= opsi (open pc server integration) = [[PageOutline]] [[http://www.opsi.org |opsi]] is a Windows system management tool, supporting everthing up to Windows XP, Windows Vista and Windows 7. It handles the initial Windows installation and the installation of additional software products. opsi is mainly developed by [http://www.uib.de uib]. == additional OPSI ressources == [[TitleIndex(opsi/)]] == General remarks about Windows silient/unattended configuration == /!\ more or less just some notes I've collected during work. [[TitleIndex(windows/)]] = OPSI Products = These are the packages, that can be installed by OPSI. Standard packages can be found at: * http://download.uib.de/opsi4.0/products/netboot/ * http://download.uib.de/opsi4.0/products/localboot/ * http://download.uib.de/opsi4.0/products/contribute/ * https://forum.opsi.org/wiki/userspace:script_templates Our full packages are also hosted at * http://download.uib.de/opsi4.0/products/contribute/partners/dass-it/ Full packages include are requires components. On the other side, template packages only contain the freely distributable (Open-Source) parts. The other components must be added manually. How to handle template packages from http://www.dass-it.de: * copy the sources to your OPSI workbench * download the ZIP archives from this website or * checkout the Subversion repository https://svn.dass-it.de/svn/pub/opsi/products/ * if required, add the missing components * create an OPSI package by * {{{opsi-makeproductfile PACKAGENAME}}} * install package by * {{{opsi-package-manager --install --properties ask PACKAGE.opsi}}} == bitlocker == source:: source:opsi/products/bitlocker package:: source:opsi/products/ Windows 7 includes the bitlocker tool for harddisk encryption. With this opsi package bitlocker can be centrally configured. For more information, see wiki:windows/windows7#Bitlocker Bitlocker requires TPM activated in the BIOS. If TPM isn't available or disabled, the bitlocker OPSI package will fail. If TPM is activated, the bitlocker packages requires 2 reboots. The recovery password must be 8 blocks of 6 digits (as in the provided as example) and each block must be devidable by 11. Example: {{{ 000011-000022-000033-000044-000055-000066-000077-000088 }}} == bacula == source:: source:opsi/products/bacula package:: source:opsi/products/ Bacula client for Windows. Features: * automatic firewall configuration * creates bacula config files based on the OPSI properties for the Bacula package * Bacula Director configuration can be automatically generated, see next section === Bacula Director: automatic configuration === The Bacula Director configuration files can be automatically generated by the opsiclient script. For a detailed presentation (in German) from the http://bacula-conference.org 2012 see this attachment:praesentation-20120925-BaculaKonferenz-OPSI.pdf Alternativly follow these instructions: * install the dass-opsi-tools from * http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=dass-opsi-tools * or at least {{{opsiclient}}} from source:opsi/server/dass-opsi-tools/usr/bin/opsiclient * {{{ opsiclient --server SERVERNAME createBaculaConfigFiles }}} * creates the bacula config files: {{{ opsi-clients-generated.conf opsi-jobs-generated.conf }}} * Include them into {{{/etc/bacula/bacula-dir.conf}}}, e.g. {{{ # include automatically generated config files for OPSI clients @/etc/bacula/generated/opsi-clients-generated.conf @/etc/bacula/generated/opsi-jobs-generated.conf }}} * reload the Bacula Director configuration, e.g. by {{{ echo "reload" | bconsole }}} == virtualbox-guest-tools == source:: source:opsi/products/virtualbox-guest-tools package:: source:opsi/products/ Windows guest tools for VirtualBox. == wsusoffline == source:: source:opsi/products/wsusoffline Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection, see http://www.wsusoffline.net/ This tools will download all (most) available * Microsoft Windows Updates * Microsoft Office Updates and additional Microsoft components like * .Net Framework * Powershell * MS Defender All these components are stored in the {{{client/}}} subdirectory. This directory can be distributed to other client systems. On these systems it can be installed by a wsusoffline script without further user interaction. To distribute and install these components, it can be packed into a OPSI package. === create a wsusoffline OPSI package === ==== using the wsusoffline RPM ==== * install the wsusoffline from http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=wsusoffline * make sure, that the download user is member of the group {{{wsusoffline}}}, e.g. * {{{sudo /usr/sbin/groupmod wsusoffline -A $USER}}} * execute * {{{wsus-download-updates.sh}}} * select required products and start the download * the updates will be stored in the directory: {{{/var/lib/wsusoffline/client/}}} * copy the wsusoffline client directory into the OPSI package at {{{opsi_workbench/wsusoffline/CLIENT_DATA/client/}}} * {{{rsync -av --progress /var/lib/wsusoffline/client/. $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/CLIENT_DATA/client/.}}} * adapt version information in {{{$YOUR_OPSI_PATH/opsi_workbench/wsusoffline/OPSI/control}}} * create package * {{{opsi-makeproductfile $YOUR_OPSI_PATH/opsi_workbench/wsusoffline}}} RPM sources at source:opsi/server/wsusoffline ==== using the wsusoffline ZIP-archive ==== * download and install wsusoffline from the ZIP archive at http://www.wsusoffline.net/ * start {{{wsusoffline/sh/DownloadUpdates.sh}}} * select required products and start the download * the updates will be stored in the subdirectory: {{{client/}}} * copy the wsusoffline subdirectory {{{client/}}} into the OPSI package at {{{opsi_workbench/wsusoffline/CLIENT_DATA/client/}}} === Known limitations === * wsusoffline 7.3.2 * bug in the Linux download code (dos2unix). Not all products are properly selected/deselected * wsusoffline 7.3 * winxp, dotnet-Framework 3.5 Language Pack is known not to work. I suggest installating dotnet-Framework 3.5 as a separate package * Why isn't the full wsusoffline application directly included in the OPSI package? Wouldn't it be easier to start the download directly in the OPSI directory instead of copying the client-directory to OPSI afterwards? * For the first run, this would be indeed easier. However, if you update the OPSI wsusoffline package to a newer version, all files already downloaded will be deleted (by opsi-package-manager), because they are not included in the package. Of course, you can backup them before, and apply them again after the update. However, then this approach would not be easier anymore. So in my opinion, it is cleaner, to handle the download indepent from the install part, and copy the full client-directory to OPSI after downloading the files. == xenserver-tools == source:: source:opsi/products/xenserver-tools Windows tools when running on a Citrix XenServer: