Option to edit Windows registry via FOG PXE boot?

psyfer9983

Would it be possible to edit the Windows registry via FOG PXE boot? I have machines that tend to reset the CMOS settings which causes endless boot loops due to the wrong SATA mode. Having the option to make changes to the registry with PXE would allow me to edit the keys to allow Windows to boot without touching the machine.

Joe Schmitt

@psyfer9983 since editing the Registry can be done via Linux, you could just add another boot option for a live ISO that contains a distribution with a registry editor pre-installed (or install it manually).

Tom Elliott

FOS already contains a registry editor too, just in case anybody was unsure. That’s how we do “hostname early”

Wayne Workman

Following along with what Tom said below, you just need to write a postdownload script to do the work you need done. Get started with that here:
https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script
Try your best to do it yourself. If you need help, ask here.

george1421

look at the tail end of the first script in this post: https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4

It explains how to use the linux utility reged to import registry changes into Windows. You will need to use a postinstall script to deliver this script to your target computer.

But just a point to mention you are saying that your CMOS settings are being reset. (First replace your battery). Setting registry values will not do you any good since your windows install won’t boot because the SATA mode is incorrect, causing windows to not boot. I assume you need linux to change your BIOS/firmware settings to correct this condition? If so you are out of luck. FOG/linux/Windows dosen’t have the ability to change bios settings.

psyfer9983

Thanks for the replies. The reason for the method is due to an image made for over 200 machines (thankfully all the same model) and not wanting to go to each machine, back them up, set bios setting, reimage and restore data. The machines all have good cmos batteries but a power flicker will sometimes cause them to revert to defaults like it has a post failure detection. Anyway, the image was made with AHCI mode and the default BIOS setting is RAID (stupid Dell). The SATA mode was set to AHCI mode in case some of them were to be upgraded to SSD as AHCI gives better compatibility/performance boost, we would just need to clone it and boot it. This site in question for me is a “site as is” problem that I’m sick of having to go to the machines just to change one setting in the BIOS to fix. Since I know what the default SATA mode is that’s being reverted too, I’ve been looking for a method of just changing the reg keys to reflect the settings but doing it remotely. It would save me having to physically go to the machines. I’ll check out the posted URLs and give them a try. My goal is to “fix” the image with the defaults for new installs and have the “reg patch” for the rest. The reg keys in question need to be changed to the following:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msahci]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pciide]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorV]
"Start"=dword:00000000

Quazz

You could also simply edit the registry before capture of course.

But if you have, say an SSD, I don’t particularily recommend leaving it in IDE mode.

protools_operator

Update BIOS settings directly from fog.
Joe’s and Tom’s suggestions are great for registry editing.
I suggest a different approach, Update UEFI Firmware (BIOS) setting directly.

I’ve used this method when I was working in a highschool, I don’t have my documention and batch scripts as I’m not working there anymore, but I can give some direction and contribute rescripting it.

• Build a WINPE 3 or later ISO and Add WMI component and WINPE DriverPack (possibly with DISM or Winbuilder)
  (LINUX based official bios tools are less popular)
• Copy necessary files to the ISO for each name-brand company (HP/Lenovo/Dell/Intel)
• Edit Startnet.cmd /OR/ Wpeinit with RunAsynchronous commands in unattended xml file to run startup powershell script or batch file (for HP) and reboot or shutdown
• Create a fog menu entry to boot into the autorun WINPE and run it once to a group contains hosts from same company (or same model number).

