-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCredentialLaptop.cmd
219 lines (178 loc) · 6.28 KB
/
CredentialLaptop.cmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
@echo off
SETLOCAL ENABLEEXTENSIONS
SETLOCAL ENABLEDELAYEDEXPANSION
SET ESC=[
SET ESC_CLEAR=%ESC%2j
SET ESC_RESET=%ESC%0m
SET ESC_GREEN=%ESC%32m
SET ESC_RED=%ESC%31m
SET ESC_YELLOW=%ESC%33m
if [%1] EQU [] (
rem No param, use master branch
SET GIT_BRANCH=master
) else (
rem Param provided, use it as the current branch
SET GIT_BRANCH=%1
rem echo using git branch %GIT_BRANCH%
)
rem echo Starting Credential Process...
rem pause
set tfile=%temp%\runasuac.vbs
rem check if we have UAC permissions
rem >nul 2>&1 "%SYSTEMROOT%\system32\icacls.exe" "%SYSTEMROOT%\system32\config\system"
NET FILE 1>NUL 2>NUL
rem error flag set = no admin priv
if '%errorlevel%' NEQ '0' (
rem echo Not admin...
rem pause
goto switchToUAC
) else ( goto isAlreadyUAC )
echo %ESC_RED%Why are you here - this is a bug - please report it%ESC_RESET%
pause
:switchToUAC
echo Not UAC - Switching to UAC...
echo Set UAC = CreateObject^("Shell.Application"^) > "%tfile%"
echo args = "/C %~s0 %*" >> "%tfile%"
echo For Each strArg in WScript.Arguments >> "%tfile%"
echo args = args ^& strArg ^& " " >> "%tfile%"
echo Next >> "%tfile%"
echo UAC.ShellExecute "cmd", args, "", "runas", 1 >> "%tfile%"
rem wscript "%tfile%" %*
wscript "%tfile%"
rem echo Params %*
rem pause
exit /B
:isAlreadyUAC
rem echo Alread Running with UAC...
rem pause
if exist "%tfile%" ( del "%tfile%" )
pushd "%CD%"
cd /D "%~dp0"
rem pause
echo %ESC_GREEN%[ ---- Configuring Laptop for Student Use ---- ]%ESC_RESET%
echo.
rem Contributions from Mike Huse - https://github.com/operepo/ope/issues/86
:dtime_start
echo %ESC_GREEN%[ ---- Updating System Time ---- ]%ESC_RESET%
date /T
time /T
echo Is the system date/time correct?
choice /N /C YN /T 10 /D Y /M "Press N to set date/time [y/n]"
IF ERRORLEVEL ==2 GOTO setdatetime
IF ERRORLEVEL ==1 GOTO skipsetdatetime
:setdatetime
time
date
:skipsetdatetime
rem Add code to update KMS and run licensing
:set_kms_start
echo %ESC_GREEN%[ ---- Configuring Laptop to get its Windows licensing ---- ]%ESC_RESET%
rem ***** Change IP Address and KMS name for your server below. You can also replace the IP address with the KMS name as well ******
echo Do you want to set KMS and Office activation servers?
choice /C yn /T 10 /D n /M "Press Y to set activation servers [y/n]"
if errorlevel 2 goto skipsetkmsserver
set KMS_URL=
rem TODO - Pull this from the registry?
set DEFAULT_KMS_URL=172.29.20.115
set OFFICE_URL=
set DEFAULT_OFFICE_URL=wwcc-kms.wwcc-wsp.edu
SET OFFICE_PATH="c:\program files (x86)\microsoft office\office16\"
REM **Just trying something**
echo Default KMS IP is: %DEFAULT_KMS_URL%
REM cscript %windir%\system32\slmgr.vbs /skms %DEFAULT_KMS_URL%
SET /p KMS_URL=Enter KMS Server URL/IP [default %DEFAULT_KMS_URL%]:
if %errorlevel%==1 SET KMS_URL=%DEFAULT_KMS_URL%
echo Setting KMS URL: %KMS_URL%
cscript %windir%\system32\slmgr.vbs /skms %KMS_URL%
cscript %windir%\system32\slmgr.vbs /ato
SET /p OFFICE_URL=Enter Office Server URL/IP [default %DEFAULT_OFFICE_URL%]:
if %errorlevel%==1 SET OFFICE_URL=%DEFAULT_OFFICE_URL%
echo Setting Office KMS URL: %OFFICE_URL%
cscript %OFFICE_PATH%ospp.vbs /sethst:%OFFICE_URL%
cscript %OFFICE_PATH%ospp.vbs /act
:skipsetkmsserver
rem run vc_installer
echo Do you want to install the VC Runtimes?
