Merry Christmas 2016

Regards X23

@themcv said in Image upload & deploy taking a long time:

@brad-schumann Try this, I ran into this on Surface’s.

Open command prompt as admin.

manage-bde -off

manage-bde -status

Fingers crossed that it will fix it. In my case, Windows was by default encrypting the free space which caused issues.

@Wayne-Workman #wiki worthy!

all the best to you tom live long and prosper.

Hi,

i would like to explain the way i sysprep, reimage Windows 10 OEM in Steps:

First of all Windows 10 OEM Version does not autoexecute SetupComplete.cmd, therefore i use FirstLogonCommands within unattend.xml to workaround that issue

Here is my unattend.xml:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>de-DE</UILanguage>
</SetupUILanguage>
<InputLocale>0407:00000407</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>de-DE</UILanguage>
<UILanguageFallback>de-DE</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>2</Order>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System Reserved</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID>0x27</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>OS</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
</OSImage>
</ImageInstall>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>admin</FullName>
<Organization>Company Group</Organization>
</UserData>
<EnableFirewall>true</EnableFirewall>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0407:00000407</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>de-DE</UILanguage>
<UILanguageFallback>de-DE</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<WindowsFeatures>
<ShowMediaCenter>false</ShowMediaCenter>
<ShowWindowsMail>false</ShowWindowsMail>
</WindowsFeatures>
<ShowWindowsLive>false</ShowWindowsLive>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled>
<ComputerName>COMPANY-PC</ComputerName>
<CopyProfile>true</CopyProfile>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BlockPopups>yes</BlockPopups>
<CompanyName>Company</CompanyName>
<Home_Page>http://www.google.de</Home_Page>
<DisableFirstRunWizard>true</DisableFirstRunWizard>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>Username</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
<Description></Description>
<DisplayName>Username</DisplayName>
<Group>Administrators</Group>
<Name>Username</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOrganization>Company Group</RegisteredOrganization>
<RegisteredOwner>admin</RegisteredOwner>
<DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Description>SetupComplete</Description>
<Order>1</Order>
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Description>Control Panel View</Description>
<Order>2</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Description>Control Panel Icon Size</Description>
<Order>3</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
</settings>
</unattend>

To remove any Windows 10 Apps except Store and Calculator i use:

Get-AppxPackage -AllUsers | where-object {$_.name –notlike “*store*” -And $_.packagename –notlike “*culator*”} | Remove-AppxPackage
Get-appxprovisionedpackage –online | where-object {$_.packagename –notlike “*store*” -And $_.packagename –notlike “*culator*”} | Remove-AppxProvisionedPackage -online

1. Download latest Windows 10 Pro OEM ISO by MS MEdia Creation Tool
2. Install it to a VM (i use Virtual Box)
3. After first reboot when the assistant ask you for express settings or with 1703 the inital language question goto admin mode with pressing STRG (CTRL) + SHIFT +F3
4. When entering the Admin mode close the Sysprep Window and start customizing windows and install your software and do your tweaks
5. Now to sysprep i use the following Script:

@echo off
delprof2 /q /id:retsch /i
NET USER retsch /DELETE
powercfg -h off
rem C:\Support\Tools\Shutup\OOSU10.exe ooshutup10.cfg /quiet
del /F c:\windows\system32\sysprep\panther\setupact.log
del /F c:\windows\system32\sysprep\panther\setuperr.log
del /F c:\windows\system32\sysprep\panther\ie\setupact.log
del /F c:\windows\system32\sysprep\panther\ie\setuperr.log
del /F "C:\Program Files (x86)\FOG\fog.log"
del /F "C:\Program Files (x86)\FOG\token.dat"
rem "C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe"
copy SetupComplete.cmd C:\Windows\Setup\scripts\ /Y
copy unattend.xml C:\Windows\System32\Sysprep /Y
reg import C:\Support\Tools\ResetERAgentUUID.reg
net stop FOGService
sc config FOGService start= disabled
sc config EraAgentSvc start= disabled
cleanmgr /sagerun:1
defrag c:
c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml

My SetupComplete.cmd look like:

del C:\Windows\System32\Sysprep\unattend.xml
sc config FOGService start= auto
net start FOGService
del C:\Windows\Setup\Scripts\SetupComplete.cmd

6. After executing this Windows will be sysprepped and shutdown after that, you can image now

7. When i need to rework that image i deploy it to a vm again and use the following to enter audit mode again:

@echo off
c:\windows\system32\sysprep\sysprep.exe /audit /reboot

If anyone is asking himself what i do with:

delprof2 /q /id:username /i
NET USER username /DELETE

This deletes the user i create with unattend.xml to workaround the problem with setupcomplete.cmd, i use firstlogoncommands to execute the script when the first user logon happens, to clean this i remove the profile and username before i sysprep because the user will be recreated from unattend.xml, as you can see in the unattend.xml there is 1 autologon for that user, else setupcomplete.cmd will not be executed.

The good thing is this user can persist on the machine after deployment because it’s our local admin account on that machine additional to the locked local admin account.

