||
+ | copy -sc " | ||
+ | copy -sVc " | ||
+ | |||
+ | [Files_copy_uninst] | ||
+ | copy -sVc " | ||
+ | |||
+ | [Files_Delete_OCA_BaseDir] | ||
+ | delete -sf " | ||
+ | |||
+ | [Files_Delete_PLG_BaseDir] | ||
+ | delete -sf " | ||
+ | |||
+ | [Registry_SetGeneralEntries] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\general] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | [Registry_SetUninstallEntries] | ||
+ | deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-preloginloader] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\opsi-client-agent] | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | |||
+ | [DosInAnIcon_lock_opsiclientagent] | ||
+ | rem see http:// | ||
+ | |||
+ | |||
+ | rem set rights for the base dir | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | rem " | ||
+ | rem remove users from dacl | ||
+ | " | ||
+ | rem remove power users from dacl | ||
+ | " | ||
+ | rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. | ||
+ | rem set the complete dir full access for admin and (read and execute) only for user | ||
+ | " | ||
+ | |||
+ | rem revoke users access for configuration file (opsi-hostkey) | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | " | ||
+ | rem " | ||
+ | |||
+ | rem revoke users access for uninst | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | " | ||
+ | rem " | ||
+ | |||
+ | rem revoke users access for utilities | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | " | ||
+ | rem " | ||
+ | |||
+ | |||
+ | rem grant user execute to the winst directory | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | rem therefore remove users from dacl | ||
+ | " | ||
+ | rem therefore set new rights | ||
+ | " | ||
+ | |||
+ | |||
+ | rem show the resulting acl | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | |||
+ | |||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | ; Registry and UAC | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | |||
+ | [Registry_UAC_off] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | [Registry_UAC_on_special] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | |||
+ | [Registry_UAC_on_1] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | [Registry_UAC_on_2] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | [Registry_UAC_on_3] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | [Registry_UAC_on_4] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | |||
+ | [Registry_hklm_set_depotshare_trusted] | ||
+ | openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%depotId%] | ||
+ | set " | ||
+ | openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; ******************** login blockers sections***************************************** | ||
+ | ; ******************** credential provider login blockers sections******************** | ||
+ | |||
+ | [Files_copy_vista_loginblocker_32] | ||
+ | copy -Vc " | ||
+ | |||
+ | [Files_copy_vista_loginblocker_64] | ||
+ | copy -Vc " | ||
+ | |||
+ | [Registry_vista_loginblocker] | ||
+ | ;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | ;set "" | ||
+ | openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | set "" | ||
+ | openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32] | ||
+ | set "" | ||
+ | set " | ||
+ | openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | set "" | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | |||
+ | [Registry_vista_del_loginblocker] | ||
+ | deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
+ | |||
+ | ; ******************** end credential provider login blockers sections******************** | ||
+ | ; | ||
+ | |||
+ | [Files_copy_xp_loginblocker_32] | ||
+ | copy -Vc " | ||
+ | |||
