RE: ca fog service "error failed to decrypt" when snapins in non-default directory

Confirmed working. the CA ssl folders can now be separated from the snap-ins folder

@kbramhall
I’m not 100% sure if the package is the same in redhat as it is in debian, but in debian its
sudo apt-get isc-dhcp-server

so maybe try

yum install isc-dhcp-server

I’ve had a problem where it wasn’t installing the dhcp package on debian too on a test DHCP style install a couple weeks ago and installing the package manually fixed the problem for me. But then I ended up not using the DHCP on fog.

@MRCUR Well I think it is possible to edit it directly, but it is not easy.
Let’s say you run my script and have a working default profile and you saved the folder somewhere.
Now let’s copy the whole profile folder to the local computer, in the C:\ root for example(just to be safe not editing the original right away)
Now open up regedit.exe as an administrator and highlight ‘HKEY_USERS’
File → Load Hive
Open up
“C:\Default\NTUSER.DAT”
name the hive test, or something like that.

You can now edit the default profile registry .dat settings to your heart’s content. Problem is, it’s the registry…
So the second half of task bar pins is in that hive under
HKEY_USERS\test\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
But that key is all binary and Dwords.
Granted, you could just customize some pins on any user and export that key from
HKEY_USERS\userSID\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
And then import or copy paste the values into the hive you’re editing and that would work.
Then just highlight the test hive and do file→unload hive and all the settings should be saved in the .dat file.

I saw some vbs scripts in various forums that claimed to automate the pinning but I didn’t try any of them. But I’ll post some links in case they help you do it the way you want to.

Here’s where I came up with most of this
http://smallbusiness.chron.com/modify-ntuserdat-56096.html - editing ntuser.dat
https://social.technet.microsoft.com/Forums/windows/en-US/73eb1c0a-fc78-4ae7-ba6d-356d9a9a5328/solved-how-to-pin-to-start-menutask-bar-for-default-user?forum=w7itproinstall - possible script solution
http://blogs.technet.com/b/deploymentguys/archive/2008/06/06/useful-script-number-5-adjusting-the-default-user-registry-hive.aspx - editing ntuser.dat some more
http://blogs.technet.com/b/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx - other script possibility

Hope that helps in some way. Sorry that I didn’t find an easy answer for you.

@wayne-workman My first instinct is to say “whoa there, lets not abandon centos and its enterprise grade security”.
But at the same time, I’m still using CentOS 7 for Fog and never took the time to upgrade to 8 as I’ve read in this forum and other places of troubles. I didn’t even know there was a thing called CentOS Stream (keeping up with windows constant OS version upgrades takes up all my OS research time). So, despite my instinctive hesitance I’m all for this idea, simplifying development requirements for the win.

However, there are many that were taught the mentality in various ways that RHEL = better for business, and ubunutu = for linux beginners. This isn’t a true statement, especially nowadays, it is a mentality that still exists though. So if we’re going to discontinue native installer support for CentOs, I think we should write something up for our public pages, like on the fogproject.org download page, to help not deter users with this old thinking of ‘RHEL is better for business’ engrained in their soul. Just my 2 cents.

Also, for those 122 of us on the older CentOS 7/8, would this change to the installer make it so we need to move distros for future updates?

Also, if we’re going to focus the installed on ubuntu and debian, might we look at creating and publishing an apt package to make installs even easier?

commented out if isset {...} stuff in index.php of management and it worked again.

@george1421 said:

ok then lets confirm a few things.

You want FOG to be the dhcp server for your subnet?

Just so you know. The reason I chose not to use DHCP with FOG is because I had the mistaken assumption that FOG would automatically manage it in some way, or that the gui would have some control over it. It does not, you’ll be doing a bunch of manual configuration. It added some small configuration and did get it passing out ip addresses, which may be enough for you. But just be aware that you’ll likely have to do some more manual configuration of the DHCP. Not that that is all that hard nor undocumented on the internet, just wanted to make sure you’re aware.

@anthonyglamis Nope. The installer will auto download the latest client to your server and you don’t need to maually update your hosts with the new client. I think it’s supposed to update itself even, if I remember right

@sega I believe you need more in your json post

I have a function in the fogApi powershell module to deploy an image.
The code is in the syntax for powershell not curl, but it should give you an idea.
https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Send-FogImage.ps1

i.e. a simple deploy image now task of a host’s assigned image would have json like this

{
    "taskTypeID": "1",
    "shutdown":"0",
    "other2":"0",
    "other4":"1",
    "isActive":"1" 
}

IIRC other2 is debug task and other4 is wake on lan

Running Version 1.3.0-RC-1
SVN Revision: 5936

When I try to set a group to the “Fog Managed Printers” setting for “Printer Management Level” It always ends up setting all of them to “No Printer Management”

