RE: Win 10 Ent. compared to Win 10 Ent. LTSB what would be the right decision?

So, despite the ridiculous amount of changes (some really dumb ones, google demystifying dual scan, and then read the windows 10 wsus group policy documentation to find some conflicting ones) I would still recommend the Current Branch for Business. We’ll actually they recently changed the naming to be Semi-annual Channel for CBB and Semi-Annual-Channel (Targeted) for Current Branch.

While I certainly was all about the LTSB at first, there are some issues with it I have discovered.

One of the bigger ones is the lack of support for “new silicone” I don’t have time to go find the articles at the moment, but I’ve read a few microsoft and third party posts on how LTSB won’t support the latest chipsets as they come out. So in other words, if you have a image setup with LTSB 2015, but you have a new computer with a cpu/chipset that came out in 2018 with some fancy new features, you won’t be able to install LTSB on that new computer, or at least you won’t be supposed to be able to.

Also, while I was rather hesitant to allow access to the windows store, as I started adding surface type touch screens to our environment I’ve come to find it more and more useful. Also, there are plenty of group policies to disable access to the windows store.

Also, reading about the new features and such as they come out, kept making me want the new features. A more flexible and customizable windows update experience, new powershell cmdlets, and all sorts of things to play with.

Personally the whole no support for new silicone thing is what converted me.
Plus, we want to have a regular imaging schedule and the now semi-annual release schedule gives us a schedule to deploy fresh images. Which we intend to do instead of deploying the new releases through wsus. Updating from one release to another tends to lose some customizations like lockscreen images and custom account pictures. Plus they tend to change some of the features surrounding those customizations, so updating the ol unattend file and setupcomplete type scripts on that regular basis to be able to take advantage of new features is prolly a good idea. Also, have you checked out windows imaging configuration designer to make provisioning packages? It’s pretty sweet.

So in short, due to recent changes to the windows as a service paradigm and choices in support rules for LTSB, unless you are using the same hardware for something for 10 years that needs to not have any risks of new features, and perhaps has some legacy software needs. Then LTSB is the way to go. If you are just looking to shirk away from pieces of windows 10 like the store and such, you should not go with LTSB and either embrace the changes, or create more restrictive group policies. Especially since you become so very stuck with any version of LTSB since you can only update to another iteration with a fresh install/image.

If you for some reason don’t have a AD to deploy group policies you can utilize provisioning packages and for policies not yet supported there you can learn to utilize the https://github.com/dlwyatt/PolicyFileEditor powershell module to deploy local group policies.

That’s my 2 (maybe it’s more like 200) cents on the matter.

@jc35 Just to be sure I understand what you’re trying to do,
You have an inventory system in glpi.
You want to make it so if you hit delete on a computer in your inventory rabbit mq sends a message to fog to wipe the machine and put a default image (like a retail windows or basic linux that the computer can be sold with I’m guessing) on the deleted computer.

So you want to click one button to delete the computer from your inventory and it automatically prepares itself to be safely disposed/surplussed/sold or what have you.

Do I understand correctly?

@kbramhall
I’m not 100% sure if the package is the same in redhat as it is in debian, but in debian its
sudo apt-get isc-dhcp-server

so maybe try

yum install isc-dhcp-server

I’ve had a problem where it wasn’t installing the dhcp package on debian too on a test DHCP style install a couple weeks ago and installing the package manually fixed the problem for me. But then I ended up not using the DHCP on fog.

@anthonyglamis This sounds like a client issue, any thoughts @Jbob

TL;DR
The quick answer is the ‘useAD’ property of a host in the api checks that box, but will not pull your default settings when done through the api. So you need to provide all domain join info.

@Jamaal Good day sir! Sorry for a delayed reply, haven’t been on here in a bit, had been trying to stay active during my quarantine but eventually my infant son won all my attention while I was home. But I am now back at work and am excited to see someone with a powershell api question =).

I took a look at that old post and @scottybullet and I should clearly be friends. Looks like he posted some powershell api stuff before I published my module publicly.

So as @Sebastian-Roth mentioned, check out the powershell module (check the links in my signature). If you use that as a dependency of your script you’ll have a good time. If this leads to some more functions needing to be added to the module to make it easier we can make the functions and get them added.

So let me see if I got this straight.

You have microsoft orchestrator (I’m not actually familiar with that product, but I think I get what it does from context)

1. You want other employees to put info about a new computer into that product in some way
2. That product sends that info to a powershell script
3. The script adds the computer to fog and queues it to start imaging with wake on lan as soon as you plug it in to the network.