+ | [Files_copy_xp_loginblocker_win2k] | ||
+ | ;copy -Vc " | ||
+ | copy -Vc " | ||
+ | |||
+ | [Files_copy_xp_loginblocker_64] | ||
+ | copy -Vc " | ||
+ | |||
+ | [Registry_SetRemoveMsginaOnDeinst] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] | ||
+ | Set " | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] | ||
+ | Set " | ||
+ | |||
+ | [Registry_opsigina_opsi_Config] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] | ||
+ | Set " | ||
+ | set " | ||
+ | Set " | ||
+ | Set " | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] | ||
+ | Set " | ||
+ | set " | ||
+ | Set " | ||
+ | Set " | ||
+ | |||
+ | ; ************************************************************************************************* | ||
+ | ; *** outsourcing the chapter Registry_opsigina_winlogon_Config to separate file write_gina.ins *** | ||
+ | ; ************************************************************************************************* | ||
+ | |||
+ | [Registry_set_loginblocker_start] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\preloginloader] | ||
+ | Set " | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\opsi.org\opsi-client-agent] | ||
+ | Set " | ||
+ | |||
+ | [winbatch_test_opsigina_64] | ||
+ | " | ||
+ | |||
+ | [winbatch_test_opsigina_32] | ||
+ | " | ||
+ | |||
+ | |||
+ | |||
+ | ; ******************** end opsigina loginblocker sections ***************************************** | ||
+ | ; ******************** end loginblockers sections ***************************************** | ||
+ | |||
+ | |||
+ | ; ******************** opsiclientd sections ***************************************** | ||
+ | [Patches_opsiclientd_conf_key] | ||
+ | Set [global] opsi_host_key=$SHI_pckey$ | ||
+ | Set [global] host_id=$INST_ClientId$ | ||
+ | |||
+ | [Patches_opsiclientd_conf_rest] | ||
+ | Set [config_service] url=$OCD_config_service.url$/ | ||
+ | Set [config_service] connection_timeout=$OCD_config_service.connection_timeout$ | ||
+ | Set [control_server] port=$OCD_control_server.port$ | ||
+ | Set [notification_server] port=$OCD_notification_server.port$ | ||
+ | Set [global] log_level=$OCD_global.log_level$ | ||
+ | |||
+ | [DosInAnIcon_lock_opsiclientd_conf] | ||
+ | rem this should work not only on german systems | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | rem " | ||
+ | rem remove users from dacl | ||
+ | " | ||
+ | rem remove power users from dacl | ||
+ | " | ||
+ | rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. | ||
+ | " | ||
+ | rem show the resulting acl | ||
+ | " | ||
+ | |||
+ | [Patches_opsiclientd_cnf] | ||
+ | Add [req] default_bits = 1024 | ||
+ | Add [req] encrypt_key = yes | ||
+ | Add [req] distinguished_name = req_dn | ||
+ | Add [req] x509_extensions = cert_type | ||
+ | Add [req] prompt = no | ||
+ | Add [req_dn] C = DE | ||
+ | Add [req_dn] ST = RP | ||
+ | Add [req_dn] L = Mainz | ||
+ | Add [req_dn] O = UIB | ||
+ | Add [req_dn] OU = - | ||
+ | Set [req_dn] CN = $INST_ClientId$ | ||
+ | Add [req_dn] emailAddress = info@uib.de | ||
+ | Add [cert_type] nsCertType = server | ||
+ | |||
+ | [DosInAnIcon_generate_opsiclientdCertificate] | ||
+ | " | ||
+ | |||
+ | [DosInAnIcon_Stop_opsiclientd_Service] | ||
+ | net stop opsiclientd | ||
+ | |||
+ | [DosInAnIcon_unregister_opsiclientd_service] | ||
+ | " | ||
+ | " | ||
+ | |||
+ | [DosInAnIcon_open_firewall_for_control_server] | ||
+ | netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port | ||
+ | |||
+ | [DosInAnIcon_close_firewall_for_control_server] | ||
+ | netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$ | ||
+ | |||
+ | [DosInAnIcon_open_firewall_for_control_server_nt6] | ||
