• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Webcast: Imaging with FOG, Managing with PDQ

Scheduled Pinned Locked Moved
Tutorials
10
41
18.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Troye Johnson
    last edited by Feb 28, 2017, 10:26 PM

    @PDQ & @george1421 Hi guys I have a question how did you guys pass the PDQ background user credentials from fog. Did you change the fog service user to match that user?

    Fog Server information

    Cent OS 7
    Running Version 1.5.2

    G 1 Reply Last reply Feb 28, 2017, 11:03 PM Reply Quote 0
    • G
      george1421 Moderator @Troye Johnson
      last edited by Feb 28, 2017, 11:03 PM

      @Troye-Johnson I think that part needs to be answered by the PDQ guys. I can tell you by default the FOG client runs as the SYSTEM account.

      I could see its possible that if the fog service account was changed to run as a domain user account and that domain user account had local admin rights (on the target computer) as well as rights to reach out to the PDQ Deploy server, and listed as a console user in PDQ Deploy that would work and still keep everything secure and functional.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      T 1 Reply Last reply Mar 1, 2017, 4:25 PM Reply Quote 0
      • T
        Troye Johnson @george1421
        last edited by Mar 1, 2017, 4:25 PM

        @george1421 I did try this and it worked, but also in the webcast I heard them say “did you remove your password from the script” my boss thinks they have a way to run the script as any user from from the fog console. @PDQ can you explain how that process works?

        Fog Server information

        Cent OS 7
        Running Version 1.5.2

        B 1 Reply Last reply May 23, 2017, 8:31 PM Reply Quote 1
        • J
          Joe Schmitt Senior Developer
          last edited by Joe Schmitt Mar 1, 2017, 10:40 AM Mar 1, 2017, 4:29 PM

          @george1421 the FOG client should never be set to run a domain user. The client’s security model relies on the assumption of running as SYSTEM/root. In addition if the client runs a domain user then it will not be able to rename, join, or leave a domain. Since when the client needs to temporary leave remove a machine from the domain, the client would loose all privileges.

          Ultimately the client may or may not work as non-SYSTEM users, but its not something we recommend or will officially support.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          1 Reply Last reply Reply Quote 4
          • B
            Bob Henderson @x23piracy
            last edited by Mar 27, 2017, 3:32 PM

            @x23piracy said in Webcast: Imaging with FOG, Managing with PDQ:

            😄 Sounds great how do you guys want to manage fog images in a better way as it is? Little details please?
            FYI i am a paying PDQ Deploy Customer 😉 Lovely tool.

            What i found so far:

            http://bobhenderson.org/fog-zero-touch-imaging-with-pdq-deploy/
            http://bobhenderson.org/pdq-deploy-fog-imaging-happiness-take-2/

            Regards X23

            Mod edited

            ha, holy crap, that’s me!

            G 1 Reply Last reply Mar 27, 2017, 3:34 PM Reply Quote 2
            • G
              george1421 Moderator @Bob Henderson
              last edited by Mar 27, 2017, 3:34 PM

              @Bob-Henderson == Now famous.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              B 1 Reply Last reply Mar 27, 2017, 3:38 PM Reply Quote 0
              • B
                Bob Henderson @george1421
                last edited by Mar 27, 2017, 3:38 PM

                @george1421 Actually reminded me to renew the domain name on that one before I lost it! God I need to post more updates.

                We’re still using FOG and PDQ to image out our 1:1 fleet of computers, as well as having it tied into our server deployments automated via Ansible onto our Proxmox KVM boxes. It’s working fantastically.

                The next thing I’m working on (shoot for the moon, right?) is to use FOG to host Snapins and make them accessible outside of the LAN, that’ll then pull down some powershell to grab files via HTTPS from our web cluster to do remote installations if needed. I’ve got a proof of concept working, but I’m a 1 man shop and haven’t had time to do much more on it. But if it works, I’ll effectively be able to push installs both on and offsite, without having to use DirectAccess as the tie back. The powershell has some if’s in there to see if they’re on the LAN, which will then tell it to grab PDQ’s packages, but if they’re off, it’ll grab them from the HTTPS repository and fire off msiexec on them manually.

                It’s poor mans SCCM!

