RE: WIndows 10 Capture/Deploy Woes

So I’m noticing a couple things.

• The first boot error relates to efi - perhaps you have an efi partition separate from the install and would need to do multiple partition image
• At the same time there are .mbr files and also gpt messages. GPT is typically associated with efi style images and mbr with bios/legacy style images.

So are you using uefi on the image you are uploading from?
Are you uploading from legacy and then downloading to a computer set to uefi mode?
Personally I find mbr and bios/legacy mode to work just fine and to be just much simpler. So if it’s not too much effort you could redo the image making sure that your computer is booting to legacy/bios mode. In some bios’s you have to disable secure boot before it lets you enable the legacy boot mode. GPT and uefi do work with fog, don’t get me wrong, but I just find gpt easier. Also, a side note, to ensure you make only one partition when you install windows (this works on at least windows 7 and up) when you have the install disc in and you’re at the partition selection, hit shift+f10 to bring up a command prompt. Then run the following commands to clear out all existing partitions and make only one new one. As far as I have found this only works with mbr style partitions. There is probably a way to do it for gpt, I just haven’t found it yet, which is another reason I stick with mbr.

diskpart
list disk
(It will list the disks with details, most likely you'll want disk 0, but list and check to be sure)
select disk 0
clean
create partition primary
exit
exit

Then hit refresh on the windows gui partition editor and select the newly created partition

If you put a lot of work into this image and don’t want to start over on it, no worries, we can still try some other stuff.
Go into fog and queue a download of the image ticking the “schedule as a debug task” box.
Now you will be able to step through the image process and run some other commands on the computer you are imaging

I would try running fixparts on /dev/sda in a debug session. This may fix any mbr/gpt confusion within the drive or image your using and that alone could make it work.
If that doesn’t do the trick. Then we’ll come back to the drawing board.

So, that was a lot of information, let me summarize a little.

• Is your image source a gpt/efi setup or a mbr/bios setup?
• Do you want it to be resizable or do you not care because they’re all the same size hard drive?
• Have you tried running fixparts (I would recommend trying this before uploading the source image as well as before download)
• Consider making a new mbr style image in bios/legacy mode using the instructions I gave above, as I know it works for windows 10

Once upon a time @Wayne-Workman asked me to share my script for prepping images with or without using sysprep.
At the time it was still being developed and not quite stable enough to share. It still needs a bit more work to be truly universal and I will likely put it in a public git when it’s closer to that level. But hey, I figure it might help somebody out. There are some pre-reqs for it like having devcon.exe from the windows wdk (freely available) in your C:\Windows\System32 folder, or elsewhere in the path, if you want to not use sysprep. So read through the comments, ask questions, and hopefully this helps someone. I designed it around windows 10 and vm’s for images.

::-----------------------------------------------------------------------------
:: Arrowhead Dental Lab admin_scripts
:: Script Name: ImagePrep
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:23
:: Last Updated Date: 2016-06-23 16:50:45
:: Update Author: jfullmer
:: Version: 8.2
::-----------------------------------------------------------------------------

@ECHO off
	rem This script prepares a customized computer to be imaged.
	rem It will stop the fog service and prompt you to queue the upload
	rem It then will take care of cleaning up the windows\installer folder
	rem Then it will make sure hibernate is off
	rem Then it will run a system file check and windows update component cleanup as well as run chkdsk
	rem Then it will run CCleaner
	rem then it will empty all recycle bins 
	rem Then it will delete the weird volume registry keys
	rem Then it will delete all ze drivers and restart for the image to start uploading
	rem Before all that it copies itself to C:\ so that it can still run after uninstalling the network drivers.

rem start by setting path and passwd
SET pwd=%~dp0
set scriptShare= rem where this script and image version logs are to be stored
set backupShare= rem where things like group policies and firewall rules will be backed up to
set domain= rem the domain for the login of the above shares
set user= rem the user for the login to the shares
set passwd= rem the password for the login to the share
set ntpSrv=time.windows.com rem the local or global ntp server you sync to. Your Domain controller for example.
echo. Mounting shares...
net use %scriptShare% /USER:%domain%\%user% %passwd%
net use %backupShare% /USER:%domain%\%user% %passwd%


call :main
rem if it does not exit after sysprep pause to show errors, then exit
rem @pause
rem devcon reboot & exit
echo. unmount shares...
net use %scriptShare% /delete
net use %backupShare% /delete
rem Delete self, devcon reboot to finish uninstalling devices and exit script.
del C:\ImagePrep.bat & devcon reboot & exit

:main
	call :funcHead "Welcome to image prep!"	

	call :copySelf
	call :setvars
	call :syncTime
	call :perms
	call :updateImageVersion
	call :queueUpload
	call :cleanup
	call :setupFirstLogon
	call :backupGroupPolicy
	call :hardwareIndependence
	rem call :runSysprep
	echo. Done!

	EXIT /B

:copySelf
	IF NOT %pwd%==C:\ (
		echo. Copying self to C drive
		XCOPY %~f0 C:\ /H /Y
		start C:\ImagePrep.bat
		exit
	)
	EXIT /B

:setVars
	:: Function to set script variables and mount network directory

	call :funcHead "Creating Backup dir and Setting directory variables..."

	FOR /F "usebackq" %%i IN (`hostname`) DO SET hn=%%i
	if %hn%==BASEIMG-32 (
		set CCleaner=C:\Program Files\CCleaner\CCleaner.exe
	) else (
		set CCleaner=C:\Program Files\CCleaner\CCleaner64.exe
	)
	if %hn%==BASEIMG-32 (
		set Firefox="C:\Program Files\Mozilla Firefox\firefox.exe"
	) else (
		set Firefox="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
	)
	set uploadPage="http://fog-server/fog/management/index.php?node=host&sub=deploy&type=2&id=11"
	set ThreeShapeUpPage="http://fog-server/fog/management/index.php?node=host&sub=deploy&id=14&type=2"
	set legacyUpPage="http://fog-server/fog/management/index.php?node=host&sub=deploy&id=144&type=2"
	set tasksmgmt="http://fog-server/fog/management/index.php?node=task&sub=active"
	set notePlus="C:\Program Files (x86)\Notepad++\notepad++.exe"
	set fogHost="http://fog-server/fog/management/index.php?node=task&sub=listhosts"
	set drivers=C:\Windows\System32\DriverStore\FileRepository
	set sysprep=C:\windows\system32\sysprep
	setlocal enableextensions enabledelayedexpansion
	set imageScripts=%scriptShare%\Automating-Imaging\Before-Image
	if not exist %imageScripts% mkdir %imageScripts%
	set afterScripts=%scriptShare%\Automating-Imaging\After-Image
	if not exist %afterScripts% mkdir %afterScripts%
	set verLogs=%scriptShare%\Version-Change-Logs
	if not exist %verLogs% mkdir %verLogs%
	set verLog=%verLogs%\ImageVer-%hn%.log
	set policiesPath=%backupShare%\policies\policies-%hn%
	if not exist %policiesPath% mkdir %policiesPath%
	endlocal
	EXIT /B