+ | rem netsh firewall add portopening protocol = TCP port = $OCD_control_server.port$ name = opsiclientd-control-port | ||
+ | netsh advfirewall firewall add rule name=" | ||
+ | |||
+ | [DosInAnIcon_close_firewall_for_control_server_nt6] | ||
+ | rem netsh firewall delete portopening protocol = TCP port = $OCD_control_server.port$ | ||
+ | netsh advfirewall firewall delete rule name=" | ||
+ | |||
+ | |||
+ | [Registry_DeleteOpsiclientd] | ||
+ | DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | |||
+ | [Registry_DeactivateOpsiclientd] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opsiclientd] | ||
+ | Set " | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\opsiclientd] | ||
+ | Set " | ||
+ | |||
+ | [Registry_ActivateOpsiclientd] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | set " | ||
+ | |||
+ | [DosInAnIcon_opsiclientd_register_service_exe] | ||
+ | " | ||
+ | |||
+ | [Registry_opsiclientd_Service_depend_win2k] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | |||
+ | [Registry_opsiclientd_Service_depend_winxp] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | |||
+ | [Registry_opsiclientd_Service_depend_winvista] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | |||
+ | [Registry_opsiclientd_Service_depend_dhcp_dns] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\opsiclientd] | ||
+ | Set " | ||
+ | |||
+ | [Registry_opsiclientd_Service_set_timeout] | ||
+ | ; default timeout is 30000 millis increase to 60000 millis | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] | ||
+ | Set " | ||
+ | |||
+ | [DosInAnIcon_wmic_get_os_DataExecutionPrevention_SupportPolicy] | ||
+ | @echo off | ||
+ | wmic os get DataExecutionPrevention_SupportPolicy | ||
+ | |||
+ | [Registry_disable_dep_opsiclientd] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] | ||
+ | set " | ||
+ | |||
+ | ; ******************** end opsiclientd sections ***************************************** | ||
+ | |||
+ | ; ******************** Install helpers sections ***************************************** | ||
+ | |||
+ | [Files_del_cmd64] | ||
+ | delete -f " | ||
+ | |||
+ | [Files_save_config_for_debug] | ||
+ | copy " | ||
+ | |||
+ | [sub_set_installation_status] | ||
+ | if $INST_SubModus$ = " | ||
+ | opsiservicecall_setNetbootInstallationStatus /username $INST_ClientId$ /password $SHI_pckey$ /serviceurl $OCD_config_service.url$ | ||
+ | endif | ||
+ | opsiservicecall_setOpsiclientagentInstallationStatus | ||
+ | if $INST_preloginvistaInstalled$ = ' | ||
+ | opsiservicecall_setPreloginvistaInstallationStatus_off | ||
+ | endif | ||
+ | if $INST_preloginloaderInstalled$ = ' | ||
+ | opsiservicecall_setpreloginloaderInstallationStatus_off | ||
+ | endif | ||
+ | |||
+ | [sub_sub_read_preloginloader_installation_state] | ||
+ | if "" | ||
+ | set $INST_preloginloaderInstalled$ = ' | ||
+ | else | ||
+ | set $INST_preloginloaderInstalled$ = ' | ||
+ | endif | ||
+ | |||
+ | [sub_sub_read_preloginvista_installation_state] | ||
+ | if "" | ||
+ | set $INST_preloginvistaInstalled$ = ' | ||
+ | else | ||
+ | set $INST_preloginvistaInstalled$ = ' | ||
+ | endif | ||
+ | |||
+ | [Registry_add_shutdown_key] | ||
+ | openKey [$INST_WinstRegKey$] | ||
+ | add " | ||
+ | |||
+ | [Files_create_ctmp] | ||
+ | CheckTargetPath = " | ||
+ | |||
+ | [DosInAnIcon_open_ctmp] | ||
+ | rem C: | ||
+ | rem show setacl-version | ||
+ | rem " | ||
+ | rem this should work not only on german systems | ||
+ | rem open c:\tmp for everyone | ||
+ | " | ||
+ | rem " | ||
+ | rem show the resulting acl | ||
+ | " | ||
+ | |||
+ | [Files_create_c_opsiorg] | ||
+ | CheckTargetPath = " | ||
+ | |||
+ | [DosInAnIcon_lock_c_opsiorg] | ||
+ | rem this should work not only on german systems | ||
