opsi (open pc server integration)

​opsi is a Windows system management tool, supporting everthing up to Windows XP, Windows Vista and Windows 7.

It handles the initial Windows installation and the installation of additional software products.

opsi is mainly developed by ​uib.

additional OPSI ressources

• opsi/dism
• opsi/howto
• opsi/winpe

General remarks about Windows silient/unattended configuration

/!\ more or less just some notes I've collected during work.

• windows/configuration
• windows/driver
• windows/fonts
• windows/group_policy
• windows/ie8
• windows/installation_image
• windows/languages
• windows/msoffice2010
• windows/shavlik
• windows/update
• windows/update/wuinstall
• windows/windows7
• windows/windows8

OPSI Products

These are the packages, that can be installed by OPSI.

Standard packages can be found at:

• ​http://download.uib.de/opsi4.0/products/netboot/
• ​http://download.uib.de/opsi4.0/products/localboot/
• ​http://download.uib.de/opsi4.0/products/contribute/
• ​https://forum.opsi.org/wiki/userspace:script_templates

Our full packages are also hosted at

• ​http://download.uib.de/opsi4.0/products/contribute/partners/dass-it/

Full packages include are requires components. On the other side, template packages only contain the freely distributable (Open-Source) parts. The other components must be added manually.

How to handle template packages from ​http://www.dass-it.de:

• copy the sources to your OPSI workbench
  • download the ZIP archives from this website or
  • checkout the Subversion repository ​https://svn.dass-it.de/svn/pub/opsi/products/
• if required, add the missing components
• create an OPSI package by
  • opsi-makeproductfile PACKAGENAME
• install package by
  • opsi-package-manager --install --properties ask PACKAGE.opsi

bitlocker

source

source:opsi/products/bitlocker​

package

source:opsi/products/​

Windows 7 includes the bitlocker tool for harddisk encryption. With this opsi package bitlocker can be centrally configured.

For more information, see wiki:windows/windows7#Bitlocker

Bitlocker requires TPM activated in the BIOS. If TPM isn't available or disabled, the bitlocker OPSI package will fail.

If TPM is activated, the bitlocker packages requires 2 reboots.

The recovery password must be 8 blocks of 6 digits (as in the provided as example) and each block must be devidable by 11. Example:

000011-000022-000033-000044-000055-000066-000077-000088

bacula

source

source:opsi/products/bacula​

package

source:opsi/products/​

Bacula client for Windows.

Features:

• automatic firewall configuration
• creates bacula config files based on the OPSI properties for the Bacula package
• Bacula Director configuration can be automatically generated, see next section

Bacula Director: automatic configuration

The Bacula Director configuration files can be automatically generated by the opsiclient script.

For a detailed presentation (in German) from the ​http://bacula-conference.org 2012 see this attachment:praesentation-20120925-BaculaKonferenz-OPSI.pdf​

Alternativly follow these instructions:

• install the dass-opsi-tools from
  • ​http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=dass-opsi-tools
  • or at least opsiclient from source:opsi/server/dass-opsi-tools/usr/bin/opsiclient​

• opsiclient --server SERVERNAME createBaculaConfigFiles
  

  • creates the bacula config files:

    opsi-clients-generated.conf
    opsi-jobs-generated.conf
    

  • Include them into /etc/bacula/bacula-dir.conf, e.g.

    # include automatically generated config files for OPSI clients
    @/etc/bacula/generated/opsi-clients-generated.conf
    @/etc/bacula/generated/opsi-jobs-generated.conf
    

• reload the Bacula Director configuration, e.g. by

  echo "reload" | bconsole
  

virtualbox-guest-tools

source

source:opsi/products/virtualbox-guest-tools​

package

source:opsi/products/​

Windows guest tools for VirtualBox.

wsusoffline

source

source:opsi/products/wsusoffline​

Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection, see ​http://www.wsusoffline.net/

This tools will download all (most) available

• Microsoft Windows Updates
• Microsoft Office Updates

and additional Microsoft components like

• .Net Framework
• Powershell
• MS Defender

All these components are stored in the client/ subdirectory. This directory can be distributed to other client systems. On these systems it can be installed by a wsusoffline script without further user interaction.

To distribute and install these components, it can be packed into a OPSI package.

create a wsusoffline OPSI package

using the wsusoffline RPM

• install the wsusoffline from ​http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=wsusoffline
• make sure, that the download user is member of the group wsusoffline, e.g.
  • sudo /usr/sbin/groupmod wsusoffline -A $USER
• execute
  • wsus-download-updates.sh
    • select required products and start the download
      • the updates will be stored in the directory: /var/lib/wsusoffline/client/
• copy the wsusoffline client directory into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/
  • rsync -av --progress /var/lib/wsusoffline/client/. $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/CLIENT_DATA/client/.
• adapt version information in $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/OPSI/control
• create package
  • opsi-makeproductfile $YOUR_OPSI_PATH/opsi_workbench/wsusoffline

RPM sources at source:opsi/server/wsusoffline​

using the wsusoffline ZIP-archive

• download and install wsusoffline from the ZIP archive at ​http://www.wsusoffline.net/
• start wsusoffline/sh/DownloadUpdates.sh
  • select required products and start the download
    • the updates will be stored in the subdirectory: client/
• copy the wsusoffline subdirectory client/ into the OPSI package at opsi_workbench/wsusoffline/CLIENT_DATA/client/

Known limitations

• wsusoffline 7.3.2
  • bug in the Linux download code (dos2unix). Not all products are properly selected/deselected
• wsusoffline 7.3
  • winxp, dotnet-Framework 3.5 Language Pack is known not to work. I suggest installating dotnet-Framework 3.5 as a separate package
• Why isn't the full wsusoffline application directly included in the OPSI package? Wouldn't it be easier to start the download directly in the OPSI directory instead of copying the client-directory to OPSI afterwards?
  • For the first run, this would be indeed easier. However, if you update the OPSI wsusoffline package to a newer version, all files already downloaded will be deleted (by opsi-package-manager), because they are not included in the package. Of course, you can backup them before, and apply them again after the update. However, then this approach would not be easier anymore. So in my opinion, it is cleaner, to handle the download indepent from the install part, and copy the full client-directory to OPSI after downloading the files.

xenserver-tools

source

source:opsi/products/xenserver-tools​

Windows tools when running on a Citrix XenServer: