FOG Post install script for Win Driver injection
-
Introduction
First I have to say this article contains the results of many brilliant people and is not my content. I’m only assembling this information into a consistent document instead of spread around buried in posts and responses. My intent is to not dig into the details behind the scripts or how to tweak them for your needs. You can read the links below to figure out why things are being done the way they are. I wanted to create a tutorial that was as close to a cut and paste to get driver injection going in your environment. Now I will primarily focus on Dell hardware for the main reason that Dell does supply driver archive files (known as .CABs) that can be downloaded and extracted quickly to create the driver structure. I’m sure that HP, Lenovo, and others have similar driver packs.
You can download the Dell driver cabs for your hardware from here: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment
Reference links:
https://forums.fogproject.org/topic/4278/utilizing-postscripts-rename-joindomain-drivers-snapins
https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script-under-construction
https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script
https://forums.fogproject.org/topic/8878/fog-drivers-script-will-not-run-correctly-in-postdownloadscripts/46 -
Driver repository structure
For this process to work you must setup your driver library on the fog server in a certain fashion.
On your fog server create the drivers directory under the images directory with:
md /images/drivers
Below the /images/drivers directory you will create a directory per machine name (that exactly matches what comes from smbios using this command for Dell computersdmidecode -s system-product-nameThe structure should be built to match the varialbles used in the fog.drivers script.
/images ├─/drivers ├─$machine ├─$osn └─$archor translated into real values
/images ├─/drivers ├─Optiplex 7040 ├─win10 └─x64(my standard workflow will be added here)
-
This script can be used to update files on the target computer. In this case we’ll use it to update the unattend.xml file with install time data like host name, connect to AD or what ever you need. I can say if you use the FOG client to do this stuff, then this script isn’t really needed. But its here to show you what’s possible.
#!/bin/bash hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password unattends=$(find /ntfs/ -iname "unattend.xml") for unattend in $unattends [[ ! -f $unattend ]] && return dots "Preparing Sysprep File" #rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1 #if [[ ! $? -eq 0 ]]; then #echo "Failed" #debugPause #handleError "Failed to remove original unattend file" #fi echo "Done" debugPause dots "Writing Computer Name to $unattend" sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to update originating unattend file" fi echo "Done" echo "ComputerName set to $hostname in $unattend" debugPause [[ -z $addomain ]] && continue dots "Set PC to join the domain" sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to remove the Workgroup setter" fi sed -i \ -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \ -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \ -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \ -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1 if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to update user, pass, ou, and domain setter" fi echo "Done" debugPause done -
fog.drivers
This script does the heavy lifting of identifying what hardware the script is running on and then copies all of the files from the correct source directory to the destination directory on the target computer.
#!/bin/bash ceol=`tput el`; manu=`dmidecode -s system-manufacturer`; case $manu in [Ll][Ee][Nn][Oo][Vv][Oo]) machine=$(dmidecode -s system-version) ;; *[Dd][Ee][Ll][Ll]*) machine=$(dmidecode -s system-product-name) #pruduct is typo, just realized sorry :( ;; *) machine=$(dmidecode -s system-product-name) # Technically, we can remove the dell one as it's the "default" ;; esac [[ -z $machine ]] && return #assuming you want it to break if it is not lenovo or dell? machine="${machine%"${machine##*[![:space:]]}"}" #Removes Trailing Spaces ############################################# # Quick hack to find out if the installed OS image is a x86 or x64 system64="/ntfs/Windows/SysWOW64/regedit.exe" # sloppy detect if 64bit or not [[ ! -f $system64 ]] && arch="x86" || arch="x64" ############################################# #this section has been updated to bring the osn names in line # with how the Dell CABs are defined case $osid in 5) osn="win7" ;; 6) osn="win8" ;; 7) osn="win8.1" ;; 9) osn="win10" ;; esac ############################################# dots "Preparing Drivers" # below creates local folder on imaged pc # this can be anywhere you want just remember # to make sure it matches throughout! (case IS important here) clientdriverpath="/ntfs/Windows/DRV" remotedriverpath="/images/drivers/$machine/$osn/$arch" [[ ! -d $clientdriverpath ]] && mkdir -p "$clientdriverpath" >/dev/null 2>&1 echo -n "In Progress" #there's 3 ways you could handle this, #driver cab file, extracted driver files or both #so on the server put extracted driver files to match below folder tree #i.e. Model Latitude E5410, Windows 7 x86 image would be: #/fog/Drivers/Latitude E5410/win7/x86 rsync -aqz "$remotedriverpath" "$clientdriverpath" >/dev/null 2>&1 [[ ! $? -eq 0 ]] && handleError "Failed to download driver information for [$machine/$osn/$arch]" #this next bit adds driver location on pc to devicepath in registry (so sysprep uses it to reference) # remember to make devicepath= match the path you've used locally #also do not remove %SystemRoot%\inf #and to add more locations just use ; in between each location regfile="/ntfs/Windows/System32/config/SOFTWARE" key="\Microsoft\Windows\CurrentVersion\DevicePath" devpath="%SystemRoot%\DRV;%SystemRoot%\inf;"; reged -e "$regfile" &>/dev/null <<EOFREG ed $key $devpath q y EOFREG echo -e "\b\b\b\b\b\b\b\b\b\b\b${ceol}Done"; # this just removes "In Progress and replaces it with done :-)"I can tell you that this section works for Windows 7 and older (no idea on Win8 or Win8.1), but it DOES NOT WORK with Win10. Windows 10 no longer references this registry key to locate its drivers. For Win10 you must enter this information into the unattend.xml file.
