Post-deployment Driver Installation using PowerShell scripts.

Hello,

I just wanted to share how I’ve been handling driver installation to have 1 image work for over 20 different models. I’ve done this for both Windows 7 and Windows 10 with (mostly) great results.

I’d argue that the most important step is to make sure your image contains all of the NIC drivers for all the models that you need to support. Drivers are going to be hosted on a network share. No NIC drivers means no Internet.

Go ahead and download all of the NIC drivers for all of your models or find driver packs online. Once downloaded extract the files to a common folder. In the root of the folder create a PowerShell script with the following line. Run the script. (You may need to adjust your Execution Policy to run scripts. Google it.)

Get-ChildItem -Path $PSScriptRoot -Recurse | Where-Object -Property Extension -EQ ".inf" | ForEach { PnPUtil.exe -a $PSItem.FullName } 

This will do a recursive search for all files that have the .inf extension and use pnputil to add them to Windows driver store. During sysprep Windows will detect your hardware and pull the correct driver from the driver store.

Besides the NIC drivers, there are only 3 files that I add to the image. My unattend.xml, SetupComplete.cmd, and SetupComplete.ps1. The rest are pulled from a network share.

I assume you already have a working answer file, I’m not going to go into that or how to use sysprep.

SetupComplete.cmd - Located in C:\Windows\Setup\Scripts\ - You’ll need to create the Scripts folder.

@ECHO OFF

ECHO Initializing Driver Installation Script
START /wait PowerShell.exe -Command "& '%~dpn0.ps1'"

ECHO Removing configuration files.
CD %dp0
DEL SetupComplete.ps1

CD %windir%\System32\Sysprep
DEL unattend.xml

This will launch a PowerShell script with the same name as the SetupComplete.cmd file, stored in the same location. SetupComplete.ps1.
After SetupComplete.ps1 is finished running it will get deleted. The unattend.xml file also gets deleted.

SetupComplete.ps1 - Located in C:\Windows\Setup\Scripts\

# Credentials used to access network drive.
$Username = "Domain\Username"
$Password = "Password" | ConvertTo-SecureString -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username, $Password
$RootPath = "$env:HOMEDRIVE\Drivers\"

# Function to determine if 10.10.0.1 is reachable, used to verify
# that NIC drivers are working. Waits up to 30 seconds.
Function Wait-ForConnection {
    $wait = $true
    $count = 30
    Write-Host "Establishing network connection." -NoNewline
    while($wait) {
        $connection = Test-Connection 10.10.0.1 -ErrorAction SilentlyContinue
        if ($connection) {
            Write-Host
            Write-Host "Connection established!" -ForegroundColor Green
            $wait = $false
        } else {
            Write-Host " ." -NoNewline
            $count = ($count -1)
            Start-Sleep -Seconds 1
        }
        if ($count -le 0) {
            $wait = $false
            Write-Host "Unable to establish a network connection." -ForegroundColor Red
        }
    }
}

Wait-ForConnection
Write-Host
Write-Host "Mounting network drive."
New-PSDrive -Name "Deploy" -PSProvider FileSystem -Root \\ShareName\Windows10 -Credential $Credential | Out-Null
$Deploy = Test-Path -Path Deploy:\ -ErrorAction SilentlyContinue
if ($Deploy) {
    Write-Host "Successfully mounted network drive." -ForegroundColor Green
    Write-Host
    if (!(Test-Path -Path $RootPath)) {
        New-Item -Path $RootPath -ItemType Directory | Out-Null
    }
    $Controller = "Deploy:\Controller.ps1"
    Copy-Item -Path $Controller -Destination "$env:HOMEDRIVE\Drivers\Controller.ps1" -Force
    $Controller = "$env:HOMEDRIVE\Drivers\Controller.ps1"
    Write-Host "Running script " -NoNewline 
    Write-Host "Controller.ps1 " -NoNewline -ForegroundColor Yellow
    Invoke-Expression -Command $Controller

    # Do other stuff, etc...

    Write-Host
    Write-Host "Unmounting network drive."
    Remove-PSDrive -Name "Deploy"
} else { 
    Write-Host "Failed to mount network drive." -ForegroundColor Red
}

Start-Sleep -Seconds 5

Restart-Computer

First off, this will check to see if you can reach 10.10.0.1 (Change this to something relevant to you).
If you can reach it then your NIC is probably working.
Second, it will mount a network drive using supplied credentials. The account only needs Read access to the share and it’s contents.
Third, it will copy another PowerShell script that I’ve titled Controller from the network share to a local directory. It’ll then run that script.
Last, after Controller.ps1 has finished doing it’s thing we unmount the network drive and restart the computer.

Controller.ps1 - Stored in the root of the network share you mounted in the last step.
Note: This is a shortened version. I removed somethings for the purpose of this guide.

$Model = (Get-WmiObject -Class Win32_ComputerSystem).Model
Write-Host "Model identified as: " -NoNewline -ForegroundColor DarkYellow
Write-Host $Model -ForegroundColor Yellow

Write-Host

$file = ""
switch ($Model) {
    "OptiPlex 7040" { $file = "dell7040.ps1"; break; }
    "Precision 3510" { $file = "dell3510.ps1"; break; }
    "Precision T1700" { $file = "dell1700.ps1"; break; }
    "Precision Tower 7810" { $file = "dell7810.ps1"; break; }
    "HP Compaq Pro 6300 SFF" { $file = "hp6300.ps1"; break; }
    "VirtualBox" { $file = "virtualbox.ps1"; break; }
    default { 
        # There were multiple numbers for these models.
        If ($model -like '*6710b*') { $file = "hp6710.ps1"; }
        ElseIf ($model -like '*6730b*') { $file = "hp6730.ps1"; }
    }

}

$filePath = $RootPath + "Model.ps1"
Copy-Item -Path "Deploy:\ModelScripts\$file" -Destination $filePath -Force
Invoke-Expression -Command $filePath

if ((Get-WmiObject -Class Win32_ComputerSystem).Manufacturer -match "Dell") {
    # May do some Dell BIOS settings here.
}

Write-Host
Write-Host "Downloading FOG Client from FOGServer." -ForegroundColor Yellow
$url = "http://<FOGSERVER>/fog/client/download.php?newclient"
$outfile = "$RootPath + FOGService.msi"
(New-Object System.Net.WebClient).DownloadFile($url, $outfile)

Write-Host "Installing FOG Client." -ForegroundColor Cyan
$ArgumentList = "/i $outfile /quiet USETRAY=""0"" WEBADDRESS=""<FOGSERVER>"" WEBROOT=""/fog"" /norestart"
Start-Process -FilePath MSIEXEC.exe -ArgumentList $ArgumentList -Wait

Write-Host "Creating a scheduled task to start the FOGClient after reboot."
$TaskPath = "$env:windir\Setup\StartFOG.ps1 "
Copy-Item -Path "Deploy:\StartFOG.ps1" -Destination $TaskPath
$Action = New-ScheduledTaskAction -Execute PowerShell.exe -Argument "-Command ""& $TaskPath """
$Trigger = New-ScheduledTaskTrigger -AtStartup
Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName "StartFOG" -User "NT AUTHORITY\SYSTEM" -RunLevel Highest -Force


Write-Host "Deleting downloaded driver files."
Remove-Item -Path $RootPath -Recurse -Force

Here we use a quick WMI query to get the model number of the PC and use a switch to pick the model specific driver installation script. You’ll want to run the query on each machine beforehand to find out exactly how it’s stored.

The beauty of this is that it’s flexible. You can easily add support for new models as long as the NIC drivers are on the image.

hp6300.ps1 - Located in Deploy:\ModelScripts\ - You’ll make similiar script for each model. This is a very simple one.

