Version 18 (modified by joergs, on Sep 20, 2012 at 7:48:45 PM) ( diff )


opsi (open pc server integration)

opsi is a Windows system management tool, supporting everthing up to Windows XP, Windows Vista and Windows 7.

It handles the initial Windows installation and the installation of additional software products.

opsi is mainly developed by uib.

additional OPSI ressources

General remarks about Windows silient/unattended configuration

/!\ more or less just some notes I've collected during work.

OPSI Products

These are the packages, that can be installed by OPSI.

Standard packages can be found at:

How to handle additional packages from

  • copy the sources to your OPSI workbench
  • if required, add the missing components
  • create an OPSI package by
    • opsi-makeproductfile PACKAGENAME
  • install package by
    • opsi-package-manager --install --properties ask PACKAGE.opsi



Windows 7 includes the bitlocker tool for harddisk encryption. With this opsi package bitlocker can be centrally configured.

For more information, see wiki:windows/windows7#Bitlocker

Bitlocker requires TPM activated in the BIOS. If TPM isn't available or disabled, the bitlocker OPSI package will fail.

If TPM is activated, the bitlocker packages requires 2 reboots.

The recovery password must be 8 blocks of 6 digits (as in the provided as example) and each block must be devidable by 11. Example:




Bacula client for Windows.

Bacula Director: automatic configuration

Automatic configuration can be done by source:opsi/products/



Windows guest tools for VirtualBox.



Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection, see

This tools will download all (most) available

  • Microsoft Windows Updates
  • Microsoft Office Updates

and additional Microsoft components like

  • .Net Framework
  • Powershell
  • MS Defender

All these components are stored in the client/ subdirectory. This directory can be distributed to other client systems. On these systems it can be installed by a wsusoffline script without further user interaction.

To distribute and install these components, it can be packed into a OPSI package.

create a wsusoffline OPSI package

using the wsusoffline RPM

  • install the wsusoffline from
  • make sure, that the download user is member of the group wsusoffline, e.g.
    • sudo /usr/sbin/groupmod wsusoffline -A $USER
  • execute
      • select required products and start the download
        • the updates will be stored in the directory: /var/lib/wsusoffline/client/
  • copy the wsusoffline client directory into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/
    • rsync -av --progress /var/lib/wsusoffline/client/. $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/CLIENT_DATA/client/.

using the wsusoffline ZIP-archive

  • download and install wsusoffline from the ZIP archive at
  • start wsusoffline/sh/
    • select required products and start the download
      • the updates will be stored in the subdirectory: client/
  • copy the wsusoffline subdirectory client/ into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/

Known limitations

  • wsusoffline 7.3.2
    • bug in the Linux download code (dos2unix). Not all products are properly selected/deselected
  • wsusoffline 7.3
    • winxp, dotnet-Framework 3.5 Language Pack is known not to work. I suggest installating dotnet-Framework 3.5 as a separate package
  • Why isn't the full wsusoffline application directly included in the OPSI package? Wouldn't it be easier to start the download directly in the OPSI directory instead of copying the client-directory to OPSI afterwards?
    • For the first run, this would be indeed easier. However, if you update the OPSI wsusoffline package to a newer version, all files already downloaded will be deleted (by opsi-package-manager), because they are not included in the package. Of course, you can backup them before, and apply them again after the update. However, then this approach would not be easier anymore. So in my opinion, it is cleaner, to handle the download indepent from the install part, and copy the full client-directory to OPSI after downloading the files.


Windows tools when running on a Citrix XenServer:


Attachments (1)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.