FOG + Sysprep + Windows 10 1803

Florent

Hi,
I search feedback on methods to sysprep windows 10 1803 and join domain.
What are your methods :
-to sysprep your windows 10 1803
-And to join domain with the correct ComputerName (host name in fog web interface)

FOGprep still exist ? If yes how it works ?

Regards

Florent

@george1421
Hi George,
I advanced on the problem and i am very confused…
I identify problem is just after post download scripts.
I say that because in my multiple tests if i shutdown computer just after sed, cancel fog tasks and boot on Windows 10 1803 the name is correct !

See screenshot of step where i ientify problem occurs :
In tests where windows computer name is correct i shutdown computer just before this screen.

As i saw rubric “Changing hostname” i search in my web FOG Settings :
-FOG Client - Hostname Changer was enabled : Now DISABLED
-General Settings / Change Hostname early was enabled : Now DISABLED

After disable this two settings it’s ok …
2 months to identify this !
Problem solved.

Very thanks for your helps and guidance to post download scripts.
I was convinced that it was coming from Windows/Sysprep.

Don’t know why that did not bother Windows 10 1709.

Thanks again

george1421

Fogprep, NOT to use anymore.

In my company’s case we don’t use the FOG Client to connect the computer to AD. We use the unattend.xml file. When we sysprep before capture we run the sysprep command and point to our custom unattend.xml file. We also use the unattend.xml file to name the computer.

I give examples of using a FOG Postinstall script to “change” the unattend.xml file settings after FOG puts the image onto the target computer’s hard drive and before windows starts for the first time.

https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script

There are additional examples of post install scripts here.
https://forums.fogproject.org/topic/7391/deploying-a-single-golden-image-to-different-hardware-with-fog

Florent

Thanks for your response.
Your method works on Windows 10 1803 ?
Have you an example of your template of unattend.xml ?

george1421

@florent Yes works with 1803

Here is my sysprep command
c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\Panther\Unattend.xml

Ah I now see you are a back working on the same problem again:
https://forums.fogproject.org/topic/11920/windows-10-1803-sysprep-problem/6

What I do in fog post install script is to call sed to run on the unattend.xml script as referenced above to search for “<ComputerName>W10CBB</ComputerName>” and replace it with “<ComputerName>${hostname}</ComputerName>” where ${hostname} is supplied by FOG.

Florent

@george1421
Hi,
Yes same problem today even with your sysprep
I take everything from scratch

Only difference is i do this command :

c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:C:\Windows\System32\Sysprep\sysprep.xml

And in my post deploy script i copy and sed to this

C:\Windows\System32\Sysprep\sysprep.xml

and

C:\Windows\Panther\unattend.xml

I go to try same command like you (in your command and FOG script it’s unattend.xml or Unattend.xml ?).

After doing your sysprep command and shutdown, you upload your image on FOG ?
In your post deploy script you use only sed or you use other tricks related to your image ? (cleanup files or folder or other)

Thanks

george1421

@florent Well I have found that you will have better success with Win10 to place the unattend.xml script in the Panther’s directory than in the older Sysprep directory. Also make sure that you only have one unattend.xml in your computer. Windows 10 looks in panther first.

Look at the fog.ad script here: https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/3

I do have other scripts that perform other actions, but in this script you see how to update the unattend.xml file in a post install script.

Florent

@george1421
Thanks, i will do new test with this next week.

Actually i use this sed to modify xml :

sed -i "s/UCXXXX/$hostname/" /mnt/win/Windows/System32/Sysprep/sysprep.xml
sed -i "s/ouxx/$hostadou/" /mnt/win/Windows/Panther/unattend.xml

george1421

@florent Just as a observation…

1. Why do you have 2 xml files? Doing so will only ask for problems to visit you.
2. Why to different naming conventions (and cases) UCXXXX vs ouxx Understand that sed will look literally for “UCXXXX” in the code and replace it with the value contained in “$hostname”
3. Why are you setting the OU in one unattend file and the host name in another? From what I understand windows will use the first unattend.xml file it finds and will not look more places. So in your case windows always looks in c:\windows\panther first so using your sed scripts it will never see the hostname value you set in sysprep.xml

If you look at my sed command. It searches for the xml field called “Computer Name” (yes case is important) and then replaces anything after that with the $hostname supplied by FOG.

One thing you can do is after windows boots and OOBE runs, you can inspect the unattend.xml file to see if your values are updated. OR you can schedule a debug deployment (before submitting the deploy task check the debug option). Then pxe boot the client computer. When the computer boots it will not automatically run deployment. At the target computer linux command prompt key in fog to single step through the deployment, when you get to the point of your sed script to run, you can press crtl-c to exit out of the deployment script to debug your post install script. This is how I debug my complex post install scripts.
sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1

Florent

@george1421
1-I thought I saw somewhere that we should not use the unattend.xml in Panther during command sysprep before upload.
2/3- Sorry this look like this :

sed -i "s/UCXXXX/$hostname/" /mnt/win/Windows/System32/Sysprep/sysprep.xml
sed -i "s/UCXXXX/$hostname/" /mnt/win/Windows/Panther/unattend.xml
sed -i "s/ouxx/$hostadou/" /mnt/win/Windows/System32/Sysprep/sysprep.xml
sed -i "s/ouxx/$hostadou/" /mnt/win/Windows/Panther/unattend.xml

I also use debug and xml are correctly set at the end of script.