:syncTime
	rem Function that makes sure the time is synced to time.arrowheaddental.computer
	rem Simply runs a resync 5 times to be sure, since if it is off due to a snapshot, it takes a couple tries
	echo. net time set....
	net time \\%ntpSrv% /set /y
	echo. stopping w32time service, configuring it, and resyncing it...
	net stop w32time
	w32tm /config /syncfromflags:ALL /manualpeerlist:%ntpSrv%
	net start w32time
	w32tm /config /update
	for /l %%i in (1, 1, 5) do (
		echo. time sync %%i
		w32tm /resync
	)
	EXIT /B

:updateImageVersion
	rem Function to open up the image version log for updating

	call :funcHead "Update Image Version Log"
	
	echo. Copying latest imageVersion log from git repo...
	if not exist %verLog% (
		echo. %hn% does not have a version log
	) else (
		XCOPY %verLog% C:\ImageVersion.log /Y
	)

	EXIT /B

:queueUpload
	rem This function pauses the script to confirm you queued the upload
	call :funcHead "Queueing upload!"

	echo. Stopping fog service to prevent auto restart during prepares
	net stop FOGservice
	rem sc config FOGService start= disabled
	echo. done

	echo. Opening FOG upload page
	if %hn%==baseImageVM (
		%Firefox% %uploadPage%
	) else if %hn%==3SHAPEIMAGE (
		%Firefox% %ThreeShapeUpPage%
	) else if %hn%==BASEIMG-32 (
		%Firefox% %legacyUpPage%
	) else (
		%Firefox% %fogHosts%
	)

	set /p queued="Did you start the upload task? y/n: "

	if NOT %queued%==y (
		echo. Well then let's start over...
		@pause
		goto :main
	)

	call :funcHead "Create Snapshot!"

	echo. Before Continuing you should really make a snapshot of the vm to be safe...
	echo. And not just to be safe, also because since you can only rearm a windows license 3 times
	echo. This image would have to be redone if you don't revert to the snapshot once you're done 
	echo. uploading the image.
	echo. So please do that now...
	@pause
	echo. Continuing...

	EXIT /B

:cleanup
	call :funcHead "Running Cleanup and Maintenance tasks"
	rem This just runs some quick maintenance tasks

	echo. Windows Maintenance...
	call :cleanWindows

	echo. turning hibernate off...
	powercfg /Hibernate off	

	echo. Deleting fog.log so there's a fresh log for imaged computers...
	del C:\fog.log
	
	echo. Running CCleaner...
	"%CCleaner%" /AUTO
	
	echo. Emptying all recycle bins
	rmdir C:\$Recycle.Bin /S /Q

	EXIT /B

:cleanWindows
	rem Function that runs chkdsk cleans up windows update
	call :funcHead "Windows maintenance and cleanup"
	
	echo. Windows update cleanup...
	dism /online /cleanup-image /startcomponentcleanup

	echo. running check disk scan and pausing if full run is needed
	call :checkDiskChk

	echo. Windows cleanmgr
	rem run cleanmgr /sageset:1 to change clean settings
	cleanmgr /sagerun:1

	echo. System File Check...
	sfc /scannow > C:\sfc.log

	echo. Defrag hard drive
	Defrag C: /H /U /V >> c:\defrag.log 
	Defrag C: /X /H /U /V >> C:\defrag-freespace.log

	EXIT /B

:checkDiskChk
	call :funcHead "Running chkdsk scan to check if repair is needed"
	echo. Scan is running, log available at C:\chk.log....
	chkdsk C: /scan /perf /V >C:\chk.log
	echo. Searching for no problemo string...
	FOR /F "usebackq" %%i IN (`findstr /B /N /C:"Windows has scanned the file system and found no problems." C:\chk.log`) DO SET found=%%i
	echo. Checking if string was found...
	if NOT defined found (
		echo. Problem! You need to run chkdsk /F /R /perf, restart, and then run this script again before uploading!
		%Firefox% %tasksmgmt%
		set /p confirm="Please enter y/n to confirm you canceled the upload task"
		echo. Thank you, Queueing chkdsk and restarting now...
		echo. Y | chkdsk /F /R /scan /perf C: 
		shutdown -r & exit
	) else (
		echo. String was found!
		echo. %found%
		echo. Done with checking disk!
	)

	EXIT /B

:perms
	call :funcHead "Changing permissions"

    call :grantPerms C:\img
    call :grantPerms C:\users\adladmin
    call :grantPerms C:\users\Administrator
    call :grantPerms C:\Windows\Installer
    call :grantPerms "C:\Program Files\Inventrix"
    call :grantPerms "C:\Program Files (x86)\Sage"
    call :grantPerms "C:\Program Files (x86)\Sage Software"
    call :grantPerms "C:\Program Files (x86)\FOG"
    call :grantPerms "C:\Program Files\FOG"

    EXIT /B

:grantPerms
	call :funcHead "Granting permissions"

	echo. Granting Authenticated Users full access to %~1...
	cacls "%~1" /T /E /R everyone > C:\remove.log
	cacls "%~1" /T /E /G "Authenticated Users":F > C:\add.log

	EXIT /B

:setupFirstLogon
	rem Function to enable autologon for Administrator
	echo... apply General Profile on base images...
	if %hn%==baseImageVM (
		start %afterScripts%\Apply-Default-Profile-args.bat General
	) else if %hn%==BASEIMG-32 (
		start %afterScripts%\Apply-Default-Profile-args.bat General-32
	) else (
		echo. do not apply anything here...
	)
	echo. wait for profile to apply...
	timeout /t 60

	echo. loop through and import all keys...
	REG IMPORT %afterScripts%\autologon-keys\admin-autologon.reg
	REG IMPORT "%afterScripts%\autologon-keys\admin-autologon.reg" /reg:32
	REG IMPORT "%afterScripts%\autologon-keys\admin-autologon.reg" /reg:64
	
	echo. Create the script to run the logon script via echos...and create in both possible spots...

	call :createScript AdlAdmin
	call :createScript Administrator

	EXIT /B

:createScript
	rem Function to create the script to start the logon script, takes user Parameters...
	call :funcHead "Creating startup script for %~1"
	set firstLoginBatPath=AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firstLogin.bat
	echo @ECHO OFF > "C:\Users\%~1\%firstLoginBatPath%"
	echo net use %scriptShare% /USER:%domain%\%user% %passwd% >> "C:\Users\%~1\%firstLoginBatPath%"
	echo start %afterScripts%\firstLogonCommands.bat >> "C:\Users\%~1\%firstLoginBatPath%"

