This shows you the differences between two versions of the page.
userspace:opsi_without_permanent_loginblocker [2013/03/14 17:00] tobias [Ein erster Versuch] |
userspace:opsi_without_permanent_loginblocker [2021/08/23 08:37] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== OPSI ohne LoginBlocker ====== | ||
- | Dies soll ein Konzept für OPSI ohne dauerhaft installierten LoginBlocker darstellen. | ||
- | Dadurch werden Benutzer niemals grundlos an der Anmeldung am Betriebssystem gehindert. Der LoginBlocker wird dabei bedarfsweise im System registriert und blockt somit nur bei anstehenden Softwareinstallationen. | ||
- | |||
- | Funktionsprinzip: | ||
- | - **PREinstallation: | ||
- | - **SETUP:** Nun startet noch vor der Anmeldung die eigentliche Installation. | ||
- | - **POSTinstallation: | ||
- | |||
- | Da PRE- und POSTinstallation als normales OPSI-Paket realisiert werden muss hier mit Prioritäten gearbeitet werden. Das PREinstallation Paket hat eine hohe Priorität und wird vor allen anderen ausgeführt. Das POSTinstallation Paket hat die niedrigste Priorität und wird als letztes ausgeführt. Dadurch ist sichergestellt, | ||
- | |||
- | Eine Installation enthält also immer mindestens einen Neustart. | ||
- | |||
- | Software bei denen bekannt ist, dass eine Installation mit angemeldetem Benutzer nicht funktioniert da es zu Konflikten kommen kann bekommen das PRE- und das POSTinstallationspaket als Abhängigkeit eingetragen. | ||
- | |||
- | Interessant wird dies System vor allem mit dem VPN/WAN Plugin bei dem das so lästiges abwarten der TimeOuts beim Systemstart entfällt. | ||
- | |||
- | |||
- | ====== Ein erster Versuch ====== | ||
- | Ich habe aus den bestehenden Skripten von UIB einige Codezeilen übernommen. Unter anderem die Zeilen aus der Installation des opsi-client-agents bei dem der LoginBlocker installiert wird. | ||
- | Dazu wird aus diesem außerdem Paket der Ordner OpsiLoginBlocker benötigt. Dieser muss dem PREinstallation Paket hinzugefügt werden. | ||
- | |||
- | ===== PREinstallation ===== | ||
- | |||
- | |||
- | ==== control ==== | ||
- | <code winst> | ||
- | [Package] | ||
- | version: 1 | ||
- | depends: | ||
- | incremental: | ||
- | |||
- | [Product] | ||
- | type: localboot | ||
- | id: preinstallation | ||
- | name: PREinstallation | ||
- | description: | ||
- | advice: Passt die Hostparameter an | ||
- | version: 3 | ||
- | priority: 93 | ||
- | licenseRequired: | ||
- | productClasses: | ||
- | setupScript: | ||
- | uninstallScript: | ||
- | updateScript: | ||
- | alwaysScript: | ||
- | onceScript: | ||
- | customScript: | ||
- | userLoginScript: | ||
- | |||
- | [ProductProperty] | ||
- | type: unicode | ||
- | name: install_loginblocker | ||
- | multivalue: False | ||
- | editable: False | ||
- | description: | ||
- | values: [" | ||
- | default: [" | ||
- | |||
- | [Changelog] | ||
- | |||
- | </ | ||
- | |||
- | ==== PREinstallation.ins ==== | ||
- | <code winst> | ||
- | |||
- | ; This script is based on Code from UIB GmbH with some modifications from Tobias Friede | ||
- | ; This script comes with ABSOLUTELY NO WARRANTY | ||
- | ; Die Benutzung erfolgt auf eigene Verantwortung. | ||
- | |||
- | |||
- | [Actions] | ||
- | requiredWinstVersion >= " | ||
- | DefVar $ProductId$ | ||
- | DefStringList $configStates$ | ||
- | DefVar $install_loginblocker$ | ||
- | |||
- | set $install_loginblocker$ | ||
- | |||
- | ; --------------------------------------- | ||
- | Set $ProductId$ | ||
- | ; --------------------------------------- | ||
- | |||
- | ShowBitmap " | ||
- | |||
- | if $install_loginblocker$ = " | ||
- | |||
- | sub_install_loginblocker | ||
- | ; | ||
- | else | ||
- | message "Run installation without LoginBlocker" | ||
- | endif | ||
- | |||
- | ; --------------------------------------- | ||
- | ; Enable gui_startup | ||
- | ; --------------------------------------- | ||
