Changes between Version 5 and Version 6 of ClientSetupLogicWinSix


Ignore:
Timestamp:
Sep 24, 2007, 2:55:10 PM (18 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ClientSetupLogicWinSix

    v5 v6  
    33[[T(VersionSix)]]
    44
    5 Starting with the 6.0 client release the service-mode install type will be the only supported install type. We expect to receive the following benefits:
     5Major differences from version 5 are:
     6 * Implements account-based sandboxing by creating unprivileged accounts for BOINC.
     7 * It moves the BOINC data directory if needed, and BOINC executables are in a separate directory.
     8 * User no longer selects install type.
    69
    7  * Simplified installation experience.
    8  * Increased security.
    9  * Increased stability for project applications.
    10  * Graphics available for all users, instead of just the first user to login.
     10== User Accounts ==
    1111
    12 NOTE: Windows9x will continue to be treated as a single-user install.
     12Two user accounts will be created, one to execute boinc.exe, and one that boinc.exe can use to launch science applications.
    1313
    14 == Purpose ==
     14NOTE: Including the computer name avoids name collisions when BOINC is installed on domain controllers.
    1515
    16 The install program prepares a computer system to run BOINC and to uninstall BOINC if the user no longer wishes BOINC to run on their computer. This is accomplished through the use of the Microsoft Installer technology which uses a series of Custom Actions to copy files and install services.
     16Users:
    1717
     18{{{
     19boinc_<ComputerName>
     20boinc_project_<ComputerName>
     21}}}
     22
     23Both `boinc_<ComputerName>` and `boinc_project_<ComputerName>` should be setup so that their passwords never expire.
     24
     25A file should be dropped in the BOINC data directory called client_init.xml which contains the username and base64 encoded password for `boinc_project_<ComputerName>`. The first time the client starts up after install it should read the file and store an encrypted form of the data in the state file using !CryptProtectData/CryptUnprotectData. After reading in the client_init.xml file it should be deleted.
     26
     27Groups:
     28
     29{{{
     30boinc_administrators
     31boinc_project
     32}}}
     33
     34Each group will contain the following members:
     35
     36|| boinc_administrators  || Administrator [[BR]] <Installing User> [[BR]] `boinc_<ComputerName>` ||
     37|| boinc_project || `boinc_project_<ComputerName>` ||
     38|| Guests        || `boinc_project_<ComputerName>` ||
     39
     40== Data Directory ==
     41
     42All data, configuration files, and logs will be moved to the following default location:
     43{{{
     44Vista:
     45C:\Users\All Users\BOINC
     46
     472000/XP:
     48C:\Documents and Settings\All Users\Application Data\BOINC
     49}}}
     50
     51Under BOINC there will be a 'projects' and 'slots' directory.
     52
     53Directories will have the following permissions:
     54
     55|| BOINC          || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) ||
     56|| BOINC\projects || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) ||
     57|| BOINC\slots    || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) ||
     58
     59Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details.
     60
     61== Executables Directory ==
     62
     63Same location as the previous releases.
     64
     65{{{
     66C:\Program Files\BOINC
     67}}}
     68
     69Directory will have the following permissions:
     70
     71|| BOINC          || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) ||
     72
     73== Additional Notes ==
     74
     75Each time an installation occurs, both of the account passwords should be reset and a new randomly generated password should be used.
    1876== Overview ==
    1977
    20 The Microsoft Installer technology is broken up into two phases, the GUI phase gathers all the needed information from the user and validates input, the execution phase does the actual heavy lifting such as copying files and registering services.
     78The Microsoft Installer technology is broken up into two phases: the GUI phase gathers all the needed information from the user and validates input, the execution phase does the actual heavy lifting such as copying files and registering services.
    2179
    2280The v6 client installer will reduce the overall amount of input required by the user so that in the most streamlined case the user will only need to accept the license agreement and proceed through the configuration screen by hitting next to begin installation. Selection of the user names and group names will be autogenerated, but can be overwritten in the advanced configuration screen, and will be used by the core client and screensaver to minimized the amount of damage a science application can cause on a user's computer. All settings except passwords should be persisted in the registry and reused for the next installation.
     
    86144}}}
    87145
    88 == User Accounts ==
    89 
    90 Two user accounts will be created, one to execute boinc.exe, and one that boinc.exe can use to launch science applications.
    91 
    92 NOTE: Including the computer name avoids name collisions when BOINC is installed on domain controllers.
    93 
    94 Users:
    95 
    96 {{{
    97 boinc_<ComputerName>
    98 boinc_project_<ComputerName>
    99 }}}
    100 
    101 Both `boinc_<ComputerName>` and `boinc_project_<ComputerName>` should be setup so that their passwords never expire.
    102 
    103 A file should be dropped in the BOINC data directory called client_init.xml which contains the username and base64 encoded password for `boinc_project_<ComputerName>`. The first time the client starts up after install it should read the file and store an encrypted form of the data in the state file using !CryptProtectData/CryptUnprotectData. After reading in the client_init.xml file it should be deleted.
    104 
    105 Groups:
    106 
    107 {{{
    108 boinc_administrators
    109 boinc_project
    110 }}}
    111 
    112 Each group will contain the following members:
    113 
    114 || boinc_administrators  || Administrator [[BR]] <Installing User> [[BR]] `boinc_<ComputerName>` ||
    115 || boinc_project || `boinc_project_<ComputerName>` ||
    116 || Guests        || `boinc_project_<ComputerName>` ||
    117 
    118 == Data Directory ==
    119 
    120 All data, configuration files, and logs will be moved to the following default location:
    121 {{{
    122 Vista:
    123 C:\Users\All Users\BOINC
    124 
    125 2000/XP:
    126 C:\Documents and Settings\All Users\Application Data\BOINC
    127 }}}
    128 
    129 Under BOINC there will be a 'projects' and 'slots' directory.
    130 
    131 Directories will have the following permissions:
    132 
    133 || BOINC          || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) ||
    134 || BOINC\projects || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) ||
    135 || BOINC\slots    || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) ||
    136 
    137 Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details.
    138 
    139 == Executables Directory ==
    140 
    141 Same location as the previous releases.
    142 
    143 {{{
    144 C:\Program Files\BOINC
    145 }}}
    146 
    147 Directory will have the following permissions:
    148 
    149 || BOINC          || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) ||
    150 
    151 == Additional Notes ==
    152 
    153 Each time an installation occurs, both of the account passwords should be reset and a new randomly generated password should be used.