; Copyright (c) uib gmbh (www.uib.de) ; This sourcecode is owned by uib ; and published under the Terms of the General Public License. ; TEMPLATE for ; Skript fuer Installationen im Kontext eines temporaeren lokalen Administrators ; installations as temporary local admin ; see winst_manual.pdf / winst_handbuch.pdf ; !!! requires winst32.exe version 4.2.x !!! ; ; !!! Das lokale Installations-Skript, das durch den temporaeren lokalen Admin ausgefuehrt wird ; !!! (sein Name steht in $LocalSetupScript$), muss mit dem Befehl ; !!! exitWindows /Reboot ; !!! enden ; ; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ; Vorarbeiten/Voraussetzungen/Doku pruefen wie in Winsthandbuch ; 8.3 Skript fuer Installationen im Kontext eines lokalen Administrators ; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [Actions] requiredWinstVersion >= 4.11.3.3 setLogLevel=7 DefVar $ProductName$ DefVar $ProductSizeMB$ DefVar $LocalSetupScript$ DefVar $LockKeyboard$ DefVar $OpsiAdminPass$ DefVar $RebootFlag$ DefVar $WinstRegKey$ DefVar $AutoName$ DefVar $AutoPass$ DefVar $AutoDom$ DefVar $AutoLogon$ DefVar $AutoBackupKey$ DefVar $LocalFilesPath$ DefVar $LocalWinst$ DefVar $DefaultLoglevel$ DefVar $PasswdLogLevel$ DefVar $AdminGroup$ DefVar $SearchResult$ DefVar $LocalDomain$ DefVar $debug$ DefVar $isFatal$ ; ---------------------------------------------------------------- ; - Please edit the following values ; ---------------------------------------------------------------- Set $ProductName$ = "opsi-template-with-admin" Set $ProductSizeMB$ = "1" Set $LocalSetupScript$ = "setup32.ins" ; ---------------------------------------------------------------- comment "get and set initial values..." set $debug$ = GetProductProperty("debug","false") set $isFatal$ = "false" set $DefaultLoglevel$ = "7" SetLogLevel=$DefaultLoglevel$ Set $LocalDomain$ = "%PCNAME%" comment "check if we productive or debugging..." if $debug$ = "true" comment "we are in debug mode" Set $LockKeyboard$="false" Set $PasswdLogLevel$="7" else comment "we are in productive mode" comment "set $LockKeyboard$ to true to prevent user hacks while admin is logged in" Set $LockKeyboard$="true" comment " set $PasswdLogLevel$ to 0 for production" Set $PasswdLogLevel$="0" endif comment "handle Rebootflag" Set $WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst" Set $RebootFlag$ = GetRegistryStringValue32("["+$WinstRegKey$+"] "+"RebootFlag") comment "some paths required" Set $AutoBackupKey$ = $WinstRegKey$+"\AutoLogonBackup" Set $LocalFilesPath$ = "C:\opsi.org\tmp\opsi_local_inst" Set $LocalWinst$ = "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsi-winst\winst32.exe" if not( FileExists($LocalWinst$) ) LogError "No opsi-winst found. Abborting." isFatalError endif comment "show product picture" ShowBitmap "%scriptpath%\localsetup\"+$ProductName$+".png" $ProductName$ if not (($RebootFlag$ = "1") or ($RebootFlag$ = "2") or ($RebootFlag$ = "3")) comment "Part before first Reboot" comment "just reboot - this must be done if this is the first product after OS installation" comment "handle Rebootflag" Set $RebootFlag$ = "1" Registry_SaveRebootFlag /32bit ;ExitWindows /ImmediateReboot endif ; Rebootflag = not (1 or 2 or 3) if $RebootFlag$ = "1" comment "Part before second Reboot" setActionProgress "Preparing" if not(HasMinimumSpace ("%SYSTEMDRIVE%", ""+$ProductSizeMB$+" MB")) LogError "Not enough space on drive C: . "+$ProductSizeMB$+" MB on C: required for "+$ProductName$ isFatalError endif comment "Lets work..." Message "Preparing "+$ProductName$+" install step 1..." sub_Prepare_AutoLogon comment "we need to reboot now to be sure that the autologon work" comment "handle Rebootflag" Set $RebootFlag$ = "2" Registry_SaveRebootFlag /32bit ExitWindows /ImmediateReboot endif ; Rebootflag = not (1 or 2) if ($RebootFlag$ = "2") comment "Part after first Reboot" comment "handle Rebootflag" Set $RebootFlag$ = "3" Registry_SaveRebootFlag /32bit comment "Lets work..." Message "Preparing "+$ProductName$+" install step 2..." Registry_enable_keyboard /sysnative comment "now let the autologon work" comment "it will stop with a reboot" setActionProgress "Run Installation" ExitWindows /ImmediateLogout endif ; Rebootflag = 2 if ($RebootFlag$ = "3") comment "Part after second Reboot" ExitWindows /Reboot setActionProgress "Cleanup" comment "handle Rebootflag" Set $RebootFlag$ = "0" Registry_SaveRebootFlag /32bit comment "Lets work..." Message "Cleanup "+$ProductName$+" install (step 3)..." sub_Restore_AutoLogon set $SearchResult$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] opsi_autologon_setup") if $SearchResult$ = $LocalWinst$+" "+$LocalFilesPath$+"\"+$LocalSetupScript$+" /batch /productid %installingProdName%" LogError "Localscript did not run. We remove the RunOnce entry