It’s true that it’s far-fetched but it always worked with windows 7 and windows 10 1709. But not with windows 10 1803

I hope this is the problem, i try next week with only unattend.xml in Panther

george1421

@florent said in FOG + Sysprep + Windows 10 1803:

I thought I saw somewhere that we should not use the unattend.xml in Panther

The recommended file name and place is c:\windows\Panther and the recommended file name is unattend.xml. I would not use and/ore just remove C:\Windows\System32\Sysprep\sysprep.xml

Look at the section “Implicit Answer File Search Order” in this document:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview#implicit-answer-file-search-order

I’m finding that on occasion that OOBE ignores the explicit path defined during sysprep c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\Panther\Unattend.xml and just searches Panther first. SO to avoid a broken install I (personally) just place the file where it looks first. Also the MS document said the name should only be Unattend.xml or Autounattend.xml not unattend.xml (note the case).

I’m not saying it will not work otherwise, it just works for me this way so I haven’t had a need to find out when it breaks. “It just works”, is good enough for me.

Florent

@george1421
Thanks.
I would take care of the name of Unattend.xml

Florent

@george1421
You launch this command before upload your image (with upper U) :

c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\Panther\Unattend.xml

And in your post-install script you copy and sed unattend.xml (lower case)

You keep Unattend.xml or your delete him in your post-install script ?
Or you keep unattend.xml and Unattend.xml in the same folder ?

Regards

george1421

@florent

Yes I run sysprep before capture. I have sysprep power off the computer to ensure the disk is closed correctly. I schedule the capture task in FOG, then pxe boot the computer into FOG image capture.

The Unattend.xml is on the computer before I sysprep it. There are bits that sysprep reads when its preparing the system for cloning. Then my sed script only updates the in place Unattend.xml file.

With that said, I have been known to use the fog post install script to insert a new Unattend.xml file if I discover a bug while perfecting the Unattend.xml file. This keeps me from having to recapture an image just because of a bad setting in the unattend.xml file. When I have all of the settings correct in the unattend.xml file I will rebuild the reference image and install the corrected unattend.xml file in the final golden image and stop the post install script copy job.

Florent

@george1421 ,
Not better
Maybe this comes from Active Directory

george1421

@florent So just to be clear, your sed script IS UPDATING your unattend.xml file, but your system is not being renamed during OOBE? You can view your unattend.xml file in c:\windows\panther and it is for sure updated?

Florent

@george1421

Hi George,

Yes

This is exactly what I do :

ComputerName of on my windows image template : MASTER10

Sysprep c:\Windows\Panther\Unattend.xml (source of you ,adaped to me) :

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SetupUILanguage>
                <UILanguage>fr-FR</UILanguage>
            </SetupUILanguage>
            <InputLocale>040c:0000040c</InputLocale>
            <SystemLocale>fr-FR</SystemLocale>
            <UILanguage>fr-FR</UILanguage>
            <UILanguageFallback>fr-FR</UILanguageFallback>
            <UserLocale>fr-FR</UserLocale>
        </component>
        <component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DriverPaths>
                <PathAndCredentials wcm:action="add" wcm:keyValue="1">
                    <Path>C:\drivers</Path>
                </PathAndCredentials>
            </DriverPaths>
        </component>
    </settings>
    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DriverPaths>
                <PathAndCredentials wcm:action="add" wcm:keyValue="1">
                    <Path>C:\drivers</Path>
                </PathAndCredentials>
            </DriverPaths>
        </component>
    </settings>
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>040c:0000040c</InputLocale>
            <SystemLocale>fr-FR</SystemLocale>
            <UILanguage>fr-FR</UILanguage>
            <UILanguageFallback>fr-FR</UILanguageFallback>
            <UserLocale>fr-FR</UserLocale>
        </component>
        <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
        <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <CEIPEnabled>0</CEIPEnabled>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ComputerName>W10CBB</ComputerName>
            <CopyProfile>false</CopyProfile>
            <RegisteredOrganization>UR2</RegisteredOrganization>
            <RegisteredOwner>DSI</RegisteredOwner>
            <TimeZone>Romance Standard Time</TimeZone>
        </component>
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <Credentials>
                    <Domain>mydomain.com</Domain>
                    <Password>*****</Password>
                    <Username>*****</Username>
                </Credentials>
                <JoinDomain>mydomain.com</JoinDomain>
                <MachineObjectOU>dc=mydomain,dc=com</MachineObjectOU>
            </Identification>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <SkipUserOOBE>true</SkipUserOOBE>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <ProtectYourPC>1</ProtectYourPC>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
            </OOBE>
            <RegisteredOrganization>UR2</RegisteredOrganization>
            <RegisteredOwner>DSI</RegisteredOwner>
            <TimeZone>Romance Standard Time</TimeZone>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

