How to Setup Ubuntu Server/FOG 1.2.0/Create Univeral Windows 7 Image using Sysprep - Step-by-Step
Jaymes Driver has said it already, great stuff and thanks for the share.
I have made this a sticky for now as it is great for newcomers
I like what you have done here, thank you for taking the time to make a write up. I think this should curb some of the issues that users are having with installing a FOG server for the first time, and you have touched most of the bases including image creation, very nicely done.
[B]Uploading your reference image to FOG[/B]
After sysprep completes it will shut down your VM or workstation.
On another machine, open your Fog Management Console [url]http://FogServer/Fog/Management[/url]
Clicks Image Management -> New Image
• Name the image something meaningful, enter a description if you desire and for Windows 7 make sure to set Image Type -> Multiple Partition Image – Single Disk (Not Resizable)
i. This is why you need to use a smaller partition and we set the System Disk – Extend feature in
the unattend.xml file.
• Save your changes.
Power the sysprep computer on and enter the BIOS screen. Ensure that the computer is set to PXE boot and that FOG’s PXE functionality is working on your network.
When the computer reaches the FOG PXE boot menu, select Registration and Inventory and register the host. It helps to name it something that reminds you of its purpose. I usually do Win7x64Sysprep or the like.
As you enter the options, make sure to select your new Host Image from the options and you can set the HOST OS.
After the host registers shut the computer down.
Now back in the web management interface; click Host Management -> List all Hosts – Select your imaging host. (Win7x64Sysprep)
Click Update to save your changes.
Click Basic Tasks (on the left) -> Upload
Select Shutdown after Task Completion, if you need any scheduling you can enter that, and click Upload Image.
Start up your VM or workstation you sysprepped. As it starts the PXE boot it will detect a waiting task from FOG
and begin the image upload process.
Once completed let the workstation power off and congrats! You’ve just created a universal Windows 7 image
with easy deployment through FOG!!
I hope I haven’t missed anything, I have attached this guide as a PDF in the original post that may be a bit easier to read! Good luck all :)
[B]WORKSTATION IMAGE CREATION[/B]
The installation of FOG only helps if you have an image to deploy. I’m going to focus first on the unattend.xml sysprep file, then we’ll quickly go through image creation and installation/configuration of the FOG client on the workstation.
- First download the Windows Automated Installation Kit (WAIK) for Windows 7 – [URL=‘http://www.microsoft.com/en-us/download/details.aspx?id=5753’]Here[/URL]
- Download and install the Windows 7 ISO image from the Volume Licensing Center
- Using a zip tool (I like 7-zip) extract the ISO to a folder.
- Open the Windows System Image Manager (the WAIK executable for our next step)
• In the Bottom Left frame right click Select a Windows image or catalog file.
• Browse to the extracted Windows 7 folder \Sources\install.wim and click Open.
• Now we need to configure these unattended installation configuration. The settings are similar for an
x86 installation but I’m going to be focusing on the 64 bit configuration in this guide.
• Under Windows Image expand the section Components.
i. Scroll down to amd64_Microsoft-Windows-Security-SPP_ (NOT the UX!!)
- Right Click -> Add to Pass 3 Generalize
- You’ll now see it appear under Components -> Pass 3 Generalize in the Answer File
- Select it, and in the right frame Microsoft-Windows-Security-SPP set SKIPREARM to 0
ii. On the left frame scroll down to amd64_Microsoft-Windows-Deployment_neutral
- Right Click -> Add to Pass 4 Specialize
a. Expand amd64_Microsoft-Windows-Deployment_neutral
b. Right Click -> Extend OS Partition -> Add to Pass 4 Specialize
c. Select in the middle frame d. In the right frame set
i. Extend -> True
e. Back in the left frame Expand -> RunSychronous
f. Right Click -> RunSynchronousCommand -> Add to Pass 4 Specialize
g. Select in the middle frame, and in the right i. Action -> AddListItem
ii. Order -> 1
iii. Path -> net user administrator /active:yes
iv. Windows 7 natively disables the local admin account, we want to make
sure it’s turned back on.
iii. On the left frame scroll down to amd64_Microsoft-Windows-Shell-Setup_Neutral
- Right Click -> Add to Pass 4 Specialize
a. Select and add the following settings to the right frame b. ComputerName -> *
c. CopyProfile -> True
d. ProductKey -> If you use a KMS server you can enter the generic KMS client key for your copy of windows. Otherwise enter your Volume Activation License key.
