FOG and PXE boot Any chance of unwanted image deployment?



  • New to Linux and the Fog project. Working with the IT folks at the university network we’re attached to (we are a non-AD subnet on their network, getting IP only from them).

    I mentioned adding the 66 and 67 options to their DHCP server, and one of them brought up a point I’m not sure is relevant, and wanted to ask the assembled brain trust.

    Is there any guarantee that a PC (we run win7 & win10, mostly, with a few Macs scattered around) won’t automatically try to attach to the server and get re-imaged upon bootup? Most machines have to be forced to boot PXE, don’t they?

    Thanks!
    Steve



  • In my organization, I have started using the FOG for the past month and found it to be very flexible. We either register the host and deploy the image it via the console or just PXE boot and select “Deploy Image” and select the specific image for deployment. The whole process take less than 10 mins.



  • Don’t know if it’s mentioned yet, but you can password protect the boot menu. It’s a setting in the iPXE menu area, under fog configuration. I think the feature is called Hide-Menu or similar.



  • Hello!
    so there has to be imaging task in place for the computer to start imaging. These tasks are managed from the FOG server.
    Even If they manage to start pxe boot without there being a scheduled imaging task in place it will just load the “fog menu”.
    The menu has the option “Deploy now” but you can have that password protected.

    That’s how we have it set-up. My English is not the best hope it makes sense and answered your question.


  • Moderator

    You can set it up a few different ways.

    Some companies want unattended imaging. Basically from the console you can reimage a computer that was imaging by fog, by simply scheduling an imaging task. The computer will reboot and a new image will be downloaded to the target computer. There are a few steps to set this up but the key is changing the bios so it boots to PXE first then hard drive second. You might use this method for universities that would want to reimage a complete computer lab between classes. Using a multicast deployment you can push out a 15GB image to 30 computers in about 5 minutes (or less).

    In my company that type if of imaging is not allowed since there is a risk of reimaging the wrong computer (hint: wiping out the CEO’s computer is not a great career move). So in our case we require a IT tech to sit in front of the computer they are attempting to image. We have the hard drive still set as the preferred boot device. When we want to image we require the IT tech to boot the computer and press the F10 or F12 keys at boot time to call up the firmware boot manager. From that point the IT tech pick network boot and enters into the FOG iPXE menu to initiate imaging.


Log in to reply
 

288
Online

7.4k
Users

14.5k
Topics

136.5k
Posts