Currently it isn’t auto joining the domain but you want it to.

Well sir I believe the answer may be pretty easy. I usually add fog hosts using the pxe boot menu
Firstly, something built in fog is setting default AD settings at http://fog-server/fog/management/index.php?node=about&sub=settings (select Active directory defaults). I pull that info when I register a host in the pxe boot menu and then edit it during a provisioning script to put things in the right OU. But I just realized that doesn’t matter because it doesn’t pull that information when you create from the API, but it’s still a feature that exists and there may be a way to leverage it in your situation but we’ll come back to that if we need to.

Ok so first let’s create a host

# you can also just do name, description, and macs and add the rest after with a set-fogobject command
$HostJson = @{
    "name"=  "testHost-1"
    "description"=  "a test"
    "macs" =  @("11:22:33:44:55:66")
    "imageID" = "29"
    "useAD" = 1 
    "ADDomain" = "yourDomain.com"
    "ADOU" =  "OU=OUname,OU=ParentOU,OU=GrandParrentOU,DC=yourDomain,DC=com"
    "ADUser" = "domainUsername"
    "ADPass" = "plainTextPassword"
    "enforce" = 1
}
#note that "useAD" = 1 checks the join domain after deploy box
#note that "enforce" = 1 checks the force rename and join even if user is logged in box
#note that the password is in plaintext via the api because you are already authenticated to get to this point, this is why I prefer to pull from the existing default so I don't pass the password in plaintext anywhere. 

#convert to ps object to a json string
$json = $hostJson | ConvertTo-Json
$newHost = New-FogObject -type object -coreObject host -jsonData $json

Sidenote: @Tom-Elliott or @Sebastian-Roth is it possible to pull the default domain settings include username/password from the fog settings via the api? So that to add domain join info through an api call doesn’t require a plaintext password, or maybe some other solution, like making it so the defaults are pulled if a host created with the api has that join after deploy/useAD box checked?

So that above code would add a new host with the domain information and stores the host info in a variable. You could then queue the image of the host with (I should really make a function for this)

$jsonObj = @{
    "taskTypeID" = 1
}
$jsonData = $jsonObj | ConvertTo-Json;
# create the image task on the newhost 
New-FogObject -type objecttasktype -coreTaskObject host -jsonData $jsonData -IDofObject $newHost.ID;

@jc35 So I think you can do this
I would follow the help @Wayne-Workman gave you on this post
https://forums.fogproject.org/topic/6454/wipe-and-restore

Using the information of what the database tables need to say you could write a bash or python script to edit the mysql database of fog.
The next question is whether or not you need help with that part too.
The basics steps you would need to do

• make a remote mysql user with access to the fog database on the fog server.
• Compose and test some mysql commands remotely based on the tables you need to edit and make sure it works
• Take those commands and put them into a script. In bash it is possible to send a single command to mysql, I don’t remember the parameter of the top of my head though, I would have to go find a script where I did that if need be.

Hopefully that helps you get started.

@george1421 said:

ok then lets confirm a few things.

You want FOG to be the dhcp server for your subnet?

Just so you know. The reason I chose not to use DHCP with FOG is because I had the mistaken assumption that FOG would automatically manage it in some way, or that the gui would have some control over it. It does not, you’ll be doing a bunch of manual configuration. It added some small configuration and did get it passing out ip addresses, which may be enough for you. But just be aware that you’ll likely have to do some more manual configuration of the DHCP. Not that that is all that hard nor undocumented on the internet, just wanted to make sure you’re aware.

So one caveat to my method with using devcon from the windows wdk (https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx)
is that when you remove all the devices it removes and doesn’t reinstall on restart a couple system devices that are required to make remote desktop work.
So in other words you can’t rdp/windows remote desktop into an imaged computer. I had found this rather annoying and finally figured out exactly which devices are required and scripted how to fix it. yay!

This is also helpful to anyone that perhaps is having trouble with remote desktop when it is otherwise configured correctly.

So the devices that you could install manually as legacy devices are…

• NDIS Virtual Network Adapter Enumerator
• UMBus Root Bus Enumerator (adds UMBus Enumerators on restart that are also needed)
• Remote Desktop Device Redirector Bus

Luckily the inf files for all of these are still in the driverstore. And the devcon.exe tool can be used to install them quickly from the command line. 0_1453504913836_devcon.exe - 64 bit version from wdk 8.1 - put this in your C:\Windows\System32 for the following script to work. You can also download and install the wdk from the above link and find it in C:\Program Files (x86)\Windows Kits\10 somewhere, a tools folder of some sort as I recall. I tested it with the 8.1 version but just discovered there is a windows 10 version as I was writing this.

