RE: Imaging PCs in 2024

@processor

I have been with FOG since 2016 myself. When I image my machines I would make a Golden Image and use Windows SysPrep when I made my images.

How are you all doing your images?

How are you deploying software?

Thanks for your response!

@george1421

Greetings!

It has been a very long time since I have been on the FOG forums. In recent years, I migrated from making a “Golden Image” that has EVERYTHING on it, to a simple image that has basic things on it that can be used in many applications. This solution works well for most cases. My everything images were a lot of extra work and fantastic WHEN they worked.

Has the Imaging process changed drastically since 2018 and Windows 11?

How are folks here deploying large intricate packages like Adobe Suite or AutoCAD in 2024?

Thanks for continuing this project!

UPDATE –

@astrugatch

I just wanted to follow up on this. I realize this thread is ancient but I feel this is still very much relevant. We ended up going with Mosyle (PAID) for our MAC / Apple MDM. We are unhappy with it. It does not meet either myself or the instructors expectations.

You are 100% correct, Mosyle does not meet the expectations of a true MDM. It’s clunky and the support is not great. I have not looked at munki yet but am going to pursue that to try and make the most of what we have. I am also looking at another product called FileWave, which is supposed to work very well with pretty much every platform (minus Linux). FileWave is a paid service / subscription.

Thanks again!

Has anyone had any success imaging Macs with FOG recently? I have a lab of iMacs arriving any day and I need a solution to imaging / managing them. I hear they have an MDM but I could only imagine cost on it.

I did look through the forums and see that their is a specific method to getting them to PXE boot. I also saw the bit about the security features within the Mac OS that you have to overcome in order to get this to work.

Any advice is greatly appreciated!

Thanks!

Hello!

Does anyone here know if you can manage Office 365 device based licences without using Azure / InTune?

Everything I have read says that InTune is the only method to do this…

Am I missing something?

Cheers,

Joe

@Mountainmanmoore

If by this you mean booting a Dell Latitude 3500 via UEFI, I was able to get that going by setting up my DHCP server correctly as indicated in the post here.

@Sebastian-Roth

Sounds great! Like I said, let me know what you all are working on and I’ll do my best. I do have some background in programming but it’s been a bit. I am trying to pick up Python and do a little teaching here at our district.

I worked in UNIX for a couple years at one of my first computer jobs. They hired me because I liked tinkering in Linux. I’ve used Linux since the first iterations of Redhat. The FOG project does draw you in. It’s a great thing. Some of us can’t afford to throw cash at it but certainly am willing to donate time.

So keep me posted! Thanks!

@Sebastian-Roth

I’d love to help out where I can. I’m not really a Windows guy. I’m more of a UNIX / Linux guy stuck in a Windows world. But I can certainly test things in my lab. I have a couple labs that get used very little that would offer a good test bed for features in the field.

Let me know what types of things you all need help with and I’ll see where my skillset works best.

@Sebastian-Roth
@Tom-Elliott

Let me know how I can help. I have a lab that gets used very infrequently that I can test things on if need be. (Time permitting…) My time begins to get more free here in about a month or two and then gets more busy again in February. I’d be more than happy to help out the project!

@Joe-Gill said in FOG service quits running:

@Tom-Elliott
@Sebastian-Roth

So I rebooted two different machines that were having this problem. The service restarted on one and not the other. Ha!

Thanks!

I checked the update settings on the machine that the service wasn’t running after the reboot… You guessed it, a Windows Update was running (installing). I’m gussing that is the caust of this entire issue.

Reboot will likely resolve it after the update install is completed. Hope this helps someone else down the road.

@Tom-Elliott
@Sebastian-Roth

So I rebooted two different machines that were having this problem. The service restarted on one and not the other. Ha!

Thanks!

@Tom-Elliott

I will try a reboot on the machine I had quit checking in yesterday and see.

@Sebastian-Roth

I just noticed something… While looking for log files again this morning… I had one machine that the service literally quit working yesterday… My event logs show events just AFTER the FOG service quit logging…

This machine is on Windows 10 1709 build 16299.15…

Guess what happened after that? Windows ran an update!

We do all of our updates from a Windows WSUS…

Hopefully this helps!!

@Sebastian-Roth

Here is the entire FOG log on one of the 8/20/19 machines. I can post it as code too if you’d like it. I just thought a log file may be simpler.

Thanks!

fog.log

@Sebastian-Roth said in FOG service quits running:

Thanks heaps for looking into it. Do I get this right, most of the machines having the issue showed (in the logs) the service stopped working on the very same day, all on 8/20/19??

Not a problem! I am happy to help out the project. The service quit on a handful of machines on 8/20/19 and some were in July.

So far all of my logs are not showing anything back when the problem occurred.

So the event logs go back to that date but there is no notice/warning/error in the event logs?

The event logs don’t go back far enough to show anything. In other words the event logs don’t start until after the service quit working (days later).

I have noticed that a commonality in the FOG logs is that this issue happens after FOG sleeps or reboots.

Do you mean PC reboot? Can you post an example log when it seems to happen on “reboot”?

I’ll go grab an entire log and post it here.

@Sebastian-Roth

Alright, I have a bit of info to share here…

I have a machine with Windows 10 1709 OS Build 16299.15 and an identical machine (sitting next to it) that has Windows 10 1703 Build 15063.0. The 1709 machine FOG service is not running. The 1703 FOG service IS running.