Write-Host "$Model Driver Installation" -ForegroundColor DarkGreen

$chipset = $RootPath + "chipset.exe"
$audio = $RootPath + "0008-64bit_Win7_Win8_Win81_Win10_R281\Setup.exe"

Write-Host "Downloading Intel Chipset Drivers."
Copy-Item -Path "Deploy:\Drivers\chipset\Intel\SetupChipset.exe" -Destination $chipset -Force
Write-Host "Downloading Realtek HD Audio Drivers."
Copy-Item -Path "Deploy:\Drivers\audio\Realtek\0008-64bit_Win7_Win8_Win81_Win10_R281\" -Destination $RootPath -Recurse -Force

Write-Host
Write-Host "Installing Intel Chipset Support Drivers."
Start-Process -FilePath $chipset -ArgumentList "/s /norestart" -Wait
Write-Host "Installing Realtek HD Audio Driver."
Start-Process -FilePath $audio -ArgumentList "/s" -Wait

Start-Sleep 5

Doesn’t really get much simplier than this one. Most drivers Windows 10 already picked up. The process is basically the same for every driver, as long as they are properly signed.

This should be enough information to get you started, if you want to do it this way. I like doing it this way because it gives me a high level of control over everything. I can specify exactly what version gets installed onto each model. You could even query the serial number of the PC and install device specify software, if you really wanted to get down to that level of detail (FOG snapins would obviously be easier though)

Our media department has a couple dozen fonts that they regularly use. I created this FOG snapin to automate the task. Works for TrueType and OpenType fonts.

$Fonts = Get-ChildItem -Path $PSScriptRoot -Recurse | Where-Object -FilterScript { $PSItem.Extension -eq ".ttf" -or $PSItem.Extension -eq ".otf" }
$FontPath = "$env:SystemRoot\Fonts"
$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts"

ForEach ($Font in $Fonts) {
    Copy-Item -Path $Font.FullName -Destination $FontPath -Force
    $Name = $Font.BaseName
    if ($Font.Extention -eq ".ttf") {
        $Name = $Font.BaseName + " (TrueType)"
    } elseif ($Font.Extention -eq ".otf") {
        $Name = $Font.BaseName + " (OpenType)"
    }
    $Value = $Font.Name
    New-ItemProperty -Path $RegPath -Name $Name -Value $Value -Force | Out-Null
}

Put the install.ps1 file and your fonts into a folder and zip archive it. Then upload it as a SnapinPack.

A restart is required before the fonts will be accessible.

For reference : My test FOG server is running on a HP Compaq 6000 Pro SFF PC. I actually used it this summer to deploy images for one of our buildings (was easier to get multicast up since it was on same vlan. Live server is on different vlan.)

I was doing about 20-30 PC’s at a time with multicast on this server. Deployed image in about 15 minutes. The server was plugged into a 10/100 port at the time.

Was running Ubuntu 16.04 LTS. Although I’d probably do CentOS next time.

@astrugatch said in [help] PXE for UEFI devices:

undionly.kpxe

Change Option 67 from undionly.kpxe to ipxe.efi should be all you need for just UEFI booting, I think.

@Almeida You no longer need to use FOGCrypt with your password. You can type it in plain text and it will encrypt itself.

If you are changing the default AD credentials for everything, you’ll still need to go back and change it on the existing hosts. You can do this by putting all hosts in one group, then clearing the AD settings, and then checking the box to enable it again. It should auto fill with the new defaults.

I haven’t tried this, but since Chocolatey is already installed it would probably be easiest to just use a PowerShell script.

I did this on my Windows 10 PC with PowerShell 5. This is using PowerShell’s new package manager and adding the Chocolatey site as a provider.

# Adding the Chocolately repository.
Install-PackageProvider chocolatey -Force

# Installing the adobereader package from the Chocolatey provider.
Install-Package -Name adobereader -Provider Chocolatey -Force

Again, haven’t tested it. What you want to do should definitely be possible though.

Note: No idea what version of Windows or PowerShell you’re running. Windows 10 comes with the Package Manager and PowerShell 5. Windows 7 you can update to PowerShell 4.0 and then manually install the Package Manager. There is an MSI file somewhere on a Microsoft site about it.

@peer2peer Both a capture and a hardware inventory will trigger reboots. You need to PXE boot so that the tasks can continue. Usually F12 will trigger PXE boot or boot options.

Also, why FOG 1.3.5 if it’s a brand new installation?

I know that Scratch and Scratch 2 are deployable via FOG Snapins. I’ve made them for both.

This installs Adobe AIR, which is a prerequisite for something in here. Haven’t looked at this in a year.

Will need to add all of the files shown above to a zip archive and then upload.

Do you have these files packaged together somehow or are you only uploading the command file to FOG?