	EXIT /B

:backupGroupPolicy
	call :funcHead "Backing up local gpo"
	echo. export current policies...
	mkdir C:\policies
	ROBOCOPY C:\Windows\System32\GroupPolicy C:\policies\GroupPolicy /S /MIR /ZB /R:1 /W:1 /MT:64 /LOG:C:\groupPolicy-bck.log
	call :regPort HKLM\SOFTWARE\Policies\Microsoft gp
	call :regPort HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft gpWow64
	call :regPort HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy firewall
	secedit /export /cfg C:\policies\gp.inf /log C:\secplcy-bck.log

	echo. backup current policies
	ROBOCOPY C:\policies %policiesPath% /S /MIR /R:1 /W:1 /ZB /MT:8
	
	echo. Delete that stuff...
	rmdir C:\policies /S /Q

	EXIT /B

:hardwareIndependence
	rem Runs devcon tool to remove all drivers just like sysprep
	call :funcHead "Make the image hardware independent"
	
	echo. Rearm windows licensing...
	cscript C:\Windows\System32\slmgr.vbs -rearm > c:\rearmed.log
	
	echo. This will restart the computer and it will happen fast, do not reset the vm if the screen is blank...
	echo. It is most likely starting to image and you will probably interupt resizing.
	
	rem If 32 bit legacy image or 3shape image, then just remove everything, otherwise remove everything except printers
    if %hn%==baseImageVM( 
		rem Loop through devcon classes skipping print queues to keep pdf and papervision printers
		for /F "tokens=1 delims=:" %%i in ('devcon classes') do call :printerCheck %%i 
    ) else (
    	del C:\ImagePrep.bat & C:\Windows\System32\devcon.exe -r remove * & exit
    )

	EXIT /B

:printerCheck
	rem loop function to check if class is printqueue and remove the class if it is not
	rem note the 5 spaces plus one. The command looping through the classes parses 5 spaces after each class and you need one for the ()
	if NOT %~1==PrintQueue      (
		rem Remove all devices in the class
		echo. Removing all devices of class %~1 ...
		C:\Windows\System32\devcon.exe remove =%~1 *
		echo. Done
	)

	EXIT /B

rem :runSysprep
rem 	rem copies current git unattend.xml and runs a generalize sysprep to prep for imaging.
rem 	call :funcHead "Running Microsoft sysprep"
	
rem 	echo. copying unattend.xml...
rem 	XCOPY %imageScripts%\unattend.xml %sysprep%\ /Y /H
rem 	XCOPY %imageScripts%\unattend.xml c:\windows\Panther\ /Y /H

rem 	XCOPY %imageScripts%\removeMetro.ps1 %sysprep%\ /Y /H
rem 	powershell -Command "Set-ExecutionPolicy RemoteSigned;"
rem 	powershell -Command "%sysprep%\removeMetro.ps1;"

rem 	echo. Running sysprep and exiting...
rem 	del C:\ImagePrep.bat & %sysprep%\sysprep.exe /generalize /oobe /reboot /unattend:%sysprep%\unattend.xml & exit

rem 	EXIT /B

:regPort
	call :funcHead "Export Reg Key"
	echo. Exporting arch specific key for %~2...
    if %PROCESSOR_ARCHITECTURE%==x86 (
		REG EXPORT %~1 "C:\policies\%~2.reg" /reg:32 /y
	) else (
		REG EXPORT %~1 "C:\policies\%~2.reg" /reg:64 /y
	)
	echo. Exporting non-arch specific key for %~2...
	REG EXPORT %~1 "C:\policies\%~2-nonarch.reg" /y
		
	EXIT /B

:dots
	:: just echoing dots in a Function instead of copy pasting them so that it is consistent
	echo ......................................................................
	EXIT /B

:funcHead
	:: A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	rem Uncomment the next line to enable debug mode
	rem @pause 
	call :dots
	EXIT /B

@Wayne-Workman said:

@Arrowhead-IT said:

Just make new images in the fog gui with the same settings and point them to the file names and they should work. Does that make sense?

People always mess that up.

Do I sound full of myself if I say that I never messed that up? Because well, I never messed that up. It just kinda worked as it should anytime I’ve done that.

@BasavarajC You should certainly update to trunk for the better support for multiboot images.
But to answer your question.
When I’ve done multi-boot images I typically use the linux Grub boot loader and therefore call it a Linux image in Fog.
If you use the Windows boot manager to select the OS at boot then I would try calling it Windows 7. Though personally I would reccomend using Linux as the image type and GRUB as the bootloader as there is a lot more documentation and support and overall reliability and control for the GRUB method in my experience.

Thanks,
-JJ

@Wayne-Workman Well before windows 10 I would make a batch script that I would deploy as a snapin that did silent installs of all the drivers for a specific model.
Granted if I made that same script now I would just get the infs and their associated linked files and use pnputil -i -a *.inf to install all the drivers from a organized driver network share. Rather than silent installs of their setup.exe’s that install random little services with the drivers.

But windows 10 has like 99% of the drivers built in or available in windows update, so I just don’t even worry about it anymore.

Granted, removing all the drivers with this method does break Remote Desktop. So in my firstlogin script I have the following lines to add remote desktop back. The driver files needed stay in the store. These exact ones only work for windows 10 64 and 32 bit respectively. It’s similar for windows 7 and 8, you just have to find the exact name of the folder. Maybe using wildcards would work, not sure, just thought of that.

set drivers=C:\Windows\System32\DriverStore\FileRepository
    if %PROCESSOR_ARCHITECTURE%==x86 (
    	call :fixRDP32
    ) else (
    	call :fixRDP
    )
:fixRDP32
	call :funcHead "Fix remote desktop"

	echo. Put the remote desktop devices back...
	call :addDriver "NDIS Virtual Network Adapter Enumerator" %drivers%\ndisvirtualbus.inf_x86_1fa29bcc35ca8834\ndisvirtualbus.inf ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" %drivers%\umbus.inf_x86_c0f8109e25343b64\umbus.inf ROOT\umbus
	call :addDriver "Remote Desktop Device Redirector Bus" %drivers%\rdpbus.inf_x86_8c65bb1c8e29599b\rdpbus.inf ROOT\RDPBUS
	call :addDriver "Remote Desktop USB HUB" %drivers%\tsusbhub.inf_x86_3cb0aab868426cda\tsusbhub.inf ROOT\tsusbhub
	
	EXIT /B

:fixRDP
	call :funcHead "Fix remote desktop"

	echo. Put the remote desktop devices back...
	call :addDriver "NDIS Virtual Network Adapter Enumerator" %drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" %drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf ROOT\umbus
	call :addDriver "Remote Desktop Device Redirector Bus" %drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf ROOT\RDPBUS
	call :addDriver "Remote Desktop USB HUB" %drivers%\tsusbhub.inf_amd64_560cadd4ed8a56be\tsusbhub.inf ROOT\tsusbhub
	
	EXIT /B


:addDriver
	echo. installing %~1...	
	C:\Windows\System32\devcon.exe install %~2 %~3
	echo. done!

