• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG + Powershell (WinUpdate) Question

Scheduled Pinned Locked Moved
Windows Problems
6
22
8.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    RLane
    last edited by Apr 28, 2016, 5:07 PM

    I’m going to be deploying Windows 10 for the first time over the summer. In the past, I had used an HTA/VB script that would run after FOG completed the imaging task. This would require one of our tech’s to input the proper OU and computer name of that machine. After a tech completed that, it would finish up and run Windows update.

    Now, with Windows 10, I’m trying to create a process that requires no human interaction. First, I would create my master image. I would upload it with FOG, deploy it. I’m now using FOG to join them to our domain, activate (KMS), and rename.

    My question is: I have a Powershell script that should automatically look for Windows updates, download, and install them. The script that I’m using is below:

    #Script: WSUS.ps1
    #      Author: Gregory Strike
    #     Website: www.GregoryStrike.com
    #        Date: 02-19-2010
    # Information: This script was adapated from the WUA_SearchDownloadInstall.vbs VBScript from Microsoft.  It uses the
    #              Microsoft.Update.Session COM object to query a WSUS server, find applicable updates, and install them.
    #
    #              WSUS.ps1 is a little less verbose about what it is doing when compared to the orginal VBScript.  The
    #              lines exist in the code below to show the same information as the original but are just commented out.
    #
    #
    #              WSUS.ps1 can automatically install applicable updates by passing a Y to the script.  The default
    #              behavior is to ask whether or not to install the new updates.
    #
    #              Syntax:  .\WSUS.ps1 [Install] [Reboot]
    #                       Where [Install] is optional and can be "Y", "Yes", "No" or "N"
    #                       Whether or not to install the updates automatically.  If Null, the user will be prompted.
    #
    #                       Where [Reboot] is optional and can be "Y", "Yes", "No" or "N",  This 
    #                       If updates require a reboot, whether or not to reboot automatically.  If Null, the user will
    #                       be prompted.
    
    $UpdateSession = New-Object -Com Microsoft.Update.Session
    $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
     
    Write-Host("Searching for applicable updates...") -Fore Green
     
    $SearchResult = $UpdateSearcher.Search("IsInstalled=0 and Type='Software'")
     
    Write-Host("")
    Write-Host("List of applicable items on the machine:") -Fore Green
    For ($X = 0; $X -lt $SearchResult.Updates.Count; $X++){
        $Update = $SearchResult.Updates.Item($X)
        Write-Host( ($X + 1).ToString() + "> " + $Update.Title)
    }
     
    If ($SearchResult.Updates.Count -eq 0) {
        Write-Host("There are no applicable updates.")
        Exit
    }
     
    #Write-Host("")
    #Write-Host("Creating collection of updates to download:") -Fore Green
     
    $UpdatesToDownload = New-Object -Com Microsoft.Update.UpdateColl
     
    For ($X = 0; $X -lt $SearchResult.Updates.Count; $X++){
        $Update = $SearchResult.Updates.Item($X)
        #Write-Host( ($X + 1).ToString() + "> Adding: " + $Update.Title)
        $Null = $UpdatesToDownload.Add($Update)
    }
     
    Write-Host("")
    Write-Host("Downloading Updates...")  -Fore Green
     
    $Downloader = $UpdateSession.CreateUpdateDownloader()
    $Downloader.Updates = $UpdatesToDownload
    $Null = $Downloader.Download()
     
    #Write-Host("")
    #Write-Host("List of Downloaded Updates...") -Fore Green
     
    $UpdatesToInstall = New-Object -Com Microsoft.Update.UpdateColl
     
    For ($X = 0; $X -lt $SearchResult.Updates.Count; $X++){
        $Update = $SearchResult.Updates.Item($X)
        If ($Update.IsDownloaded) {
            #Write-Host( ($X + 1).ToString() + "> " + $Update.Title)
            $Null = $UpdatesToInstall.Add($Update)        
        }
    }
     
    $Install = [System.String]$Args[0]
    $Reboot  = [System.String]$Args[1]
     
    If (!$Install){
        $Install = Read-Host("Would you like to install these updates now? (Y/N)")
    }
     
    If ($Install.ToUpper() -eq "Y" -or $Install.ToUpper() -eq "YES"){
        Write-Host("")
        Write-Host("Installing Updates...") -Fore Green
     
        $Installer = $UpdateSession.CreateUpdateInstaller()
        $Installer.Updates = $UpdatesToInstall
     
