• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Service Modules in new Client?

    Scheduled Pinned Locked Moved
    General
    6
    22
    6.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RobertDR
      RobertD
      last edited by

      We are still running version 0.32, but have plans to move to 1.30 when the stable is released. We have a few ideas of service module ideas we would like to build to extend the fog service. Does the new client still support this?:

      https://wiki.fogproject.org/wiki/index.php?title=Creating_Custom_FOG_Service_Modules

      1 Reply Last reply Reply Quote 0
      • RobertDR
        RobertD
        last edited by

        Now in English lol…
        We have a few ideas of modules we would like to build to extend the fog service.

        1 Reply Last reply Reply Quote 0
        • J
          Joe Schmitt Senior Developer
          last edited by

          The new client is much much easier to build modules for. However it doesn’t allow third party ones. If you have some ideas get in contact with me and we can see about possibly adding them.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          RobertDR 2 Replies Last reply Reply Quote 0
          • george1421G
            george1421 Moderator
            last edited by

            Can you explain what you are trying to accomplish here? There may be a different way to go about it.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 0
            • RobertDR
              RobertD @Joe Schmitt
              last edited by

              @Joe-Schmitt said in Service Modules in new Client?:

              The new client is much much easier to build modules for. However it doesn’t allow third party ones. If you have some ideas get in contact with me and we can see about possibly adding them.

              So compiling dlls and dropping the fog service folder will no longer work?

              In the past we have had problems with students acquiring the local admin password (Cracking the ntlm hash, it being exposed on a post it note or something else). This password is set across the board on desktops, which allowed them to jump from machine to machine (RDP, SMB, Remote execution, or being leaked by some other method). One of the modules we want to create would manage the local Administrator password. Each machine would have a randomly set admin password by this module which would then be sent to an encrypted web service where it would also be stored encrypted. So every admin password on every machine is different. If a campus technician needed the local password for a machine they would request it through a web portal where they would access restriction based on their credentials. Everything could then be audited.

              This service module could also be configured to cycle passwords on a normal basis and/or reset the admin password for a specific host on demand from the web portal.

              george1421G Wayne WorkmanW 2 Replies Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @RobertD
                last edited by

                @RobertD If you have access to AD there is a different/better way to manage the local admin passwords.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                RobertDR 1 Reply Last reply Reply Quote 0
                • RobertDR
                  RobertD @george1421
                  last edited by

                  @george1421 We are an AD shop, but some of our machines are not domained.

                  george1421G 1 Reply Last reply Reply Quote 0
                  • george1421G
                    george1421 Moderator @RobertD
                    last edited by

                    @RobertD Sorry I was going to post a link, but the URL I had saved was broken so it took me a bit longer to get the links.

                    https://technet.microsoft.com/en-us/mt227395.aspx
                    https://adsecurity.org/?p=1790

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                    MRCURM RobertDR 2 Replies Last reply Reply Quote 1
                    • MRCURM
                      MRCUR Testers @george1421
                      last edited by

                      @george1421 @RobertD Second the suggestion of LAPS. That is the appropriate way to manage local admin passwords in an AD environment.

                      1 Reply Last reply Reply Quote 0
                      • RobertDR
                        RobertD @george1421
                        last edited by george1421

                        @george1421 said in Service Modules in new Client?:

                        @RobertD Sorry I was going to post a link, but the URL I had saved was broken so it took me a bit longer to get the links.

                        https://technet.microsoft.com/en-us/mt227395.aspx
                        https://adsecurity.org/?p=1790

                        Good information! However it’s only effective for domain joined machines. Most of our mobile devices are not on the domain (thin clients, laptops, etc - Everything has the fog client)

                        george1421G 1 Reply Last reply Reply Quote 0
                        • RobertDR
                          RobertD
                          last edited by

                          We also really like the idea of google’s project GRR, however navigating and creating tasks in it is complicated at best. It would be incredibly convenient if we could build modules for fog to do some of the simple stuff GRR does.

                          • Search hosts for a file hash - if it exists report back
                          • Search hosts for a specific event in the event viewier - if it exists report back
                          1 Reply Last reply Reply Quote 0
                          • george1421G
                            george1421 Moderator @RobertD
                            last edited by

                            @RobertD

                            The FOG client, could do this, but the issue you will have is managing what the passwords are/will be. You will need to keep an index/ database record for this.

                            Other ways for mitigation is to only allow devices to boot from authorized media (i.e. hard disk and network). Then lock down the bios so no changes can happen. You can also manage Dell (if you have them) bios passwords with windows utilities.

