Which is the best way to install/deploy the FOG client?
-
Hi,
Maybe this is a stupid question but I just change my FOG server version from 0.30 to 1.5.2. A lot of changes!! And one of this change is the client and the certificates.
I know, I can find the info in the wiki FOG Client. But I have some questions or doubts.
I have two scenarios:
- IT rooms with a “Gold” image with sysprep. This image is the base to build other images and has not software. In this image the client is installed in the OOBE phase every time that is downloaded.
- IT rooms with images “monolithics”. This image has all the software that is necessary in the IT room and with the client too.
In the both scenarios the computers are joined to the Domain and we use the FOG client to join them (we don’t join the computers to the domain in with sysprep)
Well, my super big question is … what happens with the certificate and with the encryption data? I am having problems with it in the IT rooms. Have I to reset the encryption data every time when I donwload the image? Can I reset them automatically?
-
Resetting group encryption should work fine, no? I don’t think you can currently automate it from the GUI.
-
Yes, the reseting group encryption data wokrs fine but …
My problem is that I have 7000 computers and 350 groups in the server XD and 50 technician working on it. The proccess must to be transparent for the technicians.Can I run a postscript to do it?
-
@fernando-gietz Here’s the SQL to do it manually for all hosts: https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Reset_encryption_data
-
@Fernando-Gietz resetting encryption data should not be needed, and doing it often/in-bulk posses security risks. Can you describe exactly what you do prior to resetting encryption being needed? In general this only occurs if the client is manually reinstalled, as the server should be handling the case where computers are deployed, automatically. (If it’s not, then it’s a bug).
-
@wayne-workman said in Which is the best way to install/deploy the FOG client?:
@fernando-gietz Here’s the SQL to do it manually for all hosts: https://wiki.fogproject.org/wiki/index.php?title=FOG_Client#Reset_encryption_data
I used it
@joe-schmitt said in Which is the best way to install/deploy the FOG client?:
@Fernando-Gietz resetting encryption data should not be needed, and doing it often/in-bulk posses security risks. Can you describe exactly what you do prior to resetting encryption being needed? In general this only occurs if the client is manually reinstalled, as the server should be handling the case where computers are deployed, automatically. (If it’s not, then it’s a bug).
Maybe the question should be:
When have I or is neccesary reset the encryption data?
-
@Fernando-Gietz a reset encryption data should only be done if a client installation losses its security token somehow. This can either be caused via the Debugger, manually deleting it, or uninstalling / re-installing the client. If it is being lost for another reason, then there is some other issue at play here.
-
@joe-schmitt said in Which is the best way to install/deploy the FOG client?:
@Fernando-Gietz a reset encryption data should only be done if a client installation losses its security token somehow. This can either be caused via the Debugger, manually deleting it, or uninstalling / re-installing the client. If it is being lost for another reason, then there is some other issue at play here.
When you say “uninstalling / re-installing the client”, what means? If I deploy a new image to the computer and in the sysprep proccess I install the client again, then, is a reinstall? XD
Is valid the new token?
-
@fernando-gietz said in Which is the best way to install/deploy the FOG client?:
in the sysprep proccess I install the client again
So to be clear, the image itself does not have a client installation? It’s installed during sysprep?
And by “uninstalling / re-installing the client” I’m referring to manually uninstall the client on an existing installation that is running.
-
Hola @Joe-Schmitt ,
Both. My gold image installs the client during the sysprep and, normally, the technician uses an image with the client installed.
I have other question
If I update the server version, is necessary reset the encryption data?
