Is opsi-winst /usercontext parameter licensed ?

Antworten
ronin
Beiträge: 20
Registriert: 03 Apr 2018, 13:57

Is opsi-winst /usercontext parameter licensed ?

Beitrag von ronin »

Hello ;)

I want to use /usercontext <[domain\]user name> parameter, but i have problem ...
Do I need license for it ?

If not, please, I need some help ;)

Till now I tried combinations:

Code: Alles auswählen

1) DosBatch_script /usercontext "OPSI\domnuser" /password "***"
2) DosBatch_script /usercontext /username "OPSI\domnuser" /password "***"
3) DosBatch_script /username "OPSI\domnuser" /password "***"

[DosBatch_script]
"%scriptpath%\script.cmd"
Thank you
Benutzeravatar
SisterOfMercy
Beiträge: 1556
Registriert: 22 Jun 2012, 19:18

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von SisterOfMercy »

I don't think you need a license, except when you are using an old version. Please tell us what version of OPSI you are using, and even better: what you are trying to do. There are a lot of ways that lead to Rome.
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!
ronin
Beiträge: 20
Registriert: 03 Apr 2018, 13:57

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von ronin »

Hi SisterOfMercy, I'm trying to run as domain user Bitlocker encryption script, with adbackup function:

Code: Alles auswählen

@echo off
REM Manage-bde.exe -protectors -disable c:
set test /a = "qrz"
for /F "tokens=3 delims= " %%A in ('manage-bde -status %systemdrive% ^| findstr "    Encryption Method:"') do (
	echo %%A
	set test = %%A
	if "%%A"=="None" goto :activate
	)
rem goto end
:activate
echo in activate
for /F %%A in ('wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue ^| findstr "TRUE"') do (
if "%%A"=="TRUE" goto :bitlock
)
powershell Initialize-Tpm
:bitlock

:end
manage-bde -protectors -disable %systemdrive%
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures
manage-bde -protectors -delete %systemdrive% -type RecoveryPassword
manage-bde -protectors -add %systemdrive% -RecoveryPassword
for /F "tokens=2 delims=: " %%A in ('manage-bde -protectors -get %systemdrive% -type recoverypassword ^| findstr "       ID:"') do (
	echo %%A
	manage-bde -protectors -adbackup %systemdrive% -id %%A
)
manage-bde -protectors -enable %systemdrive%
manage-bde -on %systemdrive% -UsedSpaceOnly -SkipHardwareTest

rem  \\lib-fs\lib-gpo\bitlockerid.bat
rem  manage-bde -status %systemdrive%
I'm using latest opsi 4.1 version
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3327
Registriert: 04 Jun 2008, 14:27

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von d.oertel »

Hi,

Parameters like
'/usercontext "OPSI\domnuser" /password "***"' or
'/username "OPSI\dom'
are command line parameters of the script interpreter (e.g. winst32.exe) it self:
https://download.uib.de/opsi_stable/doc ... -cliparams

There are not valid parameters for a dosbatch section call:
https://download.uib.de/opsi_stable/doc ... t-dosbatch

But I do not see, that any thing in your script has to run inside any user context.
Bitlocker is a system wide thing.

What is your problem running your script inside a dosInAnIcon (or DosBatch) section ?

cheers
d.oertel


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


ronin
Beiträge: 20
Registriert: 03 Apr 2018, 13:57

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von ronin »

Hi d.oertel, thank you for reply.

I want to understand it better ..

.. So opsi-winst stand for (WinBatch, DosBatch,ExecWith, Files etc) secondary sections ?
And to use opsi-winst parameters I need to call "winst" after Secondary section ?

Like?:

Code: Alles auswählen

DosBatch_bitlocker winst /usercontext "OPSI\user" /password "***"

[DosBatch_bitlocker]
"%scriptpath%\bitlocker.cmd"
This line gives me:

Code: Alles auswählen

...
[5] [Sep 04 20:38:58:386] [bitlocker]   message Installing Bitlocker...
[5] [Sep 04 20:38:58:405] [bitlocker]   Execution of: DosBatch_bitlocker winst /usercontext "OPSI\user" /password "***"
[7] [Sep 04 20:38:58:405] [bitlocker]     Save to file with encoding: system
[7] [Sep 04 20:38:58:407] [bitlocker]     Executing "cmd.exe" /C c:\opsi.org\tmp\_opsiscript_Op90Ws61.cmd
[6] [Sep 04 20:38:58:927] [bitlocker]     ExitCode 0
[7] [Sep 04 20:38:58:933] [bitlocker]     The file: c:\opsi.org\tmp\_opsiscript_Op90Ws61.cmd has been deleted
[6] [Sep 04 20:38:58:933] [bitlocker]       Search "c:\opsi.org\tmp\"
[6] [Sep 04 20:38:58:933] [bitlocker]       Search "c:\opsi.org\tmp\_opsiscript_*"
[6] [Sep 04 20:38:58:933] [bitlocker]       File "c:\opsi.org\tmp\_opsiscript_Io22Kx61.cmd"
[6] [Sep 04 20:38:58:934] [bitlocker]         The file is 1 day(s) old, no deletion
[6] [Sep 04 20:38:58:934] [bitlocker] EndIf
[1] [Sep 04 20:38:58:934] [bitlocker] ___________________
[1] [Sep 04 20:38:58:934] [bitlocker] script finished: success
[1] [Sep 04 20:38:58:934] [bitlocker] 0 errors
[1] [Sep 04 20:38:58:934] [bitlocker] 0 warnings
...
Durring installation cmd windows showing up for split seconds, with some errors (i presume), but i don't know how to log output of bitlocker.cmd

If I'm doing this totally wrong, could you please give me some examples ? ;)

Thank you

To clarify,
This script work as intended on domain user account and local account with cmd run as different user (domain)
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3327
Registriert: 04 Jun 2008, 14:27

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von d.oertel »

try something like this:

Code: Alles auswählen

DosBatch_bitlocker 

[DosBatch_bitlocker]
@echo off
REM Manage-bde.exe -protectors -disable c:
set test /a = "qrz"
for /F "tokens=3 delims= " %%A in ('manage-bde -status %systemdrive% ^| findstr "    Encryption Method:"') do (
   echo %%A
   set test = %%A
   if "%%A"=="None" goto :activate
   )
rem goto end
:activate
echo in activate
for /F %%A in ('wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue ^| findstr "TRUE"') do (
if "%%A"=="TRUE" goto :bitlock
)
powershell Initialize-Tpm
:bitlock

:end
manage-bde -protectors -disable %systemdrive%
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures
manage-bde -protectors -delete %systemdrive% -type RecoveryPassword
manage-bde -protectors -add %systemdrive% -RecoveryPassword
for /F "tokens=2 delims=: " %%A in ('manage-bde -protectors -get %systemdrive% -type recoverypassword ^| findstr "       ID:"') do (
   echo %%A
   manage-bde -protectors -adbackup %systemdrive% -id %%A
)
manage-bde -protectors -enable %systemdrive%
manage-bde -on %systemdrive% -UsedSpaceOnly -SkipHardwareTest

rem  \\lib-fs\lib-gpo\bitlockerid.bat
rem  manage-bde -status %systemdrive%


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


ronin
Beiträge: 20
Registriert: 03 Apr 2018, 13:57

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von ronin »

d.oertel, This script deployed from opsi generates some errors.

I made some opsi packages, so i know some basics ;). But it's first time when i need run script as domain user

I switch to DosInAaIcon.
And I want to see script output to inspect those errors.

I found on opsi-winst manual:

Code: Alles auswählen

Set $list$ = getOutStreamFromSection ('DosInAnIcon_bitlocker')
But this gives me another error :/

Code: Alles auswählen

(85)      [2] [Sep 04 23:25:16:817] [bitlocker]   Syntax Error in Section: Actions (Command in line 19 in section: Actions file: setup.ins section start at line: 1; origin: setup.ins line: 19): $list$ = getOutStreamFromSection ('DosInAnIcon_bitlocker') -> getOutStreamFromSection ('DosInAnIcon_bitlocker') illegal String Expressionstr
(86)      [2] [Sep 04 23:25:16:817] [bitlocker]   Syntax Error in Section: Actions (Command in line 20 in section: Actions file: setup.ins section start at line: 1; origin: setup.ins line: 20): EndIf -> expected
Btw. Can you tell me, is this syntax correct ?

Code: Alles auswählen

DosInAnIcon_bitlocker winst /usercontext "OPSI\user" /password "***"
Thank you
Benutzeravatar
d.oertel
uib-Team
Beiträge: 3327
Registriert: 04 Jun 2008, 14:27

Re: Is opsi-winst /usercontext parameter licensed ?

Beitrag von d.oertel »

Hi,

i can't tell you the exact reason for your error because i do not see the complete code.
But it looks like set the stringlist var $list$ is perhaps not deklared as stringlist.

Code: Alles auswählen

DosInAnIcon_bitlocker winst /usercontext "OPSI\user" /password "***"
is not correct because (as i told) "/usercontext" is not a command you may use inside a script but a cli parameter you may use starting the winst32.exe like /logfile or /batch (winst32.exe myscrpt.opsiscript /batch /logfile mylog.log)

So go back to my example and let us discuss the errormessages that are resulted by this code.

cheer
detlef


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


Antworten