Utilizing Postscripts (Rename, JoinDomain, Drivers, Snapins)

gwhitfield

@Lee-Rowlett Sure, here’s the goods:

Screenshot of folders in /images

gwhitfield

@Lee-Rowlett 1_1464287927234_fog.postdownload 0_1464287927232_fog.drivers

gwhitfield

@Lee-Rowlett Success!! Evidently my fog.postdownload and fog.drivers files got corrupted by editing in Notepad. Thank you for sending me a clean version! Working like a champ. Also for purpose of posterity or future users, the name of the folder for each individual hardware type needs to exactly match the spelling and case of the “System Product” field in the “Inventory” for that machine (or type of machine):

Greg Plamondon

@Lee-Rowlett

I gotten this to make the edits to the unattend.xml but it still doesnt join the domain. Do you have a Windows10 Unattend.xml that i can compare where I went wrong?

Lee Rowlett

@Greg-Plamondon where are you calling the unattend.xml from and how are u verifying the unattend.xml is beinf edited correctly? Also are is it x86 or x64?

Tom Elliott

@Lee-Rowlett I remoted in and took a look. Cleaned up the scripts a lot, with Gregs help (-- @Greg-Plamondon I grabbed some credit but it still mostly goes to you --). I asked Greg to post the finished scripts after generalizing them so his environment is safe. Hopefully you will like them, and others as well.

Greg Plamondon

@Lee-Rowlett The unattend.xml is in the C:\Windows\Panther directory. I removed the option from my setupcomplete.cmd that deletes the unattend.xml, so after it boots I can take a look at it and the edits were made to it. Should I be editing the C:\Windows\Sytstems32\Sysprep\unattend.xml instead of the Windows\Panther ?

george1421

@Greg-Plamondon it should be in one or the other place. Panther is checked first. When you sysprep’d where did you tell sysprep to look for the file?

Greg Plamondon

@Lee-Rowlett Thanks for the base scripts and ideas behind them.
@Tom-Elliott Thanks for helping me adjusting them for my needs.
@Junkhacker Thanks for the fog log script, you dont know how many time I have forgotten to delete the damn fog.log
Here are the scripts that @Tom-Elliott helped me with.

fog.postdownload:

#!/bin/bash
. /usr/share/fog/lib/funcs.sh
[[ -z $postdownpath ]] && postdownpath="/images/postdownloadscripts/"
case $osid in
    5|6|7|9)
        clear
        [[ ! -d /ntfs ]] && mkdir -p /ntfs
        getHardDisk
        if [[ -z $hd ]]; then
            handleError "Could not find hdd to use"
            
        fi
        getPartitions $hd
        for part in $parts; do
            true
        done
        dots "Mounting partition $part"
        ntfs-3g -o force,rw $part /ntfs >/dev/null 2>&1
        if [[ ! $? -eq 0 ]]; then
            echo "Failed"
            debugPause
            handleError "Failed to mount $part ($0)\n    Args: $*"
        fi
        echo "Done"
        debugPause
        . ${postdownpath}fog.log
        . ${postdownpath}fog.drivers
        . ${postdownpath}fog.ad
        umount /ntfs
        ;;
    *)
        echo "Invalid OS"
        debugPause
        return
        ;;
esac

fog.ad :

#!/bin/bash
hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password
unattend="/ntfs/Windows/Panther/unattend.xml";
[[ ! -f $unattend ]] && return
dots "Preparing Sysprep File"
rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to remove original unattend file"
fi
echo "Done"
debugPause
dots "Writing Computer Name"
sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to update originating unattend file"
fi
echo "Done"
echo "ComputerName set to $hostname"
debugPause
[[ -z $addomain ]] && return
dots "Set PC to join the domain"
sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to remove the Workgroup setter"
fi
sed -i \
    -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \
    -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \
    -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \
    -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to update user, pass, ou, and domain setter"
fi
echo "Done"
debugPause

fog.drivers:
For some reason Lenovo doesn’t play like most PC manufactures. I had to use the dmidecode variable of system-version to populate what the actual model of the PC was, with system-product-name it was returning the numerical machine type or serial number?

