Skip to content

opsi.orgheader image

opsi.org
 
Views
Actions
WinstScripts >>

omnipage

Document Actions
last edited 3 months ago by sehlers
Qualified for opsi 3.4

*********************************************************************
omnipage.ins

*********************************************************************
; Copyright (c) uib gmbh (www.uib.de)
; This sourcecode is owned by uib
; and published under the Terms of the General Public License.

; TEMPLATE for
; Skript fuer Installationen im Kontext eines temporaeren lokalen Administrators
; installations as temporary local admin
; see winst_manual.pdf / winst_handbuch.pdf

; !!! requires winst32.exe version 4.2.x !!!

;
; !!! Das lokale Installations-Skript, das durch den temporaeren lokalen Admin ausgefuehrt wird
; !!! (sein Name steht in $LocalSetupScript$), muss mit dem Befehl  
; !!! exitWindows /Reboot
; !!! enden
; 

; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
; Vorarbeiten/Voraussetzungen/Doku pruefen wie in Winsthandbuch
; 8.3 Skript fuer Installationen im Kontext eines lokalen Administrators
; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[Initial]
LogLevel=2
ExitOnError=false
ScriptErrorMessages=on
TraceMode=off

[Aktionen]
DefVar $ProductName$
DefVar $ProductSizeMB$
DefVar $LocalSetupScript$
DefVar $LockKeyboard$
DefVar $OpsiAdminPass$
DefVar $OS$
DefVar $MinorOS$
DefVar $MsVersion$
DefVar $RebootFlag$
DefVar $ShutdownRequested$
DefVar $WinstRegKey$
DefVar $RebootRegVar$
DefVar $AutoName$
DefVar $AutoPass$
DefVar $AutoDom$
DefVar $AutoLogon$
DefVar $AutoBackupKey$
DefVar $LocalFilesPath$
DefVar $LocalWinst$
DefVar $SystemType$
DefVar $SearchKey$
DefVar $SearchValue$
DefVar $SearchResult$
DefVar $platform_cmdexe$
DefVar $DefaultLoglevel$
DefVar $PasswdLogLevel$
DefVar $AdminGroup$

DefStringlist $ResultList$
DefStringlist $ResultList2$
DefStringlist $ResultList3$

comment "set $LockKeyboard$ to true to prevent user hacks while admin is logged in"
;Set $LockKeyboard$="true"
Set $LockKeyboard$="false"
Set $ProductName$ = "omnipage"
Set $ProductSizeMB$ = "200"

Set $LocalSetupScript$ = "local_"+$ProductName$+".ins"
set $OS$ = GetOS
set $MinorOS$ = GetNTVersion
Set $SystemType$ = GetSystemType
Set $MsVersion$ = GetMsVersionInfo
set $DefaultLoglevel$ = "4"
comment " set $PasswdLogLevel$ to -2 for production"
Set $PasswdLogLevel$="4"
LogLevel=$DefaultLoglevel$

if not (fileExists ("%Scriptpath%\psgetsid.exe"))
	LogError "psgetsid.exe is missing. Please install it from http://download.sysinternals.com/Files/PsTools.zip to %Scriptpath%"
	isFatalError
endif

if not(($SystemType$ = "64 Bit System") or ($SystemType$ = "x86 System"))
	LogError "Unknown Systemtype: "+$SystemType$+" - aborting"
	isFatalError
endif

if $SystemType$ = "64 Bit System"
	set $platform_cmdexe$ = "%SystemRoot%\cmd64.exe"
else
	set $platform_cmdexe$ = "%System%\cmd.exe"
endif

comment "handle Rebootflag"
Set $WinstRegKey$ = "HKLM\SOFTWARE\opsi.org\winst"
Set $RebootFlag$ = GetRegistryStringValue("["+$WinstRegKey$+"] "+"RebootFlag")
Set $ShutdownRequested$ = GetRegistryStringValue("["+$WinstRegKey$+"] "+"ShutdownRequested")

