• 
• Microsys
• SysNews
• NC State Help Desk
• ITD Services A-Z

Where to find the Config Files

Before you begin, you need a configuration established. Contact Microsys about creating a new configuration template. See the process document for an overview of how WolfPrep locates it's settings.

All WolfPrep settings are stored on the network, under \\ITD_WOLFPREP_SERVER\WOLFPREP

You can "map" a network drive here, or to your College or Unit name underneath \\ITD_WOLFPREP_SERVER\WOLFPREP . Each configuration has it's own subdirectory under the College or Unit name. As an example, CALS has a configuration named "Classroom-Scott106" which has a corresponding configuration directory of \\itd_wolfprep_server\WolfPrep\CALS\Classroom-Scott106

Stuff in the setup directory

Example "CustomRun" Tasks

Controlling scheduled weekly reboots.

Example "CustomReg" Tasks

Controlling local user cleanup

Files admin-Win2k.ssp and admin-WinXP.ssp

The admin-*.ssp files are used to set the "Administrator" password on computers in the template.

ITD Microsys will remove all resources and support for Windows 2000 workstations on Monday, May 15, 2006 as originally announced on June 4, 2004. At this time, support for the "admin-Win2k.ssp" will be removed.

If an encrypted password file called "admin-Win2k.ssp" or "admin-WinXP.ssp" exists in the home directory, the "Administrator" password will be set to the contents of the file.

Encrypted password files are created with the Generate Password utility. This utility is located at: L:\ITD\Tools\genpass.exe

Our gratitude to Jason Young, formerly of COE for creating the genpass program.

The passwords encrypted with Windows 2000 workstations cannot be used to set passwords on Windows XP workstations, and vice versa. You need to encrypt the password on the platform you intend to use.

If no .ssp files are present, then the Administrator password will be set to a random value.

Please Note: We've had so many problems with .ssp files not being readable under changing cryptographic libraries and other patches from Microsoft, and based on the inheirent insecurity of storing any form of reversible passwords, we're planning to discontinue using them in a future release. Details will be shared on the WolfPrep mailing list as they become available.

File LOGIN.BMP

You can customize the image that appears before users log in. This is the image that asks the user to press Ctrl-Alt-Delete. For example, an the image for ITD's Laundry Lab looks like this:

If a bitmap image file called "login.bmp" exists in the home directory, that image will be presented to users when they log in to the workstation.

Files OEMINFO.INI and OEMINFO.BMP

The information that appears when the "Support Information" button is clicked from the System Properties page can be customized. If a file called "oeminfo.ini" exists in the home directory, the information it contains will appear when "Support Information" is clicked. The following picture shows the result of using an oeminfo.ini file that contains:

[General]
    Manufacturer=Manufactured by Dell
    Model=NCSU ZEN Workstation
[Support Information]
    Line1=Contact Information:
    Line2=E-mail: help@ncsu.edu
    Line3=Phone: 515-HELP (515-4357)
        

File LOGIN.BGI

This file controls what is displayed on the computers background BEFORE a user logs in, and can contain information like the support pack installed, the computers name, IP address, registry values, as well as static contact information.

To build "login.bgi" run L:\itd\tools\bginfo\bginfo.exe . You need to be sure that the "Display at login" checkbox is checked. BGInfo seems to fail at overwriting an existing .bgi file, so always delete the existing file before saving.

Be careful - some of the settings files used with Windows 2000 may be calling the red gradient bitmap as the background image directly from C:\WINNT\REDGRDNT.BMP. The C:\WINNT directory does not exist in Win XP, so you would end up with a plain blue background instead. You can get this to work properly by changing it to %WINDIR%\REDGRDNT.BMP.

The file LOGIN.BGI is only read by WolfPrep during the setup process, so to update the background after a new service pack was applied one would need to login as "WolfPrep" again.

File PRINTERS.TXT

This plain text file (you can create it with "Notepad") contains a list of all the WolfCopy (or other NDPS) printers you want configured. A line starting with a semicolon (;) is considered a comment, and ignored. The queue names for WolfCopy printers are listed at http://print.ncsu.edu/listofprinters.php Here's a sample entry for the ITD lab in the D.H. Hill Library:

		
; lines with semicolons are comments for humans
;
; unity 2413 D.H. Hill Library Printer 1 hp8100 6 cents/page
dhl-2413-1
; 
; unity 2413 D.H. Hill Library Printer 2 hp8100 6 cents/page
dhl-2413-2
; 
; unity 2413 D.H. Hill Library Color Printer 1 hp8500 60 cents/page
dhl-2413-color1
; 
; Color Laserjet in Venture 4 
vent4_clj2550_ndps .ADM.CALS.NCSU >

These short queue names are combined with the "context" identified in PRINTCFG.BAT described below to locate the NDS object and install the NDPS printer.