        $InstallationResult = $Installer.Install()
     
        Write-Host("")
        Write-Host("List of Updates Installed with Results:") -Fore Green
     
        For ($X = 0; $X -lt $UpdatesToInstall.Count; $X++){
            Write-Host($UpdatesToInstall.Item($X).Title + ": " + $InstallationResult.GetUpdateResult($X).ResultCode)
        }
     
        Write-Host("")
        Write-Host("Installation Result: " + $InstallationResult.ResultCode)
        Write-Host("    Reboot Required: " + $InstallationResult.RebootRequired)
     
        If ($InstallationResult.RebootRequired -eq $True){
            If (!$Reboot){
                $Reboot = Read-Host("Would you like to install these updates now? (Y/N)")
            }
     
            If ($Reboot.ToUpper() -eq "Y" -or $Reboot.ToUpper() -eq "YES"){
                Write-Host("")
                Write-Host("Rebooting...") -Fore Green
                Restart-Computer -Force
    #            (Get-WMIObject -Class Win32_OperatingSystem).Reboot()
            }
        }
    }
    

    I have a batch file that runs the task – started by my unattend file.

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "C:\Windows\Setup\Scripts\WindowsUpdate.ps1" Y Y
    

    The Y Y are the Yes flags to install and reboot if required without a user prompt.

    My question is: How does FOG add hosts to the domain and rename them? This script takes time to run. I have 1 OnFirstLogon task (this batch script) – but it seems like FOG triggers it to reboot to join the domain and whatnot mid task.

    Hopefully this makes sense… If someone else has a better solution for scripting Windows Updates to install automatically post-imaging, I would LOVE to hear how you do it. Working in K-12 education, I typically create images over the summer time and deploy them throughout the year. Obviously updates can add up so this would be an effective way to reduce man power.

    1 Reply Last reply Reply Quote 0
    • W
      Wayne Workman
      last edited by Wayne Workman Apr 28, 2016, 11:13 AM Apr 28, 2016, 5:12 PM

      Asking @jbob about it, since he wrote the new fog client.

      A better solution for you might be to update your images quarterly. Another option is WSUS-Offline, it can be scripted. I used it heavily at my last job. Also, you might even setup a full-blown WSUS server, which comes standard in Windows Server 2012 and up, and you can have policy to update computers all the time, or just for a little while too.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
      Daily Clean Installation Results:
      https://fogtesting.fogproject.us/
      FOG Reporting:
      https://fog-external-reporting-results.fogproject.us/

      R 1 Reply Last reply Apr 28, 2016, 5:17 PM Reply Quote 0
      • R
        RLane @Wayne Workman
        last edited by Apr 28, 2016, 5:17 PM

        @Wayne-Workman I have a WSUS server set up, which this script pulls the updates from. The only problem is we have it designed to push updates out on certain days for certain buildings. If I image a Admin PC Monday, they won’t get updates until Thursday. We did this to conserve bandwidth.

        Having said that, I also wanted to use this to install PC-specific drivers from Windows Update since Windows 10 has all of our workstation drivers that work. If I injected them like I use to with WinPE, they would be out of date, etc.

        W 1 Reply Last reply Apr 28, 2016, 5:20 PM Reply Quote 0
        • J
          Joe Schmitt Senior Developer
          last edited by Apr 28, 2016, 5:18 PM

          Marking this thread so I remember to come back to it after the v0.10 release.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          1 Reply Last reply Reply Quote 0
          • W
            Wayne Workman @RLane
            last edited by Apr 28, 2016, 5:20 PM

            @RLane I think it’s great that you are managing to do updates so often… But I work in k-12 as well and we don’t roll out updates period. Computers are updated when we re-image them, which is about once a year or if one goes belly-up.

            And do I understand correctly when you say that FOG’s domain joining & followed reboot is breaking your updating process, thus causing problems?

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
            Daily Clean Installation Results:
            https://fogtesting.fogproject.us/
            FOG Reporting:
            https://fog-external-reporting-results.fogproject.us/

            R 1 Reply Last reply Apr 28, 2016, 5:28 PM Reply Quote 0
            • J
              Joe Schmitt Senior Developer
              last edited by Apr 28, 2016, 5:23 PM

              @RLane , could you just disable the FOG service in the image, and then have your powershell script re-enable it once finished?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              R W 3 Replies Last reply Apr 28, 2016, 5:34 PM Reply Quote 2
              • R
                RLane @Wayne Workman
                last edited by Apr 28, 2016, 5:28 PM

                @Wayne-Workman Interesting… any reason why you don’t roll updates out?