Might be better off just uploading the .exe and adding in the arguments.

Maybe do something like this:

Edit: I guess I didn’t read your original message very well. You say that the application is installing, but not adding the shortcuts to the start menu/desktop?

Was informed that the Surface devices came in today. May have one next week.

@MattPayerle You could use a site like http://pastebin.com/. Copy/Paste the log there and then provide the URL.

I’ve had another vlan provisioned with Options 66 and 67 set to point to the test server. I have 2 ports on my switch mapped to the new vlan.

@tri_94 said in Active Directory Joining:

Having been using fog for a while and it seems to be really hit and miss for AD joining after image. I can get it to join if I wait till the machines are imaged and then un-tick and re-tick the box to send the command again.

Is there something I can do to solve this so it will image and join without the manual intervention afterwards.

Thanks

Which version of FOG are you running? The FOG Client included in 1.4.0 is supposed to increase the speed at which it renames and joins computers to the domain. I’d suggest updating to the latest stable build.

Auto logon values are stored in the registry. Run the following PowerShell script to determine your current AutoLogon settings.

$path = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'

$AutoAdminLogon = (Get-ItemProperty -Path $path).AutoAdminLogon
$DefaultUserName = (Get-ItemProperty -Path $path).DefaultUserName
$DefaultPassword = (Get-ItemProperty -Path $path).DefaultPassword
$AutoLogonCount = (Get-ItemProperty -Path $path).AutoLogonCount

Write-Host "Current AutoLogon Settings:" -ForegroundColor Yellow
Write-Host "AutoAdminLogon: $AutoAdminLogon"
Write-Host "DefaultUserName: $DefaultUserName"
Write-Host "DefaultPassword: $DefaultPassword"
Write-Host "AutoLogonCount: $AutoLogonCount"

Output from my Windows 10 1607 laptop:

Current AutoLogon Settings:
AutoAdminLogon: 0
DefaultUserName: Administrator
DefaultPassword: 
AutoLogonCount: 

AutoAdminLogon has two states. If it’s 0, then it’s disabled. If it’s 1, then it’s turned on.
AutoLogonCount indicates the remaining number of automatic logons. This number decreases by one every time the computer restarts, until it reaches 0. When it reaches 0, it changes AutoAdminLogon to 0 and clears the DefaultPassword. Setting this to any number below 0 will effectively set your computer to automatically logon forever.

FOG runs snapins as the local SYSTEM account. This gives it the administrative privileges that it needs to install the applications. If the applications requires user input during setup, then you may not be able to make it a Snapin. You could also look into something like AppDeploy to repackage an application into a silent installer.

I tend to google “<application name> silent install” for applications that I am unfamiliar with.

• If you’ve installed FOG with the defaults, you should have the correct PHP version.
• Select the files from your computer and they will upload to the FOG server. FOG will deploy them from the server.
• /i is for msi based installers. You won’t use that for exes.
• These vary depending on the application. Google “<application name> silent install” and you’ll likely get what you need.
• I’ve never used this option.
• I’ve never used this option. I just left as 0.
• Again, I just leave this as the default option.
• Since that’s an MSI in the picture, that will probably work.

I got it to work.

Just needed to download and add the wimboot files.

I have to ask : Why not just deploy a clean Windows 10 image?

Are you using SysPrep? Was the image built on the same model PC you’re deploying to?

@Tom-Elliott said in Full Inventory with Kernel Options?:

I feel I should add, full inventory is already it’s own tasking type. So long as the host is registered, you can task it like any other task by going to Basic Tasks from the element’s sub menu (element being Host or Group). Click on Advanced Tasks. Click on Inventory task.

OR

If you deploy the image to a host, it will automatically perform a full inventory every time.

The reason that I like the Full Inventory option rather than Quick is because I can type the desired hostname in as I’m registering PC’s.

So, in case your application doesn’t support silent installation, you might want to look into something like AppDeploy. This will take a snapshot of your PC before you install the application and then another after you install it and then try to build an installer for that application.

I’ve had some success with it. Won’t work for everything.

Are these the first Windows 10 computers that you’ve had? Maybe some GPO is present that just doesn’t like 10.