#!/bin/bash
ceol=`tput el`;
manu=`dmidecode -s system-manufacturer`;
case $manu in
    [Ll][Ee][Nn][Oo][Vv][Oo])
        machine=$(dmidecode -s system-version)
        ;;
    *[Dd][Ee][Ll][Ll]*)
        machine=$(dmidecode -s system-product-name) #pruduct is typo, just realized sorry :(
        ;;
    *)
        machine=$(dmidecode -s system-product-name) # Technically, we can remove the dell one as it's the "default"
        ;;
esac
[[ -z $machine ]] && return #assuming you want it to break if it is not lenovo or dell?
machine="${machine%"${machine##*[![:space:]]}"}" #Removes Trailing Spaces
system64="/ntfs/Windows/SysWOW64/regedit.exe" # sloppy detect if 64bit or not
[[ ! -f $system64 ]] && setarch="x86" || setarch="x64"
#############################################
#this is not section necessary needed, it's just to make the path "human readable"
#rather than using osid for filepath
case $osid in
    5) osn="Win7" ;;
    6) osn="Win8" ;;
    7) osn="Win8.1" ;;
    9) osn="Win10" ;;
esac
#############################################
dots "Preparing Drivers"
# below creates local folder on imaged pc
# this can be anywhere you want just remember
# to make sure it matches throughout!
clientdriverpath="/ntfs/Windows/DRV"
remotedriverpath="/images/drivers/$osn/$machine"
[[ ! -d $clientdriverpath ]] && mkdir -p "$clientdriverpath" >/dev/null 2>&1
echo -n "In Progress"
#there's 3 ways you could handle this,
#driver cab file, extracted driver files or both
#so on the server put extracted driver files to match below folder tree
#i.e. Model Latitude E5410, Windows 7 x86 image would be:
#/fog/Drivers/Win7/Latitude E5410/x86
rsync -aqz "$remotedriverpath" "$clientdriverpath" >/dev/null 2>&1
[[ ! $? -eq 0 ]] && handleError "Failed to download driver information"

#if you wanted to use driver.cab use this line below.
#i.e. /fog/Drivers/Win7/Latitude E5410/E5410-Win7-A07-KTT4G.CAB
#cabextract -d "$clientdriverpath" "$remotedriverpath/*.CAB" >/dev/null 2>&1

#if you wanted to mix both cab and extracted use these:
#rsync -aqz --exclude='*.CAB' "$remotedriverpath" "$clientdriverpath" >/dev/null 2>&1
#[[ ! $? -eq 0 ]] && handleError "Failed to sync cab and non-cab drivers"
#cabextract -d "$clientdriverpath" "$remotedriverpath/*.CAB" >/dev/null 2>&1
#[[ ! $? -eq 0 ]] && handleError "Failed to extract cab files"

#this next bit adds driver location on pc to devicepath in registry (so sysprep uses it to reference)
# remember to make devicepath= match the path you've used locally
#also do not remove %SystemRoot%\inf
#and to add more locations just use ; in between each location
regfile="/ntfs/Windows/System32/config/SOFTWARE"
key="\Microsoft\Windows\CurrentVersion\DevicePath"
devpath="%SystemRoot%\inf;%SystemRoot%\DRV";
reged -e "$regfile" &>/dev/null <<EOFREG
ed $key
$devpath
q
y
EOFREG
echo -e "\b\b\b\b\b\b\b\b\b\b\b${ceol}Done"; # this just removes "In Progress and replaces it with done :-)"

fog.log:

#!/bin/bash
#deletes fog.log for Windows 7, 8, or 8.1 or 10
#Greg Grammon (Junkhacker)
#
 
#funcs.sh allows us to use the functions that are used in the rest of
#fog i.e. "dots" and use the vars already in place i.e. "$part" and "$osid"
. /usr/share/fog/lib/funcs.sh;
case $osid in
    [5-7]|9)
        [[ -f /ntfs/fog.log ]] && rm /ntfs/fog.log >/dev/null 2>&1 || true
        if [[ ! $? -eq 0 ]]; then
            echo "Failed"
            debugPause
            handleError "Failed to remove original fog.log file"
        fi
        ;;
    *) return ;;
esac

Thanks For all the Help Tom and Lee

Greg Plamondon

@george1421 said in Utilizing Postscripts (Rename, JoinDomain, Drivers, Snapins):

@Greg-Plamondon it should be in one or the other place. Panther is checked first. When you sysprep’d where did you tell sysprep to look for the file?

i didnt i just ran sysprep.exe /oobe /generalize /reboot

george1421

@Greg-Plamondon Then you must ensure that unattend.xml must be in panther or sysprep folder. Typically its good practice to specifically call out the direct path to unattend.xml file.