+ | rem make the dacl not inherited | ||
+ | " | ||
+ | rem " | ||
+ | rem remove users from dacl | ||
+ | " | ||
+ | rem remove power users from dacl | ||
+ | " | ||
+ | rem Propagation of inherited permissions is enabled for all sub-objects whose permissons are also reset, resulting in only the specified permissions being active for a whole directory tree. | ||
+ | " | ||
+ | rem show the resulting acl | ||
+ | " | ||
+ | |||
+ | [sub_get_depot_netbiosnames] | ||
+ | set %depotId% | ||
+ | set $INST_ResultList2$ = addtolist($INST_ResultList2$, | ||
+ | |||
+ | |||
+ | [Sub_check_exitcode] | ||
+ | comment "Test for installation success | ||
+ | set $INST_ExitCode$ = getLastExitCode | ||
+ | ; informations to exit codes see | ||
+ | ; http:// | ||
+ | ; http:// | ||
+ | if ($INST_ExitCode$ = " | ||
+ | comment "Looks good: setup program gives exitcode zero" | ||
+ | else | ||
+ | comment "Setup program gives a exitcode unequal zero: " + $INST_ExitCode$ | ||
+ | if ($INST_ExitCode$ = " | ||
+ | comment "File is in use - seems not to be a problem (at vc_redist installation)" | ||
+ | else | ||
+ | if ($INST_ExitCode$ = " | ||
+ | comment " | ||
+ | comment " | ||
+ | else | ||
+ | if ($INST_ExitCode$ = " | ||
+ | comment "looks good: setup program gives exitcode 1641" | ||
+ | comment " | ||
+ | else | ||
+ | if ($INST_ExitCode$ = " | ||
+ | comment "looks good: setup program gives exitcode 3010" | ||
+ | comment " | ||
+ | else | ||
+ | logError " | ||
+ | ; | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | ; ******************** End Install helpers sections ***************************************** | ||
+ | |||
+ | ; ******************** create client sections ***************************************** | ||
+ | |||
+ | [sub_sub_try_to_get_my_mac] | ||
+ | Set $INST_ShortServiceUrl$ = takestring(1, | ||
+ | set $INST_ConfigServerIP$ = takestring(0, | ||
+ | set $INST_ConfigServerPort$ = takestring(1, | ||
+ | comment "we need a IP-Numer at sub_getServiceConnection for analyzing the netstat output" | ||
+ | Set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | set $INST_ExitCode$ = getLastExitCode | ||
+ | if " | ||
+ | LogWarning "MAC Address could not detected because config server could not resolved" | ||
+ | else | ||
+ | set $INST_ConfigServerIP$ = takestring(0, | ||
+ | set $INST_ShortServiceUrl$ = $INST_ConfigServerIP$+":" | ||
+ | comment "let us try to guess the ip number by getbestinterface windows api ..." | ||
+ | Set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | set $INST_IPAddress$ = takestring(0, | ||
+ | set $INST_IPAddress$ = takestring(1, | ||
+ | if $INST_IPAddress$ = "" | ||
+ | LogWarning " | ||
+ | else | ||
+ | set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | if ("" | ||
+ | LogWarning "WMI service not running - giving up to get mac" | ||
+ | else | ||
+ | comment "WMI is running or we are at win2k and we only hope that it is running" | ||
+ | Set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | set $INST_MAC$ = lower(takestring(1, | ||
+ | if $INST_MAC$ = "" | ||
+ | LogWarning "no MAC found" | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | |||
+ | ;comment "Do we have a connection to the server ?" | ||
+ | ; | ||
+ | ; | ||
+ | ;if errorsOccuredSinceMark > 0 | ||
+ | ; comment "No - we have no connection to the server." | ||
+ | ; comment "Let us try to connect the server ...." | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | ; if errorsOccuredSinceMark > 0 | ||
+ | ; | ||
+ | ; endif | ||
+ | ;else | ||
+ | ; comment "Yes - we have a connection to the server." | ||
+ | ; | ||
+ | ;endif | ||
+ | ;comment "Now calling netstat ...." | ||