Anywho, scripty script

@ECHO off
	REM Script for fixing remote desktop after uninstalling all devices

	call :main

:main
	call :funcHead "Welcome to the remote desktop fix!"
	call :setVars
	call :addDriver "NDIS Virtual Network Adapter Enumerator" "%drivers%\ndisvirtualbus.inf_amd64_c420021ea374b6f3\ndisvirtualbus.inf" ROOT\NdisVirtualBus
	call :addDriver "UMBus Root Bus Enumerator" "%drivers%\umbus.inf_amd64_b5911c04e2dae8d2\umbus.inf" root\umbus.inf
	call :addDriverAndRestart "Remote Desktop Device Redirector Bus" "%drivers%\rdpbus.inf_amd64_e1a9f2699d349149\rdpbus.inf" ROOT\RDPBUS

	EXIT /B

:setVars
	set drivers=C:\Windows\System32\DriverStore\FileRepository

	EXIT /B

:addDriver
	echo. installing %~1...	
	Devcon install %~2 %~3
	echo. done!
	EXIT /B

:addDriverAndRestart
	echo. installing %~1 and restarting computer...	
	Devcon -r install %~2 %~3
	echo. done!
	REM just in case -r doesn't reboot...
	Devcon reboot & exit
	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

run that as a batch script, it will restart your computer and it will fix remote desktop if you break it by manually uninstalling devices

I had been having trouble with this problem for months and just fixed it and figured it related enough to everything else here so I shared it

@Sebastian-Roth and @Jurgen-Goedbloed Could I also be added as a maintainer. I would love to help with this project.
Maybe we make some github issues for what documents need creating and or copy pasting and divide and conquer?

@Wayne-Workman well, it happens on physical machines too. Maybe CentOS is just better than ubuntu for hosting fog?

@kbramhall Considering that you only just set this up, maybe it’s worth trying a different distro. I’ve had better experiences with ubuntu server and fog then cent OS. But I am more familiar with debian so I might be biased.
But maybe it’s an issue with the OS install.
What happens when you run

yum update

?
If that doesn’t seem to connect to anything, then
What does your resolv.conf say?

cat /etc/resolv.conf

Might be a dns server thing. That’s sometimes the issue when you can’t seem to install a package

@anthonyglamis No, you don’t need to create a new image for a new revision. It’s only if you reinstalled fog completely, regenerating the ca certs.

@Jurgen-Goedbloed
Are you able to see the built readthedocs page?
I’m having trouble getting it to build locally to see what it’s going to look like and when I go to docs.fogproject.org I get a 403 error. I think that @Joe-Schmitt may have set some security up on that page on the fogproject domain while it was to be under construction. Maybe we should host it on the readthedocs domain until we get that figured out? That’s a setting in the readthedocs project that I can’t access.

edit:
Figured out my build problems, so can at least browse it locally. Updated the readme with build instructions and added a make.ps1 for easier building.

@wayne-workman My first instinct is to say “whoa there, lets not abandon centos and its enterprise grade security”.
But at the same time, I’m still using CentOS 7 for Fog and never took the time to upgrade to 8 as I’ve read in this forum and other places of troubles. I didn’t even know there was a thing called CentOS Stream (keeping up with windows constant OS version upgrades takes up all my OS research time). So, despite my instinctive hesitance I’m all for this idea, simplifying development requirements for the win.

However, there are many that were taught the mentality in various ways that RHEL = better for business, and ubunutu = for linux beginners. This isn’t a true statement, especially nowadays, it is a mentality that still exists though. So if we’re going to discontinue native installer support for CentOs, I think we should write something up for our public pages, like on the fogproject.org download page, to help not deter users with this old thinking of ‘RHEL is better for business’ engrained in their soul. Just my 2 cents.

Also, for those 122 of us on the older CentOS 7/8, would this change to the installer make it so we need to move distros for future updates?

Also, if we’re going to focus the installed on ubuntu and debian, might we look at creating and publishing an apt package to make installs even easier?

@Wayne-Workman said:

@Arrowhead-IT said:

Just so you know. The reason I chose not to use DHCP with FOG is because I had the mistaken assumption that FOG would automatically manage it in some way, or that the gui would have some control over it. It does not, you’ll be doing a bunch of manual configuration.

