• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Fog Client - Adding Domain User to Local Administrator Group

Scheduled Pinned Locked Moved Unsolved
Windows Problems
4
7
2.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    RobertD
    last edited by RobertD Oct 28, 2016, 9:08 AM Oct 28, 2016, 2:13 PM

    Server
    • FOG Version: 0.32
    • OS: Ubuntu 14.04
      (We will be upgrading once the finial version of 1.3 is released)
    Client
    • Service Version:
    • OS: Windows 7, WIndows 10
    Description

    I’ve noticed during registration of a computer that one of the questions ask Which user is associated with the computer? (or something along those lines) Does the new fog client have the capability to add domain users to the local administrator group when answering this question during the registration? It would nice if when a computer is reimaged that it’s renamed, put on the domain, and the user of the computer is added to the local administrators group. We are still having to complete this final step manually.

    There has been mention of doing this with the unattend file, however I much prefer not having to dynamically change that file prior to first boot. Thanks for any suggestions!

    1 Reply Last reply Reply Quote 0
    • G
      george1421 Moderator
      last edited by Oct 28, 2016, 2:25 PM

      Does the new version of fog have that feature, no it does not. FOG can rename the computer (post OOBE) and connect it to the domain no problem. Adding domain users to local admin group is not supported (and even a bit questionable security wise IMO).

      But with that said you can do what you ask in one of two ways but both require the use of a FOG post install script.

      With a FOG post install script you can access device specific properties (like user name) and then interact with the target computer’s files or registry. In my company we have a post install script that alters the unattend.xml file with FOG host parameters just after the image is deployed to the client but before windows boots the first time.

      You could use this concept to update the unattend.xml file to add the user to the local admin group. Just use sed with a string replace on the unattend.xml file to replace a key word with the assigned user.

      If you didn’t want to touch the unattend.xml file you can use the setupcomplete.cmd file. Just use a fog post install script to append something like net localgroup administrators /add "domain\user" where domain would be static and user would come from the user field in FOG.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 1
      • R
        RobertD
        last edited by RobertD Oct 28, 2016, 8:49 AM Oct 28, 2016, 2:48 PM

        Thanks for the suggestions, but now I have more questions =P

        We currently have the fog service set to disabled on our images and a script that runs on first boot (which installs model specific drivers) enables this service. It then renames the computer and adds it to the domain. How can the setupcomplete.cmd file add a domain user to the local administrators group if this script is run before the fog client joins the computer to the domain?

        G 1 Reply Last reply Oct 28, 2016, 2:53 PM Reply Quote 0
        • G
          george1421 Moderator @RobertD
          last edited by Oct 28, 2016, 2:53 PM

          @RobertD You are right, its a matter of timing. You can not do this in the setupcomplete.cmd file because it happens before the fog client runs. You can not use the first run section of the unattend.xml file either since the fog client hasn’t done its job by then either, unless you delay logging in as a local admin until after the system is connected to the domain.

          We have the unattend.xml file name the system and connect it to the domain instead of the fog client (we don’t use these features of the FOG client). All of that happens way before the setupcomplete.cmd file is called, I didn’t take that into account before I posted.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          1 Reply Last reply Reply Quote 0
          • J
            Joe Schmitt Senior Developer
            last edited by Joe Schmitt Oct 28, 2016, 9:43 AM Oct 28, 2016, 3:42 PM

            @RobertD You can also deploy a snapin to do this.Snapins run after domain binding.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            G 1 Reply Last reply Oct 28, 2016, 4:41 PM Reply Quote 0
            • G
              george1421 Moderator @Joe Schmitt
              last edited by george1421 Oct 28, 2016, 10:41 AM Oct 28, 2016, 4:41 PM

              @Joe-Schmitt said in Fog Client - Adding Domain User to Local Administrator Group:

              @RobertD You can also deploy a snapin to do this.Snapins run after domain binding.

              I thought about this too, the problem is how to get the snapin to poll the FOG server to pickup the username field from the FOG database for this specific host…

              [edit] OK, just thought of a way. If you have a FOG post install script write the contents of the username field to a text file on the target computer, then with the snapin have that snapin (ps or vbs) read the content of that text file created by the FOG post install script. That would work.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 0
              • W
                Wayne Workman
                last edited by Wayne Workman Oct 28, 2016, 10:46 AM Oct 28, 2016, 4:45 PM

                I’ve been thinking on this for a bit, and have thought of some far more complex ways to do it. I think that George’s below post is the best out of all the things I’ve thought of.

                Basically have the post-install scripts write a .bat file on the local hdd with the needed arguments. Then make a snapin that runs a .bat file - and that just execute the local .bat file.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                Daily Clean Installation Results:
                https://fogtesting.fogproject.us/
                FOG Reporting:
                https://fog-external-reporting-results.fogproject.us/

                1 Reply Last reply Reply Quote 2
                • 1 / 1
                1 / 1
                • First post
                  4/7
                  Last post

                145

                Online

                12.0k

                Users

                17.3k

                Topics

                155.1k

                Posts
                Copyright © 2012-2024 FOG Project