choice /C yn /T 5 /D n /M "Press Y to set install VC Runtimes [y/n]"
if errorlevel 2 goto skipinstallvcruntimes
echo -- %ESC_GREEN%Installing required packages - please wait... %ESC_RESET% --
call "%~dp0Services\mgmt\rc\install_vc_runtimes.cmd"
echo.
:skipinstallvcruntimes
call "%~dp0Services\mgmt\mgmt.exe" config_once
rem Add win defender exclusion for our ope folder
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Add-MpPreference -ExclusionPath '%PROGRAMDATA%\ope'}"
echo -- %ESC_GREEN%Unlocking Machine - please wait... %ESC_RESET% --
echo.
call "%~dp0Services\mgmt\mgmt.exe" unlock_machine
if %ERRORLEVEL% NEQ 0 (
echo.
echo %ESC_RED%*** ERROR - Failed to unlock machine - Quitting. ***%ESC_RESET%
echo.
echo.
pause
pause
exit /b 2
)
rem run update from Git server
echo %ESC_GREEN%-- Getting latest updates from local git server...%ESC_RESET%
rem NOTE - Need to git_pull outside of mgmt.exe so we can update those files
call "%~dp0bin\PullUpdates.cmd" %GIT_BRANCH%
if %ERRORLEVEL% NEQ 0 (
echo.
echo %ESC_YELLOW%*** WARNING - Unable to pull updates from online or local server - You may not be running the latest version of the laptop software! ***%ESC_RESET%
echo.
echo.
rem /T 3
choice /C yn /T 15 /D y /M "Do you want to continue anyway? (y/n - default y in 15 seconds): "
if [!errorlevel!] EQU [1] goto runinstall
exit /b 2
)
:runinstall
rem install services
echo %ESC_GREEN%-- Installing OPE Services...%ESC_RESET%
call "%~dp0bin\install_service.cmd"
if %ERRORLEVEL% NEQ 0 (
echo.
echo %ESC_RED%****** ERROR - Failed to install OPE services. Credential process did not complete properly - this Laptop is NOT ready to hand out to students. *******%ESC_RESET%
echo.
pause
pause
exit /b 2
)
:startcredential
rem call the main credential script
echo %ESC_GREEN%-- Starting credential process...%ESC_RESET%
rem call "%~dp0Services\mgmt\mgmt.exe" credential_laptop
call "%programdata%\ope\Services\mgmt\mgmt.exe" credential_laptop
if %ERRORLEVEL% NEQ 0 (
echo.
echo %ESC_RED%****** Credential process did not complete properly - this Laptop is NOT ready to hand out to students. *******%ESC_RESET%
echo.
pause
pause
exit /b 2
)
:lock_machine
rem Lock machine down which will enable user account
echo %ESC_GREEN%-- Locking Machine...%ESC_RESET%
rem call "%~dp0Services\mgmt\mgmt.exe" lock_machine
call "%programdata%\ope\Services\mgmt\mgmt.exe" lock_machine
if %ERRORLEVEL% NEQ 0 (
echo.
echo %ESC_RED%****** ERROR - Unable to lock machine. Credential process did not complete properly - this Laptop is NOT ready to hand out to students. Try mgmt lock_machine again to see if you can lock it manually. *******%ESC_RESET%
echo.
pause
pause
exit /b 2
)
rem good run - return 0
echo.
echo %ESC_GREEN% *** Credential Done *** %ESC_RESET%
echo.
rem pause
rem use ping for slight pause
set seconds=10
PING -n !seconds! 127.0.0.1 >NUL 2>&1 || PING -n !seconds! ::1 >NUL 2>&1
pause
exit /b 0