From: "Zeeshan Ali (Khattak)" <zeeshanak@xxxxxxxxx>
On Windows 7, we need to make use of integrated bcdedit.exe to enable
test signing and disable integrity checks before we could attempt to
install (possibly) unsigned drivers. We use the same app to disable test
signing and enable integrity checks after installing drivers.
Since bcdedit.exe does not exist in Window XP, we don't use it on that
OS. Moreover, since the registry key manipulation on Windows 7 does not
help anything, we better not fiddle with those on Windows 7 as doing so
is always discouraged.
Also since the certutil.exe thats used by driver's .cmd file to add
driver publisher to trusted list does not exist on Windows XP, we have to
continue resorting to registry fiddling to enable installation of drivers
from untrusted publishers for Windows XP.
---
data/install-scripts/windows-cmd.xml | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml
index 7a56846..569df30 100644
--- a/data/install-scripts/windows-cmd.xml
+++ b/data/install-scripts/windows-cmd.xml
@@ -61,16 +61,37 @@
</xsl:template>
<xsl:template match="/install-script-config">
+<xsl:if test="os/version < 6.1">
sc config TlntSvr start= auto
net user <xsl:value-of select="config/user-realname"/> <xsl:text> </xsl:text> <xsl:value-of select="config/admin-password"/> /add /passwordreq:no
net localgroup administrators <xsl:value-of select="config/user-realname"/> /add
net accounts /maxpwage:unlimited
if not "<xsl:value-of select="config/avatar-location"/>"=="" copy "<xsl:value-of select="config/avatar-disk"/>:<xsl:value-of select="config/avatar-location"/>" "<xsl:call-template name="target-disk"/>:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\<xsl:value-of select="config/user-realname"/>.bmp"
REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg
+</xsl:if>
+
<xsl:call-template name="post-install-drivers-disk"/>:
+<xsl:choose>
+ <xsl:when test="os/version < 6.1">
reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
+ </xsl:when>
+ <xsl:otherwise>
+bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
+bcdedit.exe -set TESTSIGNING ON
+ </xsl:otherwise>
+</xsl:choose>
+
for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i
+
+<xsl:choose>
+ <xsl:when test="os/version < 6.1">
reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f
+ </xsl:when>
+ <xsl:otherwise>
+bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS
+bcdedit.exe -set TESTSIGNING OFF
+ </xsl:otherwise>
+</xsl:choose>
EXIT
</xsl:template>
</xsl:stylesheet>
--
1.8.1.2
_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo
