Re: problems to install inf files under windows xp automaticially
From: Christoph (schmutz@fw.oebb.at)Date: 09/12/02
- Next message: Christoph: "how to copy system files under NT/2K/XP"
- Previous message: those who know me have no need of my name: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: John: "Re: problems to install inf files under windows xp automaticially"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Christoph" <schmutz@fw.oebb.at> Date: Thu, 12 Sep 2002 10:11:57 +0200
i have already try this, but with no success. further i found out that there
is one policy missing in xp which exists in windows 2000.
"behavior installing unsigned files (not drivers)"
maybe this is the reason, why it doesnt work!
now, i think its a bug of windows xp.
we already tried some tests, like to run our installer service as
localsystem. we
activated the interactive logon flag and it works. but on the client a cmd
window
wil be diplayed which is the service itself. if the user on the client
closes the window,
the service will be stopped and we will lost control. so we are not able to
go this way.
we also opened a support call by microsoft, but they dont know the problem
too.
they sad, that they have no descriptions for the error messages in the
setupapi.log.
???
we have also tested an installation with an inf file, which only consists of
registry manipulation action (addreg & delreg, but no file coping) => it
works
so the problem is just coping files with an inf file. but this is the only
way i know, how
we are able to copy system files securely (dll, ocx, ...).
do you know another?
best regards,
christoph
"John" <john@nospam.com> schrieb im Newsbeitrag
news:aloef0$aef$1@news.hccnet.nl...
> At least the machine's default is in System properties, tab Hardware.
> The Policy you can find under Security Options, line Devices: Unsigned
> driver installation behavior
> and it should sets in reg key: Software\Policies\Microsoft\Windows
NT\Driver
> Signing\ BehaviorOnFailedVerify=0 (for ignore)
> Regards,
> John
> --
> The fastest distributor? XYRO ADC on http://www.xyro.com/fidimuc.html
> For data/software distribution, inventory and remote installations.
>
> "Christoph" <schmutz@fw.oebb.at> wrote in message
> news:ali4pb$lnu$1@paperboy.Austria.EU.net...
> > thank you for your reply.
> >
> > yeah, it is a real service (no srvany or such things). this process also
> has
> > access to the local environment.
> > but do not run as local system, due the process must have access to
> network
> > shares. so it runs as
> > a domain user, which is added to the local administrator group. further
> the
> > user has configured some policies.
> >
> > the module which handles the rpc connection is a perl/c native packagae
> and
> > no ms technic like COM, DCOM or .NET
> >
> > if found out that there is one policy missing in windows xp. in windows
2k
> > there was the possibility to ignore
> > unsigned files (not drivers), in xp there is only the unsigned driver
> > policy.
> >
> > do you know where i can find that?
> >
> >
> > "John" <john@nospam.com> schrieb im Newsbeitrag
> > news:alb500$q8v$1@news.hccnet.nl...
> > > Now is it a real service? Or is it a DCOM module that is being called
> from
> > > remote? Anyway first check on what account the thing runs.
> > > (For a DCOM check your component's impersonation properties, in
> Component
> > > Services. on Properties - Identity)
> > > Then you can find out why the service's user account does not get the
> > > policy=Ignore.
> > > If the account is the local system account, you probably have the
domain
> > > policy to ignore digital signing only on users, not on computers. Thus
> the
> > > system acount won't have it.
> > > Probably why it went right on Win2k because the local security
defaults
> > > contained the policy to ignore.
> > > John
> > > --
> > > The fastest distributor? XYRO ADC on http://www.xyro.com/fidimuc.html
> > > For data/software distribution, inventory and remote installations.
> > >
> > > "Christoph" <schmutz@fw.oebb.at> wrote in message
> > > news:alaer3$ihj$2@paperboy.Austria.EU.net...
> > > > hello
> > > >
> > > > we have big problems to install inf files under xp automaticially.