BTW, great scripts!! thanks for posting them.

x23piracy

@george1421 said in Utilizing Postscripts (Rename, JoinDomain, Drivers, Snapins):

@Greg-Plamondon Then you must ensure that unattend.xml must be in panther or sysprep folder. Typically its good practice to specifically call out the direct path to unattend.xml file.

BTW, great scripts!! thanks for posting them.

Hi,

there is no need for having unattend.xml in a Special Directory, use /unattend:[FQPath] to Point Panther to the file.

Regards X23

Tom Elliott

@x23piracy I think most of us are aware of that. Even if we’re not it does ultimately make things simpler to just know where to find the “default” locations.

Quazz

@Greg-Plamondon I’ve had issues in the past when I had unattend.xml in the sysprep folder that it would use that file regardless of whether or not I specified it. I’m guessing that’s your issue as well.

Tom Elliott

The beauty of the postdownloadscripts are that you can do whatever it is you need to do.

If we’re unsure of where to find the unattend.xml (or whatever you wanted to name it) you can use basic linux utilities to locate them.

For example, instead of:

#!/bin/bash
hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password
unattend="/ntfs/Windows/Panther/unattend.xml";
[[ ! -f $unattend ]] && return
dots "Preparing Sysprep File"
rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to remove original unattend file"
fi
echo "Done"
debugPause
dots "Writing Computer Name"
sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to update originating unattend file"
fi
echo "Done"
echo "ComputerName set to $hostname"
debugPause
[[ -z $addomain ]] && return
dots "Set PC to join the domain"
sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to remove the Workgroup setter"
fi
sed -i \
    -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \
    -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \
    -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \
    -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1
if [[ ! $? -eq 0 ]]; then
    echo "Failed"
    debugPause
    handleError "Failed to update user, pass, ou, and domain setter"
fi
echo "Done"
debugPause

You could actually locate any unattend.xml file and make the edits to them with:

#!/bin/bash
hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password
unattends=$(find /ntfs/ -iname "unattend.xml")
for unattend in $unattends
    [[ ! -f $unattend ]] && return
    dots "Preparing Sysprep File"
    #rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1
    #if [[ ! $? -eq 0 ]]; then
        #echo "Failed"
        #debugPause
        #handleError "Failed to remove original unattend file"
    #fi
    echo "Done"
    debugPause
    dots "Writing Computer Name to $unattend"
    sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to update originating unattend file"
    fi
    echo "Done"
    echo "ComputerName set to $hostname in $unattend"
    debugPause
    [[ -z $addomain ]] && continue
    dots "Set PC to join the domain"
    sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to remove the Workgroup setter"
    fi
    sed -i \
        -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \
        -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \
        -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \
        -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1
    if [[ ! $? -eq 0 ]]; then
        echo "Failed"
        debugPause
        handleError "Failed to update user, pass, ou, and domain setter"
    fi
    echo "Done"
    debugPause
done

This will enable you to make the same edits to ANY unattend file found. I think this way is a bit more dynamic, and we’re not having to delete any files. You can also add a nested loop system to scan ANY partition for this to make the edits.

The intent of the postdownloadscripts are to allow people to do whatever it is they may need to do without having to continuously update their own scripts (of course are more than welcome if you feel you need to). So think of the postdownload scripts as a way to enable a kind of mechanism to enable the admins to make their edits however they deem necessary.

george1421

One point that I found if you use the /Windows/System32/sysprep folder, that name changes under Win10 to /Windows/System32/Sysprep this caused me a little pain (case change on the sysprep folder), until Tom gave me the hint to use find function. It does slow down the install a bit while find does its magic. You can cut down some of the time by specifying a path a bit closer like /ntfs/Windows since the unattend.xml file should be in there.

george1421

Two additional comments.

This is the search command I had to use on Centos 7 to find the unattend file in the sysprep folder. It was a bit of a cheat (not looping through the found entries, but this way I knew only one file would be returned).

 unattendfile=`find /ntfs/Windows -type f -iname "unattend.xml"|grep ystem32`

We since moved the only unattend file to the Panther folder since that is where Win10 searches first (we do specify the full path anyway when the system is sysprep’d). We did this to simplify the script since the case doesn’t change on Panther.