	EXIT /B

@Wayne-Workman said:

Let me know if you’d like to try it out.

Let me help here, you want to try it out.
You can probably get windows 10 imaging working on the older version of FOG, but if you want everything to work flawlessly, you’re going to need to update, and it’s pretty darn easy.

Here are some posts to help out

https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk
https://forums.fogproject.org/topic/6331/automating-git-updates-for-fog
https://forums.fogproject.org/topic/6010/msi-silent-install/2
https://forums.fogproject.org/topic/4250/new-client-progress

@mecsr said:

I updated FOG two days ago, so I think I should be good in that respect.

Just fyi, there’s typically at least a few if not a bunch or very many updates to the fog trunk version any given day containing many bug fixes and optimizations. It’s a program that just keeps getting better and you get the benefits of instantly.

The current version is 6303 and you’re on 6271. So I would suggest considering updating

TL;DR
Assuming your DHCP or dnsmasq is already setup properly, copy the ipxe.efi file to a usb or local drive on the host, then run it from an efi shell.
For usb ethernet adapters load the the efi driver first.
If you don’t have a efi shell, but have a efi bios, use rEFInd to boot to a efi shell.

@JJ-Fullmer said in UEFI-PXE-Boot (Asus t100 Tablet):

Ahem
There is a way to image these with fog.
Supposedly you should be able to just enable the network stack in bios and then if it’s a ethernet adapter that’s recognized you can set it as a boot option or select it by hitting esc to bring up the boot menu.
However since that didn’t work for me, I found a different method.
It’s a little bit abstract, but not too hard, I promise, give it a chance.

What I used (I did 64 bit efi, substitute 32 bit versions of .efi files if you wanted to do 32 bit)

• A usb hub, any hub with 3 or more ports should do. I was using a powered usb 3 4 port hub.
• I used the startech USB210000S2 Usb ethernet adapter. It has the SMC LAN 7500 chipset, which is the important part
• 2 usb drives, no substantial size needed. (you may get away with one, but I used 2)
• On the first FAT32 formatted usb drive you just need a couple files in the root of the drive
• • the efi driver for the usb (found at this link http://ww1.microchip.com/downloads/en//softwarelibrary/obj-lan95xx-uefi/lan95xx_7500_uefi_driver_0.5.zip, also attached 0_1479851633433_SmscUsbNetDriver.efi , also credit where credit is due, I discovered this file via this blog post http://www.johnwillis.com/2014/03/pxe-booting-using-usb-to-ethernet-dongle.html) (also I renamed this to usb.efi for simplicity later)
• • ipxe.efi from your /tftpboot folder on your fog server, copy it off with your favorite ftp/scp client. (or just download the latest one straight from the fog project github https://github.com/FOGProject/fogproject/raw/dev-branch/packages/tftp/ipxe.efi)
• • You can also put these files on the root of the C drive
• On the second flash drive
• • create a refind efi bootable flash drive using a tool like rufus https://rufus.akeo.ie/downloads/ to put the USB flash drive image on a usb drive via dd that you get from here http://www.rodsbooks.com/refind/getting.html
• • It makes a ~6MB partition that I’m not sure can be extended to fit the other files

Now plug the usb ethernet adapter, and the flash drives into the usb hub and plug the usb hub into the asus t100 usb port (well technically I have a T100H, but this method also worked on a Fusion5 chinese tablet, RCA Cambio tablet, and the atom and core M versions of the intel compute stick).

Now boot to the bios to make sure the secure boot setting is off and the network stack is enabled. It will probably work regardless of the network stack setting, but better safe than sorry. (Note: I always seem to have to hold shift and hit restart from windows to force it to boot to uefi firmware)

Save changes and exit and start tapping esc

tapping esc on boot should bring up a boot menu. Select the refind EFI usb drive.
On the ReFInd gui boot screen select one of the efi shell options.

at the efi shell find which fs (file system) your efi files are on (the ones put on either the second flash drive or the C drive) by running these commands

fs0:
ls

keep incrementing fs# (fs0: fs1: fs3: etc.) until you see your ipxe.efi and usb driver files.
When you find them run these two commands to start the pxe boot

#replace usb.efi with whatever you named the driver file
load usb.efi
ipxe.efi

It should start at ipxe initializing devices

If you use the 32bit versions, don’t forget to set your kernel and init in the fog gui for that host.
Another caveat to this method is you have to remember to change the mac address from the usb ethernet adapter to the wifi mac of the device in the fog gui.

Sure it’s not as smooth a system as wake on lan to network boot, but as daunting as it looks it all takes less than a minute to get it booted to pxe.

If you have problems with this, you may try setting a static ip address for your adapter in dhcp and make sure it’s pointed to fog. I have the uefi/bios coexistence setup with the policies found in the fog wiki in my windows dhcp and it works perfect.

If you read all that and think, that’s too much work for so many devices. Well than get a few of these usb setups. I used this method on about 30 intel compute sticks (didn’t require the refind usb, they have a built in efi shell) and it didn’t take all that long.

In theory, I imagine it’s possible to image these with wifi, but that’s a challenge for another day.

I am bookmarking this to come back and make this nicer. But for now, this is good.

NOTE: most efi shells I’ve seen search for a startup.nsh or similar file at their start. So it is theoretically possibly to put a script with the efi shell commands along with the needed files in the root of a boot partition, so that by setting a computer to default boot to the efi shell would boot straight to the network. I got this to work once in testing but never reliably.

I wrote this in a bit of a rush. So if you try it and it doesn’t work or feel like I skipped a important step please ask and I’ll get back to you as soon as I can.

@anthonyglamis I like scripting things. And I like sharing. Here’s how I do my fog updates with one command.
If you stick with svn, you can just change the git function in the script to do svn up instead of git pull and change the path variables too in the variable setting function. Or just use git, because sourceforge likes to crash.
https://forums.fogproject.org/topic/6331/automating-git-updates-for-fog

@onepotato NVME works on trunk for all partition types. I tested it myself
you can read more about the adventure to getting it working here…
https://forums.fogproject.org/topic/6315/hp-z640-nvme-pci-e-drive

Or you can just trust me, it will work and follow the following instructions to upgrade your fog version
https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_trunk

A new version has been published!

I haven’t yet completed all my goals. But about half or more of the functions have at least one example in their help file and there is now an online home for the documentation.

