Backing up user profiles/data before deploying image
-
Since you have mcafee fde installed you will have to backup the user’s profiles in the windows environment. Linux FOS can’t help you here, or your drive encryption wouldn’t be very good.
We use USMT to transfer the user’s profile to their home drive before imaging and then back after imaging. This is all done in the windows realm outside of FOG.
-
George is right.
But, this makes me think of a feature request…
predownloadscripts
@Tom-Elliott thoughts?
-
@Wayne-Workman I’ve pondered the idea of this but it’s not a good idea ultimately. Useful as it could be, what kinds of things would require before actions (beyond data backup)? I suppose there could be more uses but they’re still seeming rather ubiquitous. As for the profile backup portion I would recommend against it. While certainly there could be the occasional need, the idea of imaging is to have a “clean start”. Imaging if you’re imaging a system due to a virus. Backing up to place back on wouldn’t do much good I don’t think.
-
@Tom-Elliott the good idea ultimately is referring to my own thoughts.
-
@george1421 How do you guys use USMT? See, I wondered about pulling their profile up before the FOG client rebooted them, then it pushed it back down similar to how the script works, but I don’t know that Windows will just accept the profile that’s there or if it’ll make a new one. Our computers are single user PCs.
-
@Tom-Elliott Huh, yeah I suppose I didn’t think about that with the infections. I would hope that McAfee would grab it, but who are we kidding. It’s McAfee.
We have some users who are having issues (first time FOG deployment here for a user) and that’s just something that’s come up. I’m trying to make it so I can tell it to image and the process is done from there. No touching it or anything. Just image and you have a new PC in 20 minutes.
-
@Tom-Elliott You could theoretically scan the profile before backing it up, but seeing as anti-viruses aren’t perfect, this is bound to screw things up anyway.
-
@THEMCV How we use it is a bit much to explain. But we do use USMT for workstation migrations and OS upgrades. We will use usmt scan state to copy all profiles and user data from the target computer to an IT share. Then image/swap the machine, and then finally use the usmt load state to import the user’s profile back to the new target computer. By default we install usmt on all computers as we are imaging them for its eventual use.
Here is a good article on using usmt: https://technet.microsoft.com/en-us/library/jj127984.aspx
Now in your case, you could use a snapin to issue the usmt scan state to copy the profiles to a common share before imaging and then a second snapin to copy them back post imaging. But I have never been to comfortable using that method. I would prefer my guys SEE the profiles being backed up and confirm the migration file exists before wiping the computer. The process does work, but on occasion there are hiccups. When the user logs in after the usmt migration they see exactly their profile on the old computer. We did create a custom xml config file to ensure that all files in all specific locations were being backed up.
The only caveat to usmt is the user that runs the scan state and load state must be a local admin on the box. Normal users can’t run the command successfully.
-
@george1421 I will take a look at that, thank you!
Yeah, I feel where you’re coming from. Which is why I’d like folder redirection so we don’t have to worry about them too much, but many of our users are mobile and I’ve heard some syncing horror stories.
-
Sorry to necro this thread, but I find myself needing to do the same thing requested here. Our staff is ultimately responsible for their data and making sure they save it to their network drives, but during summer re-imaging we always have someone that returns and have lost their data because they thought they saved it to the network drive, but didn’t.
What I would like to do is have FOG take a quick copy of the C:\Users directory and store it on a SMB share prior to imaging (Not the FOG server due to space restrictions). Can the FOS mount a SMB share from a postinit script so that rsync can be used?
-
@RobertD First to answer your question, no a smbclient is not included in the FOS OS. One could be added if you wanted to go through the buildroot process to make new inits.
I might take a different approach to this. One might use a FOG Snapin (or some other software deployment tool like PDQ Deploy) to deploy USMT to the user’s computer. From usmt I would then deploy a usmt “save state” to have it backup the user’s profile to some smb share. Since the fog client runs as SYSTEM you will need to make accommodations in your script that calls usmt to connect to the network share first then run the save state command. Once the imaging has been complete you can use the usmt load state to put the user’s profile back onto the computer exactly as they have left it. We use usmt as we migrate users to new computers and it has really helped with user migrations. We don’t use it as a fog snapin but interactively with batch scripts it runs rather well.
If your computer names would be consistent between reimages you could actually create a path on your smb share that embeds the
%computername%
so your restore script would know where to get the usmt image file from. -
@george1421 - I was afraid cifs wasn’t in the FOS which makes sense because it needs to be as lightweight as possible. I’ve looked into USMT, but it adds complexity and time to our re-imaging process in which we have limited time and staff for the size of school district we are.
Our campus techs typically don’t even login to the machine when re-imaging. They shut it off, run through the registration process and walk away. It’s completely finished when they come back. Adding additional steps to this process will prevent us from completing the re-imaging projects over summer due to the sheer number of machines we have to re-image. This is why it’s appealing to let FOG do it as part of it’s process.
I suppose I could always rsync it to the FOG server like /images/profiles/ then move everything off the fog server to an SMB share via FTP, but that seems kind of clunky.
-
@RobertD I’m not seeing it as a big time waster, but I don’t know your environment. The backup of the profile and the reimaging process doesn’t need to be synchronized. The last day of school +1 deploy the usmt application and make the profile backup (or what ever you need for backup) and then have the application deployment script power off the computer.
I could also recompile the inits with the smbclient included. It would not add much code to the base image. You would then need to use a postinit script to slide in your site smb.ini configuration file into the /etc directory. But that is also possible.
-
@george1421 - I hate to impose binaries into the inits if no one else has a use for them. I’m just trying to figure out a way to do this without adding additional mechanics to our current process.
-
@RobertD Just a quick idea, maybe use a post-init script that copies the files to a NFS share?
-
@Sebastian-Roth We are actually trying that right now, however we are struggling to mount it with write access. It keeps giving us “Read-only file system” when we try something like touch /imagesinit/userbackup/text.txt.
-
I do it.
Creating an rw nfs share and rsyncing folders from fog.postinit.
You can do it to fog or to another file server.
-
@RobertD You can install NFS on ms windows. I have a proof of concept on how to turn windows box into a fog storage node (not really recommended, but I wanted to see if I could do it). The point it is shows you how the setup the permissions for the nfs share so that FOS can mount it.
https://forums.fogproject.org/topic/6941/windows-server-as-fog-storage-node-proof-of-concept-blog
-
Not sure why it isn’t working.
- We created a new directory within our /images folder on the fog server called userbackup.
- We set permissions with chmod 777 on this folder.
- Booting a host with a deploy debug task.
- From the host we tried the following
mkdir /userbackup mount -o nolock,proto=tcp,rw "1.2.3.4:/images/userbackup" /userbackup touch /userbackup/test.txt "This is a read-only file system"
Are we missing something in our mount statement?
-
@RobertD Oh that’s a easy one. That is because /images is read-only at the share level. That is why fog uploads to /images/dev which is read-write at the share level.
showmount -e 127.0.0.1
might show this or/etc/exports
will.