Creating a csv host import from a network scan

Run the following code in powershell (after editing it with your network’s subnets) to create a csv that will import all hosts on your network.

# examples, just gotta put subnets minus the final .x in a string array
# Could also be params if this was a function
$subnets = @("192.168.1", "192.168.2", "10.2.114", "192.168.0"); 
$subnets | ForEach-Object { # loop through each subnet
	for ($i=0; $i -lt 255; $i++) { # loop through 0 to 255 of the subnet
		$hn = nslookup "$_.$i"; # run nslookup on the current ip in the loop
		if ($hn[3] -ne $null -AND $hn[3] -ne "") { # does the ip have a dns entry
			$hostN = $hn[3].Replace("Name:","").Trim(); # parse the nslookup output into a fqdn host name
			$mac = getMac /S $hostN; # does the hostname have a mac addr. Can also add /U and /P for user and password if not running from a administrative account
			if ($mac -ne $null) { # was there a mac for the host?
				$macAddr = $mac[3].Split(' ')[0]; # use the first found mac address and parse it
				"$hostN,$macAddr" | Out-File C:\hosts.csv -Append -Encoding UTF8; # add the hostname,macaddress to the csv
			}
		}
	}
}

@Arrowhead-IT Scratch that, it totally worked after a restart. So if you go breaking your permissions just run the script posted and restart and violia!

Everything is working for me now! hooray for the new inits!

@Lee-Rowlett I think you are somewhat correct there. In all my testing I found that it relates to when a user first logs in it installs all the metro apps for that user including cortana. And when you do a profile copy in the system advanced settings control panel it ends up copying some of those installed apps to the default profile which causes the installation of metro apps on a new profile to fail, but there’s no error because the installs think they succeed since the files are already there.
At least I think that has some to do with it. My new script system seems to work flawlessly and it is much easier than my old way of having to change the registry everytime and such.

I would still test your theory for you, just for funzies, but I don’t actually use an unattend.xml. I don’t like sysprep. It breaks my default profile sometimes, and I’ve seen it break other things and it forces you to go back to oobe which messes with my computer naming system. I’ve kinda found it to not be necessary. Yes it resets some security id’s for activation this and that but if you are using windows enterprise volume licensing, that doesn’t cause any problems. In windows 7 I figured out the registry key to change and then just re-inputting the windows key and reactivating gave it a new sid. Windows 8 and 10 just work without issue without doing that. As for drivers, I make my images on a vm so they’re already hardware independent and I use the terminal tool devcon (included in the windows wdk 8.1, I just copy the devcon.exe over to my image vm after installing the wdk on my workstation) to uninstall all the devices in the device manager before rebooting with devcon -r remove *
It goes through the uninstalling of devices much much faster than sysprep does too.

So thank you sir for your help, but I think I got it figured out.

I created a powershell module for using the Fog API

https://www.powershellgallery.com/packages/FogApi

Install instructions are found at that link.

You can also use powershellget https://www.powershellgallery.com/packages/PowerShellGet the command Install-Module -Name FogApi;*

Importing that module will help you to set up a quick and easy and crossplatform way to manage fog from a powershell prompt.

It is structured based on the api documentation found here https://news.fogproject.org/simplified-api-documentation/
It even autocompletes the parameter options based on that documentation.

So if you read that documentation and see that you can get an ‘object’ you can then take that to the command by saying Get-FogObject -type object -CoreObject objecttype that object type validates/autocompletes to the list of available core objects found in the documentation.

If you install the module and run help Invoke-FogApi it will display a bit more verbose help and documentation on how it all works.

