Windows desktop shortcuts... .ico images gone after sysprep!



  • Server
    • FOG Version: 1.4.4
    • OS: Debian
    Client
    • Service Version: Current version
    • OS: Win 10 edu 1703
    Description

    Hello All,

    I have been using FOG since 0.3x~ and have never come across a problem like this. Altho it has nothing to do with FOG from what I can see.

    We use a very basic img here it has office, chrome, and a few other programs… We also like to add a few desktop shortcuts to our student information system and Gmail.

    So I start off as I always have… In audit mode.

    Install all the software etc and create my shortcuts with there .ico images saved to a folder under C:\Tools(accessible to everyone)

    Great, All looks good… Time to sysprep and upload the img with our unattend.xml.

    Image uploaded, let’s test it on a laptop… After FOG does its thing and joins it to the domain etc, I log in as any domain account and those custom shortcuts are there but with the default white box instead of their custom .ico image that we have been using for years! (Yes, they are still in the C:\Tools\ folder)

    Any thoughts? I would really appreciate any ideas at this point.

    Thanks,



  • @m144 said in Windows desktop shortcuts... .ico images gone after sysprep!:

    @avaryan WOW that was quick… Did you just make this!

    Modified from something I previously wrote so that I could apply auto login values in bulk via IP addresses exported from DHCP and saved in a csv file. This was at a time when our DNS records weren’t reliable so the tool that I typical use to set auto login wasn’t working reliably.

    The original, in case anyone ever needs it for something:

    <#
    .Synopsis
       Enables Automatic Login with supplied credentials.
    .DESCRIPTION
       Logs off all users, sets AutoLogon registry keys with entered values, restarts the computer.
    .EXAMPLE 
       ./Set-AutoLogon.ps1 -ComputerName PTSD-TestComputer -Username PTSD\TestAccount -Password Password123 -TimesToLogin 3
       This will automatically logon to PTSD-TestComputer three times as the TestAccount user. The computer will revert to the normal logon procedure after the third automatic logon. 
    .NOTES
       Supplied credentials are stored in plain text in the registry. They are removed from the registry when the number of 
       automatic logons is depleted.
    #>
    
    Param(
        [parameter(Mandatory=$true)]
        [String[]]
        $ComputerName,
    
        [parameter(Mandatory=$true)]
        [String]
        $Username,
    
        [parameter(Mandatory=$true)]
        [String]
        $Password,
    
        [parameter(Mandatory=$false)]
        [Int]
        $TimesToLogin = 1
    )
    
    $credentials = Get-Credential
    
    Invoke-Command -ComputerName $ComputerName -Credential $credentials -ScriptBlock {
        Param($Times, $User, $Pass)
                
        $shutdown = $env:SystemRoot + "\System32\shutdown.exe"
        Start-Process -FilePath $shutdown -ArgumentList '-l -f' -Wait
        Start-Sleep -Seconds 2
    
        $path = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
        Set-ItemProperty -Path $path -Name AutoAdminLogon -Value 1
        Set-ItemProperty -Path $path -Name DefaultUserName -Value $User
                
        if (-Not (Get-ItemProperty -Path $path | Select-Object -ExpandProperty "DefaultPassword" -ErrorAction SilentlyContinue )) {
            New-ItemProperty -Path $path -Name DefaultPassword -Value $Pass | Out-Null
        }
    
        Set-ItemProperty -Path $path -Name DefaultPassword -Value $Pass | Out-Null
    
        if (-Not (Get-ItemProperty -Path $path | Select-Object -ExpandProperty "AutoLogonCount" -ErrorAction SilentlyContinue )) {
            New-ItemProperty -Path $path -Name AutoLogonCount -Value $Times | Out-Null
        }
    
        Set-ItemProperty -Path $path -Name AutoLogonCount -Value $Times | Out-Null
                
        Restart-Computer -Force
                    
    } -ArgumentList $TimesToLogin,$Username,$Password
    


  • @avaryan I have not messed around with FOG Snapins that much at all… I guess now is a good time to start!

    Thanks for all your help on this, much appreciated.



