packages security warnings

wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

packages security warnings

Beitragvon wardenik » 28 Okt 2008, 18:10

hi,

some packages, like python or firefox, during wInst, popup a window
"openfile - security warning"
Name: Firefox setup .... exe
Run, Cancel...

Is it possible to get rid of this one to not popup anything as it should be in unattended mode?

Benutzeravatar
d.oertel
uib-Team
Beiträge: 3276
Registriert: 04 Jun 2008, 14:27

Re: packages security warnings

Beitragvon d.oertel » 28 Okt 2008, 18:25

Hi wardenik,

check your depotURL
If the depotURL contains a IP-Number or a full qualified DNS-Name
XP thinks about the share 'oh this may be the dangerous internet'.
To avoid these problems use the netbios name in the depoturl.
You can see and modify this at the configed via 'server configuration'
or under
/var/lib/opsi/config/depots/<depotname>/depot.ini

does this help ?

regards

detlef
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org

wardenik
Beiträge: 65
Registriert: 27 Okt 2008, 12:22

Re: packages security warnings

Beitragvon wardenik » 29 Okt 2008, 09:57

Hi,

I presume you meant remoteurl from the depotshare section of this file :)
Yeap, I have changed it and it works fine.
Should I change remoteurl in the repository section as well?

Some additional questions:
- is it possible to uninstall a package? I can see the uninstall section in the manual, but it says only about preparing packages for uninstallation. But I don't see the uninstall option in the configed itself...
- i'm going to prepare a bitdefender and MS Office 2003 package if you are interested


radek

Benutzeravatar
j.schneider
Ex-uib-Team
Beiträge: 1414
Registriert: 29 Mai 2008, 15:14

Re: packages security warnings

Beitragvon j.schneider » 29 Okt 2008, 10:10

Hi!
wardenik hat geschrieben:Should I change remoteurl in the repository section as well?

You can leave this setting as it is.

wardenik hat geschrieben:- is it possible to uninstall a package? I can see the uninstall section in the manual, but it says only about preparing packages for uninstallation. But I don't see the uninstall option in the configed itself...

Sure, but you have to provide an uninstall-script.
You may have a look at /var/lib/opsi/config/depots/*/products/localboot/* and the command opsi-newprod.

cshields
Beiträge: 12
Registriert: 03 Dez 2008, 04:32

Re: packages security warnings

Beitragvon cshields » 27 Jan 2009, 03:44

I am having this problem on a win2k3 box, and the depot url is set to the netbios name just fine. The problem is that when I go to install swaudit, the preloginloader goes to install python and swaudit and the computer ends up sitting at two security warning prompts stating that the publisher could not be verified. This blocks the automatic deployment of python and swaudit (not to mention blocks any RDP access in the process). To see the error view: http://www.grabup.com/uploads/d021eb671 ... 3ab056.png

I've set the group policy template settings to not check for code signatures and to allow execution of invalid signatures but that does not fix anything (maybe the template change is not retroactive to the pcpatch account???)

How do people setup windows 2003 to allow OPSI to deploy properly?? I've read that windows 2003 is supported but this seems to be a major issue. (this is win2k3 sp2, basic install)

Cheers!

fabi
Beiträge: 6
Registriert: 05 Feb 2009, 13:30

Re: packages security warnings

Beitragvon fabi » 05 Feb 2009, 13:43

In fact we're having the same issue with windows vista, we just purchased the license for using vista with opsi. Like cshields I tried everything with setting up group policys or HKLM registry-keys to add *.exe-files to LowRiskFileTypes, which would prevent this massage in every case, or to add the opsi-server to the local intranet zone. This settings work for all local users except for the opsiconfd-service thread which runs under the SYSTEM-user (?).

We worked out that this message only appears if you call the command by a "winbatch" sub. If you're trying "dosbatch" this warning will never appear. But to change all scripts like that seems to be more like a dirty work-around than a sensible solution for this problem.

So any help would be welcomed!

Benutzeravatar
d.oertel
uib-Team
Beiträge: 3276
Registriert: 04 Jun 2008, 14:27

Re: packages security warnings

Beitragvon d.oertel » 05 Feb 2009, 14:07

Hi fabi,

there are some differences between XP/2003 and Vista/2008.
At XP you get normally no warning if the depotur uses the netbiosname and
the nameresolution via netbios works.

At Vista the UAC has to configured and the share has to be declared as trused at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Both is done at the preloginvista installation.
So if this don't work with vista you should post your preloginvista.log

regards
detlef oertel
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org

fabi
Beiträge: 6
Registriert: 05 Feb 2009, 13:30

Re: packages security warnings

Beitragvon fabi » 05 Feb 2009, 17:08

Thanks for your fast reply!

I set up a fresh vista machine and now the preloginvista did the registry updates automatically.. no idea why it didn't at the first time.. But nevertheless the same message appears if I want to install additional programs, so I attached the preloginvista.log.

Benutzeravatar
d.oertel
uib-Team
Beiträge: 3276
Registriert: 04 Jun 2008, 14:27

Re: packages security warnings

Beitragvon d.oertel » 05 Feb 2009, 18:02

Hi fabi,

The log seems to be ok.

But nevertheless the same message appears if I want to install additional programs,


Do you mean:
If you try to install programs via opsi to this vista client, you get a security warning ?

This should not happen if the programs are called from the opsi-server share ( e.g. vis %SCRIPTPATH%), because this server is registred as trusted.
If you call programs from a other (not trusted) share, you have problem.

Does this help ?

regards
detlef oertel
opsi support - uib gmbh

For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org

fabi
Beiträge: 6
Registriert: 05 Feb 2009, 13:30

Re: packages security warnings

Beitragvon fabi » 06 Feb 2009, 15:50

Yes I mean installing programs via opsi to my vista client from the trusted share on the opsi server. That's the thing that I don't understand, if I try to start the setup program manually from the admin account no warning appears, the trusted-network-entry works in this case. But the account which starts the opsiconfd seems to simply ignore this configuration.By the way, it's Vista Business I'm working with.