;sub_test_autologon_data

comment "some paths required"
Set $AutoBackupKey$ = $WinstRegKey$+"\AutoLogonBackup"
Set $LocalFilesPath$ = "C:\opsi_local_inst"
Set $LocalWinst$ = "c:\opsi\utils\winst32.exe"
if not( FileExists($LocalWinst$) )
	Set $LocalWinst$ = "%ProgramFilesDir%\opsi.org\preloginloader\utils\winst32.exe"
endif
if not( FileExists($LocalWinst$) )
	Set $LocalWinst$ = "%ProgramFilesDir%\opsi.org\preloginloader\opsi-winst\winst32.exe"
endif
if not( FileExists($LocalWinst$) )
	LogError "No opsi-winst found. Abborting."
	isFatalError
endif

comment "show product picture"
ShowBitmap /3 "%scriptpath%\localsetup\"+$ProductName$+".bmp" $ProductName$

if not (($RebootFlag$ = "1") or ($RebootFlag$ = "2") or ($RebootFlag$ = "3"))
	comment "Part before first Reboot"
	comment "just reboot - experimental"
	comment "handle Rebootflag"
	Set $RebootFlag$ = "1"
	Registry_SaveRebootFlag
	ExitWindows /ImmediateReboot
endif ; Rebootflag = not (1 or 2 or 3)

if $RebootFlag$ = "1"
	comment "Part before second Reboot"

	if not(HasMinimumSpace ("%SYSTEMDRIVE%", ""+$ProductSizeMB$+" MB"))
		LogError "Not enough space on drive C: . "+$ProductSizeMB$+" MB on C: required for "+$ProductName$
		isFatalError
	endif
	
	comment "Lets work..."
	Message "Preparing "+$ProductName$+" install step 1..."
	sub_Prepare_AutoLogon

	comment "we need to reboot now to be sure that the autologon work"
	comment "handle Rebootflag"
	Set $RebootFlag$ = "2"
	Registry_SaveRebootFlag
	sub_test_autologon_data
	ExitWindows /ImmediateReboot
endif ; Rebootflag = not (1 or 2)

if ($RebootFlag$ = "2")
	comment "Part after first Reboot"
	
	comment "handle Rebootflag"
	Set $RebootFlag$ = "3"
	Registry_SaveRebootFlag
	
	comment "Lets work..."
	Message "Preparing "+$ProductName$+" install step 2..."
	if $SystemType$ = "64 Bit System"
		execWith_cmd64_reg_enable_keyboard "%SystemRoot%\cmd64.exe" /C
	else
		Registry_enable_keyboard
	endif
	comment "now let the autologon work"
	comment "it will stop with a reboot"
	ExitWindows /ImmediateLogout
endif ; Rebootflag = 2

if ($RebootFlag$ = "3")
	comment "Part after second Reboot"
	
	comment "handle Rebootflag"
	Set $RebootFlag$ = "0"
	Registry_SaveRebootFlag
	
	comment "Lets work..."
	Message "Cleanup "+$ProductName$+" install (step 3)..."
	sub_Restore_AutoLogon
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
	Set $SearchValue$ = "opsi_autologon_setup"
	sub_retrieve_registry_data
	if $SearchResult$ = $LocalWinst$+" "+$LocalFilesPath$+"\"+$LocalSetupScript$+" /batch"
		LogError "Localscript did not run. We remove the RunOnce entry and abort"
		if $SystemType$ = "64 Bit System"
			execWith_cmd64_reg_del_runonce "%SystemRoot%\cmd64.exe" /C
		else
			Registry_del_runonce
		endif
		isFatalError
	endif
	comment "This is the clean end of the installation"
endif ; Rebootflag = 3
ExitWindows /Reboot


