Backing up user profiles/data before deploying image

  • Debian 8
    FOG 1.3.0 RC-23

    I ran across this thread as I’m trying to find a solution for this

    Backup Feature for user profiles/Data

    FOG has changed in 4 years so I wasn’t sure if this scripts was something that could ever be implemented or if there was a better solution. Folder redirection, offline mode, and roaming profiles aren’t out of the question yet, but if we can use FOG I’d rather.

    The main issue right now is that our drives are encrypted with McAfee and so in order for this to work I suppose the FOG client would have to do the heavy lifting.

    If this isn’t something that can be done in general or for my environment, I’m okay to be told it can’t. 🙂


  • @Sebastian-Roth
    yes, i want to say that i correct it in the post

  • Wow you guys are a great help. We were looking at folder permissions that whole time when it was the share permissions.

  • Moderator

    @EduardoTSeoane said in Backing up user profiles/data before deploying image:

    echo “/images/userbackup *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=2)”

    Guess you meant:

    echo "/images/userbackup *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=2)" >> /etc/exports
  • Moderator

    @EduardoTSeoane said in Backing up user profiles/data before deploying image:

    add it to /etc/exports as an rw share

    You can do that just watch your IDs and pick the next integer.

    something like

    /images/userbackup *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=2)

    Then an

    exportfs -a
    showmount -e

    should show the new share.

  • @RobertD

    add it to /etc/exports as an rw share
    then execute as root

    echo "/images/userbackup *(rw,async,no_wdelay,no_subtree_check,no_root_squash,insecure,fsid=2)" >> /etc/exports
    exportfs -a
    systemctl restart rpcbind # or something like i dont remember de name exactly
    systemctl restart ntfs-server

    Try it if you can.

  • So we should be mounting to a sub directory in images/dev…

    Export list for
    /images/dev *
    /images     *
  • Moderator

    @RobertD Oh that’s a easy one. That is because /images is read-only at the share level. That is why fog uploads to /images/dev which is read-write at the share level.

    showmount -e might show this or /etc/exports will.

  • Not sure why it isn’t working.

    1. We created a new directory within our /images folder on the fog server called userbackup.
    2. We set permissions with chmod 777 on this folder.
    3. Booting a host with a deploy debug task.
    4. From the host we tried the following
    mkdir /userbackup
    mount -o nolock,proto=tcp,rw "" /userbackup
    touch /userbackup/test.txt
    "This is a read-only file system"

    Are we missing something in our mount statement?

  • Moderator

    @RobertD You can install NFS on ms windows. I have a proof of concept on how to turn windows box into a fog storage node (not really recommended, but I wanted to see if I could do it). The point it is shows you how the setup the permissions for the nfs share so that FOS can mount it.

  • I do it.

    Creating an rw nfs share and rsyncing folders from fog.postinit.

    You can do it to fog or to another file server.

  • @Sebastian-Roth We are actually trying that right now, however we are struggling to mount it with write access. It keeps giving us “Read-only file system” when we try something like touch /imagesinit/userbackup/text.txt.

  • Moderator

    @RobertD Just a quick idea, maybe use a post-init script that copies the files to a NFS share?

  • @george1421 - I hate to impose binaries into the inits if no one else has a use for them. I’m just trying to figure out a way to do this without adding additional mechanics to our current process.

  • Moderator

    @RobertD I’m not seeing it as a big time waster, but I don’t know your environment. The backup of the profile and the reimaging process doesn’t need to be synchronized. The last day of school +1 deploy the usmt application and make the profile backup (or what ever you need for backup) and then have the application deployment script power off the computer.

    I could also recompile the inits with the smbclient included. It would not add much code to the base image. You would then need to use a postinit script to slide in your site smb.ini configuration file into the /etc directory. But that is also possible.

  • @george1421 - I was afraid cifs wasn’t in the FOS which makes sense because it needs to be as lightweight as possible. I’ve looked into USMT, but it adds complexity and time to our re-imaging process in which we have limited time and staff for the size of school district we are.

    Our campus techs typically don’t even login to the machine when re-imaging. They shut it off, run through the registration process and walk away. It’s completely finished when they come back. Adding additional steps to this process will prevent us from completing the re-imaging projects over summer due to the sheer number of machines we have to re-image. This is why it’s appealing to let FOG do it as part of it’s process.

    I suppose I could always rsync it to the FOG server like /images/profiles/ then move everything off the fog server to an SMB share via FTP, but that seems kind of clunky.

  • Moderator

    @RobertD First to answer your question, no a smbclient is not included in the FOS OS. One could be added if you wanted to go through the buildroot process to make new inits.

    I might take a different approach to this. One might use a FOG Snapin (or some other software deployment tool like PDQ Deploy) to deploy USMT to the user’s computer. From usmt I would then deploy a usmt “save state” to have it backup the user’s profile to some smb share. Since the fog client runs as SYSTEM you will need to make accommodations in your script that calls usmt to connect to the network share first then run the save state command. Once the imaging has been complete you can use the usmt load state to put the user’s profile back onto the computer exactly as they have left it. We use usmt as we migrate users to new computers and it has really helped with user migrations. We don’t use it as a fog snapin but interactively with batch scripts it runs rather well.

    If your computer names would be consistent between reimages you could actually create a path on your smb share that embeds the %computername% so your restore script would know where to get the usmt image file from.

  • Sorry to necro this thread, but I find myself needing to do the same thing requested here. Our staff is ultimately responsible for their data and making sure they save it to their network drives, but during summer re-imaging we always have someone that returns and have lost their data because they thought they saved it to the network drive, but didn’t.

    What I would like to do is have FOG take a quick copy of the C:\Users directory and store it on a SMB share prior to imaging (Not the FOG server due to space restrictions). Can the FOS mount a SMB share from a postinit script so that rsync can be used?

  • @george1421 I will take a look at that, thank you!

    Yeah, I feel where you’re coming from. Which is why I’d like folder redirection so we don’t have to worry about them too much, but many of our users are mobile and I’ve heard some syncing horror stories. 😞

  • Moderator

    @THEMCV How we use it is a bit much to explain. But we do use USMT for workstation migrations and OS upgrades. We will use usmt scan state to copy all profiles and user data from the target computer to an IT share. Then image/swap the machine, and then finally use the usmt load state to import the user’s profile back to the new target computer. By default we install usmt on all computers as we are imaging them for its eventual use.

    Here is a good article on using usmt:

    Now in your case, you could use a snapin to issue the usmt scan state to copy the profiles to a common share before imaging and then a second snapin to copy them back post imaging. But I have never been to comfortable using that method. I would prefer my guys SEE the profiles being backed up and confirm the migration file exists before wiping the computer. The process does work, but on occasion there are hiccups. When the user logs in after the usmt migration they see exactly their profile on the old computer. We did create a custom xml config file to ensure that all files in all specific locations were being backed up.

    The only caveat to usmt is the user that runs the scan state and load state must be a local admin on the box. Normal users can’t run the command successfully.