wiki:ClientSetupLogicWinSix

Version 7 (modified by romw, 17 years ago) (diff)

More Updates

Client Setup Logic for 6.0 Clients

T(VersionSix)?

Major differences from version 5 are:

  • Implements account-based sandboxing by creating unprivileged accounts for BOINC.
  • It moves the BOINC data directory if needed, and BOINC executables are in a separate directory.
  • User no longer selects install type.

This document describes the various changes to the installer including:

  • User Accounts and Groups
  • Data Directory
  • Executables Directory
  • User Interface Changes
  • Custom Action Changes

User Accounts

Two user accounts will be created, one to execute boinc.exe, and one that boinc.exe can use to launch science applications.

NOTE: Including the computer name avoids name collisions when BOINC is installed on domain controllers.

Users:

boinc_<ComputerName>
boinc_project_<ComputerName>

Both boinc_<ComputerName> and boinc_project_<ComputerName> will be setup so that their passwords never expire.

A file will be created by the installer in the BOINC data directory called client_init.xml which contains the username and base64 encoded password for boinc_project_<ComputerName>. The first time the client starts up after install it will read the file and store an encrypted form of the data in a new file using CryptProtectData/CryptUnprotectData. After reading in the client_init.xml file it will be deleted.

Each time an installation occurs, both of the account passwords will be reset and a new randomly generated password will be used.

Groups:

boinc_administrators
boinc_project

Each group will contain the following members:

boinc_administrators Administrator
<Installing User>
boinc_<ComputerName>
boinc_project boinc_project_<ComputerName>

Data Directory

All data, configuration files, and logs will be moved to the following default location:

Vista:
C:\Users\All Users\BOINC

2000/XP:
C:\Documents and Settings\All Users\Application Data\BOINC

Under BOINC there will be a 'projects' and 'slots' directory.

Directories will have the following permissions:

BOINC SYSTEM (Full Control)
Administrators (Full Control)
boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_projects (Deny All)
BOINC\projects SYSTEM (Full Control)
Administrators (Full Control)
boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write)
BOINC\slots SYSTEM (Full Control)
Administrators (Full Control)
boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write)

Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details.

Executables Directory

Same location as the previous releases.

C:\Program Files\BOINC

Directory will have the following permissions:

BOINC SYSTEM (Full Control)
Administrators (Full Control)
boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_projects (Deny All)

User Interface

Welcome Screen

Same as before.

License Screen

Same as before.

Configuration Screen

Setup Type Button Group

Two radio buttons, graphics compatible installation and secure installation, will be displayed with the secure installation being the default.

The advanced configuration button will be disabled if the graphics compatible installation is selected.

Options

A checkbox will be displayed, Launch BOINC Manager at startup, which will be checked by default.

A checkbox will be displayed, Configure BOINC as my screensaver, which will be checked by default.

A button will be displayed, Advanced Configuration, which when pressed will save the current configuration options, and switch to the advanced configuration screen.

Advanced Configuration

This configuration page will allow the user to change the default data directory, the default executable directory, as well as which user accounts and passwords the installer will use to setup BOINC.

Confirmation Screen

Same as before.

Custom Actions

MSI Overview

High level MSI overview:

GUI BEGIN
    Welcome Screen
    License Agreement
    Configuration Screen (BOINC Screensaver, Launch BOINC Manager at Logon, Advanced Button)
    IF AdvancedButtonClicked
        Advanced Configuration Screen (Change Install Directory, Change Data Directory, Select which components to install)
    END IF
    Confirmation Screen
GUI END



EXEC BEGIN
    ...
    ... MSI: Copies extracted MSI to storage location
    ... MSI: Search for existing BOINC installation
    ... MSI: Validates installaton package
    ...
    CAValidateSetup
    CAShutdownBOINC
    CAShutdownBOINCManager
    CAShutdownBOINCManager95
    CAShutdownBOINCScreensaver
    ...
    ... MSI: Remove older version if it exists
    ...
    CACleanupOldBinaries
    CAMigratex86x64
    CAMigrateCPDNBBC
    CACreateBOINCAccounts (New in Version 6.0)
    CACreateBOINCGroups (New in Version 6.0)
    CAMigrateBOINCData (New in Version 6.0)
    ...
    ... MSI: Begin installation process
    ... MSI: Copy Files to installation directory
    ... MSI: Set Permissions installation directory
    ... MSI: Register Service
    ... MSI: Copy screensaver to screensaver installation directory
    ... MSI: Register Screensaver
    ... MSI: Start Services
    ... MSI: Register User
    ... MSI: Register Product
    ... MSI: Cleanup temporary files
    ... 
EXEC END