The System will automatically reboot when fog client has joined the machine into the domain, so the machine will finish with a logon screen not with a logged in user

Good luck

Regards X23

Hi,

since it’s RC i am really cool with all the updates, you have to expect that if using a RC release.
So we all should be really happy that bugs are fixed as fast as hell.

@Tom-Elliott Thank you for all the hard work not to forget the guys working in the background…

@John-L-Clark if you are not familar with GPO’s i can recommend PDQ Deploy, in free Version it’s enough to deploy simple stuff around your network.

Regards X23

@george1421 hi, yes we did. a user enabled this on his own and we had’nt disabled that feature by gpo.
Maybe useful for people very often work in public wlan networks but for fog it’s contra productive.

https://winaero.com/blog/enable-random-mac-address-in-windows-10-for-wi-fi-adapter/

The old thread: https://forums.fogproject.org/topic/10209/about-50-pending-macs-for-one-host-beware-of-windows-10-random-mac-feature-for-wlan/33

Regards X23

https://forums.fogproject.org/topic/9059/images-are-not-deleting

Why should only show associated image require a lot of code changes? @Tom-Elliott @Wayne-Workman
Is there no easy way to say make everything else not showing up in that list without association?

I really would also like to have that option.

I have some notebooks out there where the employees reset to a default image again when they make test installation of our own software. Actually they can pick up every image that is on the node, and i like to prevent them from choosing what ever they want.

Regards X23

Hi,

i have FOG 1.5.0 running on an ESX Host and a Storage Node on a bare metal machine.
Works like a charm since years.

Best Regards X23

No idea anyone?

Quickreg Pending MAC Filter doesn’t seem to ignore MAC Addresses starting with 54 when i delete the host, restart the FOG Client i can see that the pending client still want to add a mac starting with 54:

The Most strange thing is that it tried the VPN Client MAC as primary while it’s not connected, i would expect the Cable NIC which is also connected while the FOG client reports the client to the FOG’s Webif.

I need to finally ban MAC from interest from FOG that are starting with 54, how can i do that?

Best Regards X23

Hi,

i have an repeated issue wirth the mac adress of a virtual vpn network adapter, it seems that the alternation of that mac isn’t working from time to time or fog is collecting the mac before it’s alternated.

if this happens i try to search for the mac directly on the db and correct the error if found but this happens again and again, therefore i tried to add this mac to the ignore list:

For some reason that doesnt seem to work, maybe i missunderstood the option itself.
How can i tell FOG to ignore any MAC starting with 54?

Additional how can i remove a specific mac address from db from all hosts where it occours?

Normally i goto the infected client and get me the mac addresslist with:

getmac

Then i search for that:

mac SELECT hmHostID FROM hostMAC where hmMAC IN ('54:4B:2D:5B:69:02');

With the found host-id i open the fog webif and look for the client:

In most of the cases i just delete it and try of the fog client is not claiming about duplicate mac entrys anymore, but i want to get rid of the problem.

Best Regards X23

@sebastian-roth Hi Sebastian i was able to fix my issue with compiling my own and latest ipxe.efi binary: https://forums.fogproject.org/post/145594

I had this Problem for months and also with Lenovo P15 devices, now with the new ipxe.efi i don’t need to use a dock anymore to deploy them, before i had connect the devices nics twice, onboard and the one from the usb-c dock because while booting tftp it uses the internal and since it drops into FOS it used the one from the Dock.

But this is an old story now

I am still using FOG 1.5.0, it works fine for us even with the new Windows 11 seems to be really similar to Windows 10 Imaging, even my nice tricks for sysprepping Win 10 also work for Win 11 thanks Microsoft

Is reading the SLIC from Bios still in the current releases of FOG? I have a nice customisation from Tom running in my current installation:

Best Regards X23

@george1421 just a moment ago i successfully compiled my own ipxe.efi binary and it works fine https://forums.fogproject.org/post/141618

@nate-baker said in Lenovo E15 Gen2 won't PXE boot (bzImage):

For anyone else coming across this thread, we had the same problem. The iPXE from the latest version of FOG (1.5.9) did not work, but building the latest iPXE binaries using the instructions on this post worked fine:

https://forums.fogproject.org/post/141618

After that, the Linux kernel we were using also worked fine.

Hi @Nate-Baker can you share the kernel please?

Best Regards X23

@francois said in Fujitsu A3510 PXE UEFI Boot:

@sebastian-roth I had a similar issue with Fujitsu Q7010, your advice about building latest iPXE binaries fixed mine. Now it boots just fine, thank you !

Hi, is it possible that you share that kernel?

Best Regards X23

Hi,

this seems to be a kernel issue, i cannot get any E15 to work without the dock connected twice with a network cable. The internal nic isn’t working after PXE boot, if it’s trying to boot in to FOS it won’t work until you connect the USB-C Dock with a network cable too.

I was trying several kernel’s since months but nothing. Any idea howto fix it?

Best Regards X23

@george1421 hi george i am currently not on site (home office) i can try this when i am back in the office.

Best Regards X23

@sebastian-roth yes i am still on 1.5.0, i tried to update to the latest but update repository problems kicked my ass.

Best Regards X23