FOG Post install script for Win Driver injection
-
@george1421 said in FOG Post install script for Win Driver injection:
This script can be used to update files on the target computer. In this case we’ll use it to update the unattend.xml file with install time data like host name, connect to AD or what ever you need. I can say if you use the FOG client to do this stuff, then this script isn’t really needed. But its here to show you what’s possible.
#!/bin/bash hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password unattends=$(find /ntfs/ -iname "unattend.xml") for unattend in $unattends [[! -f $unattend]] && return dots "Preparing Sysprep File" #rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1 #if [[! $? -eq 0]]; then #echo "Failed" #debugPause #handleError "Failed to remove original unattend file" #fi echo "Done" debugPause dots "Writing Computer Name to $unattend" sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to update originating unattend file" fi echo "Done" echo "ComputerName set to $hostname in $unattend" debugPause [[-z $addomain]] && continue dots "Set PC to join the domain" sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to remove the Workgroup setter" fi sed -i \ -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \ -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \ -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \ -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to update user, pass, ou, and domain setter" fi echo "Done" debugPause done@george1421 nice write-up - think this needs updating to be inline with hostinfo.php variables?
-
@Lee-Rowlett said in FOG Post install script for Win Driver injection:
@george1421 nice write-up - think this needs updating to be inline with hostinfo.php variables?
Thank you for your kind words.
Yes, looking over the code its a bit dated. There are a few things that while they work, could use a fixup because I don’t think they work as well as it should.
Possibly include setting the host name with this snippet. So they host name can be anything and sed will just swap it out. In the one I wrote for my business it is setup for global deployments. It will identify the local subnet where its being installed and update the timezone, system mui language and keyboard settings for the local region. But the point is they all use a variant of the sed script below.
sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" $unatendfileRef: https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/7
-
Thanks for all of this…great help while I’m making a windows 10 image. I do have 1 question. When you say this script will not work and you need to add this to the unattend file.
[moderator note] The content of this question has been forked to this thread since it went a bit beyond the scope of this tutorial: https://forums.fogproject.org/topic/9169/help-with-win10-driver-injection
-
Hello, George,
1st off, thanks for all of your documentation on this. I’m getting further than before in my deployment.
I’m however stuck on a few things, so I’ll provide as much info as you need.
Fog server running on Ubuntu 16.04 server
Fog server version: 1.3.0-RC-10.So here are the machines and other things we have in our environment:
laptops: Lenovo ThinkPad T540p, ThinkPad T560, Lenovo ThinkPad T530, and other lower models.
Desktops: Lenovo ThinkCentre M800I used MDT 2013 Update 2 as you were saying about MDT and I took an image on our VMware and deployed the image on a ThinkPad T560 from the fog server I have on our VMware. On my fog server, there is already an image folder, so I created under there drivers/ThinkPad T560/win7/x64. 0_1482360759122_Lenovo.docx
Now do I need to create another subfolder under the root like images 2 or something like that? Sorry, I’m a Windows guy and still getting used to Linux. I also replaced the fog.postdownload with what you have in this forum and ran that chmod command and looked like it took it.
When I deploy the image to the T560, it 1st gave me an error with the fog.driver script from in the forum that failed to load the driver, had it just Thinkpad T560, had to do ThinkPad T560, then it would get stuck on in process during the driver loading and when it was preparing it for the first time, I would get errors during syspre that it had errors, forgot the exact error, so I would restart it and get an error windows rebooted and reinstalling Windows during the sysprep.
Can you tell me what I’m doing wrong? also I’m unable to join the machine to my test domain. I did the hostnamechanger and did the encrypt, but still won’t join my test domain, the account is not a domain admin, but I gave it delegate to the test OU I created. Does it need the hostnamechanger for 1.3.0? I verified the options in AD on the console are checked off.
Look at the Word attachment I’ve attached.
-
@Jamaal Just for clarity this tutorial was intended for Dells only.
With that said it can work for Lenovos or other models. I can tell you that lenovos (more precisely) Dell store the system name in a different location than other computer manufacturers. So your fog post download script will need to look in a different location that my scripts indicate (because they are Dell centric).
Since you are a Windows convert, you MUST remember that case IS important to linux. So just pay attention when creating file paths.
The built in fog.postdownload script is just a shell script (it doesn’t do anything right out of the box). It is up to you as the FOG admin to add content to that script. So in short yes you will need to update that script as indicated.
So for the Dell computers we have to use this smbios key to pick up the system name using dmidecode
dmidecode -s system-product-nameFor the other manufacturer (I believe lenovo too) you have to use this key
dmidecode -s baseboard-product-nameOne manufacture stores the name in the system structure and one in the baseboard structure. Both are correct just a pain if you have a mixed fleet. In out production fog script we use another dmidecode key to find the manufacturer
dmidecode -s baseboard-manufacturerand then use a case statement to query the right key for the system name.What I might do until I was comfortable with the hardware setup would be to schedule a debug capture of the new and untested hardware. A debug capture will drop you to a command prompt on the target hardware when you pxe boot it. Once at the command prompt on the FOS engine (the linux OS that boots on the target hardware) run the dmidecode command and inspect what get returned. This code returned must match exactly the driver parent folder in the /images/drivers/XXXXX
-
@george1421 Ok, I’ll try that tomorrow when I go back to work. Thanks for the info, but can you tell me about the joining of the domain? or maybe it’s best if I use a script to just join it?