You can find the published listing here
https://www.powershellgallery.com/packages/FogApi/2002.2.1.2

The documentation is now at https://fogapi.readthedocs.io/en/latest/
and the module’s code is now in its own repository at https://github.com/darksidemilk/FogApi

Hopefully more updating still to come in the near future.
I have thoughts and plans on creating a custom class for ‘fogObjects’ returned from the api to make things more universal throughout and make creating pipeline functions easier. Want to make it so most functions have 3 parameter sets that include performing the operation by id, name, or by object. We’ll see when I get to that.

@anthonyglamis said:

2/4/2016 5:23 PM LocalPrinter --> IP = IP_192.168.1.250

Sorry for any repeated information that others said. I saw some posts after I started writing this and didn’t feel like taking out pieces.

The first problem I see is right here.
The printer ip shouldn’t have IP_ in front of it. It should just be the ip address plain and simple
Also the Printer INF File path should be the path to the share that the client uses to access the file. All these fields are passed to the service and run on the computer, so they need to be how the host computer gets to them, not how fog gets to them. i.e. /opt/fog won’t work. \\192.168.1.243\printerdrivers\printer.inf might do the trick

Try testing with an inf file on a local computer with a local path in fog. i.e.

• Put the inf in C:\printer.inf on the client computer
• set the inf file path in fog to C:\printer.inf

That would just see if the service is working for you.
With network shares, I find that it only works with the fog service if it’s already mounted. I.E. A network share mapped through active directory gpo. This is something I hope to improve in the future.

An alternative method is a snapin with a script. Checkout the template script I posted here
https://forums.fogproject.org/topic/6540/adding-custom-printer-configuration

Another way of testing the printer install is to test the actual command that the fog service uses to add a printer. It uses a special function for adding a port, but if you don’t already have the port created you can create it with this command in the command line.
Cscript %WINDIR%\System32\Printing_Admin_Scripts\en-US\Prnport.vbs -a -r portname -h ipAddress -o raw -n 9100
Then test adding the printer with this command in an administrator command prompt. Which is the way that fog adds it. This will help you confirm your settings further. I took out the /q parameter that goes after /if (install printer from file) so that any error messages won’t be supressed when you test
RUNDLL32 printui.dll,PrintUIEntry /if /b "Printer Name" /f "INF File Path" /r "PortName" /m "Model name from inf file"

If that command adds the printer, then your printer settings are all correct as they are, if it fails, then you should get an error message with more explanation.

Some other caveats I’ve found are that you sometimes need more than just the inf next to the inf. I.e. the .cab, .cat. dlls and stuff that it links to sometimes need to be in the same directory. So if you download a driver package and then unzip it, just use the full extracted folder in your share. You can do some testing and see which is actually neccesarry, cause sometimes just the inf is needed, other times (like with the hp universal print driver) you need the whole folder to get it to install proper.

Personally I currently make a printer script with the template I posted in the above referenced forum post and then add that information to fog. I deploy the script as a snapin to install the printer when the fog service fails to add the printer the FOG printer management successfully removes and keeps the printers that are allowed after it’s installed with that script.
It is surely possible to get the FOG printer management to work as it is in most situations. But I find it easier to have a failsafe for when it has trouble accessing a network share or when it doesn’t like the inf file or something like that.

Also one other little caveat. I noticed that the inf in this one is oem… That’s usually the “published” or “installed” inf file once the printer driver is added to windows and gets appended to or its own happy inf file created in C:\Windows\INF
Sometimes that one works fine, but sometimes that one will contain other printer information and confuse a computer that it wasn’t made on. I usually stick with the inf that the driver comes with that you download off the manufactuer’s website. But that’s just my two cents.

@amo862 While I’m sure it would be fun to make such custom code changes, I think you can just make a group for the venue tablets and similar devices that sets all devices in that group to load the 32bit kernel and inits. That’s what I would do personally.

@cello said in How to create a Windows 10 Image:

Is it also possible without Sysprep?

It’s a trap!

While there are ways that appear to work without sysprep, you’ll have a much better time if you just use sysprep.
I learned this the hard way. Sysprep has gotten faster and a bit easier (in some respects at least).
If you don’t use it, you’ll end up with windows licenses with the same universal identifiers, which breaks volume license activation tools.
You can also end up with driver problems if the image wasn’t created on the same model computer and you don’t use sysprep.

If I were to sum up our steps for creating a win 10 image (but like @george1421 said it’s a bit out of scope and would take days to answer in full detail, also we don’t use MDT, just to provide another method) I would say

1. Download iso of latest version of most recent windows 10 H2 release (i.e. 20H2, ltsb versions are also a trap unless truly neccessary)
2. Create an unattend file using windows system image manager (see also https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/windows-system-image-manager-how-to-topics) I personally took the time a few years ago to ready through all the options available, it’s pretty extensive. But you can also make it pretty basic with setting some simple settings, adding some first logoncommands, and then just make sure you read up on using the ‘reseal’ options to make the sysprep phases go in your desired order. (i.e. I have mine go Audit System - adds (but doesn’t install) network drivers to the driver store -> Audit User - reseals to generalize -> Generalize - removes drivers not added by sysprep and makes the image general for any device -> I have it send to shutdown from here -> I Upload it to fog -> When it deploys it starts the specialize phase -> Then it goes through oobe (which you can make unattended, there are some skip oobe options to be sure it doesn’t show, but you want to be sure all settings that would be set during interactive oobe are set by your unattend.xml created with windows system image manager)
3. Install the iso on a vm (or whereever you want to capture your image from), at the oobe screen after install hit ctrl+shift+f3 to enter audit mode
4. DO NOT OPEN THE WINDOWS STORE (if apps are updated in the store, sysprep won’t run, it’s a whole thing)
5. Add customizations/files you want on all machines (some will be removed by sysprep, figuring it out involves some reading and trial and error) and add the unattend.xml file to “C:\Unattend.xml” and “C:\Windows\System32\Sysprep\Unattend.xml” (I like using both places as a fail safe to be sure its used). I personally use custom powershell modules to automate this whole process, scripting it in some way is a good idea once you get it dialed in. I suggest limiting program installation at this step, I have found its better to use a provisioning method such as snapins and or chocolatey triggered by the firstlogoncommands to add programs, easier to keep them up to date and if something goes wrong with an install it’s not then on every single one of your computers.
6. Run sysprep (i.e. sysprep.exe /audit /reboot /unattend:"C:\unattend.xml") and capture the image to fog
7. Deploy the image with fog and watch the magic happen

Part of the oobe phase can involve auto-logging in as the administartor and running the firstlogoncommands, which is where (if you didn’t add it during audit mode) you can make sure the fogservice is there and will get your computer connected to your domain.