+ | ;Set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | ;set $INST_IPAddress$ = takestring(2, | ||
+ | ;set $INST_IPAddress$ = takestring(0, | ||
+ | ;if $INST_IPAddress$ = "" | ||
+ | ; | ||
+ | ; set $INST_IPAddress$ = " | ||
+ | ;endif | ||
+ | ;Set $INST_ServiceResult$ = getOutStreamFromSection(' | ||
+ | ;set $INST_MAC$ = lower(takestring(1, | ||
+ | ;if $INST_MAC$ = "" | ||
+ | ; | ||
+ | ;endif | ||
+ | ;endif | ||
+ | |||
+ | [DosInAnIcon_getServiceConnection] | ||
+ | @echo off | ||
+ | netstat -n | ||
+ | |||
+ | [DosInAnIcon_getMac_by_exe] | ||
+ | @echo off | ||
+ | " | ||
+ | |||
+ | [DosInAnIcon_getDnsByWmic] | ||
+ | @echo off | ||
+ | wmic path win32_NetworkAdapterConfiguration get DnsDomain /value | findstr " | ||
+ | |||
+ | [DosInAnIcon_getIPbyName] | ||
+ | @echo off | ||
+ | " | ||
+ | |||
+ | [DosInAnIcon_getIpByTarget] | ||
+ | @echo off | ||
+ | " | ||
+ | |||
+ | [DosInAnIcon_WMI_running] | ||
+ | @echo off | ||
+ | sc query Winmgmt | ||
+ | |||
+ | |||
+ | [sub_sub_get_depot_netbiosname] | ||
+ | set $INST_Authenticated$ = " | ||
+ | markErrorNumber | ||
+ | opsiservicecall_authenticated | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | comment "was not authenticated -> retry scripted login by default user/ | ||
+ | markErrorNumber | ||
+ | SetLogLevel=$INST_PasswdLogLevel$ | ||
+ | opsiservicecall_authenticated /username $INST_Service_User$ /password $INST_Service_Password$ /serviceurl $OCD_config_service.url$ | ||
+ | SetLogLevel=$INST_DefaultLoglevel$ | ||
+ | if errorsOccuredSinceMark > 0 | ||
+ | comment " | ||
+ | comment " | ||
+ | else | ||
+ | comment "now authenticated " | ||
+ | set $INST_Authenticated$ = " | ||
+ | endif | ||
+ | else | ||
+ | comment "was authenticated " | ||
+ | set $INST_Authenticated$ = " | ||
+ | endif | ||
+ | |||
+ | if $INST_Authenticated$ = " | ||
+ | Set $INST_ServiceResult$ = getReturnListFromSection(' | ||
+ | set $INST_DepotServer$ = takeString(2, | ||
+ | endif | ||
+ | |||
+ | ; ******************** End create client sections ***************************************** | ||
+ | |||
+ | ; | ||
+ | [Files_copy_py2exe] | ||
+ | copy -sVc " | ||
+ | |||
+ | [Winbatch_shining_light_OpenSSL] | ||
+ | " | ||
+ | |||
+ | [Files_copy_shining_light_OpenSSL_exe] | ||
+ | copy " | ||
+ | copy " | ||
+ | |||
+ | [DosInAnIcon_shining_light_OpenSSL_unpack] | ||
+ | rem ; | ||
+ | c: | ||
+ | cd " | ||
+ | mkdir tmp | ||
+ | innounp.exe -x -m -b -dtmp Win32OpenSSL_Light-1_0_0i.exe | ||
+ | |||
+ | [Files_copy_shining_light_OpenSSL_files] | ||
+ | copy -sV " | ||
+ | ;copy -V " | ||
+ | delete -sf " | ||
+ | |||
+ | [Registry_shining_light_OpenSSL] | ||
+ | openkey [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] | ||
+ | set " | ||
+ | |||
+ | [Winbatch_vc_redist_exe] | ||
+ | ;" | ||
+ | " | ||
+ | ;" | ||
+ | ;" | ||
+ | |||
+ | [Winbatch_vc_redist_exe_64] | ||
+ | " | ||
+ | |||
+ | [Winbatch_vc_redist_msi_64] | ||
+ | msiexec /i " | ||
+ | |||
+ | [Winbatch_vc_redist_msi] | ||
+ | ;msiexec /i " | ||
+ | msiexec /i " | ||
+ | |||
+ | [ExecWith_autoit_vc_redist] | ||
+ | WinWait(" | ||
+ | Send(" | ||
+ | Send(" | ||
+ | Send(" | ||
+ | exit | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | [LinkFolder_install_softwareOnDemand] | ||
+ | set_basefolder common_programs | ||
+ | set_subfolder opsi.org | ||
+ | |||
+ | set_link | ||
+ | name: software on demand | ||
+ | target: https:// | ||
+ | parameters: | ||
+ | working_dir: | ||
+ | icon_file: | ||
+ | icon_index: | ||
+ | end_link | ||
+ | |||
+ | [LinkFolder_uninstall_softwareOnDemand] | ||
+ | set_basefolder common_programs | ||
+ | delete_subfolder opsi.org | ||
+ | |||
+ | ; | ||
+ | |||
+ | ; | ||
+ | |||
+ | [Registry_DeletePreloginloader] | ||