                Also, yes. I’m not sure I understand 100% how the client works. Does the client fetch the domain and rename requests immediately after image competition?

                This script should be the last thing that my SetupComplete.bat script calls but for some reason is rebooting prior to finishing. I suspect it’s FOG because my Unattend file has 1 OnFirstLogon flag set for the host administrator account. After that, it requires a domain login – indicating that FOG joined it to the domain and renamed it.

                Currently using Client 0.9.12 and cloud version 7092.

                W 1 Reply Last reply Apr 28, 2016, 5:29 PM Reply Quote 0
                • W
                  Wayne Workman @RLane
                  last edited by Wayne Workman Apr 28, 2016, 11:37 AM Apr 28, 2016, 5:29 PM

                  @RLane said in FOG + Powershell (WinUpdate) Question:

                  any reason why you don’t roll updates out?

                  They break stuff. That’s why. lol.

                  I care about updates, I care about having the latest patches. However, I care more that state-required testing happens without a hitch, that class can happen without a hitch, and not loosing my job when those things have a hitch.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  1 Reply Last reply Reply Quote 0
                  • R
                    RLane @Joe Schmitt
                    last edited by Apr 28, 2016, 5:34 PM

                    @Jbob Will reupload and test without the service enabled. I’ll report my findings back after.

                    1 Reply Last reply Reply Quote 0
                    • R
                      RLane @Joe Schmitt
                      last edited by Apr 28, 2016, 6:52 PM

                      @Jbob Tested and it worked fine without the AD and renaming. How does FOG handle this? Initially, I added a 45 second reboot task via my unattend file, but it didn’t join and rename until the second reboot.

                      1 Reply Last reply Reply Quote 0
                      • J
                        Joe Schmitt Senior Developer
                        last edited by Apr 28, 2016, 6:53 PM

                        @RLane Give me an hour or so. We’re prepping v0.10 for release.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                        R 1 Reply Last reply Apr 28, 2016, 7:28 PM Reply Quote 0
                        • R
                          RLane @Joe Schmitt
                          last edited by Apr 28, 2016, 7:28 PM

                          @Jbob No rush 🙂 This is not my production FOG server - I have a sandbox of 3 devices + a VM I use for testing. I’m planning on rolling out Windows 10 in July - this is just early prep with the scripts.

                          1 Reply Last reply Reply Quote 0
                          • M
                            Mentaloid
                            last edited by Apr 29, 2016, 3:09 AM

                            I used a snapin for tasks like this - because I found fog service was renaming and rebooting before any tasks that took more than a few seconds in my setupcomplete.bat. Any snapins are installed after domain join, at least by my testing.

                            Snapin Run With : %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe
                            Snapin run with argument : -ExecutionPolicy Bypass -File
                            Snapin File : WindowsUpdate.ps1
                            Snapin Args: Y Y

                            Snapin Command should look like this:
                            %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File WindowsUpdate.ps1 Y Y

                            That should work fine - and it seems snapins are pushed in order now, so I have this snapin named as 005.wsus for example.

                            R 1 Reply Last reply Apr 29, 2016, 1:28 PM Reply Quote 0
                            • R
                              RLane @Mentaloid
                              last edited by Apr 29, 2016, 1:28 PM

                              @Mentaloid That’s actually a pretty nifty idea… let me upload a new image without the script running from my batch file. The more I use FOG, the more I start to realize it’s designed to make life easy…

                              T 1 Reply Last reply Apr 29, 2016, 1:53 PM Reply Quote 1
                              • T
                                Tom Elliott @RLane
                                last edited by Apr 29, 2016, 1:53 PM

                                @RLane Why not just disable the service before sysprep is run. In the Setupcomplete.cmd script at the end of the script re-enable the service.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                R 1 Reply Last reply Apr 29, 2016, 1:57 PM Reply Quote 0
                                • R
                                  RLane @Tom Elliott
                                  last edited by Apr 29, 2016, 1:57 PM

                                  @Tom-Elliott The FOG service? Didn’t think of that, either. While we’re on this topic - does anybody else have a more effective way of updating Windows via scripting? I know a lot of things I did on 7 I can no longer do now.

