RE: Support for multiple nics / subnets

OK, so here is what’s needed to switch FOG 1.2.0 between networks (interfaces):

• FOG System Settings -> FOG Configuration:
  * General Settings: FOG_WOL_HOST (change ip); FOG_WOL_INTERFACE (change iface)
  * Multicast Settings: FOG_UDPCAST_INTERFACE (change iface)
  * NFS Server: FOG_NFS_ETH_MONITOR (change iface)
  * TFTP Server: FOG_TFTP_HOST (change ip)
  * Web Server: FOG_WEB_HOST (change ip)
• Storage Management -> DefaultMember:
  * IP Address (change ip)
  * Interface: (no changes)
• /tftpboot/default.ipxe: change ip in last line
• change default gateway using ip command (to make wake on lan work - it uses default gw for broadcasts):
  * ip r del default - delete current
  * ip r add default via <gw for second network>

Ok, sorry for delay, here is what we use to make win7 join Samba NT4 domain (maybe it helps somebody):

• after sysprep, fog automatically renames host (it’s done fairly early after sysprep, so there is little or perhaps no chance that computer will join domain with bad name), then it restarts and
• downloads associated snapin - I named it setup_complete_snapin - which contains 2 scripts:
  [LIST=1]
  []setupcomplete.cmd
  []join_domain.ps1 (powershell script)
  [/LIST]
  SETUPCOMPLETE.CMD:
  [CODE]
  @echo off

rem delete unattend files
del /Q /F c:\windows\system32\sysprep\unattend.xml
del /Q /F c:\windows\panther\unattend.xml

rem delete dir with additional drivers (those which win didn’t install automatically - needs registry update for win to look here)
rd /S /Q c:\Drivers

rem win activation
cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
cscript //b C:\windows\system32\slmgr.vbs -ato

rem office 2010 activation
cscript “c:\Program Files\Microsoft Office\Office14\ospp.vbs” /act

rem registry changes
:: enable self deffense (registry protection) for NOD Endpoint Antivirus 5.0 - disabled before sysprep, because of sysprep crashes with this enabled
REG ADD “HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000001\Profiles@My profile” /v selfdefense /t REG_DWORD /d 0x1 /f
:: for win7 to join Samba NT4 domain
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DomainCompatibilityMode /t REG_DWORD /d 0x1 /f
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DNSNameResolutionRequired /t REG_DWORD /d 0x0 /f
:: fixes problems with login (source: https://lists.samba.org/archive/samba/2010-October/158591.html)
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t REG_DWORD /d 0x1 /f

rem domain join
:: didn’t work without cd
cd \windows\temp\setup_complete_snapin
powershell set-executionpolicy remotesigned
powershell .\join_domain.ps1
powershell set-executionpolicy allsigned

rem extends partition to whole disk
diskpart /s .\diskpart.txt

:: sleep a la MS Windows
::ping -n 10 1.1.1.1

rem restart
shutdown -r -f -t 120

Exit
[/CODE]
For domain join, really needed are only sections: domain join, registry changes (for win7 to join Samba NT4 domain) and perhaps restart.

JOIN_DOMAIN.PS1:
[CODE]

user and pass - pass has to be in apostrophes, quotation marks didn’t work

$User = “DOMAIN\USER”
$Pass = ConvertTo-SecureString ‘PASSWORD’ -AsPlainText -Force

create credentials

$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass

join domain with loggin to file

#add-computer -domain DOMAIN -credential $Credentials 2>&1 > join_domain.log

join domain

add-computer -domain DOMAIN -credential $Credentials
[/CODE]

Ok, sorry for the delay, thanks for reply.

In the end we used our previous image - for which, afaik, there was never used audit mode and everything was installed via (normal) administrator account - and it seems there are no issues.

[quote=“Jaymes Driver, post: 35201, member: 3582”]No, OOBE is for making the machine into a Like new Out Of Box Experience. Audit Mode is a tool to use during an Image setup process, that requires the finalization of the OS so it can (if you supply an unattend.xml) make your Installation autonomous.

