New Fog client and security
-
@Tom-Elliott
Is the token file only generated on imaging? Where does it come from - what puts ‘C:\Program Files\FOG\token.dat’ in place? -
@LibraryMark said in New Fog client and security:
Did something happen that drove all this effort to secure things? Was someone hacked?
It happened because it was needed. Nobody is known to have been hacked - maliciously. The developers are often the ones to find holes, and then they patch them.
Is the token file only generated on imaging? Where does it come from - what puts ‘C:\Program Files\FOG\token.dat’ in place?
The encryption & security model for the new client only concerns the new client’s communications with the server, not imaging itself. You can image without any client installed on the image, you would just have a lot of manual work afterwards to do.
-
Thanks, Wayne.
No one is able to answer why the token.dat file is not there? What puts it there? I have seen other topics on this issue, but have not seen any solution (that I understand, anyway). I know I must be doing something wrong but I have no idea what.
I know I do not need the client to image, and all I do use the client for is hostname changing and rebooting if there is a task waiting (and I don’t really need that). Those two things could be accomplished easy enough in other ways, I suppose. I already have an autoit script that runs on the last auto-login to do some tasks before the user sees the PC. It could easily change change the host name, too. Knowing what to change it to is the only (slightly) hard part. Could be as simple as parsing a text file for a mac-hostname pair, and I could host that on the fog server. Could make a php script for it that hands out the hostname given a mac address from the fog database.
-
@Joe-Schmitt said in New Fog client and security:
I know why the token file doesn’t exist. Its because the server and client haven’t been able to handshake yet. This is why I need the whole fog.log after you hit reset encryption.
Nothing changes in the log file after I hit the reset encyption button that I can see. I did notice that the little indicator in the host list was red while the rest were green, fwiw. Here is the log file - I cleared it, rebooted the machine, hit the button, and waited 5 minutes.
8/13/2016 11:54 AM Main Overriding exception handling 8/13/2016 11:54 AM Main Bootstrapping Zazzles 8/13/2016 11:54 AM Controller Initialize 8/13/2016 11:54 AM Zazzles Creating main thread 8/13/2016 11:54 AM Zazzles Service construction complete 8/13/2016 11:54 AM Controller Start 8/13/2016 11:54 AM Service Starting service 8/13/2016 11:54 AM Bus ERROR: Could not enter socket 8/13/2016 11:54 AM Bus ERROR: Cannot load Counter Name data because an invalid index '' was read from the registry. 8/13/2016 11:54 AM Bus { "self": true, "channel": "Status", "data": "{\r\n \"action\": \"load\"\r\n}" } 8/13/2016 11:54 AM Bus ERROR: Could not enter socket 8/13/2016 11:54 AM Bus ERROR: Cannot load Counter Name data because an invalid index '' was read from the registry. 8/13/2016 11:54 AM Bus Emmiting message on channel: Status 8/13/2016 11:54 AM Service Invoking early JIT compilation on needed binaries ------------------------------------------------------------------------------ --------------------------------Authentication-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Version: 0.11.5 8/13/2016 11:54 AM Client-Info OS: Windows 8/13/2016 11:54 AM Middleware::Authentication Waiting for authentication timeout to pass 8/13/2016 11:54 AM Middleware::Communication Download: http://fog-server/fog/management/other/ssl/srvpublic.crt 8/13/2016 11:54 AM Data::RSA FOG Server CA cert found 8/13/2016 11:54 AM Middleware::Authentication Cert OK 8/13/2016 11:54 AM Middleware::Communication POST URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&authorize&newService 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM Middleware::Authentication Authenticated 8/13/2016 11:54 AM Bus Registering ParseBus in channel Power 8/13/2016 11:54 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?clientver&newService&json 8/13/2016 11:54 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?newService&json 8/13/2016 11:54 AM Service Creating user agent cache 8/13/2016 11:54 AM Middleware::Response Module is disabled globally on the FOG server 8/13/2016 11:54 AM Middleware::Response No Printers 8/13/2016 11:54 AM Middleware::Response Module is disabled globally on the FOG server 8/13/2016 11:54 AM Service Initializing modules ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM HostnameChanger Users still logged in and enforce is disabled, delaying any further actions ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response No snapins ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response No Printers 8/13/2016 11:54 AM PrinterManager Getting installed printers ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM PowerManagement Calculating tasks to unschedule 8/13/2016 11:54 AM PowerManagement Calculating tasks to schedule ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Client-Info Client Version: 0.11.5 8/13/2016 11:54 AM Client-Info Client OS: Windows 8/13/2016 11:54 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM Middleware::Communication URL: http://fog-server/fog/service/usertracking.report.php?action=login&user=public-image\admin&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json ------------------------------------------------------------------------------ 8/13/2016 11:54 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&configure&newService&json 8/13/2016 11:54 AM Middleware::Response Success 8/13/2016 11:54 AM Service Sleeping for 104 seconds 8/13/2016 11:56 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json 8/13/2016 11:56 AM Middleware::Authentication Waiting for authentication timeout to pass 8/13/2016 11:56 AM Middleware::Communication Download: http://fog-server/fog/management/other/ssl/srvpublic.crt 8/13/2016 11:56 AM Data::RSA FOG Server CA cert found 8/13/2016 11:56 AM Middleware::Authentication Cert OK 8/13/2016 11:56 AM Middleware::Communication POST URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&authorize&newService 8/13/2016 11:56 AM Middleware::Response Success 8/13/2016 11:56 AM Middleware::Authentication Authenticated 8/13/2016 11:56 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json 8/13/2016 11:56 AM Middleware::Response Success 8/13/2016 11:56 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?clientver&newService&json 8/13/2016 11:56 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?newService&json 8/13/2016 11:56 AM Service Creating user agent cache 8/13/2016 11:56 AM Middleware::Response Module is disabled globally on the FOG server 8/13/2016 11:56 AM Middleware::Response No Printers 8/13/2016 11:56 AM Middleware::Response Module is disabled globally on the FOG server ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response Success 8/13/2016 11:56 AM HostnameChanger Users still logged in and enforce is disabled, delaying any further actions ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response No snapins ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response No Printers 8/13/2016 11:56 AM PrinterManager Getting installed printers ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response Success 8/13/2016 11:56 AM PowerManagement Calculating tasks to unschedule 8/13/2016 11:56 AM PowerManagement Calculating tasks to schedule ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Client-Info Client Version: 0.11.5 8/13/2016 11:56 AM Client-Info Client OS: Windows 8/13/2016 11:56 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:56 AM Middleware::Response Success ------------------------------------------------------------------------------ 8/13/2016 11:56 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&configure&newService&json 8/13/2016 11:56 AM Middleware::Response Success 8/13/2016 11:56 AM Service Sleeping for 76 seconds 8/13/2016 11:57 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json 8/13/2016 11:57 AM Middleware::Response Success 8/13/2016 11:57 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?clientver&newService&json 8/13/2016 11:57 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?newService&json 8/13/2016 11:57 AM Service Creating user agent cache 8/13/2016 11:57 AM Middleware::Response Module is disabled globally on the FOG server 8/13/2016 11:57 AM Middleware::Response No Printers 8/13/2016 11:57 AM Middleware::Response Module is disabled globally on the FOG server ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response Success 8/13/2016 11:57 AM HostnameChanger Users still logged in and enforce is disabled, delaying any further actions ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response No snapins ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response No Printers 8/13/2016 11:57 AM PrinterManager Getting installed printers ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response Success 8/13/2016 11:57 AM PowerManagement Calculating tasks to unschedule 8/13/2016 11:57 AM PowerManagement Calculating tasks to schedule ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Client-Info Client Version: 0.11.5 8/13/2016 11:57 AM Client-Info Client OS: Windows 8/13/2016 11:57 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:57 AM Middleware::Response Success ------------------------------------------------------------------------------ 8/13/2016 11:57 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&configure&newService&json 8/13/2016 11:57 AM Middleware::Response Success 8/13/2016 11:57 AM Service Sleeping for 85 seconds 8/13/2016 11:59 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&mac=00:50:56:AF:66:63||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json 