regfile="/ntfs/Windows/System32/config/SOFTWARE" key="\Microsoft\Windows\CurrentVersion\DevicePath" devpath="%SystemRoot%\inf;%SystemRoot%\DRV"; reged -e "$regfile" &>/dev/null <<EOFREG ed $key $devpath q y EOFREG echo -e "\b\b\b\b\b\b\b\b\b\b\b${ceol}Done"; # this just removes "In Progress and replaces it with done :-)"For WIN10 you must update the unattend.xml file to include this section. This is an example for the amd64 arch.
<settings pass="offlineServicing"> <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DriverPaths> <PathAndCredentials wcm:action="add" wcm:keyValue="1"> <Path>C:\Windows\DRV</Path> </PathAndCredentials> </DriverPaths> </component> </settings> -
fog.log
This script does a bit of house keeping by removing the fog.log if it happens to exist in the reference image before image capture.
#!/bin/bash #deletes fog.log for Windows 7, 8, or 8.1 or 10 #Greg Grammon (Junkhacker) # #funcs.sh allows us to use the functions that are used in the rest of #fog i.e. "dots" and use the vars already in place i.e. "$part" and "$osid" . /usr/share/fog/lib/funcs.sh; case $osid in [5-7]|9) [[ -f /ntfs/fog.log ]] && rm /ntfs/fog.log >/dev/null 2>&1 || true if [[ ! $? -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to remove original fog.log file" fi ;; *) return ;; esac -
fog.postdownload
This script is called by the FOS engine just after the image has been pushed to the target computer. It is up to the FOG Admin to decide what to do in this script and what other scripts to call. This script will replace the default fog.postinstall script. Don’t forget if you replace this file you must change the file mode to 755 using the following linux command
chmod 755 fog.postdownload
This script will call 3 additional scripts that will do a bit more than copying the drivers to the target system. You can include or exclude these scripts based on your need. This (fog.postinstall)) script will setup the foundation functions needed by the other scripts.I’ll include an attachment at the end of this post to help speed up script deployment.
#!/bin/bash . /usr/share/fog/lib/funcs.sh [[ -z $postdownpath ]] && postdownpath="/images/postdownloadscripts/" case $osid in 5|6|7|9) clear [[ ! -d /ntfs ]] && mkdir -p /ntfs getHardDisk if [[ -z $hd ]]; then handleError "Could not find hdd to use" fi getPartitions $hd for part in $parts; do umount /ntfs >/dev/null 2>&1 fsTypeSetting "$part" case $fstype in ntfs) dots "Testing partition $part" ntfs-3g -o force,rw $part /ntfs ntfsstatus="$?" if [[ ! $ntfsstatus -eq 0 ]]; then echo "Skipped" continue fi if [[ ! -d /ntfs/windows && ! -d /ntfs/Windows && ! -d /ntfs/WINDOWS ]]; then echo "Not found" umount /ntfs >/dev/null 2>&1 continue fi echo "Success" break ;; *) echo " * Partition $part not NTFS filesystem" ;; esac done if [[ ! $ntfsstatus -eq 0 ]]; then echo "Failed" debugPause handleError "Failed to mount $part ($0)\n Args: $*" fi echo "Done" debugPause # . ${postdownpath}fog.log . ${postdownpath}fog.drivers # . ${postdownpath}fog.ad umount /ntfs ;; *) echo "Non-Windows Deployment" debugPause return ;; esac -
@Joe-Schmitt are these scripts something we can add to the fog community scripts repo? I didn’t originally write them.