@kbramhall Considering that you only just set this up, maybe it’s worth trying a different distro. I’ve had better experiences with ubuntu server and fog then cent OS. But I am more familiar with debian so I might be biased.
But maybe it’s an issue with the OS install.
What happens when you run

yum update

?
If that doesn’t seem to connect to anything, then
What does your resolv.conf say?

cat /etc/resolv.conf

Might be a dns server thing. That’s sometimes the issue when you can’t seem to install a package

@anthonyglamis This sounds like a client issue, any thoughts @Jbob

Oh how to use the thing,
Copy paste into your favorite text editor (sublime text, notepad++, scite, or what have you) and save as ImagePrep.bat (or whatever you want as long as it’s .bat) I reccomend having it on a file share so you can run it from there and always have the most up to date version ready to run on a computer you want to upload a hardware independent image.

I have many other scripts I’ve implemented into my FOG imaging workflow that I am happy to share if people want to see them.
Like a firstLogon or a one time automatic admin login so you can have a firstLogon/setupcomplete script without sysprep.
Backup and restore scripts for user files and settings when migrating a user’s local files to a new image
And so many more. I’m still working to make them more universal and I really really want to find a way to not have plain text passwords in them for mounting shares with net use. (Virtual Smart Cards maybe, but they currently look complicated)

However adding and removing printers works just fine. In case it’s relevant

@Wayne-Workman said:

@Arrowhead-IT said:

Just so you know. The reason I chose not to use DHCP with FOG is because I had the mistaken assumption that FOG would automatically manage it in some way, or that the gui would have some control over it. It does not, you’ll be doing a bunch of manual configuration.

I guess now is as good a time as ever to say I’m working on an add-on that does just this.

@Wayne-Workman ooooh! I like that idea!

So one caveat to my method with using devcon from the windows wdk (https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx)
is that when you remove all the devices it removes and doesn’t reinstall on restart a couple system devices that are required to make remote desktop work.
So in other words you can’t rdp/windows remote desktop into an imaged computer. I had found this rather annoying and finally figured out exactly which devices are required and scripted how to fix it. yay!

This is also helpful to anyone that perhaps is having trouble with remote desktop when it is otherwise configured correctly.

So the devices that you could install manually as legacy devices are…

• NDIS Virtual Network Adapter Enumerator
• UMBus Root Bus Enumerator (adds UMBus Enumerators on restart that are also needed)
• Remote Desktop Device Redirector Bus

Luckily the inf files for all of these are still in the driverstore. And the devcon.exe tool can be used to install them quickly from the command line. 0_1453504913836_devcon.exe - 64 bit version from wdk 8.1 - put this in your C:\Windows\System32 for the following script to work. You can also download and install the wdk from the above link and find it in C:\Program Files (x86)\Windows Kits\10 somewhere, a tools folder of some sort as I recall. I tested it with the 8.1 version but just discovered there is a windows 10 version as I was writing this.

Anywho, scripty script

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

run that as a batch script, it will restart your computer and it will fix remote desktop if you break it by manually uninstalling devices

I had been having trouble with this problem for months and just fixed it and figured it related enough to everything else here so I shared it

@Bob-Henderson Well just sysprep is one method. I just add in a lot of extra stuff. Like cleaning up windows update, making sure chkdsk isn’t going to need to run when you upload. Cleaning up various temporary files, creating a imageversion log, making sure the time is synced properly to prevent possible domain join issues, rearming windows activation, defragging the hard drive, removing all drivers manually. Sometimes sysprep doesn’t work, or sometimes it removes more than you want. I’ve done both with an without sysprep. I have found without sysprep and utilizing the methods in this script to make my image hardware independent to be much faster and smoother.
But to each their own I just thought some other people might find something useful in it because It’s full of little snippets that answer questions and problems I had for years.

Also I believe that the default printer updates correctly too. It’s just the printer level that stopped working for groups

Maybe try the commands Tom suggested again? I did them out of order on accident since I was having the same problem and it worked for me.

sudo apt-get autoremove --purge
sudo rm -rf /etc/php5
sudo rm -rf /etc/apt-get/sources.d/*ondrej*
sudo apt-get purge php5*
sudo apt-get autoremove --purge

Then I reran the installer and all was well with the world. Maybe trying it again is worth a shot

@anthonyglamis No, you don’t need to create a new image for a new revision. It’s only if you reinstalled fog completely, regenerating the ca certs.

@Wayne-Workman I should add that it doesn’t remove driver files that are ready for plug n play.
It just uninstalls all devices to make it hardware independent, just like sysprep does. So if you use sysprep you would use the sysprep function instead of the hardware independence function.

Something else I do is when I do find a driver that is missing from windows 10 I get the inf file for it and add it to my image’s plug n play store with the command pnputil -a path/to/driver.inf I try to limit doing this to only network drivers because once you get that far windows update in windows 10 usually takes care of the rest.