8/13/2016 11:59 AM Middleware::Response Success 8/13/2016 11:59 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?clientver&newService&json 8/13/2016 11:59 AM Middleware::Communication URL: http://fog-server/fog/service/getversion.php?newService&json 8/13/2016 11:59 AM Service Creating user agent cache 8/13/2016 11:59 AM Middleware::Response Module is disabled globally on the FOG server 8/13/2016 11:59 AM Middleware::Response No Printers 8/13/2016 11:59 AM Middleware::Response Module is disabled globally on the FOG server ------------------------------------------------------------------------------ ---------------------------------ClientUpdater-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------TaskReboot---------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response Success ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------HostnameChanger------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response Success 8/13/2016 11:59 AM HostnameChanger Users still logged in and enforce is disabled, delaying any further actions ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response No snapins ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PrinterManager-------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response No Printers 8/13/2016 11:59 AM PrinterManager Getting installed printers ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ --------------------------------PowerManagement------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response Success 8/13/2016 11:59 AM PowerManagement Calculating tasks to unschedule 8/13/2016 11:59 AM PowerManagement Calculating tasks to schedule ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ ----------------------------------UserTracker--------------------------------- ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Client-Info Client Version: 0.11.5 8/13/2016 11:59 AM Client-Info Client OS: Windows 8/13/2016 11:59 AM Client-Info Server Version: 1.3.0-RC-8 8/13/2016 11:59 AM Middleware::Response Success ------------------------------------------------------------------------------ 8/13/2016 11:59 AM Middleware::Communication URL: http://fog-server/fog/management/index.php?sub=requestClientInfo&configure&newService&json 8/13/2016 11:59 AM Middleware::Response Success 8/13/2016 11:59 AM Service Sleeping for 70 seconds
-
@LibraryMark It appears to be working fine now.
-
@Wayne-Workman said in New Fog client and security:
@LibraryMark It appears to be working fine now.
Maybe It behaves differently than the old client? In the past, if I change the hostname to something incorrect, it will correct it in short order. That does not seem to happen now.
The VM is up and running, the mac address is correct in FOG, and yet I get a “no such device or address” next to the host in the “all hosts” list. All the other hosts are green and say “success”.
-
A-ha! I just now manually rebooted, the host name did indeed change. There is now a token.dat file. That part of it works. How about that. So the only thing “busted” right now is having it force the change.
I have FOG_ENFORCE_HOST_CHANGES checked. Is there somewhere else this needs to be changed? Looks like I need FOG_TASK_FORCE_REBOOT too? I will try that.
-
@LibraryMark It is the
Make changes even when users are logged on?
setting. It is per-host / group. You can find it by selecting your host/group, and going to Active Directory. -
@Joe-Schmitt said in New Fog client and security:
@LibraryMark It is the
Make changes even when users are logged on?
setting. It is per-host / group. You can find it by selecting your host/group, and going to Active Directory.BINGO! That was it. It did it all by itself. Wow - what an ordeal. This is going to take some getting used to.
Thanks to all who contributed to this. Now - can anyone tell me what I did wrong in the first place?
-
Since I don’t know everything about your setup I can only speculate. My guess is that at some point you may have tried reinstalling the client on the problematic host. It would cause an issue because:
- the original installation successfully authenticated and set the token.
- on uninstalling / reinstallation the token is deleted from the computer, but the server still has it.
- on installation the client no longer has the old token, but the server is expecting it. Thus causing authentication issues.
-
@Joe-Schmitt - Ok, sounds about like what I did. At least now I have some things to try if it happens again.
Thanks!
-
As much as the security model may seem like its an overkill, believe me when I say it is needed. We also built it in a fashion that you, as an end user, should almost never have to interact with it or manually intervene (e.g. resetting encryption data). The only time you need to step in is if you move your server to another machine or reinstall the client on the computer.
