
300 lines
10 KiB
Raw Permalink Normal View History

2013-03-07 22:43:46 +01:00
; Copyright (c) uib gmbh (www.uib.de)
; This sourcecode is owned by uib
; and published under the Terms of the General Public License.
; Skript fuer Installationen im Kontext eines temporaeren lokalen Administrators
; installations as temporary local admin
; see winst_manual.pdf / winst_handbuch.pdf
; !!! requires winst32.exe version 4.2.x !!!
; !!! Das lokale Installations-Skript, das durch den temporaeren lokalen Admin ausgefuehrt wird
; !!! (sein Name steht in $LocalSetupScript$), muss mit dem Befehl
; !!! exitWindows /Reboot
; !!! enden
; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
; Vorarbeiten/Voraussetzungen/Doku pruefen wie in Winsthandbuch
; 8.3 Skript fuer Installationen im Kontext eines lokalen Administrators
; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
requiredWinstVersion >=
DefVar $ProductName$
DefVar $ProductSizeMB$
DefVar $LocalSetupScript$
DefVar $LockKeyboard$
DefVar $OpsiAdminPass$
DefVar $RebootFlag$
DefVar $WinstRegKey$
DefVar $AutoName$
DefVar $AutoPass$
DefVar $AutoDom$
DefVar $AutoLogon$
DefVar $AutoBackupKey$
DefVar $LocalFilesPath$
DefVar $LocalWinst$
DefVar $DefaultLoglevel$
DefVar $PasswdLogLevel$
DefVar $AdminGroup$
DefVar $SearchResult$
DefVar $LocalDomain$
DefVar $debug$
DefVar $isFatal$
; ----------------------------------------------------------------
; - Please edit the following values
; ----------------------------------------------------------------
Set $ProductName$ = "opsi-template-with-admin"
Set $ProductSizeMB$ = "1"
Set $LocalSetupScript$ = "setup32.ins"
; ----------------------------------------------------------------
comment "get and set initial values..."
set $debug$ = GetProductProperty("debug","false")
set $isFatal$ = "false"
set $DefaultLoglevel$ = "7"
Set $LocalDomain$ = "%PCNAME%"
comment "check if we productive or debugging..."
if $debug$ = "true"
comment "we are in debug mode"
Set $LockKeyboard$="false"
Set $PasswdLogLevel$="7"
comment "we are in productive mode"
comment "set $LockKeyboard$ to true to prevent user hacks while admin is logged in"
Set $LockKeyboard$="true"
comment " set $PasswdLogLevel$ to 0 for production"
Set $PasswdLogLevel$="0"
comment "handle Rebootflag"
Set $WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst"
Set $RebootFlag$ = GetRegistryStringValue32("["+$WinstRegKey$+"] "+"RebootFlag")
comment "some paths required"
Set $AutoBackupKey$ = $WinstRegKey$+"\AutoLogonBackup"
Set $LocalFilesPath$ = "C:\opsi.org\tmp\opsi_local_inst"
Set $LocalWinst$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsi-winst\winst32.exe"
if not( FileExists($LocalWinst$) )
LogError "No opsi-winst found. Abborting."
comment "show product picture"
ShowBitmap "%scriptpath%\localsetup\"+$ProductName$+".png" $ProductName$
if not (($RebootFlag$ = "1") or ($RebootFlag$ = "2") or ($RebootFlag$ = "3"))
comment "Part before first Reboot"
comment "just reboot - this must be done if this is the first product after OS installation"
comment "handle Rebootflag"
Set $RebootFlag$ = "1"
Registry_SaveRebootFlag /32bit
;ExitWindows /ImmediateReboot
endif ; Rebootflag = not (1 or 2 or 3)
if $RebootFlag$ = "1"
comment "Part before second Reboot"
setActionProgress "Preparing"
if not(HasMinimumSpace ("%SYSTEMDRIVE%", ""+$ProductSizeMB$+" MB"))
LogError "Not enough space on drive C: . "+$ProductSizeMB$+" MB on C: required for "+$ProductName$
comment "Lets work..."
Message "Preparing "+$ProductName$+" install step 1..."
comment "we need to reboot now to be sure that the autologon work"
comment "handle Rebootflag"
Set $RebootFlag$ = "2"
Registry_SaveRebootFlag /32bit
ExitWindows /ImmediateReboot
endif ; Rebootflag = not (1 or 2)
if ($RebootFlag$ = "2")
comment "Part after first Reboot"
comment "handle Rebootflag"
Set $RebootFlag$ = "3"
Registry_SaveRebootFlag /32bit
comment "Lets work..."
Message "Preparing "+$ProductName$+" install step 2..."