This is all a very high level overview and there may be some steps in between beyond creating scripts and other infrastructure. docs.microsoft.com has many helpful guides for the available unattend.xml options and creating images, I thought I had some of the more helpful ones bookmarked/referenced in internal docs but I can’t find them at the moment. I’ll share them if I find them later and remember.

If you take the time to do it right and get it all setup, it becomes very easy to create new images and deploy them.
You could also easily use fogs scheduled tasks to deploy the image nightly on machines. You’ll just need to dial in the firstlogoncommands to work they way you want it to.

@Wayne-Workman

some quick notes. You do need to put your username and password in plain text for shares, unless you have shares that give everyone access. If anyone knows of a way to encrypt that, I’d love to hear it. I know it can be done with openssl in linux bash scripts but I am yet to find the equivalent for a batch script. But hey bash will come to windows 10 soon.

This script hasn’t been tested for windows 7 or 8 profiles. It does detect the windows version because I was preparing to add that kind of functionality but since I am ending up moving completely to windows 10, I never put the work into it

The create profile script prompts you for the name of the user profile you customized and asks you for what department/profile you are making it for.

The Apply simply takes one arguement of the profile name. So you can upload just the one script to fog and make a bunch of snapins with different args for each profile you have to deploy.

Also note that I have some extra app data folders for custom settings of specific programs we use. I left them in there as examples.

Bath script to create Deployable Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Create-Deployable-Default-Profile
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:23
:: Last Updated Date: 2016-04-12 17:09:35
:: Update Author: jfullmer
:: Version: 3.8
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM This script copies a Customized windows 10 profile to the default profile so that
	REM all new profiles are created with the same settings

SET pwd=%~dp0
call :main
del C:\Create-Deployable-Default-Profile.bat & exit

:main
	REM main Function that just calls the other Functions

	call :copySelf
	call :funcHead "Welcome to the Windows Default Profile Creator Script!"
	call :setVars
	call :funcHead "Copying Customized Profile From %custom% to %default% ..."
	call :AppData
	call :CustomSettings
	call :CopyToNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:copySelf
	rem In some instances running this from a share doesn't work, so copy itself and start the copied version to run local
	IF NOT %pwd%==C:\ (
		echo. Copying self to C drive
		net use \\path\to\share /USER:domain\user password	
		XCOPY \\path\to\share\Create-Deployable-Default-Profile.bat C:\ /H /Y
	 	rem Make sure it's being run as an admin
	 	net session >nul 2>&1
	    if %errorLevel% == 0 (
			echo opening copied version.
			start C:\Create-Deployable-Default-Profile.bat
			exit
	    ) else (
	        echo This needs to be run as admin, try again please.
	    	@pause
	    	exit
		)
    )
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	rem set cUser=adl
	echo. Don't run this script from the user you're copying!
	set /p cUser="What is the username of the profile you customized? -> "
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cPF=C:\Users\%cUser%\AppData\ProgramFiles
	set dPF=C:\Users\Default\AppData\ProgramFiles
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	rem The script will create windows version and department folders
	set profiles=\\path\to\share\with\profiles
	net use %profiles% /USER:domain\user password
	call :OSversion
	call :setDept
		
	call :dots
	EXIT /B

:setDept
	rem Function to set department via prompt. 
	echo. What department/group is this profile for? (no spaces)
	echo. The Current Choices are... (A different entry will create a new folder)
	rem list profiles
	dir /b %profiles%\%winVer%
	set /P dept="Enter The Dept Here -> "
	set share=%profiles%\%winVer%\%dept%
	if NOT EXIST %share% mkdir %share%
	if NOT EXIST %share%\logs mkdir %share%\logs
	set logs=%share%\logs
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:copyDir
	REM Function inputs - 1 = display of what is copying 2 = source folder 3 = destination folder 
	
	REM This Function simply displays what you're copying and copies it. Did a Function to have less
	REM copy paste of command line options and have cleaner code.
	REM Note that when calling the Function all passed parameters should be encased in double quotes
	REM otherwise ROBOCOPY won't read the directories as seperate
	
	REM ROBOCOPY or robust copy, is a tool for copying directories or files in windows command line
	REM The syntax is ROBOCOPY sourceFolder DestFolder options
	REM the options used make it so a mirrored version of the source and its subdirectories are copied
	REM to the destination with 64 threads (64 files at once) overwriting existin files retrying any failed files 
	REM only once after 1 second of waiting and all without any verbose output
	
	REM /S - subdirectories /MIR - mirror /MT:64 - multithreaded copy with 64 threads, i.e. 64 files at a time instead of 1. 
	REM /LOG - output to logfile instead of console, ROBOCOPY /? says this provides better performance in multithreaded mode
	REM /IS - include same files i.e. overwrite existing /R:1 retry on error once (default is 1 million) 
	REM W:1 - wait one second between retry on error (default is 30 seconds) 
	REM the /N* are all to decrease output for automation. Since they go to a log file you can take them out if you want ( I did take them out)
	REM /NP - no progress /NS - don't log file sizes /NC - don't log file classes /NFL - don't log file names /NDL - don't log directory names
	REM /NJH - no job header /NJS - no job summary

	echo. Copying %~1...
	ROBOCOPY "%~2" "%~3" /S /MIR /MT:128 /LOG:"%logs%\%~1.log" /IS /R:1 /W:1 /ZB
	echo. Done Copying %~1
	EXIT /B

:AppData
	REM Function to copy all Customizations settings that are stored in files in the AppData folder
	
	call :funcHead "Copying Customizations From AppData..."
	
	REM directories used in all versions of windows
	call :copyDir "Desktop" "%custom%\Desktop" "%default%\Desktop"	
	call :copyDir "Firefox Customizations" "%cRoam%\Mozilla" "%dRoam%\Mozilla"
	call :copyDir "Google Chrome Customizations" "%cLocal%\Google" "%dLocal%\Google"
	call :copyDir "Task Bar Pin Shortcuts" "%cRoam%\Microsoft\Internet Explorer" "%dRoam%\Microsoft\Internet Explorer"
	call :copyDir "Saleslogix" "%cRoam%\Saleslogix" "%dRoam%\Saleslogix"
	call :copyDir "Sage Software" "%cRoam%\Sage Software" "%dRoam%\Sage Software"
	call :copyDir "Saleslogix" "%cLocal%\Saleslogix" "%dLocal%\Saleslogix"
	call :copyDir "Sage Software" "%cLocal%\Sage Software" "%dLocal%\Sage Software"
	rem IF %dept%==IT (
	rem 	call :copyDir "Terminals" "%cLocal%\Robert_Chartier" "%dLocal%\Robert_Chartier"
	rem 	call :copyDir "VMware Vsphere" "%cLocal%\VMware" "%dLocal%\VMware"
	rem 	call :copyDir "VMware Vsphere" "%cRoam%\VMware" "%dRoam%\VMware"
	rem 	call :copyDir "Camtasia" "%cRoam%\TechSmith" "%dRoam%\TechSmith"
	rem 	call :copyDir "Camtasia" "%cLocal%\TechSmith" "%dLocal%\TechSmith"
	rem 	call :copyDir "slack" "%cLocal%\slack" "%dLocal%\slack"
	rem 	call :copyDir "ProgramFiles" %cPF% %dPF%
	rem )
	call :copyDir "VLC settings" "%cRoam%\vlc" "%dRoam%\vlc"
	call :copyDir "FaxFinder settings" "%cRoam%\FaxFinder Client Software" "%dRoam%\FaxFinder Client Software"
	