                B 1 Reply Last reply May 24, 2017, 3:28 PM Reply Quote 1
                • B
                  bmorris @Troye Johnson
                  last edited by May 23, 2017, 8:31 PM

                  @Troye-Johnson Did you ever get an answer to your question? I am running into the exact same problem. Since the service runs as SYSTEM, it doesn’t have permissions to even remote powershell to our PDQ server.

                  Fog Server Info

                  Ubuntu 16.04.2 LTS
                  Running Version 1.4.0
                  SVN Revision: 6069

                  1 Reply Last reply Reply Quote 0
                  • T
                    Troye Johnson
                    last edited by Troye Johnson May 24, 2017, 8:42 AM May 24, 2017, 2:42 PM

                    @bmorris Yes I we created a domain user added that users under the “pdq deploy> Preferences>Credentials” to allow it access to deploy apps and then added those credentials into the PDQdeploy script by powershell. Here is my script I encrypted the password for best practices.

                    
                    <#
                    .SYNOPSIS
                    Start a PDQ Deploy Deployment on a target machine
                    
                    .DESCRIPTION
                    Trigger a PDQ Deploy deployment to start locally or on a remote machine with PDQ Deploy installed
                    
                    .EXAMPLE
                    Start-Deployment -PackageName "Example Package" -Targets "Wolverine"
                    
                    .EXAMPLE
                    Start-Deployment -ScheduleName "Example Schedule" -Targets "Wolverine"
                    
                    .EXAMPLE
                    Start-Deployment -ScheduleID 123 -Targets "Wolverine"
                    
                    .PARAMETER DeployComputerName
                    The machine with PDQ Deploy installed. This defaults to the local machine
                    
                    .PARAMETER PackageName
                    The names of packages on DeployMachine that you wish to use
                    
                    .PARAMETER ScheduleName
                    The names of schedules on DeployMachine that you wish to use
                    
                    .PARAMETER ScheduleID
                    The schedule IDs on DeployMachine that you wish to use
                    
                    .PARAMETER Targets
                    A list of targets that you wish to deploy a package or schedule to. Leave blank if you wish to target the local machine.
                    #>
                    [cmdletbinding(
                        SupportsShouldProcess = $True
                    )]
                    Param(
                    
                        [String]$DeployComputerName = $env:COMPUTERNAME,
                    
                        [Parameter(ParameterSetName = "Package")]
                        [string]$PackageName,
                    
                        [Parameter(ParameterSetName = "Package")]
                        [String[]]$Targets = $env:COMPUTERNAME,
                    
                        [Parameter(ParameterSetName = "Schedule")]
                        [string]$ScheduleName,
                    
                        [Parameter(ParameterSetName = "ScheduleID")]
                        [Int]$ScheduleID
                    
                    )
                    
                    Process {
                        
                        # Add parameters to a hashtable to easily push into invoke-command as an argument
                        $MyParameters = @{
                            DeployComputerName = $DeployComputerName
                            PackageName        = $PackageName
                            Targets            = $Targets
                            ScheduleName       = $ScheduleName
                            ScheduleID         = $ScheduleID
                            DeploymentType     = $PSCmdlet.ParameterSetName
                        }
                    	#OS Check
                    	
                    	$PSScriptRoot = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
                    	
                    	#Credentials
                    
                    $User = "domain\user"
                    $PasswordFile = "$PSScriptRoot\Password.txt"
                    $KeyFile = "$PSScriptRoot\AES.key"
                    $key = Get-Content $KeyFile
                    $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential `
                     -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
                    
                        # This outputs a powershell.log to the root directory of the target machine
                        $MyParameters | Out-String | Out-File C:\powershell.log
                    
                        # Testing to see if PSRemoting is enabled
                        If (Test-WSMan -ComputerName $DeployComputerName) {
                                
                            Write-Verbose "Test-WSMan test passed on $DeployComputerName"
                    
                            # Added -Whatif capability to script
                            If ( $PSCmdlet.ShouldProcess($DeployComputerName, "Starting deployment with the following parameters:`n $($MyParameters | Out-String)") ) {
                                
                                # Connect to Deploy machine and attempts to start a deployment
                                Invoke-Command -ComputerName $DeployComputerName -credential $MyCredential -ArgumentList ($MyParameters) -ScriptBlock {
                                    Param ($MyParameters)
                    
