RE: Powershell Snapin

Nope, doesn’t seem to allow me to do that. Seems Microsoft doesn’t want you doing this this way.

I wrote this:

$PathsToExclude = (
    "C:\Test01",
    "C:\Test02",
    "C:\Test03"
)

$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths"

ForEach($Path in $PathsToExclude) {
    New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
}

Ran with admin rights, but got this error:

New-ItemProperty : Requested registry access is not allowed.
At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
+     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
 
New-ItemProperty : Requested registry access is not allowed.
At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
+     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
 
New-ItemProperty : Requested registry access is not allowed.
At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
+     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand

99% sure that GPO could do this.

SYSTEM has Full Control permission to this path though, so not sure why it didn’t work from Snapin.

@alfredo-the-pasta You may be able to add the paths directly to the registry. Give me a few minutes.

It’s very possible that you just can’t run these with SYSTEM, which is what FOG snapins run as. I’ve had other commands not function via Snapin that work just fine when running locally.

Is there a batch\command file alternative?

Also, this appears to be a Windows 10 command. I do not have it on my Windows 7 box, but it’s there on Windows 10.

Pulled latest working branch. Took me down to Version 65, SVN 6079. Re-tested. Same results.

@tom-elliott I made the changes using the two wget’s you provided.

Test server is currently on 1.5.0-RC-9, SVN 6080.

It went further than before, but though up an error screen. I took pictures. Will attach soon.

@jackiejack said in Win 10 image:

Ooookay,

I know I am going to get flamed for this. But I am doing research on sysprep but still so confused.

I have a windows 10 computer with programs installed. Need to get that unto 48 different computers. What do I do now? Go into sysprep? I didn’t go into CTRL SHIFT F3 thing.

Are your 48 different computers the same model? If they are, then I would used one of them to create the image. If not, VirtualBox will work fine. My image was created in VirtualBox and runs on about 30 different models.

@sebastian-roth said in Surface Pro 4 registration issues:

@Avaryan Ok, possibly we just need to add this model’s USB ID to the kernel source code.

@Tom-Elliott Would you please add ID 045e:0927 to drivers/net/usb/r8152.c. With a bit of luck this will make it work.

@Sebastian-Roth @tom-elliott
Was this done? I’d be glad to test again. I only have one Surface device left and not sure how much longer I’ll have access to it.

@Sebastian-Roth
Here is the output from the Surface device running Ubuntu 16.04 live CD. The Microsoft model 1821 dongle is being used to connect to the Internet.

ubuntu@ubuntu:~$ dmesg | grep eth
[    0.154336] ACPI Error: Method parse/execution failed [\_SB.PCI0.UA02] (Node ffff9112e68e3e60), AE_NOT_FOUND (20160930/psparse-543)
[   35.131648] cdc_ether 2-1.3:2.0 eth0: register 'cdc_ether' at usb-0000:00:14.0-1.3, CDC Ethernet Device, 94:9a:a9:86:4a:8f
[   35.132021] usbcore: registered new interface driver cdc_ether
[   35.136674] cdc_ether 2-1.3:2.0 enx949aa9864a8f: renamed from eth0
[   35.154528] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   35.154534] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   35.158223] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   35.160373] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   35.181749] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   99.544696] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
[   99.544714] cdc_ether 2-1.3:2.0 enx949aa9864a8f: kevent 12 may have been dropped
ubuntu@ubuntu:~$ lsusb
Bus 002 Device 004: ID 045e:0927 Microsoft Corp. 
Bus 002 Device 003: ID 2109:0812 VIA Labs, Inc. VL812 Hub
Bus 002 Device 002: ID 2109:0812 VIA Labs, Inc. VL812 Hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 006: ID 1286:204c Marvell Semiconductor, Inc. 
Bus 001 Device 005: ID 046d:c534 Logitech, Inc. Unifying Receiver
Bus 001 Device 004: ID 6557:0122  
Bus 001 Device 003: ID 2109:2812 VIA Labs, Inc. VL812 Hub
Bus 001 Device 002: ID 2109:2812 VIA Labs, Inc. VL812 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
ubuntu@ubuntu:~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether bc:83:85:2d:ae:b2 brd ff:ff:ff:ff:ff:ff
3: enx949aa9864a8f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 94:9a:a9:86:4a:8f brd ff:ff:ff:ff:ff:ff
    inet 10.20.20.191/16 brd 10.20.255.255 scope global dynamic enx949aa9864a8f
       valid_lft 691071sec preferred_lft 691071sec
    inet6 fe80::3af8:8518:3f25:a167/64 scope link 
       valid_lft forever preferred_lft forever

Dongle is going through a powered USB hub, due to the Surface only having 1 USB port.