There are a few main functions to use that all make calling the Invoke-FogApi function a bit easier with autocompletion fun times

• For GET api calls : Get-FogObject
• For POST api calls : New-FogObject
• For PUT api calls : Update-FogObject
• For DELETE api calls : Remove-FogObject

Each of these return powershell objects. If you’re unfamiliar with powershell and powershell objects, then this is a good way to learn.
They make it so you can take information and easily find and manipulate their properties.
i.e. if you did a $hosts = Get-FogObject - type Object -CoreObject host $hosts would contain 2 properties, a count of returned objects and an array of all your fog hosts, each with all the information fog has on them. So lets say you want to see all your hosts that have a intel cpu, you can search all the hosts for where the inventory’s cpu manufacturer has ‘intel’ in its value. $intelPCs = $hosts.hosts | ? { $_.inventory.cpuman -match 'intel' } Then maybe you just want the hostids, names, and mac addresses. $intelPCList = $intelPCs | Select-Object id,name,primac; $intelPCList;

PS Objects can also easily be turned into json by piping them into a ConvertTo-Json command. Meaning that you can just change the values of an object’s properties, such as a host’s name, image, etc. And then convert that to json to use as the jsondata in any other command.

I also included a Install-FogService function in the module for good measure that downloads the latest version of the client msi installer from your server and then silently installs it. In theory, you could use Invoke-Command to run that command on remote computers (though you would also have to import the module on each computer).

There is a settings.json file that the module pulls from to get your api keys and servername. It needs to be set manually, but automatically opens in an appropriate editor for your OS if it finds that the settings are still set to default. The default settings are explanations of where to find the values on your server.

Help Info from function code Will be updated overtime, putting here as it is the help info uri listed in module manifest
Invoke-FogApi

<#
        .SYNOPSIS
           a cmdlet function for making fogAPI calls via powershell
        
        .DESCRIPTION
            Takes a few parameters with some pulled from settings.json and others are put in from the wrapper cmdlets
            Makes a call to the api of a fog server and returns the results of the call
            The returned value is an object that can then be easily filtered, processed,
             and otherwise manipulated in poweshell.
            The defaults for each setting explain how to find or a description of the property needed.
            fogApiToken = "fog API token found at https://fog-server/fog/management/index.php?node=about&sub=settings under API System";
            fogUserToken = "your fog user api token found in the user settings https://fog-server/fog/management/index.php?node=user&sub=list select your api enabled used and view the api tab";
            fogServer = "your fog server hostname or ip address to be used for created the url used in api calls default is fog-server or fogServer";
                    
        .PARAMETER serverSettings
            this variable pulls the values from settings.json and assigns the values to 
            the associated params. The defaults explain how to get the needed settings
            fogApiToken = "fog API token found at https://fog-server/fog/management/index.php?node=about&sub=settings under API System";
            fogUserToken = "your fog user api token found in the user settings https://fog-server/fog/management/index.php?node=user&sub=list select your api enabled used and view the api tab";
            fogServer = "your fog server hostname or ip address to be used for created the url used in api calls default is fog-server or fogServer";

        .PARAMETER fogApiToken
            a string of your fogApiToken gotten from the fog web ui. 
            this value is pulled from the settings.json file
        
        .PARAMETER fogUserToken
           a string of your fog user token gotten from the fog web ui in the user section.
           this value is pulled from the settings.json file
        
        .PARAMETER fogServer
            The hostname or ip address of your fogserver, 
            defaults to the default name fog-server
            this value is pulled from the settings.json file
        
        .PARAMETER uriPath
            Put in the path of the apicall that would follow http://fog-server/fog/
            i.e. 'host/1234' would access the host with an id of 1234
            This is filled by the wrapper commands using parameter validation to 
            help ensure using the proper object names for the url 
            
        .PARAMETER Method
          Defaults to 'Get' can also be Post, put, or delete, this param is handled better
          by the wrapper functions
          get is Get-fogObject
          post is New-fogObject
          delete is Remove-fogObject
          put is Update-fogObject
        
        .PARAMETER jsonData
            The jsondata string for including data in the body of a request
        
        .EXAMPLE
            #if you had the api tokens set as default values and wanted to get all hosts and info you could run this, assuming your fogserver is accessible on http://fog-server
            Invoke-FogApi;