+ | DeleteKey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PreLoginLoader] | ||
+ | |||
+ | [DosInAnIcon_Stop_Preloginloader_Service] | ||
+ | net stop preloginloader | ||
+ | |||
+ | ; | ||
+ | |||
+ | |||
+ | ;******** Service sections ********** | ||
+ | [opsiservicecall_authenticated] | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getDomain] | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getHost_hash] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getClientIds_list] | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_createClient] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | "", | ||
+ | "", | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getServerId] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getOpsiHostKey] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setNetbootInstallationStatus] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setPreloginloaderInstallationStatus_off] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setPreloginvistaInstallationStatus_off] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setOpsiclientagentInstallationStatus] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getNetworkConfig_hash] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_userIsAdmin] | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setMacAddress] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getInstalledLocalBootProductIds_list] | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getDepotshares] | ||
+ | " | ||
+ | " | ||
+ | ' | ||
+ | ' | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_getDepot_properties] | ||
+ | " | ||
+ | " | ||
+ | ' | ||
+ | ' | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_setOption_addConfigStateDefaults_true] | ||
+ | " | ||
+ | " | ||
+ | ' | ||
+ | ] | ||
+ | |||
+ | [opsiservicecall_get_configState_software-on-demand.active] | ||
+ | " | ||
+ | " | ||
+ | '', | ||
+ | ' | ||
+ | ] | ||
+ | |||
+ | ; | ||
+ | ; | ||
+ | </ | ||
+ | |||
+ | ==== read_gina.ins ==== | ||
+ | this file is for implementing a gina chain for sophos and DATEV on XP-Machines (not needed for OS Vista and younger) | ||
+ | <code winst> | ||
+ | set $INST_AktGina$ = GetRegistryStringValueSysnative(" | ||
+ | |||
+ | comment "get nextgina to chain" | ||
+ | set $INST_gina_to_chain$ = GetRegistryStringValueSysnative(" | ||
+ | |||
+ | if $INST_gina_to_chain$ = "" | ||
+ | comment "no nextGina entry at opsi-client-agent - let us look at the old preloginloader key" | ||
+ | set $INST_gina_to_chain$ = GetRegistryStringValueSysnative(" | ||
+ | endif | ||
+ | |||
+ | if $INST_gina_to_chain$ = "" | ||
+ | comment "no new opsigina installed - let us look for opsi pgina installation" | ||
+ | set $INST_gina_to_chain$ = GetRegistryStringValueSysnative(" | ||
+ | endif | ||
+ | |||
+ | if $INST_gina_to_chain$ = "" | ||
+ | comment "no new opsi pgina installed - let us look for legacy opsi installation" | ||
+ | set $INST_old_reg_gina_installed$ = GetRegistryStringValueSysnative(" | ||
+ | if $INST_old_reg_gina_installed$ = " | ||
+ | set $INST_gina_to_chain$ = GetRegistryStringValueSysnative(" | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | if ($INST_gina_to_chain$ = "" | ||
+ | comment " | ||
+ | set $INST_gina_to_chain$ = GetRegistryStringValue32(" | ||
+ | endif | ||
+ | |||
+ | |||
+ | if $INST_NTVersion$ < " | ||
+ | if ($INST_AktGina$ = "" | ||
+ | comment " | ||
+ | set $INST_gina_to_chain$ = " | ||
+ | else | ||
+ | if ($INST_gina_to_chain$ = "" | ||
+ | ; *************************** Implementing the SOPHOS Safe GUARD Easy Engine ********************************************* | ||
+ | if ($INST_AktGina$ = " | ||
+ | set $INST_sophos$ = " | ||
