3

I'm making an unattended install of windows. Part of it is installing virtualbox guest additions, which is run by the installer due to the following entry in Autounattend.xml:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
  ...
  <settings pass="oobeSystem">
    ...
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      ...
      <FirstLogonCommands>
        <SynchronousCommand>
          <Order>30</Order>
          <Description>VirtualBox Additions</Description>
          <CommandLine>F:\VBoxWindowsAdditions-x86.exe /S</CommandLine>
        </SynchronousCommand>
        ...

It runs fine, installing with no GUI. However, two windows pop up asking whether to install two device drivers. This does not bode well for an automated install. Is there any way to force win7 to accept the drivers, or a registry key I can set to make it trust them?

Claudiu
  • 1,157
  • 5
  • 18
  • 27

3 Answers3

4

Your best shot at avoiding those prompts is to grab the required certificates the device drivers are signed with and install those on the guest prior to installation. You can find a certificate for Sun and one for Oracle in the Local Computer -> Trusted Publisher certificate store. You can easily export them from there and then import them into the guest prior to installing the additions.

To extract the certificate from a machine that already has installed and trusted the certificate(s) used for signing the device drivers using PowerShell:

cd cert:\LocalMachine\TrustedPublisher
$cert = dir | where { $_.Subject -like "*Oracle*" }
$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
$bytes = $cert.Export($type)
[System.IO.File]::WriteAllBytes("C:\Oracle.cer", $bytes)

You may want to run the above command and replace *Oracle* with *Sun Microsystems* and capture both certificates, so they can both be present so you can be a bit more version independent with VirtualBox. Just make sure these certificates are installed prior to your unattended installation of the guest additions.

Goyuix
  • 3,164
  • 5
  • 28
  • 37
  • More info about this approach at http://www.migee.com/2010/09/24/solution-for-unattendedsilent-installs-and-would-you-like-to-install-this-device-software/ – John May 26 '12 at 08:39
1

To add to @Goyuix's answer, this script will export all the Oracle .cers in the current directory with the start of the thumbprint in the filename:

$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
dir cert:\LocalMachine\TrustedPublisher | where { $_.Subject -like "*Oracle*" } | ForEach { [System.IO.File]::WriteAllBytes("vbox_Oracle_" + $_.Thumbprint.Substring(0, 10) + ".cer", $_.Export($type))  }

Then these can be imported with this cmd snippet:

for %%i in (%~dp0\vbox_*.cer) do certutil -addstore -f "TrustedPublisher" %%i
Kevin Smyth
  • 111
  • 1
  • 3
0

Since the answers were written, Oracle has added a cleaner mechanism to solve this. The required certificates are included on the CD itself, along with a utility to import the certificates in the correct certificate store.

Assuming that the ISO is mounted as drive letter E: you simply need to add this command to your unattended script before running the installer:

E:\cert\VBoxCertUtil add-trusted-publisher E:\cert\vbox*.cer --root E:\cert\vbox*.cer
Kevin Keane
  • 860
  • 1
  • 8
  • 13