	REM The remaining dirs are specific to Windows 10 
	REM Note: A starup script will be required on first login to copy the favorites for Microsoft edge to the Packages directory in the newly created User
	REM That logon script would only need to be one line like so...
	REM ROBOCOPY "%localAppData%\MicrosoftEdge\User" "%localAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" /S /MIR /MT:64 /LOG:C:\logs\edgeBookmarks.txt /IS /R:1 /W:1 
	
	rem call :copyDir "Microsoft Edge Customizations" "%cLocal%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" "%dLocal%\MicrosoftEdge\User"
	call :copyDir "Start Menu Tiles Part 1 of 3" "%cLocal%\TileDataLayer" "%dLocal%\TileDataLayer"
	call :copyDir "Start Menu Tiles Part 2 of 3" "%cRoam%\Microsoft\Windows\Start Menu" "%dRoam%\Microsoft\Windows\Start Menu"
	call :copyDir "Start Menu Tiles Part 3 of 3" "%cLocal%\Microsoft\Windows\Shell" "%dLocal%\Microsoft\Windows\Shell"
	
	echo. Done Copying AppData Folders...
	call :dots
	EXIT /B

:CustomSettings
	REM This Function copies the ntuser.dat and related system files that store things like task bar pin order, 
	REM mapped network drives, taskbar toolbars, explorer settings, desktop background settings, etc.
	REM It uses xcopy to copy all files that start with ntuser via * wildcard and uses the options...
	REM \H - copy hidden system files /Y - overwrite existsing files without prompt 

	call :funcHead "Copying custom settings (i.e. task bar pins and toolbars, desktop background, etc.) from ntuser .dat system files..."
	
	XCOPY %custom%\ntuser* %default%\ /H /Y > %logs%\ntuserFiles.log

	echo. Done Copying Custom Settings
	call :dots
	EXIT /B

:CopyToNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile to network!"

	ROBOCOPY %default% %share%\Default /S /MIR /R:1 /W:1 /MT:128 /ZB /XJ
	XCOPY %default%\ntuser* %share%\Default\ /H /Y > %logs%\ntuserFilesRemote.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Batch script/snapin to Apply Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Apply-Default-Profile-args
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:27
:: Last Updated Date: 2016-05-11 16:29:08
:: Update Author: jfullmer
:: Version: 2.7
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM Requires args passed of department
	rem if department is Touchscreen autologon is enabled and fog will reboot after applying the profile

set dept=%1
call :OSversion

call :main
exit

:main
	REM main Function that just calls the other Functions

	call :funcHead "Welcome to the Windows 10 Default Profile Copy Script!"
	call :setVars
	call :CopyFromNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	set cUser=adl
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	set share=\\path\to\share\%winVer%\%dept%
	net use %share% /USER:domain\user password
		
	call :dots
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:CopyFromNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile From network!"
	echo. Delete and recreate default profile folder so there aren't remnants of other profiles...
	rmdir %default% /S /Q
	mkdir %default% 
	ROBOCOPY %share%\Default %default% /S /MIR /R:1 /W:1 /MT:128 /ZB /LOG:C:\defaultProfileApplied-%dept%.log
	XCOPY %share%\Default\ntuser* %default%\ /H /Y > C:\defaultProfile-ntuser-%dept%.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

@Joe-Schmitt said in snappin doesn't work:

@lebrun78 We had no idea this wasn’t a windows network share (if you already mentioned that, I overlooked it, sorry). Most people use them, so we assume that by default. I may be wrong here, but that would point to more of a script issue. I think @JJ-Fullmer is working on a post in this thread about mounting a share in powershell using SYSTEM. It could also be how you get your Certificate from the cert store (cert:\CurrentUser\TrustedPublisher). SYSTEM is sometimes not considered a user, and is instead considered the LocalMachine in the cert store. Basically I would recommend adding some debugging statements to your script and see where its failing (e.g. if its getting the cert correctly, or if its just the mounting code thats going wrong).

If the SYSTEM account isn’t able to access the cert store. You can also create a AES key instead of a cert that can be stored like the secure password file I mentioned in my other post. Thus keeping the security of the ps credential objects
i.e.

$pth = "C:\path\to\locked\down\local\folder";
$keyFile1="$pth\~.key";
$AESkey1 = New-Object Byte[] 32;
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESkey1);
$AESkey1 | out-file $keyFile1;

You can then use a variable pointing to that file in place of $tab_key in your script.

Also something else I just remembered. A great way to troubleshoot powershell and batch scripts being run as the system account is using psexec to run a powershell prompt as the system user.
You can download Psexec as part of PSTools from here https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Then you can run the following to open a interactive powershell console as the System user to test your scripts

cd C:\Path\To\Downloaded\Extracted\PSTools
.\Psexec.exe -i -s powershell.exe # opens powershell console as system user, confirm it with the whoami command, should say NT Authority\system
.\PSexec.exe -i -s cmd.exe # Opens command prompt as system user, confirm with whoami command.

Also, if you happen to have btsync set up, which I just gave a try using the guide here https://wiki.fogproject.org/wiki/index.php/Upgrade_to_trunk (Side note, I didn’t have to untar anything in a downloads folder and someone should probably edit the typo that says chrmod instead of chmod)

I set up my btsync to a folder called /home/fog/fogInstalls/btsync/fog Which is in a variable in the following script if you put it somewhere else and need to change it.

Another side note/question. For git my git pulls are around 300 MB or so, but the BTSYNC is a little less than 20 MB, am I getting all the files or is there something wrong with my config? That size difference is slightly concerning to me is all.

Anyway, here’s the btsync version of the update script that you could run whenever you get a btsync update.

