[wpkg-users] Feature request?

Marco Gaiarin gaio at sv.lnf.it
Mon Apr 28 18:41:33 CEST 2008 

I've recently setup a wifi access in my organization, using WPA2.

On some portable system there's no domain account, or at least are used
with 'guest' local access for many reasons.
But if a user try to connect to wifi and insert legal credential, they
are automatically saved and used.

I needed a way to 'cleanup' local users registry, and i've extended to
cleanup also many things, eg i do something like:

	if not %USERDOMAIN% == %COMPUTERNAME% (
	        exit 0
	)

	if exist "%ProgramFiles%\CCleaner\CCleaner.exe" (
	        "%ProgramFiles%\CCleaner\CCleaner.exe" /AUTO
	)

	reg delete HKEY_CURRENT_USER\Software\ORL\WinVNC3 /va /f

	reg delete HKEY_CURRENT_USER\Software\Microsoft\EAPOL\UserEapInfo /va /f

	if exist "%USERPROFILE%\Dati applicazioni\Microsoft\Credentials" (
	        del /f /q /a:s /s "%USERPROFILE%\Dati applicazioni\Microsoft\Credentials\"
	)
	if exist "%USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Credentials" (
	        del /f /q /a:s /s "%USERPROFILE%\Impostazioni locali\Dati applicazioni\Microsoft\Credentials\"
	)


but for local user using netlogon scripts are a real pain (you have to
create a local 'netlogon' folder, share it, ...).

So i copy this script to:

	"%ALLUSERSPROFILE%\Menu Avvio\Programmi\Esecuzione Automatica"

and change permission to prevent modification:

	cacls "%ALLUSERSPROFILE%\Menu Avvio\Programmi\Esecuzione Automatica\cleanloc.bat" /e /r Users "Power Users" Administrators

but i cannot prevent deletion, and one user can delete my file and
replace with another one that simply do an 'exit 0'.


This can be prevented if WPKG will have a check condition like 'hash'
(md5? sha?) so we can put on the recipe the original md5 sum, and check
it against the installed one.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                http://www.sv.lnf.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the wpkg-users mailing list