-
fog-community-scripts I think should be their own thing independent of “post download scripts”
Maybe we could get a postdownload scripts repo in a similar fashion though?
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)
Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG
-
@Tom-Elliott I think having more than one repo for community scripts is a bad idea. It’s just scripts. It’s not jumbled together. It’s well organized, every contribution has a readme. The entire idea was to put scripts into one place.
-
@george1421 said in FOG Post install script for Win Driver injection:
This script can be used to update files on the target computer. In this case we’ll use it to update the unattend.xml file with install time data like host name, connect to AD or what ever you need. I can say if you use the FOG client to do this stuff, then this script isn’t really needed. But its here to show you what’s possible.
#!/bin/bash hostadpwd="ADPASSWDHERRE"; #only downside to this method- this is the plain ad password unattends=$(find /ntfs/ -iname "unattend.xml") for unattend in $unattends [[! -f $unattend]] && return dots "Preparing Sysprep File" #rm -f /ntfs/Windows/System32/sysprep/unattend.xml >/dev/null 2>&1 #if [[! $? -eq 0]]; then #echo "Failed" #debugPause #handleError "Failed to remove original unattend file" #fi echo "Done" debugPause dots "Writing Computer Name to $unattend" sed -i "/ComputerName/s/*/$hostname/g" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to update originating unattend file" fi echo "Done" echo "ComputerName set to $hostname in $unattend" debugPause [[-z $addomain]] && continue dots "Set PC to join the domain" sed -i "/<JoinWorkgroup>/d" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to remove the Workgroup setter" fi sed -i \ -e "s|<Password></Password>|<Password>${hostadpwd}</Password>|g" \ -e "s|<Username></Username>|<Username>${addomain}\\\\${aduser}</Username>|g" \ -e "s|<MachineObjectOU></MachineObjectOU>|<MachineObjectOU>${adou}</MachineObjectOU>|g" \ -e "s|<JoinDomain></JoinDomain>|<JoinDomain>${addomain}</JoinDomain>|g" $unattend >/dev/null 2>&1 if [[! $? -eq 0]]; then echo "Failed" debugPause handleError "Failed to update user, pass, ou, and domain setter" fi echo "Done" debugPause done@george1421 nice write-up - think this needs updating to be inline with hostinfo.php variables?
-
@Lee-Rowlett said in FOG Post install script for Win Driver injection:
@george1421 nice write-up - think this needs updating to be inline with hostinfo.php variables?
Thank you for your kind words.
Yes, looking over the code its a bit dated. There are a few things that while they work, could use a fixup because I don’t think they work as well as it should.
Possibly include setting the host name with this snippet. So they host name can be anything and sed will just swap it out. In the one I wrote for my business it is setup for global deployments. It will identify the local subnet where its being installed and update the timezone, system mui language and keyboard settings for the local region. But the point is they all use a variant of the sed script below.
sed -i -e "s#<ComputerName>\([^<][^<]*\)</ComputerName>#<ComputerName>$hostname</ComputerName>#gi" $unatendfileRef: https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script/7
-
Thanks for all of this…great help while I’m making a windows 10 image. I do have 1 question. When you say this script will not work and you need to add this to the unattend file.
[moderator note] The content of this question has been forked to this thread since it went a bit beyond the scope of this tutorial: https://forums.fogproject.org/topic/9169/help-with-win10-driver-injection
-
Hello, George,
1st off, thanks for all of your documentation on this. I’m getting further than before in my deployment.
I’m however stuck on a few things, so I’ll provide as much info as you need.
Fog server running on Ubuntu 16.04 server
Fog server version: 1.3.0-RC-10.So here are the machines and other things we have in our environment:
laptops: Lenovo ThinkPad T540p, ThinkPad T560, Lenovo ThinkPad T530, and other lower models.
Desktops: Lenovo ThinkCentre M800I used MDT 2013 Update 2 as you were saying about MDT and I took an image on our VMware and deployed the image on a ThinkPad T560 from the fog server I have on our VMware. On my fog server, there is already an image folder, so I created under there drivers/ThinkPad T560/win7/x64. 0_1482360759122_Lenovo.docx
Now do I need to create another subfolder under the root like images 2 or something like that? Sorry, I’m a Windows guy and still getting used to Linux. I also replaced the fog.postdownload with what you have in this forum and ran that chmod command and looked like it took it.
When I deploy the image to the T560, it 1st gave me an error with the fog.driver script from in the forum that failed to load the driver, had it just Thinkpad T560, had to do ThinkPad T560, then it would get stuck on in process during the driver loading and when it was preparing it for the first time, I would get errors during syspre that it had errors, forgot the exact error, so I would restart it and get an error windows rebooted and reinstalling Windows during the sysprep.