Tools used for different namebrand companies:
HP Bios Configuration Utility (Extract files with 7-zip or alike):
http://ftp.hp.com/pub/caps-softpaq/cmit/HP_BCU.html
( Guide: https://ftp.hp.com/pub/caps-softpaq/cmit/whitepapers/BIOS_Configuration_Utility_User_Guide.pdf )
Examples:
Prerun the HP Tool to Create a new password (/nspwdfile) or enter the current password (/cspwdfile) using keyboard ASCII/ANSI characters you have on your keyboards (so you’ll be able to gain local access to BIOS easily if needed):
HPQPswd64.exe /s /p"<password>" /f"<encrypted-password-file.ext>"
(Password can be empty, or 8-32 characters)

Batch example:
BiosConfigUtility64.exe /cspwdfile:“<current encrypted-password-file.ext>” /setvalue:“<setting>”,“<value>”
BiosConfigUtility.exe /nspwdfile:“<NEW encrypted-password-file.ext>” /setvalue:“Enter Ownership Tag”,“Foobar Highscool”
BiosConfigUtility64.exe /cspwdfile:“<CURRENT encrypted-password-file.ext>” /nspwdfile:“<NEW encrypted-password-file.ext>” /setvalue:“SATA Device Mode”,“AHCI”
HP WINPE DriverPack: https://ftp.hp.com/pub/caps-softpaq/cmit/HP_WinPE_DriverPack.html

Dell uses the newer Command / Configure or older Dell Client Configuration Toolkit (CCTK):
Guide: http://topics-cdn.dell.com/pdf/command-configure-v3.3_user’s guide_en-us.pdf

Intel: Intel Save and Restore System Configuration Utility (SYSCFG)

Lenovo BIOS Setup Tools using WMI:
https://pcsupport.lenovo.com/il/en/solutions/ht100612
Guide:
https://download.lenovo.com/pccbbs/mobiles_pdf/kbl_deploy_01.pdf

Lenovo Example in powershell:
(Get-WmiObject -class Lenovo_SetBiosSetting –namespace
root\wmi).SetBiosSetting(“<SETTING>,<VALUE>,<PASSWORD>,ascii,us”)
(Get-WmiObject -class Lenovo_SaveBiosSettings -namespace
root\wmi).SaveBiosSettings("<PASSWORD>,ascii,us”)

Ofcourse you can use similar approach to update the firmware to latest,
You can also use this approach with fog client snapin script, new images unattend.xml/setupcomplete.cmd, or george’s post imaging scripting tutorials, findings and contribution , but I’ll not recommend it as I still think it’s a bit risky to update bios automatically, maybe I’m just oldschool and today there shouldn’t be any problem doing so.

Personally I won’t use this method as a fog snapin without precaution as I still think some buggy system resource intensive (for Ex: antivirus) could break the bios update or WMI functionality.

post-install-scripts might be useful for changing asset tracking number in bios based on host name or tags in host inventory.
(Probably could be also done with current/future API call)

psyfer9983

Been away for a while and haven’t had time to follow up with this. I have looked and looked and just can’t find how to do this. Is there any documentation for “reged”? How would one add a PXE menu option to add the following keys to the Windows registry WITHOUT booting into windows. The point of this is to remotely fix a machine that boot loops due to the wrong SATA mode set in the bios.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorV]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msahci]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pciide]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStor]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi]
"Start"=dword:00000000

I can’t update the BIOS directly (MB doesn’t support it). I’m trying to not go to the machine, I rather just go to the Fog server and tell it to run the reg fix remotely.

george1421

@psyfer9983 There isn’t a tutorial on what you ask, because poking about in the windows registry using a non-windows OS is not typically a good choice. But with that said, I can give you the match and can of gas. What you do with them is up to you.

In this post there is an example of how to use the reged linux utility. https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4

From that post here is the interesting snippet of code.

regfile="/ntfs/Windows/System32/config/SOFTWARE"
key="\Microsoft\Windows\CurrentVersion\DevicePath"
devpath="%SystemRoot%\DRV;%SystemRoot%\inf;";
reged -e "$regfile" &>/dev/null <<EOFREG
ed $key
$devpath
q
y
EOFREG

You can probably stack the ed commands so you only need to call reged once. Here is a help page for reged: http://manpages.ubuntu.com/manpages/bionic/man8/reged.8.html

So once you have the bash script you need, you can call it during the post install actions after the image is placed on the target hard drive and before FOS exits and reboots. The first link shows you how to update/attach scripts to the postinstall script (which can be used for driver deployments).