  • Regarding the auto login issue. I have a FOG Snapin called “(9) System Restart”. It’s just a blank text file with the “Reboot after install” option enabled in the snapin settings.

    FYI: I have the number there to assign deployment priority. FOG will pull them alphabetically. “(0)” is my SCCM client. “(4)” are my normal applications, etc…



  • @avaryan WOW that was quick… Did you just make this!

    So, I have a firstboot.bat that runs on the first autologin that does some stuff like delete the unattend.xml, start the fog service, etc.

    I think I am just going to have my firstboot.bat file throw another .bat (secondboot.bat) into the startup folder for the administrator account. Who knows maybe we will find something we can add to the secondboot.bat that is useful.

    Below is the list of the basic things we do excludes any extra stuff we are doing. Just want to list out how we are doing things in case anyone else wants a super basic process.

    *Note: This is the code we use if “CopyProfile” in the unattend.xml is set to false and we are using the DefProf tool.

    #win_10-generalize.bat
    
    sc config "FOGService" start= disabled
    net stop "FOGService"
    
    cd C:\Tools\firstboot
    copy firstboot-shortcut.lnk "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
    
    #more stuff goes on here
    
    cd C:\Windows\System32\Sysprep
    sysprep /generalize /oobe /shutdown /unattend:c:\Windows\System32\Sysprep\unattend.xml
    

    Upload to FOG server… Then send out to what ever.

    #firstboot.bat
    
    del C:\Windows\System32\Sysprep\*.xml
    
    sc config "FOGService" start= auto
    net start "FOGService"
    
    #more stuff goes on here
    
    cd C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    del firstboot-shortcut.lnk
    
    cd C:\Tools\secondboot
    copy secondboot-Shortcut.lnk "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Startup"
    
    del C:\Tools\firstboot\*.bat
    
    #at this point FOG reboots and joins the computer to the domain
    
    # fix my auto log in twice problem
    
    shutdown -r -t 60
    
    cd C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    del secondboot-shortcut.lnk
    
    del C:\Tools\secondboot\*.bat
    

    Probably not the best way to fix this whole logging into the administrator account twice for no reason problem… But it is a quick way to fix it lol.



  • @m144 said in Windows desktop shortcuts... .ico images gone after sysprep!:

    1. The fact that after Sysprep it auto logs into the pc as administrator twice but we only have it set to do so once in the unattend.xml :/ (Not sure how I am going to fix this one!)

    Auto login values and stored in the registry. I would use the SetupComplete.cmd file to launch a PowerShell script that runs something like this:

    # This is completely untested.
    
    # If this is the same account specified in the unattend, the user/pass info may already be stored here.
    $Username = "Administrator"
    $Password = "MySuperSecretPassword"
    $LogonAmount = 1
    
    # Editing these while an account is logged in has given me errors before, so just to make sure...
    Start-Process -FilePath "$env:windir\System32\shutdown.exe" -ArgumentList '-l -f' -Wait
    Start-Sleep -Seconds 2
    
    $path = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
    if ($LogonAmount -gt 0) {
        Set-ItemProperty -Path $path -Name AutoAdminLogon -Value 1
    } else {
        # If it's set to 0 (or less), turn auto logon off.
        Set-ItemProperty -Path $path -Name AutoAdminLogon -Value 0
    }
    
    Set-ItemProperty -Path $path -Name DefaultUserName -Value $Username
                
    if (-Not (Get-ItemProperty -Path $path | Select-Object -ExpandProperty "DefaultPassword" -ErrorAction SilentlyContinue )) {
        New-ItemProperty -Path $path -Name DefaultPassword -Value $Password | Out-Null
    }
    
    Set-ItemProperty -Path $path -Name DefaultPassword -Value $Password | Out-Null
    
    if (-Not (Get-ItemProperty -Path $path | Select-Object -ExpandProperty "AutoLogonCount" -ErrorAction SilentlyContinue )) {
        New-ItemProperty -Path $path -Name AutoLogonCount -Value $LogonAmount | Out-Null
    }
    
    Set-ItemProperty -Path $path -Name AutoLogonCount -Value $LogonAmount | Out-Null            
    Restart-Computer -Force```


  • @avaryan Thanks, That’s not a half bad idea… As of now, defprof is doing the job. The only problems I have left to fix on this windows 10 img is:

    1. The fact that after Sysprep it auto logs into the pc as administrator twice but we only have it set to do so once in the unattend.xml :/ (Not sure how I am going to fix this one!)