-
@Joe-Schmitt said in New Fog client and security:
As much as the security model may seem like its an overkill, believe me when I say it is needed. We also built it in a fashion that you, as an end user, should almost never have to interact with it or manually intervene (e.g. resetting encryption data). The only time you need to step in is if you move your server to another machine or reinstall the client on the computer.
I think where I went wrong is expecting the client to change the host name when the setting was not enabled. The old client just did it because the setting was on a local ini. The new client was probably installed correctly the first time and I didn’t even realize it.
I can appreciate the work and time that went into the new security model. It’s just that for my situation, in a public library with public hosts on a network totally separate from our staff net, I am not sure I have a need for bullet-proof security there. I am more concerned about FOG booting my PC’s and reload them without hassles.
-
@LibraryMark The FOG_ENFORCE_HOST_CHANGES is supposed to enable the AD portion (when selected) to turn on. Seeing, as how I’m reading this thread, that you’re not using AD, this explains why the setting never occurred in your situation. All of these setting work based on defined settings, so if you’re editing a host in the GUI and the host doesn’t have the item checked, the host will display that the item isn’t checked.
This is all the more reason to follow what the logs are telling you. We try to make things as simple as possible but that doesn’t mean we won’t have some areas that do require user intervention.
I’m glad you were able to figure out the issue and that we were able to help you find out. The security is needed. Regardless of how you plan on using it. You are more than welcome to use whatever client you want, but I would recommend sticking with the new client.
-
@Tom-Elliott said in New Fog client and security:
@LibraryMark The FOG_ENFORCE_HOST_CHANGES is supposed to enable the AD portion (when selected) to turn on. Seeing, as how I’m reading this thread, that you’re not using AD, this explains why the setting never occurred in your situation. All of these setting work based on defined settings, so if you’re editing a host in the GUI and the host doesn’t have the item checked, the host will display that the item isn’t checked.
This is all the more reason to follow what the logs are telling you. We try to make things as simple as possible but that doesn’t mean we won’t have some areas that do require user intervention.
I’m glad you were able to figure out the issue and that we were able to help you find out. The security is needed. Regardless of how you plan on using it. You are more than welcome to use whatever client you want, but I would recommend sticking with the new client.
Yup, no AD here. Not for our public machines. I would think, however, that the “Make changes even when users are logged on?” setting might be handier in another spot, especially for those of us who do not use domains.
-
@LibraryMark said in New Fog client and security:
It’s just that for my situation, in a public library with public hosts on a network totally separate from our staff net, I am not sure I have a need for bullet-proof security there.
You’re public users are not a security risk? And I know you say you have HDD locking software (Centurion SmartShield or Faronics DeepFreeze probably), but this doesn’t really matter. If there’s a security hole and someone knows how to exploit it, they can exploit it every time they want. Once there’s a compromise, those computers are no longer safe for users to use, no matter how many times they are rebooted and ‘reset’. The legacy client is not secure. The legacy-enabling functionality server-side is also not secure. It is advised that once you have moved to the new fog client, to remove legacy passwords from the FOG server.
-
This post is deleted! -
@Wayne-Workman said in New Fog client and security:
@LibraryMark said in New Fog client and security:
It’s just that for my situation, in a public library with public hosts on a network totally separate from our staff net, I am not sure I have a need for bullet-proof security there.
You’re public users are not a security risk? And I know you say you have HDD locking software (Centurion SmartShield or Faronics DeepFreeze probably), but this doesn’t really matter. If there’s a security hole and someone knows how to exploit it, they can exploit it every time they want. Once there’s a compromise, those computers are no longer safe for users to use, no matter how many times they are rebooted and ‘reset’. The legacy client is not secure. The legacy-enabling functionality server-side is also not secure. It is advised that once you have moved to the new fog client, to remove legacy passwords from the FOG server.
We are using Reboot Restore Rx. Are you talking about the fog client still?