        .Example
            #if your fogserver was named rawr and you wanted to put rename host 123 to meow
            Invoke-FogApi -fogServer "rawr" -uriPath "host/123" -Method "Put" -jsonData "{ `"name`": meow }";

        .Link
            https://news.fogproject.org/simplified-api-documentation/
        
        .NOTES
            The online version of this help takes you to the fog project api help page
            
    #>

I would suggest using the full path of the file in your batch script instead of changing the directory.
And when I say full path, I mean the true full path, not the mounted S:\ drive.
Even if S:\ is being mounted by active directory or is a mapped drive as part of your image, I would still suggest using the full network/unc path.
I would also suggest mounting it with net use and a username and password. This will ensure the system account that the Fog Service uses has access to the files you want
I would also add some logging and other error preventions.

i.e. if S:\ was mapped to \FileServer\Share …

@ECHO off

echo. Create variables to make scripting easier
set sharePath=\\FileServer\Share\Pat

echo. Mount S drive path, replace username and password with share credentials. 
echo. If share is public omit the /USER parameter and everything after it


net use %sharePath% /USER:username password

echo. make sure destination exists, create it if it doesn't
if not exist C:\temp mkdir C:\temp

echo. copy each file, add /Y to overwrite without any prompt
echo. copying tdpunt...
copy /Y %sharePath%\tdpunt.bat C:\temp\ > C:\temp\tdpunt-bat-Copy.log
echo. copying tundpt.exe...
copy /Y %sharePath%\tundpt.exe C:\temp\ > C:\temp\tundpt-exe-Copy.log

echo. Done!

exit

Use that and then see if the .log files show up after deploying the snapin.

Also, in the web gui snapin config, you should take out the /qn that does nothing.
The snapin arguments section is for custom arguments that you have in your script. Your script doesn’t do anything with the /qn and it could cause issues. The /c parameter is passed to the cmd.exe command which tells cmd.exe to open a prompt, run the command, and then close.
If you had a line in your script like this

if "%1" == "/qn" (
    echo. hey look a parameter, lets do something since it's there!
)

then the /qn would have a point.

Hope that helps a bit.

Thanks,
-JJ

New Module Version Published

Just wanted to let people know that there’s a new version of the API yay!
It’s been published to the psgallery here https://www.powershellgallery.com/packages/FogApi/1903.0.0.22 and it is awaiting a pull request to show up in the fog community scripts git.
It has new functions to help do some common tasks, particularly with snapins. Here’s a list of the current functions.

Add-FogSnapins
Set-FogObject
Get-FogAssociatedSnapins
Get-FogGroup
Get-FogHost
Get-FogHosts
Get-FogInventory
Get-FogLog
Get-FogObject
Get-FogServerSettings
Get-FogSnapins
Install-FogService
Invoke-FogApi
New-FogObject
Remove-FogObject
Remove-UsbMac
Set-FogInventory
Set-FogServerSettings
Set-FogSnapins
Start-FogSnapins
Update-FogObject

@kbramhall said:

@Tom-Elliott I attempted to go through the installer and saying no to DHCP and DNS but if failed to install tftp-server this time. Attached is the foginstall.log file.0_1450298881023_foginstall.log

I took a look at the install log and noticed this bit

../lib/redhat/functions.sh: line 1: n#: command not found

I’ve seen that before. You need to both make sure that you’re running as the root user and make sure you’re running the install script from the bin folder.
i.e. cd into where you downloaded/untarred the fog installer and then

cd bin
./installfog.sh

I figured out when making the automated update scripts that you can’t run it with the full path like
/home/fog/installFoder/bin/installfog.sh
because it use the trailing … to get to some included scripts. So you have to start the script from its happy home.