[sub_Prepare_AutoLogon]
comment "copy the setup script and files"
Files_copy_Setup_files_local
comment "read actual Autologon values for backup"
Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set $SearchValue$ = "DefaultUserName"
sub_retrieve_registry_data
set $AutoName$ = $SearchResult$
comment "if AutoLogonName is our setup admin user, something bad happend"
comment "then let us cleanup"
if ($AutoName$="opsiSetupAdmin")
	set $AutoName$=""
	set $AutoPass$=""
	set $AutoDom$=""
	set $AutoLogon$="0"
else
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "DefaultPassword"
	sub_retrieve_registry_data
	set $AutoPass$ = $SearchResult$
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "DefaultDomainName"
	sub_retrieve_registry_data
	set $AutoDom$ = $SearchResult$
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "AutoAdminLogon"
	sub_retrieve_registry_data
	set $AutoLogon$ = $SearchResult$
endif

comment "backup AutoLogon values"
Registry_save_autologon

comment "prepare the admin AutoLogon"
LogLevel=$PasswdLogLevel$
set $OpsiAdminPass$= randomstr
if $SystemType$ = "64 Bit System"
	execWith_cmd64_reg_autologon "%SystemRoot%\cmd64.exe" /C
else
	Registry_autologon
endif

comment "get the name of the admin group"
comment "using psgetsid from sysinernals pstools"
set $ResultList$ = getOutStreamFromSection("DosInAnIcon_get_admin_group")
set $AdminGroup$ = takeString(6,$ResultList$)
set $AdminGroup$ = takeString(1,splitstring($AdminGroup$,"\"))
comment "create our setup admin user"
DosInAnIcon_makeadmin
LogLevel=$DefaultLoglevel$

comment "remove c:\tmp\winst.bat with password"
Files_remove_winst_bat

comment "store our setup script as run once"
if $SystemType$ = "64 Bit System"
	execWith_cmd64_reg_runOnce "%SystemRoot%\cmd64.exe" /C
else
	Registry_runOnce
endif

comment "disable keyboard and mouse while the autologin admin works"
if ($LockKeyboard$="true")
	if $SystemType$ = "64 Bit System"
		execWith_cmd64_reg_disable_keyboard "%SystemRoot%\cmd64.exe" /C
	else
		Registry_disable_keyboard
	endif
endif

[sub_test_autologon_data]
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "DefaultPassword"
	sub_retrieve_registry_data
	set $AutoPass$ = $SearchResult$
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "DefaultDomainName"
	sub_retrieve_registry_data
	set $AutoDom$ = $SearchResult$
	Set $SearchKey$ = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
	Set $SearchValue$ = "AutoAdminLogon"
	sub_retrieve_registry_data
	set $AutoLogon$ = $SearchResult$

[sub_Restore_AutoLogon]
comment "read AutoLogon values from backup"
set $AutoName$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultUserName")
set $AutoPass$ = GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultPassword")
set $AutoDom$= GetRegistryStringValue("["+$AutoBackupKey$+"] DefaultDomainName")
set $AutoLogon$= GetRegistryStringValue("["+$AutoBackupKey$+"] AutoAdminLogon")

comment "restore the values"
LogLevel=$PasswdLogLevel$
if $SystemType$ = "64 Bit System"
	execWith_cmd64_reg_restore_autologon "%SystemRoot%\cmd64.exe" /C
else
	Registry_restore_autologon
endif
LogLevel=$DefaultLoglevel$
comment "delete our setup admin user"
DosInAnIcon_deleteadmin
comment "cleanup setup script, files and profiledir"
Files_delete_Setup_files_local
comment "delete profiledir"
DosInAnIcon_deleteprofile

[Registry_save_autologon]
openkey [$AutoBackupKey$]
set "DefaultUserName"="$AutoName$"
set "DefaultPassword"="$AutoPass$"
set "DefaultDomainName"="$AutoDom$"
set "AutoAdminLogon"="$AutoLogon$"

[Registry_restore_autologon]
openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "DefaultUserName"="$AutoName$"
set "DefaultPassword"="$AutoPass$"
set "DefaultDomainName"="$AutoDom$"
set "AutoAdminLogon"="$AutoLogon$"

[DosInAnIcon_deleteadmin]
NET USER opsiSetupAdmin  /DELETE

[Registry_SaveRebootFlag]
openKey [$WinstRegKey$]
set "RebootFlag" = "$RebootFlag$"