Before upload image :

c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\Panther\Unattend.xml

Upload with FOG and deploy on other computer in debug mode

Verify if correct value :
echo $hostname => UC7774
echo $hostadou

Ok

ls /mnt/win/Windows/Panther/

Here i have problem because i have Unattend.xml but not unattend.xml (lower case)
I don’t know what i have foget ?

sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" /mnt/win/Windows/Panther/unattend.xml

=> Not such file or directory

sed -i -e "s#<MachineObjectOU>\([^<][^<]*\)</MachineObjectOU>#<MachineObjectOU>$hostadou</MachineObjectOU>#gi" /mnt/win/Windows/Panther/unattend.xml

=> Not such file or directory

I try anyway with Unattend.xml :

sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" /mnt/win/Windows/Panther/Unattend.xml

=> Ok

sed -i -e "s#<MachineObjectOU>\([^<][^<]*\)</MachineObjectOU>#<MachineObjectOU>$hostadou</MachineObjectOU>#gi" /mnt/win/Windows/Panther/Unattend.xml

=> Ok

Vérify result of sed :

cat /mnt/win/Windows/Panther/Unattend.xml | less

Ok good value

Reboot => computer join domain correctly in the correct OU but always named is WIN-XXXXX …

If i try

c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\System32\Sysprep\sysprep.xml

Upload
After deploy in debug mode if i do ls /mnt/win/Windows/Panther/ here i have the unattend.xml (lower case)
I do same operation with sed but always WIN-XXXX

Maybe problem is here ?

Which is weird is the error on log file C:\Windows\Panther\UnattendGC\setupact.log :

[Shell Unattend] Running ‘specialize’ pass
[Shell Unattend] ComputerName in unattend [UC7774] matches the current ComputerName [UC7774]
[Shell Unattend] Skipping setting the same ComputerName

I don’t understand because my template windows i uploaded not have this computer name.

I hope i am clear but i don’t speak very good english.

I have also test to set in template image : Unattend.xml with UC7774 and correct OU with

c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown /unattend:C:\Windows\Panther\Unattend.xml

If i reboot my template it’s correct named UC7774 and joined to domain

I don’t understand where is the problem

Regards

george1421

@florent said in FOG + Sysprep + Windows 10 1803:

/mnt/win/Windows/Panther/unattend.xml

well of course you know the lower case unattend.xml is wrong, correct?

Can you post what your post install scripts look like? I’m mainly interested in the script that renames the computer.

HINT: Your english is better than mine

george1421

@florent said in FOG + Sysprep + Windows 10 1803:

Reboot => computer join domain correctly in the correct OU but always named is WIN-XXXXX

Just a minute. I remember reading something about this. I seem to remember it was a windows 10 feature not a bug.

Florent

@george1421
Sorry i don’t understand, what do you mean by :
well of course you know the lower case unattend.xml is wrong, correct?

For this test, i took this post install script, just putting commands in debug mode (shell) :

#!/bin/sh
#  

. /usr/share/fog/lib/funcs.sh

hd=""
getHardDisk

sysproduct=""

doInventory

modele=$(echo $sysproduct|tr 'A-Z' 'a-z')

modele=$(echo $modele|sed -e 's/ //g')

# Récupération des infos du host a partir de FOG
wget -q  -U '' -O /tmp/hinfo.txt "${web}service/hostinfo.php?mac=$mac"
chmod +x /tmp/hinfo.txt
. /tmp/hinfo.txt

if [ "$mode_r2" = "debug" ] ; then
	bash
fi

if [ -n "$hd" ]; then	
		partsys=$hd'1'
		partdata=$hd'2'

	echo "* Using disk device : $hd"
	echo "* Partition système : $partsys"
	echo "* Partition de données : $partdata"
		
	if [ "$mode_r2" = "debug" ] ; then
        # Here i put my command for sysprep
        bash
    fi 

	echo "=> Copy Drivers"
	cd /mnt/win/

	if [ -e "/mnt/win/drivers" ] ; then
                rm -r /mnt/win/drivers
    fi
 
	cp -a /mnt/clonages/pilotes/${modele}/${osid}/drivers /mnt/win  
	cd
	umount /mnt/win	
	rm -f /tmp/hinfo.txt
fi

george1421

@florent If you want FOG to do this automatically these command should be in a script that is called every time the system is imaged.

I would think YOUR post install script would look similar to my scripts here:
https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/6

I would guess that you don’t need the fog.drivers and the fog.log scripts only fog.postdownload and fog.ad scripts. Then you would update the fog.postdownload script to only call the fog.ad script.

        echo "Done"
        debugPause
        # . ${postdownpath}fog.log
        # . ${postdownpath}fog.drivers
        . ${postdownpath}fog.ad
        umount /ntfs
        ;;