                                    # This outputs a powershell.log to the root directory of the deploy machine
                                    $MyParameters | Out-String | Out-File C:\powershell.log
                    
                                    # Build command string based on deployment type
                                    Switch ($MyParameters.DeploymentType) {
                    
                                        "Package" {
                    
                                            $PDQDeployCommand = "pdqdeploy deploy -package ""$($MyParameters.PackageName)"" -targets $($MyParameters.Targets)"
                                        
                                        }
                            
                                        "Schedule" {
                                        
                                            $DB = "$env:ProgramData\Admin Arsenal\PDQ Deploy\Database.db"
                                            $SQL = "SELECT ScheduleID FROM Schedules WHERE Name = '$($MyParameters.ScheduleName)' COLLATE NOCASE;"
                                            $ScheduleID = $SQL | sqlite3.exe $db
                                            $PDQDeployCommand = "pdqdeploy StartSchedule -ScheduleId $ScheduleID"
                                        
                                        }
                    
                                        "ScheduleID" {
                                        
                                            $PDQDeployCommand = "pdqdeploy StartSchedule -ScheduleId $($MyParameters.ScheduleID)"
                                        
                                        }
                                    }                    
                    
                                    # Append the actual command that will be run to powershell.log
                                    "Invoke-command: $PDQDeployCommand" | Out-File C:\powershell.log -Append
                    
                                    # Create and invoke scriptblock
                                    $PDQDeployCommand = [ScriptBlock]::Create($PDQDeployCommand)
                                    $PDQDeployCommand.Invoke()
                    
                                } 
                            }
                        }
                    }
                    

                    Im not sure if it works with server mode of PDQ deploy that was just released yet though I have not tested it. If you get a chance to please let me know.

                    Fog Server information

                    Cent OS 7
                    Running Version 1.5.2

                    B 4 Replies Last reply May 24, 2017, 2:45 PM Reply Quote 0
                    • B
                      bmorris @Troye Johnson
                      last edited by May 24, 2017, 2:45 PM

                      @Troye-Johnson Thank you very much for this. I will report back if this works for server mode of PDQ Deploy.

                      Fog Server Info

                      Ubuntu 16.04.2 LTS
                      Running Version 1.4.0
                      SVN Revision: 6069

                      T 1 Reply Last reply May 24, 2017, 2:52 PM Reply Quote 0
                      • T
                        Troye Johnson @bmorris
                        last edited by May 24, 2017, 2:52 PM

                        @bmorris Please remember to add this registry setting based on PDQ recommendations

                        Additionally, you’ll need to add an entry into the registry on the PDQ Deploy machine in order to tell the background service to use TCP/IP:

                        Location: HKLM\Software\Admin Arsenal\PDQ Deploy\
                        Type: DWORD Name: ServicePort Value: <port number>

                        The value needs to be a port number that is allowed within your network.

                        or find it here https://www.adminarsenal.com/webcast-bonus-content/

                        Fog Server information

                        Cent OS 7
                        Running Version 1.5.2

                        B 1 Reply Last reply May 24, 2017, 3:12 PM Reply Quote 0
                        • B
                          bmorris @Troye Johnson
                          last edited by May 24, 2017, 3:10 PM

                          @Troye-Johnson I forgot to ask, which I am sure I will find out anyway through testing, but is your FOG Service running as the default SYSTEM account on the client using this script? Since you are specifying creds in the script, this doesn’t matter now, I assume.

                          Fog Server Info

                          Ubuntu 16.04.2 LTS
                          Running Version 1.4.0
                          SVN Revision: 6069

                          T 1 Reply Last reply May 24, 2017, 3:36 PM Reply Quote 0
                          • B
                            bmorris @Troye Johnson
                            last edited by May 24, 2017, 3:12 PM

                            @Troye-Johnson Thanks for this. PDQ actually provided me with an update that fixes this issue on v13. No need for the registry setting change. The update put us on v13.2.0.0.

                            Fog Server Info

                            Ubuntu 16.04.2 LTS
                            Running Version 1.4.0
                            SVN Revision: 6069

                            x23piracyX 1 Reply Last reply May 24, 2017, 5:44 PM Reply Quote 0
                            • B
                              Bob Henderson @Bob Henderson
                              last edited by May 24, 2017, 3:28 PM

                              @Bob-Henderson said in Webcast: Imaging with FOG, Managing with PDQ:

                              @george1421 Actually reminded me to renew the domain name on that one before I lost it! God I need to post more updates.