[Files_copy_Setup_files_local]
copy -s %ScriptPath%\localsetup\*.* $LocalFilesPath$

[Files_delete_Setup_files_local]
delete -sf $LocalFilesPath$
; folgender Befehl funktioniert nicht vollständig, deshalb ist er zur Zeit auskommentier
; der Befehl wird durch die Sektion "DosInAnIcon_deleteprofile" ersetzt (P.Ohler)
;delete -sf "%ProfileDir%\opsiSetupAdmin"

[DosInAnIcon_deleteprofile]
rmdir /S /Q "%ProfileDir%\opsiSetupAdmin"

[DosInAnIcon_get_admin_group]
@echo off
"%ScriptPath%\psgetsid.exe" /accepteula S-1-5-32-544

[DosInAnIcon_makeadmin]
NET USER opsiSetupAdmin $OpsiAdminPass$ /ADD
NET LOCALGROUP $AdminGroup$ /ADD opsiSetupAdmin

[Registry_autologon]
openkey [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
set "DefaultUserName"="opsiSetupAdmin"
set "DefaultPassword"="$OpsiAdminPass$"
set "DefaultDomainName"="localhost"
set "AutoAdminLogon"="1"

[Registry_runonce]
openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
set "opsi_autologon_setup"='"$LocalWinst$" "$LocalFilesPath$\$LocalSetupScript$" /batch'

[Registry_del_runonce]
openkey [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
DeleteVar "opsi_autologon_setup"

[Registry_disable_keyboard]
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]
set "Start"=REG_DWORD:0x4
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]
set "Start"=REG_DWORD:0x4

[Registry_enable_keyboard]
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]
set "Start"=REG_DWORD:0x1
openkey [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]
set "Start"=REG_DWORD:0x1

[Files_remove_winst_bat]
delete -f c:\tmp\_winst.bat

[execWith_cmd64_reg_enable_keyboard]
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass" /v "Start" /t REG_DWORD /d "1" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass" /v "Start" /t REG_DWORD /d "1" /f

[execWith_cmd64_reg_autologon]
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /t REG_SZ /d "opsiSetupAdmin" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /t REG_SZ /d "$OpsiAdminPass$" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /t REG_SZ /d "localhost" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /t REG_SZ /d "1" /f

[execWith_cmd64_reg_runOnce]
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "opsi_autologon_setup" /t REG_SZ /d "\"$LocalWinst$\" \"$LocalFilesPath$\$LocalSetupScript$\" /batch" /f

[execWith_cmd64_reg_del_runonce]
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "opsi_autologon_setup" /f

[execWith_cmd64_reg_disable_keyboard]
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass" /v "Start" /t REG_DWORD /d "4" /f

[execWith_cmd64_reg_restore_autologon]
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /t REG_SZ /d "$AutoName$" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /t REG_SZ /d "$AutoPass$" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /t REG_SZ /d "$AutoDom$" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /t REG_SZ /d "$AutoLogon$" /f

[sub_retrieve_registry_data]
if $SystemType$ = "64 Bit System"
	set $ResultList$ = getOutStreamFromSection("execWith_reg_query '%SystemRoot%\cmd64.exe' /C")
	for $s$ in $ResultList$ do sub_fetch_SearchResult
else
	set $SearchResult$ = GetRegistryStringValue("["+$SearchKey$+"] "+$SearchValue$)
endif

[execWith_reg_query]
@echo off
reg query "$SearchKey$" /v "$SearchValue$"

[sub_fetch_SearchResult]
set $ResultList2$ = splitStringOnWhiteSpace('$s$')
if $SearchValue$ = takeString(1,$ResultList2$)
	if not (takeString(3,$ResultList2$) = "")
		set $ResultList3$ = getSublist(3:, $ResultList2$)
		set $SearchResult$ = composeString($ResultList3$," ")
	else
		set $SearchResult$ = ""
	endif
endif