-
@Jamaal You can join the machine to the domain by:
- Have the unattend.xml file join the computer to the domain
- Have the FOG Client connect the computer to the domain
- Create a script that is executed by the setupcomplete.cmd file
I use the first option because based on the image used, type of computer, site deployed to, our post install script will choose the correct OU and update the unattend.xml file accordingly. That is something the fog client isn’t designed to do.
Many people use option 2.
As for why your setup is not connecting to the domain. Is the network driver being loaded so the client can reach the domain controller? If I had a system that wouldn’t connect to the domain, I would log into it and then manually connect it to the domain. Be sure you use the user ID and password you defined in fog, that user account must have computer add rights. The other thing may be that you are defining a destination OU that doesn’t exist? Also you may be able to glean some information by looking at your DC’s security log to see if its a permission issue.
-
@george1421 George, I think I got the name correct for the Lenovo, getting further than before. I remember I had the name structure as ThinkPad T560 under the drivers folder, but getting stuck at Preparing Drivers… in progress. In the task menu on the web, it only shows like 1% and not moving. Any idea on why that’s happening?
-
@Jamaal said in FOG Post install script for Win Driver injection:
@george1421 George, I think I got the name correct for the Lenovo, getting further than before. I remember I had the name structure as ThinkPad T560 under the drivers folder, but getting stuck at Preparing Drivers… in progress. In the task menu on the web, it only shows like 1% and not moving. Any idea on why that’s happening?
I think I see what is the issue. Just that the screen moves too fast and said no such file or directory and it reboots.
-
@george1421 George, 2 more questions as I’m starting to get the hang of MDT 2013 and fog. How do I put in the task to change the registry to put c:\drivers for where Fog will drop the drivers for the Lenovo machines? And the other thing that’s giving me an issue, where else in the fog.drivers script do I edit c:\drivers?
Other than that, I’m feeling confident I’ll be able to deploy our fleet.
-
@Jamaal I can say for my organization, I use MDT to update the registry entry during the reference image build. That always has worked for me.
The other way people have done it was via the fog.drivers script here (look at the very bottom) https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4
the fog.driver script route appears to work, but I’ve never used that route. It was easier for me to just create the mdt task to update the registry key, plus I could/do validate the reference image matches the our design standard before image capture, so I need all of the bits to be in place for validation.
What is important (for the registry key) is to have the c:\drivers path first then the c:\windows\inf directory. You want OOBE to search for the model specific driver before it uses the windows built in driver (if both exist).
-
Hello,
(french user, sorry for my bad english …
)
Sorry for the question (the post is quite old) but i’m lost to choose the best solution for Driver Injection after image Deploy.In my environment, we have HP, DELL, Lenevo computer (laptop, desktop).
What is the best way ? postdowloadscript included in Fog ? Or this way ? Or … it’s “depend on” ?
Many thanks
Have a nice day. -
@Jonathan-Cool Postdownloadscripts are up to the user to implement correctly, the system exists in FOG and this thread talks about using that system with a community created script.
It’s easily the most convenient if you have a lot of the same models and it doesn’t change all the time.
-
@Jonathan-Cool No problem on the bad english. I’m a native english speaker, and I speak it bad too…
There are a few threads for setting up driver injection using a postinstall script. The thing you must remember if you go this path is that the postinstall scripts run under linux as a bash shell script and not windows. So there are somethings you can not do like DISM injection.
There is a second requirement for this process to work. Your drivers must be in inf format and not built into a .exe installer. All of the Dell and most of the Lenovo drivers are in INF format. I can’t speak for the HP and their drivers.
The postinstall scripts can work for all models the post install script will first check the manufacturer of the hardware then check the model number of the hardware to identify what drivers are needed.
I wrote a tutorial (in addition to this thread) for this process.
https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-scriptAlso Lee wrote an excellent that takes a slightly different approach too.
https://forums.fogproject.org/topic/4278/utilizing-postscripts-rename-joindomain-drivers-snapins -
This post is deleted! -
@quazz So in my instance, I have 4 different HP models, and 2 different kinds of Lenovo’s. I tried using DISM to install the drivers, which appears to work, but hangs up the imaging process for a long time until you physically reboot the target machine. After reboot however, it appears to be all of the drivers installed. I am struggling trying to figure out the best way to install the drivers on a per model basis. Is there an easy way to do this with FOG?
Thanks!
-
@austinjt01 The steps outlined here do work.
In your case, what I would do is (on a test system) don’t inject the drivers during your test imaging. Once the system has imaged, and OOBE has completed. Login with an admin account and manually run the command as you have it defined in the setupcomplete.cmd file.
My bet is that DISM or the installation of one of your drivers is asking a question. Since this is at a point in the imaging process it can’t access the desktop the question is being displayed to a hidden desktop. By running it interactively you might be able to see the question and then take counter measures. I had an issue with an into nuc and intel not signing 2 drivers with an approved certificate that caused the driver install to fail. Once I imported the certificates before installing the drivers everything went OK.
-
Hello @george1421 Just making sure this is still the recommended way to do driver injection. Its been a year, and I have seen some other documentation for this. Just making sure its good before I go down this path.
-
@sourceminer Its still accurate. I do think I need to create a new one that is a bit more concise and update a few things specifically for Win10, since Win7 will start its 2 year decline to unsupported soon.
There has been some discussion around using this process and then calling DISM to inject the drivers twice in the setupcomplete.cmd to install all remaining drivers not detected during OOBE. Sometimes hardware is hidden behind other hardware, behind other hardware.
-
@george1421 OK great. Would be a nice thing to just make this part of the gui? Or built into the solution to some varying degree.
