Dear WPKG Users,
I have a method of launching WPKG that I would like to share. Perhaps it could
be included in the installation documentation...
I have used WPKG for some time and think it's a great program. I initially
used the WPKG Client, but later removed this in favour of launching WPKG via
winexe from the Samba preexec directive (as covered in the installation
section). I have a RHEL4 server running Samba-3 as a PDC. This worked OK, but
I found that winexe put quite a load on the server for some reason. Also
winexe shows the administrator password in the output of ps!
My solution was to launch WPKG from the domain logon script. I use KiXtart
(another great program) to run my logon script because it's powerful and
versatile (and free!). The script basically just maps network drives depending
on group membership, but some code could be added to run WPKG. The problem is
that the logon script runs with permissions of the user, but WPKG needs admin
rights to install software. The answer to this is to make a separate KiXtart
script that is launched by the logon script with elevated privilege using CPAU
(create process as user).
Another side benefit is that the KiXtart logon script can first check the IP
address of the client and decide whether or not to run WPKG. This allows me to
ignore WPKG over a VPN connection.
The overall solution, with code, is below.
Samba smb.conf:
logon script = scripts\logon.cmd
This is relative to the root of the netlogon share (/var/lib/samba/netlogon on
my server)
-----
logon.cmd:
@ECHO OFF
:: Network logon script
:: Use KiXtart to manage network logons
%LOGONSERVER%\netlogon\scripts\kix32.exe
%LOGONSERVER%\netlogon\scripts\logon.kx /f
This is run by Samba on user logon. All it does is run the KiXtart logon
script, logon.kix.
-----
logon.kix:
This is the main logon script. It is run by logon.cmd and maps network
drives. It now checks for a local LAN connection and starts the wpkg.kix
script.
$ = SetConsole("HIDE")
; Declare local variables
DIM $LocalLan, $Adapter, $CmdLine, $RetVal
; *** Other code here to map network drives ***
; The following section initiates WPKG software deployment
; Test if the client is connecting on the local LAN and not via VPN
$LocalLan = 0
FOR $Adapter = 0 TO 3
IF InStr(EnumIpInfo($Adapter, 0), "10.1.1")
$LocalLan = 1
ENDIF
NEXT
; Launch KiXtart script wpkg.kix
IF $LocalLan
$CmdLine = Chr(34) + @LDRIVE + "scripts\kix32.exe " + @LDRIVE +
"scripts\wpkg.kx" + Chr(34)
$RetVal = CPAU($CmdLine)
ENDIF
; Function to launch processes with elevated privileges using CPAU
Function CPAU($Cmd)
Dim $User, $Pass, $Options $cpau
$User = "DOMAIN\Administrator"
$Pass = "password"
$Options = " -cwd %SYSTEMROOT%\Temp -hide -lwop"
$cpau = @SCRIPTDIR + "\cpau.exe"
SHELL $cpau + " -u " + $User + " -p " + $Pass + " -ex " + $Cmd + $Options
CPAU = @ERROR
EndFunction
-----
wpkg.kix:
This is script is started by logon.kix and runs wpkg.js as the domain
administrator.
$ = SetConsole("HIDE")
; Declare local variables
DIM $WpkgDrv
; Set environment variables used by WPKG
SETL "WPKGROOT=\\SERVER\wpkg"
SETL "SOFTWARE=\\SERVER\wpkg\software"
SETL "TOOLS=\\SERVER\wpkg\tools"
; Connect the WPKG share and launch wpkg.js
USE * "\\SERVER\wpkg"
$WpkgDrv = @RESULT
IF @ERROR = 0
SHELL "%SYSTEMROOT%\system32\cscript.exe " + $WpkgDrv + "\wpkg.js
/synchronize /quiet /nonotify"
; Optional - copy the log files to the server for diagnostics
COPY "%SYSTEMROOT%\system32\wpkg.xml" $WpkgDrv + "\status\" + @WKSTA +
".xml"
COPY "%SYSTEMROOT%\Temp\wpkg-" + @WKSTA + ".log" $WpkgDrv + "\log\" +
@WKSTA + ".log"
USE $WpkgDrv /DELETE
ENDIF
-----
The KiXtart scripts can be tokenized to hide the password:
kix32.exe wpkg.kix /t
will make wpkg.kx. The source wpkg.kix can be rw only by root.
The kix32.exe and cpau.exe reside in the "scripts" directory.
I hope this solution is helpful to others.
Regards,
Steve Jones
_________________________________________________________________
If it exists, you'll find it on SEEK. Australia's #1 job site
http://clk.atdmt.com/NMN/go/157639755/direct/01/
-------------------------------------------------------------------------
wpkg-users mailing list archives >> http://lists.wpkg.org/pipermail/wpkg-users/
_______________________________________________
wpkg-users mailing list
wpkg-users@lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
