packages security warnings
packages security warnings
hi,
some packages, like python or firefox, during wInst, popup a window
"openfile - security warning"
Name: Firefox setup .... exe
Run, Cancel...
Is it possible to get rid of this one to not popup anything as it should be in unattended mode?
some packages, like python or firefox, during wInst, popup a window
"openfile - security warning"
Name: Firefox setup .... exe
Run, Cancel...
Is it possible to get rid of this one to not popup anything as it should be in unattended mode?
Re: packages security warnings
Hi wardenik,
check your depotURL
If the depotURL contains a IP-Number or a full qualified DNS-Name
XP thinks about the share 'oh this may be the dangerous internet'.
To avoid these problems use the netbios name in the depoturl.
You can see and modify this at the configed via 'server configuration'
or under
/var/lib/opsi/config/depots/<depotname>/depot.ini
does this help ?
regards
detlef
check your depotURL
If the depotURL contains a IP-Number or a full qualified DNS-Name
XP thinks about the share 'oh this may be the dangerous internet'.
To avoid these problems use the netbios name in the depoturl.
You can see and modify this at the configed via 'server configuration'
or under
/var/lib/opsi/config/depots/<depotname>/depot.ini
does this help ?
regards
detlef
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
Re: packages security warnings
Hi,
I presume you meant remoteurl from the depotshare section of this file
Yeap, I have changed it and it works fine.
Should I change remoteurl in the repository section as well?
Some additional questions:
- is it possible to uninstall a package? I can see the uninstall section in the manual, but it says only about preparing packages for uninstallation. But I don't see the uninstall option in the configed itself...
- i'm going to prepare a bitdefender and MS Office 2003 package if you are interested
radek
I presume you meant remoteurl from the depotshare section of this file
Yeap, I have changed it and it works fine.
Should I change remoteurl in the repository section as well?
Some additional questions:
- is it possible to uninstall a package? I can see the uninstall section in the manual, but it says only about preparing packages for uninstallation. But I don't see the uninstall option in the configed itself...
- i'm going to prepare a bitdefender and MS Office 2003 package if you are interested
radek
- j.schneider
- uib-Team
- Beiträge: 1801
- Registriert: 29 Mai 2008, 15:14
Re: packages security warnings
Hi!
You may have a look at /var/lib/opsi/config/depots/*/products/localboot/* and the command opsi-newprod.
You can leave this setting as it is.wardenik hat geschrieben: Should I change remoteurl in the repository section as well?
Sure, but you have to provide an uninstall-script.wardenik hat geschrieben: - is it possible to uninstall a package? I can see the uninstall section in the manual, but it says only about preparing packages for uninstallation. But I don't see the uninstall option in the configed itself...
You may have a look at /var/lib/opsi/config/depots/*/products/localboot/* and the command opsi-newprod.
Re: packages security warnings
I am having this problem on a win2k3 box, and the depot url is set to the netbios name just fine. The problem is that when I go to install swaudit, the preloginloader goes to install python and swaudit and the computer ends up sitting at two security warning prompts stating that the publisher could not be verified. This blocks the automatic deployment of python and swaudit (not to mention blocks any RDP access in the process). To see the error view: http://www.grabup.com/uploads/d021eb671 ... 3ab056.png
I've set the group policy template settings to not check for code signatures and to allow execution of invalid signatures but that does not fix anything (maybe the template change is not retroactive to the pcpatch account???)
How do people setup windows 2003 to allow OPSI to deploy properly?? I've read that windows 2003 is supported but this seems to be a major issue. (this is win2k3 sp2, basic install)
Cheers!
I've set the group policy template settings to not check for code signatures and to allow execution of invalid signatures but that does not fix anything (maybe the template change is not retroactive to the pcpatch account???)
How do people setup windows 2003 to allow OPSI to deploy properly?? I've read that windows 2003 is supported but this seems to be a major issue. (this is win2k3 sp2, basic install)
Cheers!
Re: packages security warnings
In fact we're having the same issue with windows vista, we just purchased the license for using vista with opsi. Like cshields I tried everything with setting up group policys or HKLM registry-keys to add *.exe-files to LowRiskFileTypes, which would prevent this massage in every case, or to add the opsi-server to the local intranet zone. This settings work for all local users except for the opsiconfd-service thread which runs under the SYSTEM-user (?).
We worked out that this message only appears if you call the command by a "winbatch" sub. If you're trying "dosbatch" this warning will never appear. But to change all scripts like that seems to be more like a dirty work-around than a sensible solution for this problem.
So any help would be welcomed!
We worked out that this message only appears if you call the command by a "winbatch" sub. If you're trying "dosbatch" this warning will never appear. But to change all scripts like that seems to be more like a dirty work-around than a sensible solution for this problem.
So any help would be welcomed!
Re: packages security warnings
Hi fabi,
there are some differences between XP/2003 and Vista/2008.
At XP you get normally no warning if the depotur uses the netbiosname and
the nameresolution via netbios works.
At Vista the UAC has to configured and the share has to be declared as trused at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Both is done at the preloginvista installation.
So if this don't work with vista you should post your preloginvista.log
regards
detlef oertel
there are some differences between XP/2003 and Vista/2008.
At XP you get normally no warning if the depotur uses the netbiosname and
the nameresolution via netbios works.
At Vista the UAC has to configured and the share has to be declared as trused at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Both is done at the preloginvista installation.
So if this don't work with vista you should post your preloginvista.log
regards
detlef oertel
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
Re: packages security warnings
Thanks for your fast reply!
I set up a fresh vista machine and now the preloginvista did the registry updates automatically.. no idea why it didn't at the first time.. But nevertheless the same message appears if I want to install additional programs, so I attached the preloginvista.log.
I set up a fresh vista machine and now the preloginvista did the registry updates automatically.. no idea why it didn't at the first time.. But nevertheless the same message appears if I want to install additional programs, so I attached the preloginvista.log.
- Dateianhänge
-
- preloginvista.log
- (59.36 KiB) 116-mal heruntergeladen
Re: packages security warnings
Hi fabi,
The log seems to be ok.
If you try to install programs via opsi to this vista client, you get a security warning ?
This should not happen if the programs are called from the opsi-server share ( e.g. vis %SCRIPTPATH%), because this server is registred as trusted.
If you call programs from a other (not trusted) share, you have problem.
Does this help ?
regards
detlef oertel
The log seems to be ok.
Do you mean:But nevertheless the same message appears if I want to install additional programs,
If you try to install programs via opsi to this vista client, you get a security warning ?
This should not happen if the programs are called from the opsi-server share ( e.g. vis %SCRIPTPATH%), because this server is registred as trusted.
If you call programs from a other (not trusted) share, you have problem.
Does this help ?
regards
detlef oertel
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
For productive opsi installations we recommend support contracts.
http://www.uib.de
http://www.opsi.org
Re: packages security warnings
Yes I mean installing programs via opsi to my vista client from the trusted share on the opsi server. That's the thing that I don't understand, if I try to start the setup program manually from the admin account no warning appears, the trusted-network-entry works in this case. But the account which starts the opsiconfd seems to simply ignore this configuration.By the way, it's Vista Business I'm working with.