= Client Setup Logic for 6.0 Clients = [[T(VersionSix)]] Major differences from version 5 are: * Implements account-based sandboxing by creating unprivileged accounts for BOINC. * It moves the BOINC data directory if needed, and BOINC executables are in a separate directory. * User no longer selects install type. == User Accounts == Two user accounts will be created, one to execute boinc.exe, and one that boinc.exe can use to launch science applications. NOTE: Including the computer name avoids name collisions when BOINC is installed on domain controllers. Users: {{{ boinc_ boinc_project_ }}} Both `boinc_` and `boinc_project_` should be setup so that their passwords never expire. A file should be dropped in the BOINC data directory called client_init.xml which contains the username and base64 encoded password for `boinc_project_`. The first time the client starts up after install it should read the file and store an encrypted form of the data in the state file using !CryptProtectData/CryptUnprotectData. After reading in the client_init.xml file it should be deleted. Groups: {{{ boinc_administrators boinc_project }}} Each group will contain the following members: || boinc_administrators || Administrator [[BR]] [[BR]] `boinc_` || || boinc_project || `boinc_project_` || || Guests || `boinc_project_` || == Data Directory == All data, configuration files, and logs will be moved to the following default location: {{{ Vista: C:\Users\All Users\BOINC 2000/XP: C:\Documents and Settings\All Users\Application Data\BOINC }}} Under BOINC there will be a 'projects' and 'slots' directory. Directories will have the following permissions: || BOINC || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) || || BOINC\projects || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) || || BOINC\slots || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) || Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details. == Executables Directory == Same location as the previous releases. {{{ C:\Program Files\BOINC }}} Directory will have the following permissions: || BOINC || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) || == Additional Notes == Each time an installation occurs, both of the account passwords should be reset and a new randomly generated password should be used. == Overview == The Microsoft Installer technology is broken up into two phases: the GUI phase gathers all the needed information from the user and validates input, the execution phase does the actual heavy lifting such as copying files and registering services. The v6 client installer will reduce the overall amount of input required by the user so that in the most streamlined case the user will only need to accept the license agreement and proceed through the configuration screen by hitting next to begin installation. Selection of the user names and group names will be autogenerated, but can be overwritten in the advanced configuration screen, and will be used by the core client and screensaver to minimized the amount of damage a science application can cause on a user's computer. All settings except passwords should be persisted in the registry and reused for the next installation. The following is expected to happen during the execution phase of setup: * Setup parameters are validated * All BOINC processes are killed * Uninstall any previous version (Handled by the Microsoft Installer) * Create new user accounts (see the User Accounts section below) * Create new groups (see the User Accounts section below) * Migrate any data from c:\Program Files (x86)\BOINC to c:\Program Files\BOINC (Abort if c:\Program Files\BOINC already exists) * Migrate any data from c:\Program Files (x86)\CPDNBBC to c:\Program Files\BOINC (Abort if c:\Program Files\BOINC already exists) * Migrate any data from c:\Program Files\BOINC to the data directory (see the Data Directory section below) (Abort if Data Directory already exists) * Install the new installation of BOINC (Handled by the Microsoft Installer) See the following sections for further details. == MSI Overview == High level MSI overview: {{{ GUI BEGIN Welcome Screen License Agreement Configuration Screen (BOINC Screensaver, Launch BOINC Manager at Logon, Advanced Button) IF AdvancedButtonClicked Advanced Configuration Screen (Change Install Directory, Change Data Directory, Select which components to install) END IF Confirmation Screen GUI END EXEC BEGIN ... ... MSI: Copies extracted MSI to storage location ... MSI: Search for existing BOINC installation ... MSI: Validates installaton package ... CAValidateSetup CAShutdownBOINC CAShutdownBOINCManager CAShutdownBOINCManager95 CAShutdownBOINCScreensaver ... ... MSI: Remove older version if it exists ... CACleanupOldBinaries CAMigratex86x64 CAMigrateCPDNBBC CACreateBOINCAccounts (New in Version 6.0) CACreateBOINCGroups (New in Version 6.0) CAMigrateBOINCData (New in Version 6.0) ... ... MSI: Begin installation process ... MSI: Copy Files to installation directory ... MSI: Set Permissions installation directory ... MSI: Register Service ... MSI: Copy screensaver to screensaver installation directory ... MSI: Register Screensaver ... MSI: Start Services ... MSI: Register User ... MSI: Register Product ... MSI: Cleanup temporary files ... EXEC END }}}