and abort" Registry_del_runonce /sysnative set $isFatal$ = "true" endif if "true" = getRegistryStringValue32("[HKLM\Software\opsi.org\winst] with-admin-fatal") LogError "set to fatal because the local script stored this result" set $isFatal$ = "true" endif comment "cleanup the registry key which stores a fatal result of the local script" Registry_clean_fatal_flag /32bit if $isFatal$ = "true" isFatalError endif comment "This is the clean end of the installation" endif ; Rebootflag = 3 [sub_Prepare_AutoLogon] comment "copy the setup script and files" Files_copy_Setup_files_local comment "read actual Autologon values for backup" set $AutoName$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultUserName") comment "if AutoLogonName is our setup admin user, something bad happend" comment "then let us cleanup" if ($AutoName$="opsiSetupAdmin") set $AutoName$="" set $AutoPass$="" set $AutoDom$="" set $AutoLogon$="0" else set $AutoPass$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultPassword") set $AutoDom$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] DefaultDomainName") set $AutoLogon$ = GetRegistryStringValueSysnative("[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] AutoAdminLogon") endif comment "backup AutoLogon values" Registry_save_autologon /32bit comment "prepare the admin AutoLogon" SetLogLevel=$PasswdLogLevel$ set $OpsiAdminPass$= randomstr Registry_autologon /sysnative comment "get the name of the admin group" set $AdminGroup$ = SidToName("S-1-5-32-544") comment "create our setup admin user" DosInAnIcon_makeadmin SetLogLevel=$DefaultLoglevel$ comment "store our setup script as run once" Registry_runOnce /sysnative comment "disable keyboard and mouse while the autologin admin works" if ($LockKeyboard$="true") Registry_disable_keyboard /Sysnative endif comment "cleanup the registry key which stores a fatal result of the local script" Registry_clean_fatal_flag /32bit [sub_Restore_AutoLogon] comment "read AutoLogon values from backup" set $AutoName$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultUserName") set $AutoPass$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultPassword") set $AutoDom$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultDomainName") set $AutoLogon$ = GetRegistryStringValue("["+$AutoBackupKey$+"] AutoAdminLogon") comment "restore the values" SetLogLevel = $PasswdLogLevel$ Registry_restore_autologon /Sysnative SetLogLevel = $DefaultLoglevel$ comment "delete our setup admin user" DosInAnIcon_deleteadmin comment "cleanup setup script, files and profiledir" Files_delete_Setup_files_local comment "delete profiledir" DosInAnIcon_deleteprofile [Registry_save_autologon] openkey [$AutoBackupKey$] set "DefaultUserName"="$AutoName$" set "DefaultPassword"="$AutoPass$" set "DefaultDomainName"="$AutoDom$" set "AutoAdminLogon"="$AutoLogon$" [Registry_restore_autologon] openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] set "DefaultUserName"="$AutoName$" set "DefaultPassword"="$AutoPass$" set "DefaultDomainName"="$AutoDom$" set "AutoAdminLogon"="$AutoLogon$" [DosInAnIcon_deleteadmin] NET USER opsiSetupAdmin /DELETE [Registry_SaveRebootFlag] openKey [$WinstRegKey$] set "RebootFlag" = "$RebootFlag$" [Files_copy_Setup_files_local] copy -s %ScriptPath%\localsetup\*.* $LocalFilesPath$ [Files_delete_Setup_files_local] del -sf $LocalFilesPath$\ ; folgender Befehl funktioniert nicht vollständig, deshalb ist er zur Zeit auskommentier ; der Befehl wird durch die Sektion "DosInAnIcon_deleteprofile" ersetzt (P.Ohler) ;delete -sf "%ProfileDir%\opsiSetupAdmin" [DosInAnIcon_deleteprofile] rmdir /S /Q "%ProfileDir%\opsiSetupAdmin" [DosInAnIcon_makeadmin] NET USER opsiSetupAdmin $OpsiAdminPass$ /ADD NET LOCALGROUP $AdminGroup$ /ADD opsiSetupAdmin [Registry_autologon] openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] set "DefaultUserName"="opsiSetupAdmin" set "DefaultPassword"="$OpsiAdminPass$" set "DefaultDomainName"="$LocalDomain$" set "AutoAdminLogon"="1" [Registry_runonce] openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] set "opsi_autologon_setup"='"$LocalWinst$" "$LocalFilesPath$\$LocalSetupScript$" /batch /productid %installingProdName%' [Registry_del_runonce] openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] DeleteVar "opsi_autologon_setup" [Registry_disable_keyboard] openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass] set "Start"=REG_DWORD:0x4 openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass] set "Start"=REG_DWORD:0x4 [Registry_enable_keyboard] openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass] set "Start"=REG_DWORD:0x1 openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass] set "Start"=REG_DWORD:0x1 [Registry_clean_fatal_flag] openkey [$WinstRegKey$] DeleteVar "with-admin-fatal"