Also, what happens when you try to install the packages that failed manually?
I would try them one at a time. It looks like these ones…

yum install tftp-server
yum install xinetd
yum install vsftpd
yum install gcc
yum install gcc-c++
yum install lftp

And I just had another thought, are you sure the firewall is completely disabled? I just remembered a recent experience where a fresh install cent OS wouldn’t do internet things until I flushed the iptables.
Which if memory serves is

iptables -F
or
iptables -f

Hopefully something there helps

In the past I made a script for automating svn updates. Since sourceforge has been making a habit of crashing lately, I decided to start using the git repo instead and adjusted my script to work with git.
I figured others might benefit from it so why not share…

#!/bin/bash
clear
# -------------------------------------------
# Fog Git Updater
# -------------------------------------------
# -------------------------------------------
# Script Purpose
# -------------------------------------------
# This script is designed to run an automated update of the latest FOG Git dev build and it's cron friendly
# -------------------------------------------
# -------------------------------------------
# Some prereqs for this script
# -------------------------------------------
# 1. Already have an existing working install/configuration of FOG 1.0 or later
#
# 2. Have git installed and setup. You can do that by doing....
# 	sudo apt-get install git
#  	mkdir /home/fog/fogInstalls/git
#	git clone https://github.com/FOGProject/fogproject.git /home/fog/fogInstalls/git
#
# 3. A script to echo the encrypted version of your sudo password, create one with this function
#	just put in your password into the following in place of your_super_secret_password (leave the quotes)
#	and then uncomment and copy paste the function into a terminal and then run it with just the name of the function pw
	# pw(){
	# 	touch /home/fog/fogInstalls/.~
	# 	ossl=`echo "your_super_secret_password" | openssl enc -des -a -e -pass pass:PASSWORD`
	# 	echo 'echo "$(echo '$ossl' | openssl enc -des -a -d -pass pass:PASSWORD)"' >> /home/fog/fogInstalls/.~
	# 	sudo chown fog.root /home/fog/fogInstalls/.~
	# 	sudo chmod 700 /home/fog/fogInstalls/.~ 
	# }
# -------------------------------------------
# -------------------------------------------
# Variables
# -------------------------------------------
# -------------------------------------------
echo "Creating Script variables..."
fogInstalls='/home/fog/fogInstalls'
gitPath="$fogInstalls/git"
backup="$fogInstalls/backups"
pw=`sh $fogInstalls/.~` 
# -------------------------------------------
# -------------------------------------------
# Functions
# -------------------------------------------
# -------------------------------------------
perms(){
	sudo chmod -R 775 $1
	sudo chown -R fog.fog $1
}

srvUpdate(){
	# Enter sudo mode aand do some quick server maintenance update fun times
	# First, enter sudo mode by echoing the output of decrypting your encrypted password and pipe that into an apt-get update
	#	Don't worry, it doesn't output the password into the terminal
	#	Now that the password is in once the terminal will keep it stored for the next bunch of sudo commands
	echo "Running Sever updates!..."
	echo $pw | sudo -S apt-get update -y
	sudo apt-get upgrade -y # install any upgrades you just downloaded
}

backupConfig(){
	# Backup custom config and other files
	# Copy the latest versions of any files you've changed that will be overwritten by the update and backup the database just in case.
	# For example you may want to back up...
	# Config.php
	# 	To be on the safe side your config file in the /opt folder that has may have a corrected webroot for ubuntu 14.04 and may have stored encrypted credentials (i.e mysql)
	# 		I think that the installer uses this file and keeps it anyway, but I like to be careful
	# Exports file
	#	Because this runs the installer with a yes pipe, it ends up telling it that the image path is "y",
	# 		simply backing up and restoring your current one avoids the issue of fog not finding your precious images. 
	# Custom pxe boot background
	# 	If you have a custom background for the pxe menu, the bg.png file
	# Mysql database dump
	#	It would be rather troublesome if something went horribly wrong in the update and your database goes kaboom, it's unlikely but backups are a good thing 
	# Just a note, It's a good policy to also have backups of these outside of your server, which you could add to this script with an scp command or something like that
	# -------------------------------------------
	echo "make sure backup dir exists..."
	if [ ! -d $backup ]; then
		mkdir $backup
	fi
	echo "Dumping the database..."
	mysqldump -u root --all-databases --events > $backup/DatabaseBeforeLastUpdate.sql #backup database
	echo "Backing up config and custom files..."
	echo "config.php..."
	sudo cp /opt/fog/service/etc/config.php $backup/config.php
	echo "fog settings..."
	sudo cp /opt/fog/.fogsettings $backup/.fogsettings
	echo "nfs exports..."
	sudo cp /etc/exports $backup/exports
	echo "custom pxe background..."
	sudo cp /var/www/html/fog/service/ipxe/bg.png $backup/bg.png 
}