You can also identify the context to use for a single printer after a space or tab character. As in the example above, contexts do include the leading dot.

For non-NDPS printers, see the LocalPrinters.txt file, and it's supporting PrinterDrivers.txt and PrinterPorts.txt .

If you are NOT using NDPS printers, you should REMOVE any printers.txt file. You will get an error pop-up if you provide a printers.txt file that doesn't contain any valid printer names.

File PRINTCFG.BAT

This file controls which printer should be setup as the default, and where to locate NDPS printers in the NCSUNDS directory tree. It's an old-fashioned DOS batch file (.bat) that sets two environment variables, PRINTCX and DEFAULT. The PRINTCX variable should be set to the fully qualified (beginning with a "dot") NDS context to look for printers. Unless you are hosting your own NDPS printers, this will be .Printing.Services.NCSU, which is the default and can be safely omitted. In a .bat file, lines begining with REM are REMarks, ignored by the computer and intended for humans to use in documentation.

The DEFAULT environment variable identifies the printer to use as the default. It will place a small command in the "Startup" folder for "All Users" to force this printer to be the default at login.

Here's a sample PRINTCFG.BAT that sets the DEFAULT to the first ITD printer in the Library:

@echo off
rem SAMPLE printer configuration for labsetup accounts
rem Copy this file to your lab setup account's home dir (M:\)
rem and modify to your satisfaction
rem You will also need a file named PRINTERS.TXT in your
rem lab setup accounts home directory (M:\) that has a list
rem of printers to install, one per line

rem Where to look for printers by default
rem You can always use fully distinguished object names in
rem printers.txt, but by setting a context you can use
rem short (cn) names
set printcx=.Printing.Services.NCSU

rem What printer do you want to be the default?
set default=dhl-2413-1

File PrinterDrivers

You can install Windows Printer Drivers for Windows XP and above by listing them in a file named "PrinterDrivers.txt" If you're going to use the LocalPrinters.txt file described below, you should list any and all drivers for the printers you're installing here.

Driver names can be found in the file %WinDir%\INF\ntprint.inf

The format of the file is one driver name per line, with double quotes if the driver name contains spaces (most do). A semi-colon indicates a comment.

; Sample PrinterDrivers.txt
; Model names of print driver to install.
; Valid names are listed in %windir%\inf\ntprint.inf
;
; EXAMPLES:
"Apple Color LaserWriter 12/600"
"HP LaserJet 8100 Series PS"
"HP LaserJet 8100 Series PCL6" 

NOTE that this is not available for Windows 2000 Workstations!

File PrinterPorts

You can install HP JetDirect or LPD printer connections for Windows XP and above by identifying them in a file named "PrinterPorts.txt" Each line of the file describes one network printer port to create, and has two or three entries seperated by commas. As usual, semicolons indicate comments that you can use to keep track of things.

The first entry is either "hpjd" for HP JetDirect connections, or "lpr" for lpr/lpd connections.

The second entry is the host name of the networked print device. Use the registered DNS name here, not the IP address.

The third entry is the name of the printer for lpr printers, or optionally the snmp community string to use for hpjd.

; PrinterPorts.txt - network printer ports to create.
; Port type is
; "hpjd" for HP Jet Direct
; "lpr" for standard lpr
; then hostname (NOT IP address, but registered DNS name!)
; then either printer name for lpr, or (optional) snmp community for hpjd 
;
; EXAMPLES
hpjd, JD.unity.ncsu.edu
lpr, lpdserver.ncsu.edu, lp0 

NOTE that this is not available for Windows 2000 Workstations!

File LocalPrinters

You can install printers for Windows XP and above by listing them in the LocalPrinters.txt file. Each line of the file describes one printer to install, and has three entries seperated by commas. Semicolons indicate comments that you can use to keep track of things.

The first entry is the name to give the printer. If the name includes spaces, it must be surrounded by double quotes.

The second entry is the printer driver to use. This should match one of the drivers installed in the PrinterDrivers.txt file, and must have double quotes if it has spaces in the driver name.

