Fog Snapin - Google Chrome ADM Group Policy
-
@kwetiaw I think your pathing is what’s making it not work. Have you reviewed this article?
https://wiki.fogproject.org/wiki/index.php?title=SnapinPacksWhy were you using the path
F:\fog\tmp\
? This isn’t standard. Unless you changed where the FOG Client installs to on every host in your environment, this is not right. Your files are contained within your snapin pack, so you wouldn’t need to pre-place anything at all.The new fog client unpacks the .zip file to a folder named with the name of the SnapinPack itself. Yours is
ILC-Student-ChromePolicy-UpdatePS
. You’d take the full Snapin Pack name and add it to the directory where FOG puts snapins, just like the article above shows.
C:\Program Files (x86)\FOG\tmp\ILC-Student-ChromePolicy-UpdatePS
So, knowing this, the folders you’re trying to copy in the powershell file, they aren’t working because they have the wrong paths. That copy command should actually be:
Copy-Item -Path "C:\Program Files (x86)\FOG\tmp\ILC-Student-ChromePolicy-UpdatePS\GroupPolicyUsers\S-1-5-21-2027881915-267544310-2063179327-1017" "C:\Windows\System32\GroupPolicyUsers" -Recurse -Force
To add logging, it would be:
Copy-Item -Path "C:\Program Files (x86)\FOG\tmp\ILC-Student-ChromePolicy-UpdatePS\GroupPolicyUsers\S-1-5-21-2027881915-267544310-2063179327-1017" "C:\Windows\System32\GroupPolicyUsers" -Recurse -Force >> "c:\temp\log.txt"
So, I think you need to change your powershell file and remake the .zip file, and upload the new .zip file to the snapin via the web interface.
-
@Wayne-Workman one thing. I always recommend resolving where the snapin pack is at runtime instead of hard coding. For Powershell the command would be:
$scriptDir = split-path -parent $MyInvocation.MyCommand.Definition
on powershell 2 and above or just$PSScriptRoot
on powershell 3 and above. -
@Joe-Schmitt Very nice. I tried doing something like that for .bat files… just didn’t ever work right.
-
@Wayne-Workman for batch you just use
%~dp0
to get the full directory path of the script. -
wiki worthy
-
@Wayne-Workman Hi Wayne
I had the fog client installed on a separate partition with drive letter F:/ this is also the same with the rest 20 machines. So the path on the zip file is correct. I have deployed a single config file for another program and they worked brilliantly.
Thats why it is F:\fog\tmp\XXXXX instead of the program default c:\programfiles (x86)
I will try again with the addition of log file recording and will post back the result.
Thanks
-
@kwetiaw Ok then.
-
@Joe-Schmitt Hi Joe
It is not the only file, it has a GPO folder in it. Otherwise it will be nice and easy
-
@Wayne-Workman Hi Wayne
i did the additional command to enable log file.
It created the log file but it’s blank, im not sure why!Here’s the fog.log
------------------------------------------------------------------------------ ---------------------------------SnapinClient--------------------------------- ------------------------------------------------------------------------------ 26/09/2016 11:47 AM Client-Info Client Version: 0.11.5 26/09/2016 11:47 AM Client-Info Client OS: Windows 26/09/2016 11:47 AM Client-Info Server Version: 1.3.0-RC-8 26/09/2016 11:47 AM Middleware::Response Success 26/09/2016 11:47 AM SnapinClient Snapin Found: 26/09/2016 11:47 AM SnapinClient ID: 157 26/09/2016 11:47 AM SnapinClient Name: ILC-Student-ChromePolicy-UpdatePS 26/09/2016 11:47 AM SnapinClient Created: 2016-09-26 11:46:12 26/09/2016 11:47 AM SnapinClient Action: 26/09/2016 11:47 AM SnapinClient Pack: True 26/09/2016 11:47 AM SnapinClient Hide: False 26/09/2016 11:47 AM SnapinClient Server: REDACTED 26/09/2016 11:47 AM SnapinClient TimeOut: 0 26/09/2016 11:47 AM SnapinClient SnapinPack File: powershell.exe 26/09/2016 11:47 AM SnapinClient SnapinPack Args: -ExecutionPolicy Bypass -File "[FOG_SNAPIN_PATH]\chromepolicyupdate.ps1" 26/09/2016 11:47 AM SnapinClient File: ilcstudentchromepolicyPS.zip 26/09/2016 11:47 AM Middleware::Communication Download: http://REDACTED 26/09/2016 11:47 AM SnapinClient F:\fog\tmp\ilcstudentchromepolicyPS.zip 26/09/2016 11:47 AM SnapinClient Processing SnapinPack ilcstudentchromepolicyPS.zip 26/09/2016 11:47 AM SnapinClient Extracting SnapinPack 26/09/2016 11:47 AM SnapinClient Processing SnapinPack settings 26/09/2016 11:47 AM SnapinClient New SnapinPack File: powershell.exe 26/09/2016 11:47 AM SnapinClient New SnapinPack Args: -ExecutionPolicy Bypass -File "F:\fog\tmp\ILC-Student-ChromePolicy-UpdatePS\chromepolicyupdate.ps1" 26/09/2016 11:47 AM Bus { "self": true, "channel": "Notification", "data": "{\r\n \"title\": \"Installing ILC-Student-ChromePolicy-UpdatePS\",\r\n \"message\": \"Please do not shutdown until this is completed\"\r\n}" } 26/09/2016 11:47 AM Bus Emmiting message on channel: Notification 26/09/2016 11:47 AM SnapinClient Starting snapin... 26/09/2016 11:47 AM SnapinClient Snapin finished 26/09/2016 11:47 AM SnapinClient Return Code: 0 26/09/2016 11:47 AM Bus { "self": true, "channel": "Notification", "data": "{\r\n \"title\": \"ILC-Student-ChromePolicy-UpdatePS Installed\",\r\n \"message\": \"Installation has finished and is now ready for use\"\r\n}" } 26/09/2016 11:47 AM Bus Emmiting message on channel: Notification
But still no good. im puzzled!
-
@kwetiaw That’s weird. It must be something about that directory. Maybe permissions, but not necessarily. It could be AV that’s blocking it, for example. An AV program ought to keep an eye on the system32 folder, I think.
So, looking at the permissions on a Server 2012 R2 box here at home, I see that SYSTEM has permission to create folders inside of system32, and has full control of subfolders and files. These are the only permissions you would need.
@kwetiaw said in Fog Snapin - Google Chrome ADM Group Policy:
When I execute the powershell script locally and manually on the destination computer, it worked without any issue.
That tells me it has something to do with the user accounts trying to get access. On my test server, the Administrators group has the same permissions as the SYSTEM user for the system32 folder.
-
@Wayne-Workman absolutely weird.
I used the same technique with snap in pack on different folder and it worked without issue in the past. Only this time around with system32 folder.I even tried with xcopy!
Anyway, thanks for your help, appreciate it and I will check further to see if AV is a culprit here.
Cheers