gitP(){
        perms $gitPath
	echo "git pull...."
	cd $gitPath
	git pull
}

updateFOG(){
	echo "running FOG installer..."
	cd $gitPath/bin
	sudo bash installfog.sh -Y
}

restoreConfig(){
	# Restore backed up files
	# Restore the backed up files to their proper places and make sure they're formatted correct too.
	echo "restoring custom pxe background..."
	sudo cp $backup/bg.png /var/www/html/fog/service/ipxe # Restore Custom Background 
	# I found that I needed to do this in some configurations, but it may no longer be neccesarry...
	echo "Creating undionly for iPxe boot in ipxe folder, just in case..." 
	sudo cp /tftpboot/undionly.kpxe /tftpboot/undionly.0 # backup original then rename undionly 
	sudo cp /tftpboot/undionly.0 /var/www/html/fog/service/ipxe/undionly.0
	sudo cp /var/www/html/fog/service/ipxe/undionly.0 /var/www/html/fog/service/ipxe/undionly.kpxe
}

fixPerms(){
	echo "Changing Permissions of webroot..."
	perms '/var/www/html/fog'
	echo "Changing permissions of images...."
	perms '/images'
	echo "Changing permissions of tftpboot...."
	perms '/tftpboot'
}

# -------------------------------------------
# -------------------------------------------
# Run the script
# -------------------------------------------
# -------------------------------------------
srvUpdate
backupConfig
gitP
updateFOG
restoreConfig
fixPerms
echo "Done!"

@anthonyglamis Fogcrypt is essentially obsolete, yes. You can still put the fogcrypt output into the legacy input but I find the new auto-encrypt to work better. But yes I’m pretty sure that the fogcrypt tool is still there

I hadn’t noticed that the hashes were different before, so I checked mine and they are different. I haven’t had any problems though, so I would say it shouldn’t be an issue.

@sebastian-roth said in boot php - denied:

@robertkwild said in boot php - denied:

the desktop in question that gets the error is a hp z640

Searching the forum I found that @JJ-Fullmer also has used HP Z640 machines some time ago. I am wondering if you have HTTPS enabled on your FOG server as well?

Holy cow that was a long time ago. That’s when we added nvme support. Good times.

Glad to hear you got it working @robertkwild sounds like it probably was the cmos/time issue.

@austinjt01 Have you tried different versions of bzImage and or init.xz?
i.e. try downloading the latest kernel from the kernel update screen in your fog gui and giving it a name like bzImage5 and then set that case sensitive name as the kernel on the fog host in question and see if it makes a difference.

Also, have you checked in the fog web task manager when it is stuck to see if it shows progress there? It’s rare, but I remember once seeing it look like it was stuck but the computer just wasn’t displaying the progress and it was actually working.

@cello said in How to create a Windows 10 Image:

Is it also possible without Sysprep?

It’s a trap!

While there are ways that appear to work without sysprep, you’ll have a much better time if you just use sysprep.
I learned this the hard way. Sysprep has gotten faster and a bit easier (in some respects at least).
If you don’t use it, you’ll end up with windows licenses with the same universal identifiers, which breaks volume license activation tools.
You can also end up with driver problems if the image wasn’t created on the same model computer and you don’t use sysprep.