I checked multiple machines and none seem to have logs that go back far enough to any events that happened on the day the service quit. That said the things these all have in common (on some machines) occurred two days prior to a system update. (8/20/19) The update occurred on 8/22/19… I had a few outliers that happened mid July.

Oddly enough, I was out of the office the week (8/19/19) this event occurred. I checked with the other tech and we had no physical issues that day and the folks that were here used this very lab that day.

So far all of my logs are not showing anything back when the problem occurred. I have noticed that a commonality in the FOG logs is that this issue happens after FOG sleeps or reboots.

Let me know what else I can provide you. I have several machines in the same lab that have this issue. I had a few that after I logged into AD, the service checked in and everything seems to be working.

Cheers,

Joe

@Sebastian-Roth

I will check it out for you. I hadn’t peered into the Windows logs yet. I believe all of the machines with this issue are Windows 10 Ver 1903. But I will get more details here for you directly. In fact I have an entire lab I haven’t manually started the FOG service yet on. I will go check this out now and see what I come up with. If I can’t find anything obvious, you can certainly set up a time to remote into one of the trouble PCs.

Also, I had noticed this randomly happen last year in other labs. It was so random though I figured something else happened or I had done something that caused the issue. This is too wide spread not to be me. LOL!

Thanks!

• HOST OS - Windows 10
• FOG Version - 1.5.7.1
• FOG OS - CentOS 7.6

I have noticed on several hosts that the FOG Service quits running after several days. I checked the Windows Services and it shows it set to automatic (or automatic delayed) but not started and it had been off for days.

Here is a snippet of the FOG.log file from one of the hosts. The rest in this group of host looked similar.

------------------------------------------------------------------------------
----------------------------------UserTracker---------------------------------
------------------------------------------------------------------------------
 8/20/2019 5:40 PM Client-Info Client Version: 0.11.16
 8/20/2019 5:40 PM Client-Info Client OS:      Windows
 8/20/2019 5:40 PM Client-Info Server Version: 1.5.7.1
 8/20/2019 5:40 PM Middleware::Response Success
------------------------------------------------------------------------------

 8/20/2019 5:40 PM Service Sleeping for 311 seconds
 9/4/2019 9:13 AM Main Overriding exception handling
 9/4/2019 9:13 AM Main Bootstrapping Zazzles
 9/4/2019 9:13 AM Controller Initialize
 9/4/2019 9:13 AM Controller Start

 9/4/2019 9:13 AM Service Starting service
 9/4/2019 9:13 AM Bus Became bus server
 9/4/2019 9:13 AM Bus Emmiting message on channel: Status
 9/4/2019 9:13 AM Service Invoking early JIT compilation on needed binaries

------------------------------------------------------------------------------

Is there anyway to enforce that the FOG Service is started and running?

Thanks!

Cheers,

Joe Gill

@Wayne-Workman
@george1421

I figured this one out… I was having problems with security. One of Windows 10’s recent updates (as in the last 3 months or so) was blocking connections to anonymous shares. It allowed them but they needed to be authenticated. For those of you who stumble across this post…

Add your FOG server to your domain and configure Kerberos. After you do this you will need to configure your driver share. I have included the way I did mine and it works. This configuration is for using an existing domain controller. In our case, we use Windows Server 2012 to do domain control.

Do the following:

yum install samba*
yum install krb5-libs krb5-workstation

Confuguration Kerberos /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = YOURDOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
DOMAIN.TN = {
kdc = dns-name-your-domain-controller
}

[domain_realm]
netbiosnameyourdoamin = NETBIOSNAMEYOURDOMAIN
netbiosnameyourdomain = NETBIOSNAMETYOURDOMAIN
Configuration samba /etc/samba/smb.conf

[global]

workgroup = DOMAIN
password server = dns-name-your-domain-controller:88
realm = NETBIOSNAMETYOURDOMAIN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = true

log file = /var/log/samba/log.%m
max log size = 50

passdb backend = tdbsam

load printers = yes
cups options = raw

[homes]
comment = Home Directories
browseable = no
writable = yes

[printerdrivers]
comment = All FOG Printers
path = /PATHTODRIVERS
browseable = no
guest ok = no
writable = yes

Add dns name in /etc/hosts

Install and configuration ntp server (It’s important for use Kerborose authorization)

yum install ntpd
edit /etc/ntp.conf
server ip-address-your-ntp-server prefer
Create ticket
kinit account-admin-for-active-directory@NETBIOSNAMETYOURDOMAIN
Add server in domain

net ads join -S dns-name-your-domain-controller -U account-admin-for-active-directory
Create keytab for Kerberos

net ads keytab create -U account-admin-for-active-directory
Edit file /etc/nsswitch.conf

passwd: files winbind
shadow: files winbind
group: files winbind

Restart samba and windind

Test
net ads info
wbinfo -t

FOG Version: 1.5.7.1
FOG OS: CentOS
Client OS: Windows 10 PRO

Hello! I am currently having an issue deploying printers from an anonymous SMB share to any WIndows Host… I have been getting an error stating:

“You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe malicious devices on the network.”

I never use to get this message until the most recent Windows 10 update.

@Wayne-Workman do you have a work around for this?

Thanks!