The last entry is the port to which the printer is attached. This can either be a network printer port installed by PrinterPorts, or a regular device or file, such as LPT1:

For lpr printers, the port name is the LPD host, a dash, and the printer name. For example, if your PrinterPorts.txt file had an entry like "lpr, lpdserver.ncsu.edu, lp0" you would use a port name here of lpdserver.ncsu.edu-lp0

; LocalPrinters.txt - "Name", "model" , port
; Install printer drivers in PrinterDrivers.txt and create network ports in PrinterPorts.txt
;
; Be sure to use quotes for anything with spaces in it, and don't omit the commas!
;
; EXAMPLES:
"HP Printer", "HP LaserJet 8100 Series PCL6", JD.ncsu.edu
"Local LaserWriter", "Apple Color LaserWriter 12/600", lpt1:
"LPR Printer","HP LaserJet 8100 Series PCL6",lpdserver.ncsu.edu-lp0

NOTE that this is not available for Windows 2000 Workstations!

File Multires.ini

You can control the default video resolution and refresh frequencies for multiple monitors by configuring a multires.ini file.

[Refresh1]
    Confirmation=0

[Last-1]
    X=1280
    Y=1024
    BPP=32
    Hz=60

In the section names in multires.ini, the number indicates which monitor the section controls. So, [Refresh1] and [Last-1] refer to the first monitor, [Refresh2] and [Last-2] would refer to a second monitor, and so on.

You can require that a human click "OK" and accept the new settings by setting Confirmation=1.

The values in [Last-1] control the settings for the first monitor. The BPP=32 in the example above sets the Bits Per Pixel for the 1st display to 32.

The X=1280 and Y=1024 set the display resolution (here to 1280 pixels across by 1024 pixels down.

Finally, you can set the refresh frequency in Hz with Hz= . If you're uncertain if a monitor can refresh at a particular frequency, omit this and the hardware default for the monitor will be used. Do beware that if you set too high a refresh rate on a monitor that can't support it, you can burn out or damage your display.

More information about the "Multires" application used here can be found on the web at http://entechtaiwan.com/multires.htm

The MULTIRES.INI file will be copied to each workstation's C:\Program Files\NCState\multires.ini. This is meant to serve as a local record of what the desired resolution for a workstation should be. You can include a shortcut in the "startup" folder to call multires.exe and restore these values if you want the display to be reset at startup.

Directory CustomRun

You can launch any program or script by placing it (or a shortcut to it) in a directory named "CustomRun"

Wolfcall runs everything in L:\itd\labsetup\CommonRun first, then runs
your CustomRun files. "RUN" is run before "Reg."

If possible, you should configure anything launched from CustomRun for a silent, unattended install. You should also configure to not do a restart, if possible (some installers don't offer the option, and just reboot if they need one). If an installer does need a reboot, you can indicate to Wolfprep that a reboot is needed by creating a file C:\RebootMe.txt When Wolfprep completes running all the programs in stage 6, it will automatically reboot if it sees this file.

Be aware that your script or installer may be called several times, as stage 6, "workstation settings" will be called as many times as one of the programs calls for a reboot. You may want to set a registry key under HKLM\Software\NC State University\WolfPrep\AlreadyRun and check to see if your installer/script/app has already run to avoid running it more than once.

In addition to "CustomRun" there are "Win2k\CustomRun" and "WinXP\CustomRun" folders. The programs and scripts held in these directories are executed ONLY for the particular operating system (WinXP or Win2k). This allows you to apply a patch intended only for Windows 2000 for example.

Directory CustomReg

Wolfcall read everything in L:\itd\labsetup\CommonReg into the registry
first, then reads your CustomReg, so CustomReg overrides the general
settings.

This is an excellent place to set your ZENLAB environment variable to control custom login scripts, or perform any (HKLM) registry tweaks.

In addition to "CustomReg" there are "Win2k\CustomReg" and "WinXP\CustomReg" folders. Any .reg files held in these directories are read ONLY for the particular operating system (WinXP or Win2k). This allows you to apply a configuration intended only for Windows 2000 for example.

Directory CopyFiles

If you have any data or program files that you want installed on every workstation in a particular configuration group, you can place them under the "CopyFiles" directory to have them automatically installed.

A subdirectory for each drive letter to which you want files copied is created under the main "Copyfiles" directory. If you've partitioned your target computers for multiple drive letters, you can enumerate them here -- most folks will have a single directory "C" to represent the C: drive.

There is a special directory %SystemRoot% which can be used to place files in the Windows System Root directory. CopyFiles\%SystemRoot% is preferred to CopyFiles\C\WinNT or CopyFiles\C\Windows because it will always place files in the desired location regardless how the machine was initially installed.

Once again, in addition to "CopyFiles" there are "Win2k\CopyFiles" and "WinXP\CopyFiles" folders. Anything held in these directories are copied ONLY for the particular operating system (WinXP or Win2k). Don't forget to include the drive letter or %SystemRoot% subdirectories!

Security.INF File

To apply custom security configurations to your workstations, place a file named "Security.INF" into the operating system directory (Win2k or WinXP) of your configuration template.