If I were to sum up our steps for creating a win 10 image (but like @george1421 said it’s a bit out of scope and would take days to answer in full detail, also we don’t use MDT, just to provide another method) I would say

1. Download iso of latest version of most recent windows 10 H2 release (i.e. 20H2, ltsb versions are also a trap unless truly neccessary)
2. Create an unattend file using windows system image manager (see also https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/windows-system-image-manager-how-to-topics) I personally took the time a few years ago to ready through all the options available, it’s pretty extensive. But you can also make it pretty basic with setting some simple settings, adding some first logoncommands, and then just make sure you read up on using the ‘reseal’ options to make the sysprep phases go in your desired order. (i.e. I have mine go Audit System - adds (but doesn’t install) network drivers to the driver store -> Audit User - reseals to generalize -> Generalize - removes drivers not added by sysprep and makes the image general for any device -> I have it send to shutdown from here -> I Upload it to fog -> When it deploys it starts the specialize phase -> Then it goes through oobe (which you can make unattended, there are some skip oobe options to be sure it doesn’t show, but you want to be sure all settings that would be set during interactive oobe are set by your unattend.xml created with windows system image manager)
3. Install the iso on a vm (or whereever you want to capture your image from), at the oobe screen after install hit ctrl+shift+f3 to enter audit mode
4. DO NOT OPEN THE WINDOWS STORE (if apps are updated in the store, sysprep won’t run, it’s a whole thing)
5. Add customizations/files you want on all machines (some will be removed by sysprep, figuring it out involves some reading and trial and error) and add the unattend.xml file to “C:\Unattend.xml” and “C:\Windows\System32\Sysprep\Unattend.xml” (I like using both places as a fail safe to be sure its used). I personally use custom powershell modules to automate this whole process, scripting it in some way is a good idea once you get it dialed in. I suggest limiting program installation at this step, I have found its better to use a provisioning method such as snapins and or chocolatey triggered by the firstlogoncommands to add programs, easier to keep them up to date and if something goes wrong with an install it’s not then on every single one of your computers.
6. Run sysprep (i.e. sysprep.exe /audit /reboot /unattend:"C:\unattend.xml") and capture the image to fog
7. Deploy the image with fog and watch the magic happen

Part of the oobe phase can involve auto-logging in as the administartor and running the firstlogoncommands, which is where (if you didn’t add it during audit mode) you can make sure the fogservice is there and will get your computer connected to your domain.

This is all a very high level overview and there may be some steps in between beyond creating scripts and other infrastructure. docs.microsoft.com has many helpful guides for the available unattend.xml options and creating images, I thought I had some of the more helpful ones bookmarked/referenced in internal docs but I can’t find them at the moment. I’ll share them if I find them later and remember.

If you take the time to do it right and get it all setup, it becomes very easy to create new images and deploy them.
You could also easily use fogs scheduled tasks to deploy the image nightly on machines. You’ll just need to dial in the firstlogoncommands to work they way you want it to.

According to the official page from microsoft https://www.microsoft.com/en-us/windows/windows-11-specifications it just says “secure boot capable” I guess we’ll just have to wait till it’s released to insiders to get some real world information.

I realize this was only just announced today, but windows 11 is coming as early as this year and it now (allegedly) requires secure boot and tpm to be enabled to be installed (see also https://www.windowscentral.com/windows-11-system-requirements)

There’s been past discussion about getting secure boot supported for fog, but it looks like the time soon comes where we have to do it (which seems to be a theme with a lot of things in tech recently and in the coming year)

So I just wanted to open up a new thread to get the discussion going to see what needs to be done.

@mechalas More help? Yes Please!