- | |||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | |||
- | |||
- | markErrorNumber | ||
- | OpsiServiceHashList_configState_updateObjects | ||
- | if errorsOccuredSinceMark > 0 | ||
- | isFatalError | ||
- | endif | ||
- | |||
- | [OpsiServiceHashList_configState_updateObjects] | ||
- | " | ||
- | " | ||
- | " | ||
- | ] | ||
- | | ||
- | | ||
- | ExitWindows /Reboot | ||
- | |||
- | |||
- | |||
- | |||
- | | ||
- | [sub_install_loginblocker] | ||
- | DefVar $INST_NTVersion$ | ||
- | DefVar $INST_SystemType$ | ||
- | |||
- | Set $INST_SystemType$ = GetSystemType | ||
- | set $INST_NTVersion$ = GetMsVersionInfo | ||
- | |||
- | |||
- | comment " | ||
- | if $INST_NTVersion$ >= " | ||
- | if ($INST_SystemType$ = "64 Bit System" | ||
- | Files_copy_vista_loginblocker_64 /Sysnative | ||
- | else | ||
- | Files_copy_vista_loginblocker_32 | ||
- | endif | ||
- | endif | ||
- | |||
- | |||
- | ; Registriere LogInBlocker | ||
- | if ($INST_NTVersion$ >= " | ||
- | Registry_vista_loginblocker /Sysnative | ||
- | else | ||
- | message " | ||
- | endif | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
- | [Files_copy_vista_loginblocker_64] | ||
- | copy -Vc " | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | [Files_copy_vista_loginblocker_32] | ||
- | copy -Vc " | ||
- | |||
- | |||
- | |||
- | |||
- | [Registry_vista_loginblocker] | ||
- | |||
- | ;openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | ;set "" | ||
- | |||
- | openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | set "" | ||
- | |||
- | openkey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}\InprocServer32] | ||
- | set "" | ||
- | set " | ||
- | |||
- | openkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | set "" | ||
- | set " | ||
- | set " | ||
- | set " | ||
- | |||
- | </ | ||
- | |||
- | |||
- | ===== POSTinstallation ===== | ||
- | |||
- | |||
- | ==== control ==== | ||
- | <code winst> | ||
- | [Package] | ||
- | version: 1 | ||
- | depends: | ||
- | incremental: | ||
- | |||
- | [Product] | ||
- | type: localboot | ||
- | id: postinstallation | ||
- | name: POSTinstallation | ||
- | description: | ||
- | advice: | ||
- | version: 2.0 | ||
- | priority: -91 | ||
- | licenseRequired: | ||
- | productClasses: | ||
- | setupScript: | ||
- | uninstallScript: | ||
- | updateScript: | ||
- | alwaysScript: | ||
- | onceScript: | ||
- | customScript: | ||
- | userLoginScript: | ||
- | |||
- | [Changelog] | ||
- | |||
- | |||
- | </ | ||
- | |||
- | ==== POSTinstallation.ins==== | ||
- | <code winst> | ||
- | ; This script is based on Code from UIB GmbH with some modifications from Tobias Friede | ||
- | ; This script comes with ABSOLUTELY NO WARRANTY | ||
- | ; Die Benutzung erfolgt auf eigene Verantwortung. | ||
- | |||
- | [Actions] | ||
- | requiredWinstVersion >= " | ||
- | DefVar $ProductId$ | ||
- | DefStringList $configStates$ | ||
- | |||
- | ; ---------------------------------------------------------------- | ||
- | Set $ProductId$ | ||
- | ; ---------------------------------------------------------------- | ||
- | |||
- | ShowBitmap " | ||
- | Registry_vista_del_loginblocker /Sysnative | ||
- | |||
- | |||
- | |||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | set $configStates$ = addtolist($configStates$, | ||
- | |||
- | |||
- | markErrorNumber | ||
- | OpsiServiceHashList_configState_updateObjects | ||
- | if errorsOccuredSinceMark > 0 | ||
- | isFatalError | ||
- | endif | ||
- | |||
- | [OpsiServiceHashList_configState_updateObjects] | ||
- | " | ||
- | " | ||
- | " | ||
- | ] | ||
- | | ||
- | |||
- | |||
- | [Registry_vista_del_loginblocker] | ||
- | deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | deletekey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | deletekey [HKEY_CLASSES_ROOT\CLSID\{d2028e19-82fe-44c6-ad64-51497c97a02a}] | ||
- | |||
- | </ |