You create security INF files using the Microsoft MMC tool, and the "Security Templates" plug in.

Be sure that you create your security templates with the same operating system (WIn2k or WinXP) that the target computers will be using.

In most cases, you will not need to apply additional security settings beyond the defaults. A discussion of how to best configure Windows security is well beyond the scope of this document.

WolfPrep will apply the security settings in L:\ITD\LABSETUP\%OSNAME%\MinZenRights.INF first, and then your customized %OSNAME%\Security.INF file. This allows you to override any settings you desire. The MinZenRights.INF is the minimum rights needed to successfully use the Zenworks desktop. It includes granting rights to users to start and stop the NAL services, registry rights the HKLM:Software\Novell\Workstation Manager, and file system rights to NALCache. Refer to the actual INF file for specifics.

File Reboot.CFG

The reboot.cfg file controls the final WolfPrep reboot, just before any Automatic backups are made.

#
# This file controls the final reboot after WolfPrep is done.
#
#
# .lnk files have a fixed command line size, so if you specify
# really long messages for example things may get truncated.
#
# msg 'Reboot message in single quotes'
#msg 'You can cancel this reboot and install stuff now'
# warntime time_in_seconds
#warntime 600
# set "warn" to display the message in msg
warn
# set "cancel" to allow the reboot to be canceled
#cancel
# set "nocancel" to disallow the reboot from being canceled
#nocancel
# set "playsound" to play a wav file as an alert
#playsound
# soundfile path_to_wav_file
#soundfile "C:\WINDOWS\Media\TaDa.wav"
# run a program, and reboot when it exits
#program 'full path to program in single quotes'

Lines beginning with "#" are comments and ignored by WolfPrep.

You can set a delay to allow local customizations with the parameter "warntime" IF you include "cancel" then the last reboot can be canceled, and if you include "nocancel" it cannot. You can control the message displayed with "msg"

You can run an arbitrary program with the "program" keyword. Do be aware that you don't want to choose this option in "insecure" environments, as the desktop will be active with an Administrator account

By default, there is no delay or ability to cancel before the final reboot. This is to prevent unauthorized access to machines through the WolfPrep account.

Example "CustomRun" Tasks

Controlling scheduled weekly reboots

Among the programs run automatically from L:\ITD\CommonRun is a script named WeeklyReboot.cmd that will be run as part of the normal WolfPrep setup.

If you take no action, each WolfPrep'd machine will pick a random time between midnight and 5:59am on Saturday to quietly reboot.  If a user is logged in, they will get the message:

This computer is performing a scheduled reboot, to keep it
operating in peak condition. Please save your work and exit NOW.
You can use the machine again immediately after it restarts.

as well as the option to cancel the reboot.  If they do cancel, the reboot will be scheduled for next week, but not performed.

If you want to stop this reboot behavior, put the command

    c:\program files\poweroff.exe -remove_service

in a link or batch file in your WolfPrep template's CustomRun folder.

If you want to control the time of the reboot, call

    L:\itd\labsetup\CommonRun\WeeklyReboot.cmd D HH:MM

in a link or batch file in your CustomRun folder.  Replace "D" with the day of the week (m,t,w,th,f,s,su) "HH" with the hour (in 24hr format) and "MM" the minute. 

If you just pass a day code, WeeklyReboot.cmd will pick a random time between midnight and 5:59am for you.  Having the time randomized helps with not having a whole lab reboot at once, scaring and disaccomodating any users.

Example "CustomReg" Tasks

Controlling local user cleanup

WolfPrep installs a service called "Cleanup" which prevents leaving accounts and or data behind should there be an issue with roaming profiles. It's a security and privacy risk to leave dynamically created accounts after the user has logged out.

Any local Windows accounts that you create must be excluded from this process. Any accounts that you don't wish to be cleaned up should be enumerated as STRING_SZ values in the registry under

HKEY_LOCAL_MACHINE\SOFTWARE\coolsolutions\cleanup

The key names are arbitrary, the key values are the accounts that you do not wish to have automatically "cleaned up."

An example .reg file that would exclude the local windows accounts "helpdesk" and "jaklein" file might look like this:

Windows Registry Editor Version 5.00             

[HKEY_LOCAL_MACHINE\SOFTWARE\coolsolutions\cleanup]
"ExcludedUser1"="jaklein"
"LocalSecurityVulnerability"="helpdesk"

The following accounts are already excluded from being deleted by CLEANUP:

Administrator
Guest
ASPNET
SUPPORT_388945a0
HelpAssistant

Don't worry if you rename the Administrator or Guest accounts -- they are located by their security identifier numbers. If you've renamed the other accounts, you should add their new names to your exclude list.