The Audit mode is where you get to windows BEFORE the OOBE process happens. You are suppose to install all your software at this point then sysprep and upload, On first deploy the installation will answer the installation questions with your provided unattend.xml and complete the OOBE process (generalizing the installation so that new drivers can be applied to the system, cleaning some registry values and other secretive windows type things).

Really, there isn’t much difference in if you just install the software as a user and push your image, except the generalization processes which allows the machine that you are imaging to have their own hardware identifiers and unique strings which will be required for activation. This is only really important if you activate to a KMS server or if you join to an active directory environment (speculation have not tested I am not AD).

Try it, tell us what does and does not work if you don’t sysprep, that’s really the only thing I can recommend.
[/quote]
And just for clarification - we do use sysprep, we just don’t install stuff via audit mode admin account.

[quote=“Jaymes Driver, post: 35201, member: 3582”]
Personally, I read many tutorials before I began pushing windows 7. each one mentioned using Audit Mode to install my software and drivers before completing the generalization process, and I have had marginal success in doing so.

Hope this helps![/quote]

Hi all, I have one question regarding audit mode. As far as I understood, it’s equivalent mode to OOBE (or Windows Welcome) but it’s meant more for technically skilled and for corporations than for end users. But in the end, it has the same use: to prepare freshly installed win.

Now, is it problem to not do (2nd and n-th) image preparation in audit mode (of course, the 1st we did this way)? Is it ok to update windows, update/upgrade/install/remove software, change profile, etc. via logged in administrator and then start sysprep oobe with generalize from here (before capturing image)? Had anybody problems doing it this way or do you see any potential problems?

I read, that audit mode is needed for auditSystem and auditUser passes to happen (if I got it right). But since we based our unattend.xml on this tutorial, we don’t use auditSystem or auditUser.

Does anybody know some (perhaps official) text, which explains if there is any difference between doing sysprep in audit mode and normally from logged in administrator account?

Thanks.

Hi, bit delay, but I’m almost in the end (will post howto - maybe it helps somebody), but would like to know how this snapin subsystem works. It seems that when FOG client starts first time (after deploying), it automatically downloads associated snapins and run them (without creating snapin task).

How does FOG client know it starts first time? And, will this work?: I create master image, upload it, deploy it (with snapins automatically downloaded and applied), then next semester use this same image (with updates and perhaps software changes), upload it, deploy it with snapins (again) correctly applied. If yes, it would be really nice

I tried to search here this but didn’t find anything - if this was already discussed, feel free just to post link.

Thanks.

Hi X23, I discarded this way (scripts in c:\windows\setup\scripts) - I forgot about renaming before joining, so when I finally made these scripts working I realized this and since I didn’t figure out how to accomplish this renaming using powershell or sysprep, I decided that I make snapin which consists of these scripts and will run after FOG client renames hosts. It seems to work, I just need to test it all together with sysprep.

And what do you mean by using fog client for joining? Is it possible to join win 7 to NT4 based (samba v 3.6) domain? I initially thought I will try it, but then just took the snapin way.

Thanks, Rado.

Thanks for reply. I know, but I’m bit afraid of converting to Samba 4 (lot of work and uncertain results?). I know I will have to do it someday, but I just wanted to try it with my current setup since manual joining works (and if nothing works, just convert to AD). Now, I’m almost in the end - not using sysprep, but Power Shell script in c:\windows\setup\scripts\ which is called by setupcomplete.cmd - it works when I’m normally logged in as Administrator, but not during (or after?) sysprep process…

Hi all, is here somebody who is able to join win 7 automatically via sysprep (or maybe other way) to samba based NT domain (samba ver. 3.6)? I can do it manually, but am not sure how to automate this. Is it possible using sysprep?

Or, is FOG client able to join only AD domain or can it join NT domain also?

I searched this forum and didn’t found others with this issue.

Thanks.

It seem to work - svn 2014 - creates udp-sender processes with right interface no matter what’s in /var/www/fog/lib/fog/Config.class.php. Didn’t test deploying.

So, if I upgrade to SVN 2004, it should no longer use config and there will by only database (via FOG Configuration web interface) as configuration storage?

And what’s “dynamics”?

Thanks.