                              We’re still using FOG and PDQ to image out our 1:1 fleet of computers, as well as having it tied into our server deployments automated via Ansible onto our Proxmox KVM boxes. It’s working fantastically.

                              The next thing I’m working on (shoot for the moon, right?) is to use FOG to host Snapins and make them accessible outside of the LAN, that’ll then pull down some powershell to grab files via HTTPS from our web cluster to do remote installations if needed. I’ve got a proof of concept working, but I’m a 1 man shop and haven’t had time to do much more on it. But if it works, I’ll effectively be able to push installs both on and offsite, without having to use DirectAccess as the tie back. The powershell has some if’s in there to see if they’re on the LAN, which will then tell it to grab PDQ’s packages, but if they’re off, it’ll grab them from the HTTPS repository and fire off msiexec on them manually.

                              It’s poor mans SCCM!

                              An update on this. I got it working, and it worked fantastically. Presents a webpage, user pics what apps they want, and it makes an exe that fires off to tell PDQ to install it.

                              HOWEVER

                              In discussions with PDQ, I was told that it’s a violation of the EULA, as each user who is ‘interacting’ with pdq, in this case telling it to fire off, would need to be licensed. It doesn’t apply as much in this instance, so you’re the one firing it off each time in the image, but something to consider if you have multiple techs who do the imaging, etc.

                              B 1 Reply Last reply May 24, 2017, 3:34 PM Reply Quote 0
                              • B
                                bmorris @Bob Henderson
                                last edited by May 24, 2017, 3:34 PM

                                @Bob-Henderson Interesting. Probably a good thing each of our techs are licensed for PDQ Deploy then! Good work though.

                                Fog Server Info

                                Ubuntu 16.04.2 LTS
                                Running Version 1.4.0
                                SVN Revision: 6069

                                1 Reply Last reply Reply Quote 0
                                • T
                                  Troye Johnson @bmorris
                                  last edited by May 24, 2017, 3:36 PM

                                  @bmorris Yes no need to change the fog user on the service.

                                  Fog Server information

                                  Cent OS 7
                                  Running Version 1.5.2

                                  B 1 Reply Last reply May 24, 2017, 3:38 PM Reply Quote 0
                                  • B
                                    bmorris @Troye Johnson
                                    last edited by May 24, 2017, 3:38 PM

                                    @Troye-Johnson Excellent. I will let you know what I find out! Thanks again.

                                    Fog Server Info

                                    Ubuntu 16.04.2 LTS
                                    Running Version 1.4.0
                                    SVN Revision: 6069

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      Troye Johnson
                                      last edited by May 24, 2017, 3:40 PM

                                      For the licensing aspect you can create different power-shell scripts for each of your techs so that you can keep an audit of who ran what when applications are being deployed. This way not only will you stay in compliance with the eula but you also have an audit if something happens.

                                      Fog Server information

                                      Cent OS 7
                                      Running Version 1.5.2

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bmorris @Troye Johnson
                                        last edited by May 24, 2017, 4:27 PM

                                        @Troye-Johnson Just had a chance to dig into your script. Very new to fog, so forgive my ignorance. How are you getting the password file and key to the tmp fog service directory on the client? I don’t see a way to copy supporting files in the snapin manager in FOG?

                                        Fog Server Info

                                        Ubuntu 16.04.2 LTS
                                        Running Version 1.4.0
                                        SVN Revision: 6069

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          bmorris @Troye Johnson
                                          last edited by May 24, 2017, 4:34 PM

                                          @Troye-Johnson I should have checked a littler harder. I found the snapin pack option when creating a snapin. It pays to know how to read.

                                          Fog Server Info

                                          Ubuntu 16.04.2 LTS
                                          Running Version 1.4.0
                                          SVN Revision: 6069

                                          T 1 Reply Last reply May 24, 2017, 6:26 PM Reply Quote 0
                                          • 1
                                          • 2
                                          • 3
                                          • 2 / 3
                                          • First post
                                            Last post

                                          194

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project