Registry_enable_keyboard /sysnative
comment "now let the autologon work"
comment "it will stop with a reboot"
setActionProgress "Run Installation"
ExitWindows /ImmediateLogout
endif ; Rebootflag = 2
if ($RebootFlag$ = "3")
comment "Part after second Reboot"
ExitWindows /Reboot
setActionProgress "Cleanup"
comment "handle Rebootflag"
Set $RebootFlag$ = "0"
Registry_SaveRebootFlag /32bit
comment "Lets work..."
Message "Cleanup "+$ProductName$+" install (step 3)..."
set $SearchResult$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] opsi_autologon_setup")
if $SearchResult$ = $LocalWinst$+" "+$LocalFilesPath$+"\"+$LocalSetupScript$+" /batch /productid %installingProdName%"
LogError "Localscript did not run. We remove the RunOnce entry and abort"
Registry_del_runonce /sysnative
set $isFatal$ = "true"
if "true" = getRegistryStringValue32("[HKLM\Software\opsi.org\winst] with-admin-fatal")
LogError "set to fatal because the local script stored this result"
set $isFatal$ = "true"
comment "cleanup the registry key which stores a fatal result of the local script"
Registry_clean_fatal_flag /32bit
if $isFatal$ = "true"
comment "This is the clean end of the installation"
endif ; Rebootflag = 3
comment "copy the setup script and files"
comment "read actual Autologon values for backup"
set $AutoName$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultUserName")
comment "if AutoLogonName is our setup admin user, something bad happend"
comment "then let us cleanup"
if ($AutoName$="opsiSetupAdmin")
set $AutoName$=""
set $AutoPass$=""
set $AutoDom$=""
set $AutoLogon$="0"
set $AutoPass$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultPassword")
set $AutoDom$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultDomainName")
set $AutoLogon$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] AutoAdminLogon")
comment "backup AutoLogon values"
Registry_save_autologon /32bit
comment "prepare the admin AutoLogon"
set $OpsiAdminPass$= randomstr
Registry_autologon /sysnative
comment "get the name of the admin group"
set $AdminGroup$ = SidToName("S-1-5-32-544")
comment "create our setup admin user"
comment "store our setup script as run once"
Registry_runOnce /sysnative
comment "disable keyboard and mouse while the autologin admin works"
if ($LockKeyboard$="true")
Registry_disable_keyboard /Sysnative
comment "cleanup the registry key which stores a fatal result of the local script"
Registry_clean_fatal_flag /32bit
comment "read AutoLogon values from backup"
set $AutoName$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultUserName")
set $AutoPass$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultPassword")
set $AutoDom$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultDomainName")
set $AutoLogon$ = GetRegistryStringValue("["+$AutoBackupKey$+"] AutoAdminLogon")
comment "restore the values"
SetLogLevel = $PasswdLogLevel$
Registry_restore_autologon /Sysnative
SetLogLevel = $DefaultLoglevel$
comment "delete our setup admin user"
comment "cleanup setup script, files and profiledir"
comment "delete profiledir"
openkey [$AutoBackupKey$]
set "DefaultUserName"="$AutoName$"
set "DefaultPassword"="$AutoPass$"
set "DefaultDomainName"="$AutoDom$"
set "AutoAdminLogon"="$AutoLogon$"
openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "DefaultUserName"="$AutoName$"
set "DefaultPassword"="$AutoPass$"
set "DefaultDomainName"="$AutoDom$"
set "AutoAdminLogon"="$AutoLogon$"
NET USER opsiSetupAdmin /DELETE
openKey [$WinstRegKey$]
set "RebootFlag" = "$RebootFlag$"
copy -s %ScriptPath%\localsetup\*.* $LocalFilesPath$
del -sf $LocalFilesPath$\
; folgender Befehl funktioniert nicht vollst<73>ndig, deshalb ist er zur Zeit auskommentier
; der Befehl wird durch die Sektion "DosInAnIcon_deleteprofile" ersetzt (P.Ohler)
;delete -sf "%ProfileDir%\opsiSetupAdmin"
rmdir /S /Q "%ProfileDir%\opsiSetupAdmin"
NET USER opsiSetupAdmin $OpsiAdminPass$ /ADD
NET LOCALGROUP $AdminGroup$ /ADD opsiSetupAdmin
openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "DefaultUserName"="opsiSetupAdmin"
set "DefaultPassword"="$OpsiAdminPass$"
set "DefaultDomainName"="$LocalDomain$"
set "AutoAdminLogon"="1"
openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
set "opsi_autologon_setup"='"$LocalWinst$" "$LocalFilesPath$\$LocalSetupScript$" /batch /productid %installingProdName%'
openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
DeleteVar "opsi_autologon_setup"
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]
set "Start"=REG_DWORD:0x4
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]
set "Start"=REG_DWORD:0x4
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]
set "Start"=REG_DWORD:0x1
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]
set "Start"=REG_DWORD:0x1
openkey [$WinstRegKey$]
DeleteVar "with-admin-fatal"