e. ShowWindowsLive -> False
f. TimeZone -> your current time zone. NOTE the documentation isn’t clear on how to enter these. You need to fully write it out e.g. Eastern Standard Time
iv. In the left frame scroll down to amd64_Microsoft-Windows-International-Core_neutral
- Right Click -> Add to Pass 7 oobeSystem
- Select in the middle frame
- In the right frame.
a. InputLocale -> en-US
b. SystemLocale -> en-US
c. UILanguage -> en-US
d. UserLocale -> en-US
v. In the left frame scroll down to amd64_Microsoft-Windows-Shell-Setup_Neutral
- Right Click -> Add to Pass 7 oobeSystem
a. DisableAutoDaylightTimeSet -> False
b. DoNotCleanTaskBar -> True
- Expand amd64_Microsoft-Windows-Shell-Setup_Neutral
a. Right Click -> OOBE -> Add to Pass 7 oobeSystem
i. HideEULAPage -> True
ii. NetworkLocation -> Work
iii. ProtectYourPC -> 1
b. Expand -> UserAccounts
i. Right Click -> AdministratorPassword -> Add to Pass 7 oobeSystem
- Set Value – to your desired local administrator account password.
ii. Right Click -> Local Accounts -> Add to Pass 7 oobeSystem
iii. Right Click -> Local Accounts in middle frame iv. Insert New Local Account
- Action -> AddListItem
- Description -> LocalAdministrator
- DisplayName -> Administrator
- Group -> Administrators
- Name -> Administrator
v. Set password to match previous administrator password.
vi. It seems odd to add this twice, but otherwise after sysprep it will still prompt for an initial local account name. It may be possible to remove the OOBE section, but I haven’t experimented with it.
vi. You can also configure Taskbar and Start Menu settings to apply to all users. [URL=‘http://blogs.technet.com/b/askcore/archive/2010/03/16/how-to-customize-the-windows-7-start-menu-and-taskbar-using-unattend-xml.aspx’]Technet Article[/URL]
• Save this file as unattend.xml
- Now for the easier part – Creating the windows install.
• I like configuring my Windows 7 client images by installing them in a VM. This gains me the advantage of taking a snapshot prior to the sysprep. That way I can occasionally do windows update, add new software etc. then sysprep and recapture the image instead of starting over. I also recommend setting the hard drive or partition size at 20-25GB depending on how much you need to install. The reason for this is that the image can then be cloned to anything with a hard drive over that size, instead of needing to match the original drive size.
• Either mount your ISO image or insert the CD into your test computer.
i. After installing Windows, when you reach the Windows Welcome Screen and it asks you to create a username press [B]SHIFT-CTRL-F3[/B]
- This will enter Windows Audit mode, this mode is meant for image configuration prior
to deployment and greatly simplifies the sysprep process.
ii. One you’re at the desktop proceed with installing any necessary software, Windows Updates etc. This will really depend on your personal workstation needs for labs, offices and the like. My software image is pretty sparse as I use SCCM to auto-install most of my lab apps.
[B]iii. For best results DO NOT ADD THIS COMPUTER TO YOUR DOMAIN!![/B]
a. I configure my major system options through Group Policy, but you may want to set things such as System restore settings, Power Options, defrag, disk cleanup options etc.
[B]iv. FOG Client Installation[/B]
- On your build system open your web browser and navigate to the FOG interface
a. Download the FOG Client Service b. Extract the file and run Setup.exe c. On the Configuration page
i. Enter the host name of the FOG Server. (you can use IP, but depending on firewalls and routing non-domain computers may have issues communicating which will disable the auto-domain join feature)
ii. You can leave all other options selected as once the client service connects to the server it will copy the configured FOG options.
- This will be the greatest thing you ever use. Windows 7 has a number of built-in drivers and auto-detects a ton of hardware, but it can always be improved.
- So what we want to do is look at the DriverPacks repository - [URL=‘http://driverpacks.net/driverpacks/latest’]here[/URL]
- Find the version of Windows you are working with from the list.
- Not all of these files are needed, for most peripheral hardware (Touchpads, webcams etc.) the built-in windows drivers will function fine. What we need is the main system drivers crucial to booting the machine and getting network connectivity.