Can you tell me what I’m doing wrong? also I’m unable to join the machine to my test domain. I did the hostnamechanger and did the encrypt, but still won’t join my test domain, the account is not a domain admin, but I gave it delegate to the test OU I created. Does it need the hostnamechanger for 1.3.0? I verified the options in AD on the console are checked off.
Look at the Word attachment I’ve attached.
-
@Jamaal Just for clarity this tutorial was intended for Dells only.
With that said it can work for Lenovos or other models. I can tell you that lenovos (more precisely) Dell store the system name in a different location than other computer manufacturers. So your fog post download script will need to look in a different location that my scripts indicate (because they are Dell centric).
Since you are a Windows convert, you MUST remember that case IS important to linux. So just pay attention when creating file paths.
The built in fog.postdownload script is just a shell script (it doesn’t do anything right out of the box). It is up to you as the FOG admin to add content to that script. So in short yes you will need to update that script as indicated.
So for the Dell computers we have to use this smbios key to pick up the system name using dmidecode
dmidecode -s system-product-nameFor the other manufacturer (I believe lenovo too) you have to use this key
dmidecode -s baseboard-product-nameOne manufacture stores the name in the system structure and one in the baseboard structure. Both are correct just a pain if you have a mixed fleet. In out production fog script we use another dmidecode key to find the manufacturer
dmidecode -s baseboard-manufacturerand then use a case statement to query the right key for the system name.What I might do until I was comfortable with the hardware setup would be to schedule a debug capture of the new and untested hardware. A debug capture will drop you to a command prompt on the target hardware when you pxe boot it. Once at the command prompt on the FOS engine (the linux OS that boots on the target hardware) run the dmidecode command and inspect what get returned. This code returned must match exactly the driver parent folder in the /images/drivers/XXXXX
-
@george1421 Ok, I’ll try that tomorrow when I go back to work. Thanks for the info, but can you tell me about the joining of the domain? or maybe it’s best if I use a script to just join it?
-
@Jamaal You can join the machine to the domain by:
- Have the unattend.xml file join the computer to the domain
- Have the FOG Client connect the computer to the domain
- Create a script that is executed by the setupcomplete.cmd file
I use the first option because based on the image used, type of computer, site deployed to, our post install script will choose the correct OU and update the unattend.xml file accordingly. That is something the fog client isn’t designed to do.
Many people use option 2.
As for why your setup is not connecting to the domain. Is the network driver being loaded so the client can reach the domain controller? If I had a system that wouldn’t connect to the domain, I would log into it and then manually connect it to the domain. Be sure you use the user ID and password you defined in fog, that user account must have computer add rights. The other thing may be that you are defining a destination OU that doesn’t exist? Also you may be able to glean some information by looking at your DC’s security log to see if its a permission issue.
-
@george1421 George, I think I got the name correct for the Lenovo, getting further than before. I remember I had the name structure as ThinkPad T560 under the drivers folder, but getting stuck at Preparing Drivers… in progress. In the task menu on the web, it only shows like 1% and not moving. Any idea on why that’s happening?
-
@Jamaal said in FOG Post install script for Win Driver injection:
@george1421 George, I think I got the name correct for the Lenovo, getting further than before. I remember I had the name structure as ThinkPad T560 under the drivers folder, but getting stuck at Preparing Drivers… in progress. In the task menu on the web, it only shows like 1% and not moving. Any idea on why that’s happening?
I think I see what is the issue. Just that the screen moves too fast and said no such file or directory and it reboots.
-
@george1421 George, 2 more questions as I’m starting to get the hang of MDT 2013 and fog. How do I put in the task to change the registry to put c:\drivers for where Fog will drop the drivers for the Lenovo machines? And the other thing that’s giving me an issue, where else in the fog.drivers script do I edit c:\drivers?
Other than that, I’m feeling confident I’ll be able to deploy our fleet.
-
@Jamaal I can say for my organization, I use MDT to update the registry entry during the reference image build. That always has worked for me.
The other way people have done it was via the fog.drivers script here (look at the very bottom) https://forums.fogproject.org/topic/8889/fog-post-install-script-for-win-driver-injection/4
the fog.driver script route appears to work, but I’ve never used that route. It was easier for me to just create the mdt task to update the registry key, plus I could/do validate the reference image matches the our design standard before image capture, so I need all of the bits to be in place for validation.
What is important (for the registry key) is to have the c:\drivers path first then the c:\windows\inf directory. You want OOBE to search for the model specific driver before it uses the windows built in driver (if both exist).