+ | set $INST_gina_to_chain$ = " | ||
+ | else | ||
+ | ; **************************************************************************************** | ||
+ | ; *** implementation fpr DATEV client ( for ITL) ***************************************** | ||
+ | if ($INST_AktGina$ = " | ||
+ | set $INST_DATEV$ = " | ||
+ | set $INST_gina_to_chain$ = " | ||
+ | else | ||
+ | ; **************************************************************************************** | ||
+ | ; *** the original block | ||
+ | ; **************************************************************************************** | ||
+ | comment " | ||
+ | set $INST_gina_to_chain$ = $INST_AktGina$ | ||
+ | ; **************************************************************************************** | ||
+ | endif | ||
+ | endif | ||
+ | ; ************************************************************************************************************************ | ||
+ | else | ||
+ | comment " | ||
+ | endif | ||
+ | endif | ||
+ | endif ; winxp / win2k | ||
+ | </ | ||
+ | |||
+ | ==== write_gina.ins ==== | ||
+ | <code winst> | ||
+ | if ($INST_sophos$ = " | ||
+ | Registry_opsigina_winlogon_SOPHOS / | ||
+ | else | ||
+ | if ($INST_DATEV = " | ||
+ | Registry_opsigina_winlogon_DATEV / | ||
+ | else | ||
+ | Registry_opsigina_winlogon_Config / | ||
+ | ; ********************************************************************************* | ||
+ | ; *** the original block ********************************************************** | ||
+ | ; ********************************************************************************* | ||
+ | endif | ||
+ | endif | ||
+ | |||
+ | [Registry_opsigina_winlogon_Config] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] | ||
+ | Set " | ||
+ | set " | ||
+ | |||
+ | [Registry_opsigina_winlogon_DATEV] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] | ||
+ | set " | ||
+ | |||
+ | [Registry_opsigina_winlogon_SOPHOS] | ||
+ | OpenKey [HKEY_LOCAL_MACHINE\SOFTWARE\Utimaco\SafeGuard Enterprise\Authentication] | ||
+ | set " | ||
+ | set " | ||
+ | set " | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== update_sub.ins ==== | ||
+ | this file is for customizing the UI from opsi-client-agent. | ||
+ | |||
+ | <code winst> | ||
+ | DefVar $SrcPath$ | ||
+ | DefVar | ||
+ | DefVar | ||
+ | DefVar | ||
+ | DefVar | ||
+ | DefVar | ||
+ | DefVar | ||
+ | |||
+ | |||
+ | ; ---------------------------------------------------------------- | ||
+ | ; - Please edit the following values | ||
+ | ; ---------------------------------------------------------------- | ||
+ | ; | ||
+ | ; therefore please: only lower letters, no umlauts, | ||
+ | ; no white space use ' | ||
+ | Set $INST_BaseDir$ | ||
+ | Set $INST_OpsiclientdDir$ = | ||
+ | Set $INST_OpsiclientdConf$ = | ||
+ | Set $INST_WinstDir$ = | ||
+ | Set $INST_NotifierDir$ = | ||
+ | Set $NotifierUpdatePath$ = | ||
+ | Set $WinstSkinUpdatePath$ = | ||
+ | |||
+ | ; | ||
+ | |||
+ | |||
+ | |||
+ | set $winst_skin_color$ = | ||
+ | set $action_color$ | ||
+ | set $informList$ = " | ||
+ | |||
+ | Files_copy_images | ||
+ | |||
+ | Patches_action_ini | ||
+ | Patches_event_ini | ||
+ | Patches_popup_ini | ||
+ | Patches_shutdown_ini | ||
+ | Patches_userlogin_ini | ||
+ | Patches_winst_skin | ||
+ | |||
+ | ExitWindows /reboot | ||
+ | |||
+ | [Files_copy_images] | ||
+ | copy " | ||
+ | copy " | ||
+ | |||
+ | |||
+ | [Patches_action_ini] | ||
+ | Set [LabelStatus] | ||
+ | set [LabelMessage] | ||
+ | set [ButtonStop] | ||
+ | set [ButtonStart] | ||
+ | |||
+ | [Patches_event_ini] | ||
+ | set [LabelTitle] | ||
+ | set [LabelTitle] | ||
+ | set [LabelOpsiclientdInfo] | ||
+ | set [LabelActionProcessorInfo] | ||