- I download Audio, Chipset, Graphics A, B, Mobile; LAN, Mass Storage and WLAN.
- Extract these files into C:\Windows\inf\DriverPacks
- There are other ways to install drivers but I found for adding 3-4GB to your image but gaining universal hardware functionality this is the easiest.
[B]vi. Preparing to Sysprep[/B]
- **If using a VM as suggested, I HIGHLY recommend taking a snapshot before starting this process. If something is misconfigured you can easily revert back and fix it or use the snapshot to update software before refreshing your image file. **
- Browse to C:\Windows\System32\sysprep
- Copy your unattend.xml file to this location.
- Open a command prompt in administrative mode and browse to
- When you are absolutely ready to create your initial image, enter the following command
- sysprep /oobe /generalize /unattend:c:\windows\system32\sysprep\unattend.xml
a. I’ll breakdown what this does as you may find you want to play with other
b. OOBE – configures Windows Welcome Mode, we’ve passed the initial user
configuration to re-enable the admin account which is all this is used for
c. Generalize – This resets the Security ID of the computer, removes all restore points and event logs and passes the initial hardware configuration and services startup to make the image hardware independent.
d. Unattend – Just the command to reference our unattend.xml file for
a. You may find it useful to include a script for other functions post setup. If so create the directory C:\Windows\Setup\Scripts. At this location make a file SetupComplete.cmd
b. The passwords are encrypted, but you may want to delete the unattend.xml after the workstation is fully setup or reference Microsoft Office’s license key service to automatically register itself.
[B]INSTALLING FOG SOFTWARE:[/B]
The installation of FOG is fairly straightforward, once installed the bulk of configuration is handled from the Web GUI through your browser. There are a couple of further tweaks that can be done from the system side but they are optional depending on your environment.
- Enter the following at your Ubuntu command line.
• cd /opt
• sudo wget [url]https://sourceforge.net/projects/freeghost/files/latest/download?source=[/url]
• sudo tar –xvzf fog_1.20.tar.gz
• cd fog_1.2.0/
• cd bin
• sudo ./installfog.sh
- Follow the steps in the FOG installer wizard
• Choose Option 2 (Ubuntu)
• Choose N (normal)
• Press enter to leave IP address default
• Press enter to leave gateway default
• Press enter to leave DNS default
• Choose NO when asked to change default NIC
• If you already have DHCP configured, press NO to disable FOG DHCP
• Press Enter to acknowledge MySQL warning
• Set a password for MySQL when requested if you want (I left mine blank)
• Be awesome and send a notification to the FOG community!
- FOG is now installed, we just want to check some of the MySQL settings real quick. wizard (skip this step if you left the password blank)
• sudo vi /var/www/fog/lib/fog/Config.class.php
• Set MYSQL_PASSWORD to the password you configured in the FOG
• Confirm MYSQL_USERNAME is set to root account
• sudo vi /var/www/fog/lib/fog/Config.class.php
• Set MYSQL_PASSWORD to the password configured in the FOG wizard
- Congrats! FOG is fully installed!!
[B]PREPARING FOG FOR USE[/B]
There are still a few steps remaining before we can start to focus on image development and deployment. Some of these will require modifications of FOG which can now be done through the web interface, others will require changes on your existing DHCP and DNS server.
[B]14. OPTIONAL this step is not necessary but is HIGHLY recommended.[/B]
• On your DNS server open DNS MANAGEMENT
• Go to FORWARD LOOKUP ZONES
• Right click Your Domain example.org
• Select NEW HOST (A or AAAA)……
• Enter a name (fogserver works well)
• Enter the IP address you configured earlier
• Press Add Host
15. Next go to your DHCP Server
• Open DHCP Management
• Expand IPV4
• Right Click Server Options and select Configure Options
i. Scroll to option 66 and give the hostname you just set in DNS
ii. Scroll to option 67 and give the value undionly.kpxe
• Apply settings and close
16. Back on your workstation open [url]http://fogserver/fog/management[/url]
• (if you used another hostname enter that)
17. Login to FOG, the default credentials are fog/password
[B]18. FOG CONFIGURATION OPTIONAL[/B]
• USER MANAGEMENT
i. HIGHLY RECOMMENDED – Change the fog username/password from default.
ii. Optionally create a new user account for your helpdesk person to register and image computers.
This will leave the primary admin account for your usage.