@sebastian-roth said in Surface Pro 4 registration issues:

@avaryan said in Surface Pro 4 registration issues:

Had a Raspberry Pi next to me, so that’s what I used.

You mean you connected the USB NIC to the raspberry?! Though this is a good idea to get the information it’s not the same as booting a linux live system on the surface to see if it works properly. My fault I didn’t explicitely say that I wanted to test this as well - see if a linux live system booting on that surface device can bring up the NIC properly.

So back to the pictures you posted. Thanks for that! To me it looks as if you’ve connected two differnet USB NICs at the same time. Both are detected but getting no link. Where they hooked up to the network? Do both USB NICs fail with FOG at the very same step? I’d guess it’s better to focus on one of the NICs to not mix things up too much.

There was only one USB NIC attached to the Raspberry Pi in these pictures. It was not connected to the internet.

I’ll have to download a live cd before I can test on the surface.

Had a Raspberry Pi next to me, so that’s what I used.

Surface dongle model 1663 works, but I’ve also had this issue with the model 1821?-ish and the official docking station.

It’ll boot to FOG, but cannot deploy image or do inventory registration. Normal unplug/plugin trick didn’t work.

The 1663 model will work with latest ipxe without having to unplug.

Since I don’t currently have any important work to do while at work…

Inkscape. Newer versions have a MSI file. Should be very easy to make a Snapin with.
Download link: https://inkscape.org/en/gallery/item/11263/inkscape-0.92.2-x64.msi

LanSchool. No idea what this is, but it does offer silent installation options so you should be able to script something.
https://helpdesk.stone-ware.com/portal/kb/articles/install-uninstall-lanschool-via-the-command-line-cmd
https://helpdesk.stone-ware.com/portal/kb/articles/scripting-or-mass-deploy-switches-for-lanschool-install

Scratch 1.4. Use the msi file available here. It has an ini file with it, so upload the entire zip file as a SnapinPack and choose the msi template.
http://download.scratch.mit.edu/Scratch1.4.msi.installer.zip

Scratch 2. Already showed you that one, but there are newer versions available.
https://scratch.mit.edu/download

@x23piracy said in Windows (Powershell) / Username=Computername:

It does not make sense to encrypt the password within the same script.

PowerShell doesn’t allow you to do passwords in plain text. For testing purposes, it was fine.

I know that Scratch and Scratch 2 are deployable via FOG Snapins. I’ve made them for both.

This installs Adobe AIR, which is a prerequisite for something in here. Haven’t looked at this in a year.

Will need to add all of the files shown above to a zip archive and then upload.

FOG runs snapins as the local SYSTEM account. This gives it the administrative privileges that it needs to install the applications. If the applications requires user input during setup, then you may not be able to make it a Snapin. You could also look into something like AppDeploy to repackage an application into a silent installer.

I tend to google “<application name> silent install” for applications that I am unfamiliar with.

• If you’ve installed FOG with the defaults, you should have the correct PHP version.
• Select the files from your computer and they will upload to the FOG server. FOG will deploy them from the server.
• /i is for msi based installers. You won’t use that for exes.
• These vary depending on the application. Google “<application name> silent install” and you’ll likely get what you need.
• I’ve never used this option.
• I’ve never used this option. I just left as 0.
• Again, I just leave this as the default option.
• Since that’s an MSI in the picture, that will probably work.

I set an Access Control rule to block access to the home node. It did take the icon away, but still took the user to that page at login.

Why not just create the local user doing sysprep?

Worked for me when I ran it locally on a Windows 10 Enterprise x64 computer. Will run as snapin soon to test.

Here is my code:

$Hostname = (Get-WmiObject -Class Win32_ComputerSystem).Name
$Password = "password" | ConvertTo-SecureString -AsPlainText -Force
New-LocalUser -Name $Hostname -Password $Password -Description "Local user." | Add-LocalGroupMember -Group "Users"

edit: Did not work when ran as a FOG snapin.

WMI usually has details about any network devices. It logs the service name, mac address, adapter type, device name, etc…

What about making a script that logs any new network devices (that have MACs) and having it run periodically with a scheduled task? Might help you track down the cause.

@a12660

As root or with sudo:
cd /root/fogproject
git checkout dev-branch
git pull
cd bin/
./installfog.sh

Follow prompts.