Seite 1 von 1
Is opsi-winst /usercontext parameter licensed ?
Verfasst: 03 Sep 2018, 23:49
von ronin
Hello
I want to use
/usercontext <[domain\]user name> parameter, but i have problem ...
Do I need license for it ?
If not, please, I need some help
Till now I tried combinations:
Code: Alles auswählen
1) DosBatch_script /usercontext "OPSI\domnuser" /password "***"
2) DosBatch_script /usercontext /username "OPSI\domnuser" /password "***"
3) DosBatch_script /username "OPSI\domnuser" /password "***"
[DosBatch_script]
"%scriptpath%\script.cmd"
Thank you
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 00:14
von SisterOfMercy
I don't think you need a license, except when you are using an old version. Please tell us what version of OPSI you are using, and even better: what you are trying to do. There are a lot of ways that lead to Rome.
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 02:16
von ronin
Hi
SisterOfMercy, I'm trying to run as domain user Bitlocker encryption script, with adbackup function:
Code: Alles auswählen
@echo off
REM Manage-bde.exe -protectors -disable c:
set test /a = "qrz"
for /F "tokens=3 delims= " %%A in ('manage-bde -status %systemdrive% ^| findstr " Encryption Method:"') do (
echo %%A
set test = %%A
if "%%A"=="None" goto :activate
)
rem goto end
:activate
echo in activate
for /F %%A in ('wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue ^| findstr "TRUE"') do (
if "%%A"=="TRUE" goto :bitlock
)
powershell Initialize-Tpm
:bitlock
:end
manage-bde -protectors -disable %systemdrive%
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures
manage-bde -protectors -delete %systemdrive% -type RecoveryPassword
manage-bde -protectors -add %systemdrive% -RecoveryPassword
for /F "tokens=2 delims=: " %%A in ('manage-bde -protectors -get %systemdrive% -type recoverypassword ^| findstr " ID:"') do (
echo %%A
manage-bde -protectors -adbackup %systemdrive% -id %%A
)
manage-bde -protectors -enable %systemdrive%
manage-bde -on %systemdrive% -UsedSpaceOnly -SkipHardwareTest
rem \\lib-fs\lib-gpo\bitlockerid.bat
rem manage-bde -status %systemdrive%
I'm using latest opsi 4.1 version
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 18:04
von d.oertel
Hi,
Parameters like
'/usercontext "OPSI\domnuser" /password "***"' or
'/username "OPSI\dom'
are command line parameters of the script interpreter (e.g. winst32.exe) it self:
https://download.uib.de/opsi_stable/doc ... -cliparams
There are not valid parameters for a dosbatch section call:
https://download.uib.de/opsi_stable/doc ... t-dosbatch
But I do not see, that any thing in your script has to run inside any user context.
Bitlocker is a system wide thing.
What is your problem running your script inside a dosInAnIcon (or DosBatch) section ?
cheers
d.oertel
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 21:03
von ronin
Hi
d.oertel, thank you for reply.
I want to understand it better ..
.. So opsi-winst stand for (WinBatch, DosBatch,ExecWith, Files etc) secondary sections ?
And to use opsi-winst parameters I need to call "winst" after Secondary section ?
Like?:
Code: Alles auswählen
DosBatch_bitlocker winst /usercontext "OPSI\user" /password "***"
[DosBatch_bitlocker]
"%scriptpath%\bitlocker.cmd"
This line gives me:
Code: Alles auswählen
...
[5] [Sep 04 20:38:58:386] [bitlocker] message Installing Bitlocker...
[5] [Sep 04 20:38:58:405] [bitlocker] Execution of: DosBatch_bitlocker winst /usercontext "OPSI\user" /password "***"
[7] [Sep 04 20:38:58:405] [bitlocker] Save to file with encoding: system
[7] [Sep 04 20:38:58:407] [bitlocker] Executing "cmd.exe" /C c:\opsi.org\tmp\_opsiscript_Op90Ws61.cmd
[6] [Sep 04 20:38:58:927] [bitlocker] ExitCode 0
[7] [Sep 04 20:38:58:933] [bitlocker] The file: c:\opsi.org\tmp\_opsiscript_Op90Ws61.cmd has been deleted
[6] [Sep 04 20:38:58:933] [bitlocker] Search "c:\opsi.org\tmp\"
[6] [Sep 04 20:38:58:933] [bitlocker] Search "c:\opsi.org\tmp\_opsiscript_*"
[6] [Sep 04 20:38:58:933] [bitlocker] File "c:\opsi.org\tmp\_opsiscript_Io22Kx61.cmd"
[6] [Sep 04 20:38:58:934] [bitlocker] The file is 1 day(s) old, no deletion
[6] [Sep 04 20:38:58:934] [bitlocker] EndIf
[1] [Sep 04 20:38:58:934] [bitlocker] ___________________
[1] [Sep 04 20:38:58:934] [bitlocker] script finished: success
[1] [Sep 04 20:38:58:934] [bitlocker] 0 errors
[1] [Sep 04 20:38:58:934] [bitlocker] 0 warnings
...