    2. Chrome profile settings are not being copied over to the default profile. (Not that big of a problem can live with out it)

    Other than that I should be able to push this out to a few computers today, give it a good test run before our first go around with a few hundred computers… to start with.



  • You could also create a PowerShell/batch script to copy the icons onto the Public desktop. Push it out as a FOG Snapin.

    Copy-Item -Path C:\Tools\Shortcut01.lnk -Destination $env:PUBLIC\Desktop\Shortcut01.lnk -Force
    


  • @x23piracy That’s what I ended up using… I used defprof back in the XP days. Happy to see that it is still around.



  • https://www.forensit.com/support-downloads.html

    alt text

    @Quazz will this copy, startmenu, taskbar and default apps?


  • Moderator

    @m144 I personally use Defprof to keep most of the customizations for the default profile.



  • So… After a few days of messing with this, it turns out to be the CopyProfile = true bit in the unattend.xml that is messing with the desktop icons.

    I set CopyProfile = false and just threw the links into default profile myself and now the links and everything else that was being odd work just fine. Other customizations like start menu etc are gone but I can work around that.

    Has anyone else had any problems with CopyProfile = true in their unattend.xml? Its a shame to not be able to use that. :(



  • @x23piracy When I check the settings, yes it is still pointing to the correct ico location.

    As for the icon cache… I have wiped it out a few times now(and before upload), I still end up with the white boxes every time.

    Here are the settings on one of the shortcuts when opened with notepad.
    [InternetShortcut]
    URL=http://mail.google.com/
    IconIndex=0
    HotKey=0
    IDList=
    IconFile=C:\Tools\gmail.ico



  • @sudburr I will take a look at the permissions for the shortcut… Seems a bit odd, and have also never had to do that but at this point, I will try anything. (I will get back to you with the outcome)



  • @sudburr said in Windows desktop shortcuts... .ico images gone after sysprep!:

    It’s not a v1703 thing. I ran into it with v1607 as well.

    After you copy the shortcuts to desktop you must edit the permissions for each to:

    ADD Users Read & Execute, Read 
    

    really? I never had to do so.



  • I only know this issue regarding to a network share which covers the icon and the client had no read access yet. When then windows is trying to load the icon it couldn’t reach the share readable and therefore the icon is empty.

    What if you check the icons symbol settings? Is it still pointing to the correct local ico file?
    Please show a screener of the shortcut properties.

    If you choose the same icon will it be displayed after you close the properties?

    Maybe it’s an icon cache problem, before i sysprep i always make a cleanmgr run with all possible settings enabled to clean the system up.

    Regards X23



  • It’s not a v1703 thing. I ran into it with v1607 as well.

    After you copy the shortcuts to desktop you must edit the permissions for each to:

    ADD Users Read & Execute, Read 
    


  • @quazz We just got our win 10 licensing so we were going to start rolling out win 10(1703) this summer but we don’t want to push it out with this problem.

    So I guess the answer to your question is yes. :D I am going to test it on win 10 pro(1703) today, I don’t expect anything different but can’t think of any solution rn. (I will post an update when done testing today)

    Also fun fact, We do have one shortcut that is pushed out to everyone with GPO and the same thing happens to it on the win 10 img. The same GPO shortcut has been working on win 7 for years.


  • Moderator

    Is this happening since 1703 build? I think I remember reading about some issues with it happening to other people.


  • Moderator

    @m144 It’s nothing to do with fog, probably also nothing to do with sysprep. Your problem is elsewhere, think creatively. That’s about all I could tell you, You’re there and I’m not.


Log in to reply
 

506
Online

38925
Users

10691
Topics

101434
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.