> > > >
> > > > we need this to provide remote software installations. so we have
> > > developed
> > > > a windows service, which should install the inf files. this service
is
> > > > written in perl, wich
> > > > acts as a remote procedure call module. so the server conencts to
the
> > > client
> > > > and calls a
> > > > run_inf function. this function calls the system command:
> > > >
> > > > rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 132
<inf
> > > file>
> > > >
> > > > but that didn't work, cause xp wants to have a signature for all
> files,
> > > wich
> > > > should be installed.
> > > >
> > > > in the setupapi.log following error will be displayed:
> > > > [2002/09/06 14:43:37 1428.1]
> > > > #-198 Command line processed: C:\WINDOWS\system32\RUNDLL32.EXE
> > > > SETUPAPI.DLL,InstallHinfSection DefaultInstall 128
C:\fwinst\or9_2.inf
> > > > #-011 Installing section [DefaultInstall] from
"C:\fwinst\or9_2.inf".
> > > > #E359 An unsigned or incorrectly signed file "c:\fwinst\or9_2.inf"
> > blocked
> > > > (server install). Error 1168: Element nicht gefunden.
> > > > #W187 Install failed, attempting to restore original files.
> > > >
> > > >
> > > > but if we execute this command locally, the inf file will be
> installed.
> > > > however there will be generated lots of warning (listed above), the
> > > > instalaltion completed successfully.
> > > >
> > > > [2002/09/06 11:36:01 1600.1]
> > > > #-198 Command line processed: C:\WINDOWS\system32\RUNDLL32.EXE
> > > > SETUPAPI.DLL,InstallHinfSection DefaultInstall 128
C:\fwinst\or9_2.inf
> > > > #-011 Installing section [DefaultInstall] from
"C:\fwinst\or9_2.inf".
> > > > #E361 An unsigned or incorrectly signed file "c:\fwinst\or9_2.inf"
> will
> > be
> > > > installed (Policy=Ignore). Error 1168: Element nicht gefunden.
> > > > #-024 Copying file "C:\fwinst\sqora.cnt" to
> > > "C:\WINDOWS\System32\sqora.cnt".
> > > > #E361 An unsigned or incorrectly signed file "C:\fwinst\sqora.cnt"
> will
> > be
> > > > installed (Policy=Ignore). Error 0xe000022f: Die INF-Datei des
> > > > Drittanbieters enthält keine Digitalsignaturinformationen.
> > > > #-336 Copying file "C:\fwinst\sqora.cnt" to
> > > "C:\WINDOWS\System32\sqora.cnt"
> > > > via temporary file "C:\WINDOWS\System32\SETF5.tmp".
> > > > #E249 Failed to apply security to file
> "C:\WINDOWS\System32\sqora.cnt".
> > > > Error 1307: Diese Sicherheitskennung kann nicht als Besitzer des
> Objekts
> > > > zugeordnet werden.
> > > > #-336 Copying file "C:\fwinst\sqora.hlp" to
> > > "C:\WINDOWS\System32\sqora.hlp"
> > > > via temporary file "C:\WINDOWS\System32\SETF7.tmp".
> > > > #E361 An unsigned or incorrectly signed file "C:\fwinst\sqora.hlp"
> will
> > be
> > > > installed (Policy=Ignore). Error 0xe000022f: Die INF-Datei des
> > > > Drittanbieters enthält keine Digitalsignaturinformationen.
> > > > #E249 Failed to apply security to file
> "C:\WINDOWS\System32\sqora.hlp".
> > > > Error 1307: Diese Sicherheitskennung kann nicht als Besitzer des
> Objekts
> > > > zugeordnet werden.
> > > >
> > > >
> > > > what can i do? any idea?
> > > > how can i signature an inf file or better, how can i deactivate this
> > > > confusion feature in xp.
> > > >
> > > > we have used our software remote installation system for several
years
> > and
> > > > did'nt have problems with that under windows nt and 2k.
> > > >
> > > > thank you for your help!
> > > >
> > > >
> > > > regards,
> > > > christoph
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Christoph: "how to copy system files under NT/2K/XP"
- Previous message: those who know me have no need of my name: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: John: "Re: problems to install inf files under windows xp automaticially"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