Durring installation cmd windows showing up for split seconds, with some errors (i presume), but i don't know how to log output of bitlocker.cmd
If I'm doing this totally wrong, could you please give me some examples ?
Thank you
To clarify,
This script work as intended on domain user account and local account with cmd run as different user (domain)
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 22:10
von d.oertel
try something like this:
Code: Alles auswählen
DosBatch_bitlocker
[DosBatch_bitlocker]
@echo off
REM Manage-bde.exe -protectors -disable c:
set test /a = "qrz"
for /F "tokens=3 delims= " %%A in ('manage-bde -status %systemdrive% ^| findstr " Encryption Method:"') do (
echo %%A
set test = %%A
if "%%A"=="None" goto :activate
)
rem goto end
:activate
echo in activate
for /F %%A in ('wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue ^| findstr "TRUE"') do (
if "%%A"=="TRUE" goto :bitlock
)
powershell Initialize-Tpm
:bitlock
:end
manage-bde -protectors -disable %systemdrive%
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures
manage-bde -protectors -delete %systemdrive% -type RecoveryPassword
manage-bde -protectors -add %systemdrive% -RecoveryPassword
for /F "tokens=2 delims=: " %%A in ('manage-bde -protectors -get %systemdrive% -type recoverypassword ^| findstr " ID:"') do (
echo %%A
manage-bde -protectors -adbackup %systemdrive% -id %%A
)
manage-bde -protectors -enable %systemdrive%
manage-bde -on %systemdrive% -UsedSpaceOnly -SkipHardwareTest
rem \\lib-fs\lib-gpo\bitlockerid.bat
rem manage-bde -status %systemdrive%
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 04 Sep 2018, 23:35
von ronin
d.oertel, This script deployed from opsi generates some errors.
I made some opsi packages, so i know some basics
. But it's first time when i need run script as domain user
I switch to DosInAaIcon.
And I want to see script output to inspect those errors.
I found on opsi-winst manual:
Code: Alles auswählen
Set $list$ = getOutStreamFromSection ('DosInAnIcon_bitlocker')
But this gives me another error :/
Code: Alles auswählen
(85) [2] [Sep 04 23:25:16:817] [bitlocker] Syntax Error in Section: Actions (Command in line 19 in section: Actions file: setup.ins section start at line: 1; origin: setup.ins line: 19): $list$ = getOutStreamFromSection ('DosInAnIcon_bitlocker') -> getOutStreamFromSection ('DosInAnIcon_bitlocker') illegal String Expressionstr
(86) [2] [Sep 04 23:25:16:817] [bitlocker] Syntax Error in Section: Actions (Command in line 20 in section: Actions file: setup.ins section start at line: 1; origin: setup.ins line: 20): EndIf -> expected
Btw. Can you tell me, is this syntax correct ?
Code: Alles auswählen
DosInAnIcon_bitlocker winst /usercontext "OPSI\user" /password "***"
Thank you
Re: Is opsi-winst /usercontext parameter licensed ?
Verfasst: 05 Sep 2018, 12:06
von d.oertel
Hi,
i can't tell you the exact reason for your error because i do not see the complete code.
But it looks like set the stringlist var $list$ is perhaps not deklared as stringlist.
Code: Alles auswählen
DosInAnIcon_bitlocker winst /usercontext "OPSI\user" /password "***"
is not correct because (as i told) "/usercontext" is not a command you may use inside a script but a cli parameter you may use starting the winst32.exe like /logfile or /batch (winst32.exe myscrpt.opsiscript /batch /logfile mylog.log)
So go back to my example and let us discuss the errormessages that are resulted by this code.
cheer
detlef