• Hi Guys,

    Everytime I try to deploy a snap in it never works. On the webUI it says in progress but on the host no sign of any installation? I am able to upload images etc but not deploy snap-ins?!

  • Moderator

    If you use a domain admin account for this, you will most likely fail any kind of security audit including Sarbanes-Oxley if your financial systems are tied to your active directory in ANY way. Even if you aren’t a publicly traded company, it’s not safe to hand out domain admin accounts even if they are easier to deal with in terms of security troubleshooting. While I normally will try a domain admin account during debugging to see if it’s a permissions issue, I do my best to avoid them if at all possible. If I must use one, I must.

    If you want to create and use a local account in the workstations administrator group, that will give the FOG service enough rights to the local machine, but may not allow them to access network resources that are not visible to the “Everyone” group on your domain.

    There is something special about the local system and network service accounts on Windows in regards to accessing remote service, but I don’t remember them offhand.

  • Chad do you think my giving the service local administrator access will suffice then? I assumed that should there be a vulnerability that if it had only local admin privileges, it would be a lot less of a threat to the security of my network that way rather than give it a domain account that allowed local privileges. I see exactly what you are saying, I guess my question is simply, is it safe the way I did it in your opinion?

  • Moderator

    For security reasons and just in case there is ever a vulnerability in the FOG client that can be exploited, you may want to reduce that service account to a normal user, but through Group Policy, make it a local admin on the boxes and give it rights to any network shares that it may need.

  • Brilliant… glad to be of help and give a little back 🙂

  • Hi Matt,

    Simply Love you!! That worked a treat!! Thank you sooo much…

  • I created a domain admin account specifically for the FOG service to use.

    Going to try the snap-in now. Will let you know how I fare.

  • The only other likely thing that springs to mind is that perhaps its a vlan issue? I guess it depends what port fogservice uses to talk to the server on and if thats allowed… presuming that you use vlans?

    Lets see how the local administrator thing pans out. I’m hoping its that simple for you.

  • lol no I have not forgotten it, not patronizing at all, I suppose won’t know until you ask.

    I will give the permissions thing a go. Anything else I should look out for?

    Thank you for the help btw!

  • That script looks absolutely fine to me, I’d go with the permissions thing too. I have had several issues with some snapins early on and nearly all of them went away when I told fog client to run under the local administrator account. I’m not saying thats your issue, but give it a go so it can be discounted if its not the fix.

    By the way, the sleep.exe app is in the script I notice… not to patronise at all, as I use it myself, but you have downloaded it right? You dont seem like a novice at all, but I’m just mentioning it in case its something that slipped your mind.

    Anyhow… I’ve included screenshots of what I did to fog client for you to try.

    Incidentally I have a fully working snapin of Adobe Reader 11.0.1 Which you are more than welcome to.



  • just thought of something, could it be a permissions thing? Under what username will the Snap-in be installing? fog?

  • Hi Guys, sorry about the vagueness …ok I’ll be as descriptive as possible…

    I am trying to deploy an adobe reader snap in. I packaged it myself using SFX Maker.

    START “Adobe Reader” /wait “AdbeRdr1013_en_US2.exe” /sAll /rs /msi EULA_ACCEPT=YES
    SLEEP.exe 10
    REG IMPORT Disable_protected.reg
    SLEEP.exe 1
    REG IMPORT Disable_updates.reg
    SLEEP.exe 1
    REG IMPORT Units_to_CM.reg
    SLEEP.exe 1
    SLEEP.exe 5

    that is the script I am hoping it will execute. The PC I am attempting to deploy it to does have the client.

    Going absolutely crazy. My fog isn’t setup on an isolated network. It is integrated on our existing one. Is not playing the role of DHCP.

    Let me know if there is anything else you need to know. Sorry new to this FOG business.

  • Can you be more specific? For instance, what are you trying to deploy? Is it an msi package or something you’ve put together perhaps? Perhaps a screen shot or a list of parameters you’ve maybe used etc?

    I’ve had a lot of success with the snapins on FOG personally but not before a few painful hours scratching my head understanding the process when I first set up FOG. Hopefully we can help but we need as much detail as possible.

  • Do you have the FOG client installed? How is your snapin configured?