The second thing we do is use this sed search to replace the computer name (just in case there is something for the computer name that isn’t a star ( * ). Its a little be more complex of a regex expression but it works in all cases.

sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" $unattendfile

MarkP

I have been using the vendor/hardware ID to supply drivers to machines (this works well for the random bits we get from time to time that need re-imaging)

However would ideally like to be able to utilise the scripts in this document to download the drivers based on vendor and machine type, while still retaining the functionality of pulling the drivers if the machine type does not exist (if for instance we didn’t have Windows 10 drivers for a Dell Optiplex 3020 then it would pull drivers based on vendor and hardware ID).

Is anyone else doing anything like this or is it just not possible?

Thanks

Raj G

Hi all,

New user here, working with my team head to get a FOG server setup; all these scripts have been super useful for drivers and such. Just need to SysPrep our image and we’re good to go. That being said, I have a question about the Snap-Ins script here.

We have just about the same software setup for most of the users for a client we service; however, we have about half our users who have a full Office 365 (Office 2016 install) and the others don’t, while we have a hodgepodge of users that use some specific apps for their work (scattered between folks who use Office 2016 and not).

Do I simply put in the installation executables in the SnapinData/Map Files folders or does this script for Snap-Ins need to change? I’m not great at scripting at all, but I wondering what would need to change in this script.

Script from @Lee-Rowlett as follows:

#!/bin/sh
 
snpchk=`wget -O - --post-data="mac=${mac}" "http://${web}service/snapcheck.php" 2>/dev/null` #checks for snapintask
if [ "$snpchk" == "1" ]; then
    setupcmd="/ntfs/Windows/Setup/Scripts/SetupComplete.cmd";
    mkdir /ntfs/Windows/Setup/Scripts
    #this line below pulls my latest build script from server
    cp /fog/CompleteBuild/CompleteBuild.exe /ntfs/Windows/Setup/Scripts/CompleteBuild.exe  &>/dev/null
    #copies lastest setupcomplete.cmd from server
    #which only actually contains one line to execute
    #C:\Windows\Setup\Scripts\CompleteBuild.exe
    cp /fog/CompleteBuild/SetupComplete.cmd $setupcmd #above script
    sloc="/ntfs/Windows/Setup/Scripts/Node.txt"; # this is just so my above script
    #knows which node to use to run software from (if needed) left in to give you
    #guys ideas....
    echo "$storageip" >> "$sloc"; # writes node ip to the text file
    #next line gets snapin name
    snapname=`wget -O - --post-data="mac=${mac}&getSnapnames=1" "http://${web}service/snapcheck.php" 2>/dev/null`
    #next gets snapin argument/switch
    snaparg=`wget -O - --post-data="mac=${mac}&getSnapargs=1" "http://${web}service/snapcheck.php" 2>/dev/null`
    #this next line adds the switch to the setupcomplete.cmd
    # so if switch was /DefaultBuild .cmd line would now look like:
    #C:\Windows\Setup\Scripts\CompleteBuild.exe /DefaultBuild
    #if switch empty just nothing gets added
    sed -i -e "s|$| ${snaparg}|g" $setupcmd
 
    #this is self explanatory - some of our builds rely on 24GB of map files
    #rather than adding them to the "general" image
    #as it's the select few machines
    #i get fog to add it for me after imaging
    #so if they ever change, just update on server, job done.
    if [ "$snapname" == "MAP Build" -o "$snapname" == "Example Build" -o "$snapname" == "Test Build" ]; then
        dots "Downloading Map Files";
        echo "In Progress";
        rsync -a --info=progress2 "/fog/SnapinData/Map Files" /ntfs
        echo " * Downloading Map Files Completed.";
    fi
else
    echo "No Snapin Task Found - Snapin Setup Skipped";
fi```

Lee Rowlett

@Raj-G If you just put the executables in folder /fog/MapFiles they will just copy to root the of the imaged machine.

all the fog.snapins script does it put things in place, set which node to use and which snapin to run.

you’ll need to write the script to actually run and execute the installers etc… (setupcomplete.cmd)

if you are unsure or uncomfortable scripting, you may be better off with the FOG client doing all the work for you, it’s very stable and much better going forward to maintain your image.

this script/scenario is best suited if you already have another solution managing your clients but you want fog to handle the initial imaging. otherwise FOG Client is defo your friend