                                  1 Reply Last reply Reply Quote 0
                                  • W
                                    Wayne Workman @Joe Schmitt
                                    last edited by Apr 29, 2016, 3:21 PM

                                    @Jbob said in FOG + Powershell (WinUpdate) Question:

                                    @RLane , could you just disable the FOG service in the image, and then have your powershell script re-enable it once finished?

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                                    Daily Clean Installation Results:
                                    https://fogtesting.fogproject.us/
                                    FOG Reporting:
                                    https://fog-external-reporting-results.fogproject.us/

                                    M 1 Reply Last reply Apr 30, 2016, 4:01 AM Reply Quote 0
                                    • M
                                      Mentaloid @Wayne Workman
                                      last edited by Mentaloid Apr 29, 2016, 10:08 PM Apr 30, 2016, 4:01 AM

                                      @Wayne-Workman

                                      Yep - I ended up doing that as well, but things I noted:

                                      Some stuff the AD join and hostname change should be completed first (wsus server and policies and proxy via AD and group policies) - and without the service running, that won’t be completed. Enabling the service at the send of the setupcomplete.cmd means the rename and join hasn’t been completed. Doing it at the beginning, and then running other tasks mean that it will reboot while completing the other tasks.

                                      This is what I’ve done to get the best of both…

                                      example sysprep.cmd

                                      sc stop FOGService
                                      sc config FOGService start=disabled
                                      sc stop FOGService
                                      
                                      copy \\fog\Deploy\W10\unattend.xml %systemroot%\System32\sysprep\unattend.xml
                                      mkdir %systemroot%\setup\scripts
                                      copy \\fog\Deploy\W10\setupcomplete.cmd %systemroot%\setup\scripts\setupcomplete.cmd
                                      
                                      net use * /del
                                      del c:\users\administrator\desktop\*.lnk
                                      c:
                                      cd \windows\system32\sysprep
                                      c:\windows\System32\sysprep\sysprep.exe /quiet /oobe /generalize /shutdown /unattend:unattend.xml
                                      

                                      and my setupcomplete.cmd

                                      @echo off
                                      del /Q /F c:\windows\system32\sysprep\unattend.xml
                                      del /Q /F c:\windows\panther\unattend.xml
                                      net user Administrator /active:yes
                                      sc config FOGService start=auto
                                      sc start FOGService
                                      net use * /del
                                      exit
                                      

                                      Then the snapins run after fog service renames and joins the domain.

                                      The reason I use snapins for everything else - because I like my setupcomplete to be simple and fast - anything I want beyond the basics, I can choose to implement or not without changing the setupcomplete; just add the snapins (which for @RLane, would be the windowsupdate snapin).

                                      R 1 Reply Last reply May 2, 2016, 1:49 PM Reply Quote 1
                                      • R
                                        RLane @Mentaloid
                                        last edited by May 2, 2016, 1:49 PM

                                        @Mentaloid +1 — thank you!

                                        1 Reply Last reply Reply Quote 0
                                        • JunkhackerJ
                                          Junkhacker Developer
                                          last edited by May 4, 2016, 7:37 PM

                                          @Mentaloid said in FOG + Powershell (WinUpdate) Question:

                                          I used a snapin for tasks like this - because I found fog service was renaming and rebooting before any tasks that took more than a few seconds in my setupcomplete.bat. Any snapins are installed after domain join, at least by my testing.

                                          Snapin Run With : %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe
                                          Snapin run with argument : -ExecutionPolicy Bypass -File
                                          Snapin File : WindowsUpdate.ps1
                                          Snapin Args: Y Y

                                          Snapin Command should look like this:
                                          %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File WindowsUpdate.ps1 Y Y

                                          That should work fine - and it seems snapins are pushed in order now, so I have this snapin named as 005.wsus for example.

                                          just wanted to post my results from getting a powershell script to run with the legacy client. i had to use the following settings:

                                          Snapin Run With : powershell.exe
                                          Snapin run with argument : -ExecutionPolicy Bypass -command "& ’
                                          Snapin File : script.ps1
                                          Snapin Args: ’ "

                                          the -command "& ’ and ’ " will wrap the script with it’s full path in quotes, allowing for spaces in the path.

                                          signature:
                                          Junkhacker
                                          We are here to help you. If you are unresponsive to our questions, don't expect us to be responsive to yours.

                                          W 1 Reply Last reply May 4, 2016, 10:44 PM Reply Quote 1
                                          • 1
                                          • 2
                                          • 2 / 2
                                          2 / 2
                                          • First post
                                            8/22
                                            Last post

                                          162

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project