• SERVICE CONFIGURATION
i. There are many options here that the FOG client application can be used for. Most of the
functions are pretty straight forward but I’ll explain configurations on any that need it.
ii. Auto Log Out
The FOG client will auto-logout computers. This can be accomplished more granularly through Group Policy deploying scheduled tasks to certain computers (e.g. student computer labs). Not recommended though as forced logout can create data loss issues.
iii. Client Updater
If you update the FOG client on the server, it will automatically update the client services installed on any workstations. Make sure to enable this!
iv. Directory Cleaner
This can be useful for cleaning out temp directories and other file locations on logoff. If you’re using Deep Freeze or something similar already, you probably don’t need it. Windows 7 can schedule this with tasks or some Group Policy settings.
v. Display Manager
This could be useful to force default screen size on a computer lab. But again, Windows
7 will automatically fit the optimal screen resolution and changes can be blocked through Group Policy.
vi. Green FOG
A useful feature for auto-shutdown for power savings. Again, more granular controls and easier configuration uses group policy and scheduled task deployments.
vii. Hostname Changer
One of my favorite features. After the imaging process FOG will automatically join the computer to the domain and set its domain name to the unique client name you configured on the imaging and inventory screen off the PXE boot.
viii. Host Registration
The FOG client can be deployed to existing computer systems but I haven’t found this to be needed in my environment. Basically it would feed back all the MSinfo data to FOG to create the client hardware asset and inventory list.
ix. Printer Manager
Automate deployment of printers to machines. Again I much prefer the interface and options Group Policy/Preferences affords for printer deployment.
x. Snapin Client
FOG can be used to auto-deploy certain software packages. (Flash, Java, PDF Readers etc).
xi. Task Reboot
This is useful for hands-off imaging as you can schedule a deployment and the running computer will restart automatically when it detects the waiting job.
xii. User Cleanup
Removes stale user accounts. Again, Windows 7 can handle this functionality through group policy settings.
xiii. User Tracker
Logs local user login/logoff. If your local administrative accounts are secure there’s
really no need to log this.
[B]• FOG OTHER INFORMATION OPTIONAL[/B]
i. Other Information provides a range of settings to further enhance FOG functionality. ii. VERSION INFO
Displays current version, if it doesn’t say up to date just follow the instructions to
a. Standard GPL license
This part can be quite useful. I’ve had issues with certain computer models not responding well to some of the PXE boot images, to remedy this you may be able to download a new kernel.
PXE BOOT MENU
It’s possible to add a wide variety of options to the FOG PXE boot, including emergency boot CDs, system hardware test tools etc., but that is more in-depth then this guide will get.
a. This is where you can update the FOG Client software installer.
MAC ADDRESS LISTING
a. Here you can delete or update the MAC address database. Addresses are used for easier manufacturer identification.
[B]7. FOG Settings IMPORTANT[/B]
8. Most of these are auto-populated and the usage of the setting is viewed by hovering the
? icon. My main focus is proper configuration of the auto-domain join settings. a. FOG_AD_DEFAULT_DOMAINNAME
i. Set to your domain name (example.org)
i. Must be entered as proper LDAP syntax. (OU=Computers,DC=example,DC=org)
This can be also left blank for default
i. This should be created as a service account. Must be delegated rights to create new computer accounts in whatever computer OU you are using, although if the password is secure you could give it Domain Admin rights, but that’s not optimal. (FOG-JOIN) (Note: You no longer need to precede the username with the domain as in previous versions of Fog)
i. The FOGCRYPT tool is used to encrypt the password to make it secure.
Follow the steps below to use it.
- Click on the FOGClient/FOGPrep link in the footer of the FOG GUI in the web browser and download FOGCrypt to your computer. (I put it on the root of C: for ease)
- Extract the Archive
- Go to Start, Run and type cmd and hit the Enter key.
- To get to the c: type cd c:\
- cd FOGCrypt
- FOGCrypt.exe your password >encrypted-password.txt (This is the FOG Domain Join password you set in your directory service)
- Open the file you created encrypted-password.txt with any text editor like notepad and the encrypted password can be copied into FOG via the FOG web interface.
- The rest of the options on the page are for diagnostics and referring back to the FOG
information pages and as such are not under the scope of this tutorial.
Congratulations! FOG is FULLY configured!
- Enter the following at your Ubuntu command line.