+ | set [LabelStatus] | ||
+ | set [LabelDetail] | ||
+ | set [LabelConfigServiceUrl] | ||
+ | set [LabelClientId] | ||
+ | set [LabelConfigServiceUrl] | ||
+ | set [LabelClientId] | ||
+ | set [ButtonStop] | ||
+ | |||
+ | [Patches_popup_ini] | ||
+ | Set [LabelTitle] | ||
+ | set [LabelMessage] | ||
+ | set [ButtonExit] | ||
+ | |||
+ | [Patches_shutdown_ini] | ||
+ | Set [LabelStatus] | ||
+ | set [LabelMessage] | ||
+ | set [ButtonStop] | ||
+ | set [ButtonStart] | ||
+ | |||
+ | [Patches_userlogin_ini] | ||
+ | Set [LabelStatus] | ||
+ | set [LabelMessage] | ||
+ | |||
+ | [Patches_winst_skin] | ||
+ | set [Form] | ||
+ | set [LabelVersion] | ||
+ | set [LabelProduct] | ||
+ | set [LabelInfo] | ||
+ | set [LabelDetail] | ||
+ | set [LabelCommand] | ||
+ | set [LabelProgress] | ||
+ | set [ProgressBar] | ||
+ | set [ProgressBar] | ||
+ | set [ProgressBar] | ||
+ | set [ProgressBar] | ||
+ | </ | ||
+ | |||
+ | ==== OPSI-CLIENT-ITL.mm ==== | ||
+ | the central control file for MakeMSI | ||
+ | |||
+ | < | ||
+ | ; | ||
+ | ;--- Global Definitions | ||
+ | ; | ||
+ | #define VALID_MSIVAL2_DIR C: | ||
+ | ;--- Include MAKEMSI support (with my customisations and MSI branding) ------ | ||
+ | #define VER_FILENAME.VER | ||
+ | #include " | ||
+ | ;;;; Disabling Dialog?? | ||
+ | ;--- Prevent " | ||
+ | #define UISAMPLE_DISABLE_TYPICAL_SETUP N | ||
+ | #define REMOVED_LicenseAgreementDlg N | ||
+ | #define " | ||
+ | |||
+ | ;--- Remove the dialog ------------------------------------------------------ | ||
+ | < | ||
+ | < | ||
+ | ; | ||
+ | |||
+ | ;--- Want to debug (not common) --------------------------------------------- | ||
+ | ;#debug on | ||
+ | ;#Option DebugLevel=^NONE, | ||
+ | ;--- Define default location where file should install and add files -------- | ||
+ | |||
+ | ; | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | |||
+ | ; | ||
+ | ;--- what should the installation do? | ||
+ | ; | ||
+ | |||
+ | ;Example for Filecopy: | ||
+ | <$Files " | ||
+ | |||
+ | |||
+ | |||
+ | ; | ||
+ | ;--- Add a registry entry (let it create a component - GUID not fixed!) ----- | ||
+ | ; | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | |||
+ | ; | ||
+ | ;--- start a batch script | ||
+ | ; | ||
+ | #( | ||
+ | ;--- Run after install, ignore return code and don't wait for completion --- | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | > | ||
+ | #) | ||
+ | |||
+ | ;#( | ||
+ | ; ;--- Run after install, ignore return code and wait for completion --- | ||
+ | ; < | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | ; Condition="< | ||
+ | ; > | ||
+ | ; #) | ||
+ | |||
+ | #( | ||
+ | ;--- Run after install, ignore return code and wait for completion --- | ||
+ | ;--- for unversal msi package you must use the follow PARAMETER string INSTALL: | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | Condition="< | ||
+ | > | ||
+ | #) | ||
+ | </ | ||
+ | |||
+ | ==== version-opsi_prod-ITL.ver ==== | ||
+ | before you use this file, you must change Guid.UpgradeCode and MsiName | ||
+ | < | ||
+ | ; | ||
+ | ; | ||
+ | ; MODULE NAME: | ||
+ | ; | ||
+ | ; $Author: | ||
+ | ; $Revision: | ||
+ | ; $Date: | ||
+ | ; | ||
+ | ; DESCRIPTION: | ||
+ | ; | ||
+ | ; | ||
+ | ; ProductName = Installation opsi-Client ITL domain productive | ||
+ | ; DESCRIPTION = opsi Installation ITL | ||
+ | ; Licence | ||
+ | ; Installed | ||
+ | ; Guid.UpgradeCode = {EXXXXXXX-FXXC-XXXD-XXBC-XXXAXFXBXECE} | ||
+ | ; MsiName | ||
+ | ; | ||
+ | |||
+ | |||
+ | |||
+ | ;############################################################################ | ||
+ | VERSION : 2.0.0 | ||
+ | DATE : 05 Dec 2012 | ||
+ | CHANGES : First production release ITL | ||
+ | </ |