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                            RobertDR 1 Reply Last reply Reply Quote 0
                            • RobertDR
                              RobertD @george1421
                              last edited by RobertD

                              @george1421 said in Service Modules in new Client?:

                              The FOG client, could do this, but the issue you will have is managing what the passwords are/will be.

                              This is exactly what the module would be programmed to do.

                              Sudo code:

                              'Check against the database first
                              If @PassLastChangedDate < @DateThreshold
                              'Create a random password and set in on the database side first
                              ’ If successful set it on the local machine
                              End

                              1 Reply Last reply Reply Quote 0
                              • Wayne WorkmanW
                                Wayne Workman @RobertD
                                last edited by

                                @RobertD said in Service Modules in new Client?:

                                @Joe-Schmitt said in Service Modules in new Client?:

                                The new client is much much easier to build modules for. However it doesn’t allow third party ones. If you have some ideas get in contact with me and we can see about possibly adding them.

                                So compiling dlls and dropping the fog service folder will no longer work?

                                In the past we have had problems with students acquiring the local admin password (Cracking the ntlm hash, it being exposed on a post it note or something else). This password is set across the board on desktops, which allowed them to jump from machine to machine (RDP, SMB, Remote execution, or being leaked by some other method). One of the modules we want to create would manage the local Administrator password. Each machine would have a randomly set admin password by this module which would then be sent to an encrypted web service where it would also be stored encrypted. So every admin password on every machine is different. If a campus technician needed the local password for a machine they would request it through a web portal where they would access restriction based on their credentials. Everything could then be audited.

                                This service module could also be configured to cycle passwords on a normal basis and/or reset the admin password for a specific host on demand from the web portal.

                                Microsoft just recently released a tool that does exactly what you want. I would recommend using that.

                                Read here for some info:
                                https://www.404techsupport.com/2015/05/microsoft-makes-local-administrator-password-solution-official/

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                Daily Clean Installation Results:
                                https://fogtesting.fogproject.us/
                                FOG Reporting:
                                https://fog-external-reporting-results.fogproject.us/

                                MRCURM 1 Reply Last reply Reply Quote 0
                                • MRCURM
                                  MRCUR Testers @Wayne Workman
                                  last edited by

                                  @Wayne-Workman This is exactly what @george1421 linked to earlier and I mentioned below.

                                  Wayne WorkmanW 1 Reply Last reply Reply Quote 2
                                  • Wayne WorkmanW
                                    Wayne Workman @MRCUR
                                    last edited by

                                    @MRCUR Oh. Cool then. 🙂 I read from bottom to top, when I hit that first post explaining what he was doing, I posted this and didn’t read any further. 🙂

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                    Daily Clean Installation Results:
                                    https://fogtesting.fogproject.us/
                                    FOG Reporting:
                                    https://fog-external-reporting-results.fogproject.us/

                                    1 Reply Last reply Reply Quote 0
                                    • RobertDR
                                      RobertD @Joe Schmitt
                                      last edited by

                                      @Joe-Schmitt said in Service Modules in new Client?:

                                      The new client is much much easier to build modules for. However it doesn’t allow third party ones. If you have some ideas get in contact with me and we can see about possibly adding them.

                                      Hi Joe,
                                      I installed fog 1.3 RC1 last night and noticed under Fog Configuration > Client Updater it looks like there is a module upload section for the fog client. I thought in the new version of fog it didn’t allow third party modules. I guess I’m confused or misunderstood. Can someone explain what this is used for?

                                      Thanks!

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        Joe Schmitt Senior Developer
                                        last edited by Joe Schmitt

                                        @RobertD that section is used by the legacy client not the new one. @Tom-Elliott perhaps you could go through and put a notice (e.g. red text) by things that are only support by legacy, such as geeenfog, client module updater, directory/user cleanup and so on.

                                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                        RobertDR 1 Reply Last reply Reply Quote 0
                                        • RobertDR
                                          RobertD @Joe Schmitt
                                          last edited by

                                          @Joe-Schmitt Got it. Thanks for the clarifying. Is there any possibility this will be added back in the future? This could be so useful for proprietary business processes to just use the FOG service instead of having to create our own and install it in addition to the FOG service.

                                          I haven’t played around with the new client since our 0.32 version so I’m excited to see what’s changed.

                                          Thanks for all you guys do!

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            Joe Schmitt Senior Developer
                                            last edited by Joe Schmitt

                                            In the far future yes (FOG 2.0 is built around plugins). But for 1.3 you will need to perform a custom build AND swap out the fogproject public cert with your company’s. That way you can sign your builds and still auto update.

                                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                            Tom ElliottT 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post

                                            155

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project