#!/bin/bash
clear
# -------------------------------------------
# Fog Git Updater
# -------------------------------------------
# -------------------------------------------
# Script Purpose
# -------------------------------------------
# This script is designed to run an automated update of the latest FOG Git dev build and it's cron friendly
# -------------------------------------------
# -------------------------------------------
# Some prereqs for this script
# -------------------------------------------
# 1. Already have an existing working install/configuration of FOG 1.0 or later
#
# 2. Have git installed and setup. You can do that by doing....
# 	sudo apt-get install git
#  	mkdir /home/fog/fogInstalls/git
#	git clone https://github.com/FOGProject/fogproject.git /home/fog/fogInstalls/git
#
# 3. A script to echo the encrypted version of your sudo password, create one with this function
#	just put in your password into the following in place of your_super_secret_password (leave the quotes)
#	and then uncomment and copy paste the function into a terminal and then run it with just the name of the function pw
	# pw(){
	# 	touch /home/fog/fogInstalls/.~
	# 	ossl=`echo "your_super_secret_password" | openssl enc -des -a -e -pass pass:PASSWORD`
	# 	echo 'echo "$(echo '$ossl' | openssl enc -des -a -d -pass pass:PASSWORD)"' >> /home/fog/fogInstalls/.~
	# 	sudo chown fog.root /home/fog/fogInstalls/.~
	# 	sudo chmod 700 /home/fog/fogInstalls/.~ 
	# }
# -------------------------------------------
# -------------------------------------------
# Variables
# -------------------------------------------
# -------------------------------------------
echo "Creating Script variables..."
fogInstalls='/home/fog/fogInstalls'
btsyncPath="$fogInstalls/btsync/fog"
backup="$fogInstalls/backups"
pw=`sh $fogInstalls/.~` 
# -------------------------------------------
# -------------------------------------------
# Functions
# -------------------------------------------
# -------------------------------------------
perms(){
	sudo chmod -R 775 $1
	sudo chown -R fog.fog $1
}

srvUpdate(){
	# Enter sudo mode aand do some quick server maintenance update fun times
	# First, enter sudo mode by echoing the output of decrypting your encrypted password and pipe that into an apt-get update
	#	Don't worry, it doesn't output the password into the terminal
	#	Now that the password is in once the terminal will keep it stored for the next bunch of sudo commands
	echo "Running Sever updates!..."
	echo $pw | sudo -S apt-get update -y
	sudo apt-get upgrade -y # install any upgrades you just downloaded
}

backupConfig(){
	# Backup custom config and other files
	# Copy the latest versions of any files you've changed that will be overwritten by the update and backup the database just in case.
	# For example you may want to back up...
	# Config.php
	# 	To be on the safe side your config file in the /opt folder that has may have a corrected webroot for ubuntu 14.04 and may have stored encrypted credentials (i.e mysql)
	# 		I think that the installer uses this file and keeps it anyway, but I like to be careful
	# Exports file
	#	Because this runs the installer with a yes pipe, it ends up telling it that the image path is "y",
	# 		simply backing up and restoring your current one avoids the issue of fog not finding your precious images. 
	# Custom pxe boot background
	# 	If you have a custom background for the pxe menu, the bg.png file
	# Mysql database dump
	#	It would be rather troublesome if something went horribly wrong in the update and your database goes kaboom, it's unlikely but backups are a good thing 
	# Just a note, It's a good policy to also have backups of these outside of your server, which you could add to this script with an scp command or something like that
	# -------------------------------------------
	echo "make sure backup dir exists..."
	if [ ! -d $backup ]; then
		mkdir $backup
	fi
	echo "Dumping the database..."
	mysqldump -u root --all-databases --events > $backup/DatabaseBeforeLastUpdate.sql #backup database
	echo "Backing up config and custom files..."
	echo "config.php..."
	sudo cp /opt/fog/service/etc/config.php $backup/config.php
	echo "fog settings..."
	sudo cp /opt/fog/.fogsettings $backup/.fogsettings
	echo "nfs exports..."
	sudo cp /etc/exports $backup/exports
	echo "custom pxe background..."
	sudo cp /var/www/html/fog/service/ipxe/bg.png $backup/bg.png 
}

updateFOG(){
	echo "running FOG installer..."
        perms $btsyncPath
	cd $btsyncPath/bin
	sudo bash installfog.sh -Y
}

restoreConfig(){
	# Restore backed up files
	# Restore the backed up files to their proper places and make sure they're formatted correct too.
	echo "restoring custom pxe background..."
	sudo cp $backup/bg.png /var/www/html/fog/service/ipxe # Restore Custom Background 
	# I found that I needed to do this in some configurations, but it may no longer be neccesarry...
	echo "Creating undionly for iPxe boot in ipxe folder, just in case..." 
	sudo cp /tftpboot/undionly.kpxe /tftpboot/undionly.0 # backup original then rename undionly 
	sudo cp /tftpboot/undionly.0 /var/www/html/fog/service/ipxe/undionly.0
	sudo cp /var/www/html/fog/service/ipxe/undionly.0 /var/www/html/fog/service/ipxe/undionly.kpxe
}

fixPerms(){
	echo "Changing Permissions of webroot..."
	perms '/var/www/html/fog'
	echo "Changing permissions of images...."
	perms '/images'
	echo "Changing permissions of tftpboot...."
	perms '/tftpboot'
}

# -------------------------------------------
# -------------------------------------------
# Run the script
# -------------------------------------------
# -------------------------------------------
srvUpdate
backupConfig
updateFOG
restoreConfig
fixPerms
echo "Done!"

@Wayne-Workman @Quazz
Sorry I took an extra day on the long weekend and was out of town. Just seeing these posts.

I will make a public git repo when I have a chance with these scripts.

I will also look into the deleting shell items from the ntuser.dat. I wonder what those hold.

The ntuser.dat is the registry entries, so you are copying a file that contains registry entries.

I did make it with enterprise and only enterprise in mind really. That’s all I use in a work environment. Granted, I imagine they could be adapted to work on the other versions.

What OS are you using to connect to the api?
Shameless plug here for the api powershell module. I have a function called Set-FogServerSettings that helps with just inputting the api keys and it will handle the authentication from there with any function call. See the links in my signature. I originally made it cross-platform but it’s currently more windows oriented. Due to COVID-19 I am not working, which means I might have some free time (I say might because I also have a new baby). If you’re not running on windows I can dedicate some time to adding more linux support to the module since powershell core 6 and 7 are both cross platform on linux, mac, and windows.
The module takes that simplified documentation and creates tab completable functions from the structure outlined in the documentation.

@Jbob said:

@Arrowhead-IT what issues are you experiencing with including the client in the image? Its actually safer / more secure to install the client into the image rather than after imaging completes.

The client just plain doesn’t work when I include it in the image. Maybe I’m missing something, and I’m still doing testing. This is a new setup. At my old job I used to always include it in the image, but it had sporadic success rates too. I find that a fresh install always seems to work. Also, I love that I can install the client and it adds itself if the client isn’t already in fog. I figured that functionality meant that I should install it individually.