@jj-fullmer said in FOG 1.5.4 API host module settings:

@JJ-Fullmer said in FOG 1.5.4 API host module settings:

@Jamaal Glad you got it figured out, sorry I didn’t see this early as adding it to the host splat that you convert to json adds it to the json data that @Tom-Elliott references here. I will make a note about adding something with setting modules to my module in the future

Look, I made a note https://github.com/darksidemilk/FogApi/issues/1

@Jamaal I also finally did something with this. I hope to at some point develop this a lot further and have dynamic parameters for snapins and groups when adding a host in powershell. But for now there is at least a basic new-foghost function that will create a host with a given name and mac list and enable the modules that you have set as default in your fog server.

This is published in version 2103.2.12
https://www.powershellgallery.com/packages/FogApi/2103.2.12
https://github.com/darksidemilk/FogApi/releases/tag/2103.2.12

@Jamaal
@jj-fullmer said in fog API powershell help:

Glad I had the code for get-foggroups somewhere to be found. It looks like something weird happened to the get-foggroups function and all the code disappeared from it. I’ll need to get that fixed as soon as I can as that function is used all over the place. I have made an issue for it https://github.com/darksidemilk/FogApi/issues/3

I just published a new version of the module fixing the issue with get-foggroups and subsequently get-foggroupsbyname if you update to the new version 2103.2.12 those functions should work now.

A new small bugfix and feature release has just been published.
This fixes issues related to getting fog groups and adds functions for creating fog hosts.

https://github.com/darksidemilk/FogApi/releases/tag/2103.2.12

https://www.powershellgallery.com/packages/FogApi/2103.2.12

@jamaal I created my own infrastructure to handle this. It was not a simple process, but it works pretty well.
I have what I call profile packages for each department, we use chocolatey for that and each one has a snapin.
I have a powershell module for provisioning. I use sysprep/unattend firstlogoncommands to trigger its start and then it goes through a series of commands and restarts amongst that I have it use the api to get the fog group a host is in and then it adds the associated snapin that I associate through code and file structure.
Once you get that far you can add a list of snapins to a host, deploy them, and then remove them (so the host remains ready to be deployed in a different department without having to remove old snapins) all with the api.

Check out

• Set-fogsnapins for setting a list of snapins to a host https://fogapi.readthedocs.io/en/latest/commands/Set-FogSnapins/
  (I just noticed I forgot to remove the $dept parameter in that function, that was for my internal use, you can just ignore it)
• Start-FogSnapins for starting the deploy all snapins task on a host
  https://fogapi.readthedocs.io/en/latest/commands/Start-FogSnapins/
• Remove-FogObject for removing the snapins from a host, looks like I haven’t published a helper function for removing the snapins just yet.
  https://fogapi.readthedocs.io/en/latest/commands/Remove-FogObject/
  • here’s an example of how you would remove the snapins. To remove them you have to remove the snapinassociation object.

#create a list/array of the snapins you want to remove
$snapinsToRemove = @('snapin','names','here'); 

#get all the snapin associaion objects
$AllAssocs = (Get-FogObject -type object -coreObject snapinassociation).snapinassociations

# Get the snapins associated with your host
$AllHostSnapins = Get-FogAssociatedSnapins -hostId $hostID;

#get the ids of the snapins you want to remove, from the list of snapins attached to your host.
$snapinIds = ($AllHostSnapins | Where-Object name -in $snapinsToRemove).id

#Get a list of the snapinassociation ids that match your host id and are in the list of snapin ids attached to your host
$assocsToRemove = $allAssocs | Where-Object { $_.hostID -eq $hostID -AND $_.snapinID -in $snapinIds}

# loop through the found associations and remove them
$assocsToRemove | ForEach-Object {
    Remove-FogObject -type object -coreObject snapinassociation -IDofObject $_.id;
}

I believe there is also a fog plugin for persistent groups that can do more of what you describe natively in fog.

Granted, I will need to get the get-foggroups function fixed for some of this to work properly. Maybe I’ll have some time this weekend.