@tadziuuu Just to be clear on a few points.

The .iso / memdisk route only works for bios based computers. This will not work for uefi based computers.

With the .iso image files and the parameter block I previously provided, you get the error message about initramfs? If yes, then I suspect the fetch command is not downloading the squashfs filesystem. I copied that command over from your initial parameter block. It looks like we need to focus on that bit then.

@jfernandz said in FOG and Secure Boot:

The problem is apparently I have to sign also the refind_x64.efi binary, not sure if refind.efi is actually loading refind_x64.efi … but I’d suggest also to include this point in your tutorial. In fact I’m guessing you should also sign refind_ia32.efi and refind_aa64.efi as your whole environment could include also another archs.

You are correct I really missed the refind files. I will update that info too. While I had 1.6k viewers of the file not many people have returned comments. I have that turned off in the tutorial because it makes the multipart tutorial a bit messy because of the way the forum works.

I think the signing process (with sbsign) may be automated in a bash script

Towards the bottom of the document there is a bash script easter egg. I initially wrote the bash script then broke it up to explain what each part did. For those that never made it to the bottom of the post, they missed out on the bash script. I intentionally did it that way so people knew how it worked before they simply cut and pasted the script.

@professorb24 I’m really not understanding what the issue is.

Are you asking “How do you deploy an image?”

if that’s the case, you’re not using the GUI?

I don’t fully understand what you’re asking here.

Well, first of all … I’m sorry for getting up this old post.

Secondly … I’ve been reading some posts on this forum … and I’ve found this one which I think it’s very interesting to be linked in here (not sure if you’ve linked it yet, but I’d say I can’t see the link anywhere).

After researching a little bit more about this topic … I’ve found this project … which not sure if it could be interesting also. What do you think? Could this make easier the process described in @george1421’s tutorial?

Thank you guys, and so sorry again because I’ve created a new topic instead replying in here 😞 maybe some mod can remove it 😄

@flight What manager are you talking about?

Fog isn’t a “package” for Yum/Apt like other packages.

You need to locate where the installer resides for your environment and update that information, or download/extract to another location and install from that location.

https://wiki.fogproject.org/wiki/index.php?title=Getting_FOG

@Kram-Man Is your main ipxe server running ipxe as the bootloader or syslinux? If its truely iPXE then on the FOG server, in the tftpboot directory there is a file called default.ipxe At the bottom of that is a chain load command or chain load the default.ipxe You can look at this line on github. https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/src/ipxe/src/ipxescript#L32 Just replace ${next-server} with the IP address of your fog server.

@JJ-Fullmer Thank you for the info this worked for me.

@Tom-Elliott said in Update to Ubuntu 23.10 arise Kernel Panic on Fog 1.5.10 with Kernel 6.1.22:

@herman This must’ve been changed by someone else at somepoint. Glad you found it and returned here. It seems you were missing the file entirely so that explains the kernel panic.

@Tom-Elliott Thanks man.

@Alan-Lim Just deploy the snapin task

@jleonv There are a couple of things here.

I would build a golden image outside of AD. You should be able to install almost all of the software as a standalone machine. As soon as you attach the golden image to AD, it will become tattooed with AD stuff. Its best to do that post deployment either by using fog or a unatted.xml script. Build your golden image on a VM and use snapshots to back out changes if they mess up the golden image. You will thank me later. Use the windows lite touch method of windows deployment and use an unattend.xml file to answer all of the common OOBE questions. Use Microsoft MDT to build your golden image.

FOG is a block level imaging tool. It moves disk blocks from here to there very quickly. The down side is that FOG is not very dynamic when it comes to install time decisions.

MDT is a file level imaging tool. The advantage is install time changes can be made on the target computer, the down side is that it is slower to image than FOG.

@zaboxmaster Another opiton might be to access the windows registry to read out the version. Within the FOG OS (FOS) linux there is the linux reged program. That can be used to read/edit the windows registry.