I guess now is as good a time as ever to say I’m working on an add-on that does just this.

@Wayne-Workman ooooh! I like that idea!

So this problem definitely relates to a windows xp to windows 10 file transfer issue and is nothing to do with fog.
From what I found here http://helpdeskgeek.com/office-tips/fix-office-2010-cannot-verify-license-error-message/
I discovered that the file tokens.dat is indeed a part of activation.
If you happen to have a similar problem…

stop the service osppsvc
Delete or rename tokens.dat and cache.dat found at C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform
Start the service osppsvc
Open any office program and let it do the self repair

This also fixes the problem of the office installer autoclosing when trying to repair or uninstall.

@Wayne-Workman said in Improve documentation:

@JJ-Fullmer can they be converted to something YouTube supports? (as opposed to re-recording)

We can put them on the FOG Project Videos YouTube channel. https://www.youtube.com/channel/UCrvOQPcm1SDIfIrzWZ9K3bA/videos

I think this would be an excellent method, gives us extra search visibility too.

@Sebastian-Roth Good point on the gif. I was just thinking of what I’ve seen in other documentation recently. It’s cool for showing how quick and easy some things are but pause buttons are nice.

Read-the-docs has a youtube video embedded in their docs so I took that as an example and did a test with a random youtube video from our channel
https://fogproject.readthedocs.io/en/latest/management/index.html#hosts

Looks good to me.

I am having trouble getting the swf converted though. When I run it through handbrake or any online convert tool it comes out as a jumbled mess. It’s also a video showing the 0.12 fog gui. Maybe it’s not worth it, I very much doubt anyone uses that version anymore.

@sega I believe you need more in your json post

I have a function in the fogApi powershell module to deploy an image.
The code is in the syntax for powershell not curl, but it should give you an idea.
https://github.com/darksidemilk/FogApi/blob/master/FogApi/Public/Send-FogImage.ps1

i.e. a simple deploy image now task of a host’s assigned image would have json like this

{
    "taskTypeID": "1",
    "shutdown":"0",
    "other2":"0",
    "other4":"1",
    "isActive":"1" 
}

IIRC other2 is debug task and other4 is wake on lan

Maybe try the commands Tom suggested again? I did them out of order on accident since I was having the same problem and it worked for me.

sudo apt-get autoremove --purge
sudo rm -rf /etc/php5
sudo rm -rf /etc/apt-get/sources.d/*ondrej*
sudo apt-get purge php5*
sudo apt-get autoremove --purge

Then I reran the installer and all was well with the world. Maybe trying it again is worth a shot

@Psycholiquid You are a beautiful person and I love you.
You may have just ended my 5 year hate war against sysprep.

Maybe I wasn’t looking hard enough, but everytime I tried sysprep or tried to customize it to my needs it failed miserably. Destroying customizations, getting stuck at oobe screens, just overall breaking everything. However, I just used your xml as a template and was able to successfully run sysprep on my windows 10 image and it worked pretty well and now I think I will be able to better search for the bits of the unattend.xml I need.

Also, a problem I ran into in windows 10 with sysprep is it sometimes gives an error about a metro app (movies and tv aka Microsoft.ZuneVideo for example) not being provisioned for each user or something. I had to run this powershell script I found in a microsoft tech forum (that I can’t seem to find again right now, but I saved the script for future use) on each user and it worked.

$AppsList = "Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.BingNews"`
            , "Microsoft.BingSports" , "Microsoft.BingTravel" , "Microsoft.BingWeather" , "Microsoft.Camera"`
            , "microsoft.microsoftskydrive" , "Microsoft.Reader" , "microsoft.windowscommunicationsapps"`
            , "microsoft.windowsphotos" , "Microsoft.XboxLIVEGames" , "Microsoft.ZuneMusic"`
            , "Microsoft.ZuneVideo" , "Microsoft.Media.PlayReadyClient"

ForEach ($App in $AppsList)
{
    $PackageFullName = (Get-AppxPackage $App).PackageFullName
    if ((Get-AppxPackage $App).PackageFullName)
    {
        Write-Host "Removing Package: $App"
        remove-AppxProvisionedPackage -online -packagename $PackageFullName
        remove-AppxPackage -package $PackageFullName
    }
    else
    {
        Write-Host "Unable to find package: $App"
    }
}

Save that guy as a .ps1 file and run it on each user if you’re getting an error when trying to run sysprep on windows 10 (or 8/8.1 for that matter)