Below is an example from one of my tutorials on post install scripts to update a registry key. That is only meant to show you what is needed to make the program work.

egfile=“/ntfs/Windows/System32/config/SOFTWARE” key=“\Microsoft\Windows\CurrentVersion\DevicePath” devpath=“%SystemRoot%\DRV;%SystemRoot%\inf;”; reged -e “$regfile” &>/dev/null <<EOFREG ed $key

The question is how would I go about doing this if at all possible?
Where would the best place be to run it from? FOG.MAN.REG ???
Is the Windows mounted at all during registration?

Is it possible, yes

Best place, yes probably a customized version of fog.man.reg (I have a tutorial on how to slide an updated version of that into FOS Linux at deploy time). To make the inventory also query the target OS.

No windows os partition is not mounted during inventory. For FOG inventory its not needed. BUT I have a tutorial on how to find and mount the partition during a post install script for driver injection that you can use as the basis for the inventory process.

@FoxNBeard said in General A to Z support (FOG):

It would install with the Administrator account activated. Through the unattend.xml I was able to figure out how to have it make a second user with administrator priviledges, but I couldn’t seem to solve how to not have the administrator account active and only the user.

Use the setupcomplete.cmd batch file to do this. With something like this in batch

REM Rename the default administrator account to something else wmic useraccount where name='administrator' rename slipperyjim net localgroup administrators slipperyjim /add REM Rename the guest user account wmic useraccount where name='guest' rename debbiedowner REM Create a fake administrator account for hackers to bang on net user Administrator NeG@tiveNancy-F@nT@#13s /ADD /comment:"Built-in account for administering the computer/domain" /PASSWORDCHG:NO /active:NO /Y REM Be sure to remove from administrators and users groups, add to guest group to limit access net localgroup Administrators Administrator /delete net localgroup Guests Administrator /add net localgroup Users Administrator /delete REM create new System Admin user net user sysstarr "1cecr3am-SanWitch0" /add /EXPIRES:NEVER /PASSWORDCHG:NO /active:YES /Y net localgroup Administrators sysacce55 /add wmic useraccount where Name='sysacce55' set PasswordExpires=FALSE REM Disable slipperyjim (real admin/root user account) net user slipperyjim /active:no

I presume due to limited knowledge, I couldn’t figure out how to let MDT install both updates and applications correctly.

There is a task sequence to apply windows updates. It helps if you have a local WSUS server to cache the packages. When I was just getting started in imaging this site helped out quite a bit. https://www.deploymentresearch.com/

I was wondering if I was able to manually configure a VM and pull an image to FOG that way?

Yes developing your golden image on a VM is the best choice so you can use snapshots to fix o-crap moments while perfecting your golden image.

Hostname was identical to the original machine (Although I think, unless wrongly configured, the hostname changer in FOG was active).

This is true because fog is a block level cloner, it knows nothing about the target system. To use the hostname changer will you will to register the computer with FOG and have the FOG client installed. That is not something you probably want as a system builder. You can have FOG set a name of the computer at deploy time via using a custom FOG post install script that will inject a new host name into the unattend.xml file at deployment time.

Yes I would still sysprep your windows system. For full disclosure I have not had to build an image for Windows 11 yet, so I might be incorrect here. BUT I would also build your golden image so that its protected from getting to the internet. I have seen on windows 10 if the workstation can get to the internet it will try to down stuff causing sysprep to fail.

I would spend my time getting MDT to do what you want it to do to give you the perfect golden image. The capture and deploy with FOG is the easy part (kind of). If you want to do more of the advanced stuff like editing the unattend.xml file on the fly it will take some time but I have examples for that.

@Sebastian-Roth I know nothing about API’s so I wouldn’t know where to start with that, like even how to form a proper question to ask the google lol. I’m using FOG 1.5.10. I have to keep testing and troubleshooting the image cron jobs.

@george1421 Perfect thanks.

@sopinv I don’t understand the why.

You can do a trigger in your database like this:

DELIMITER // CREATE TRIGGER limit_rows_trigger AFTER INSERT ON your_table FOR EACH ROW BEGIN DECLARE row_count INT; SELECT COUNT(*) INTO row_count FROM your_table; IF row_count >= 1000 THEN SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Row limit reached (1000 rows)'; END IF; END; // DELIMITER ;