RE: Active directory Join issue

@anthonyglamis So I found a few more errors. Can you be more specific as to the type of image you’re working with?

I looked over all the code, and the unable to locate MBR message is from one of our many functions. It, quite simply, cannot find the mbr file. This MBR file is received by the system. If the OS is windows 7/8+8.1/10 and the image is in what I call legacy format (sys.img.000 and/or rec.img.000), it will use a pregenerated MBR and realign the partitions to match your disk. This is also the default handling mechanism, now, for Windows XP and Vista.

This part was where things were failing though, and i’m guessing the image was uploading using 1.2.0? Maybe you already said this I’m just blanking out for now. In either case, I’m hoping the download script is back to a MUCH more friendly and operation state.

It can also be used to filter out potential spoofs. For example, the Additional and primary mac fields (unless otherwise specified) is how the service is handled for now. Basically, it tests any/all macs against all hosts in the system. If there’s a match, it continues to pass information to the host about what’s being sent. This is important, for example, in the case of Active directory.

If we just assumed all MACs were safe for the host it’s registering from, you would potentially be opening yourself up for attack. Not necessarily in a traditional sense.

For example, the most secure piece of information we want to protect, the Active Directory Password. Yes, I know you shouldn’t have admin rights on the user (create a new one as necessary) to allow FOG to register the host to the domain. However, this isn’t always practical. Whether by inexperience/knowledge, or because the setup was just done quick and dirty. That said, if all mac’s where automatically “approved” the potential arises that somebody could inject their own macs to a host. Because their host is no registered, they can see all the data sent from the server including the AD Password. (of course the new client doesn’t have this issue as readily, but still).

It’s these types of things we’re trying to help prevent as much as possible that we require you to approve the macs. If you are always going in and approving all macs, then I say shame on you, but to each their own. The mac’s can be approved by the individual MAC from the relevant host or hosts. The “green checkbox” that appears is the link on how to approve a single mac address. You can also approve all macs from the host as well.

It’s actually these security concerns that allowed us to have the FOG Client (New again) register the host if it was not already registered to the main FOG system. In olden times the client did register the host to the server if it wasn’t already done, but it also registered them as “approved”.

Main flaw, I think, in that approach is FOG is dependent upon a system being compatible to image/task a system. This is why the full register drops you into the init and you get asked all those questions, followed by a reboot if you wanted the system to image. If we only registered hosts through iPXE, the potential arises that a host is registered, and FOG recognizes it, but the init’s do not have the proper drivers to actually support imaging that device, so your system is stuck in a boot loop. Under the new client, the registration still happens, and the potential is still there that the registered through the client system is not compatible, but you can’t task the system until it is in an “approved” state.

Basically, we’re moving fog into an admin centric style system. The Administrator of the network/systems should know about any and all items being input especially when dealing with a host. If you’re registering through one of the registration/quick reg systems on the PXE menu, you already have a head start because there had to be a form of action performed to enable that reception of the task. So these full/quick registration methods are assumed to be “trusted”. Systems that are registered by the fog client is not automatically assumed trusted, because anybody can download the FOG Client installer and communicate to your fog server. By placing the system in a “pending” state, we keep the service from receiving unwarranted data. It also gives you and your admins a chance to verify the host indeed is valid for your network. The same principle for the MAC addresses.

Hopefully all this makes sense.

I feel I should add all Enabled nodes will send wol. Non enabled won’t cause they’re not enabled lol.

@sudburr I know it doesn’t seem like it, but I do try.

@anthonyglamis to add on, what you see by default in that field is how big a disk (approximately) you need to be able to image. The way it’s populated is as Wayne stated, through imaging tasks. There is also a field that, by default now, is hidden and will show how much space on disk it will use. If you enable viewing of the image, it should show a size which would then show you how much server disk space it’s using.

Added.

FOG Version 4692 now has the ability to set hosts individually with specific boot type exit parameters.

They can also be setup by groups. I don’t have any good way to verify that the individual items will actually work, as all of my systems are VMs, and only one of them is my “test” station for now.

Please test and let me know if things are good to go for you all.

Added the plugin to the plugins in the working branch.

I’m solving this thread as the issue has been addressed two fold. First, when the data is stored it adds then strips slashes and I do the same for how it gets output.

I’m sure there may be a nicer way and printers that stored improperly will still need to be fixed but the problem this is focusing on can, I think, safely be solved.

@x23piracy the reset encryption data is found under the “General” portion of the host edit page.

Removing the client installer sure, removing functionality no. Too many people are using the legacy client. Removing from dev means removing from the next release. I am not of the mind to tell everybody that they have to recreate their images because of the client. While I do recommend such things, I’m thinking it’s not a good idea to do enforce such extreme things.

@scgsg There are may things that impact the speed, regardless of the manager in use.

1. Network, the most obvious one here, would play a big factor.

2. System, as decompression is handled on the client.

3. Disk read/write speeds, this one is probably the largest factor on most modern systems.

4. Compression type, ZSTD compresses and decompresses much faster than gzip when in multithreading.

5. Compression Ratio, 19 is the maximum I’d recommend for any zstd as the memory required for any higher makes it nearly impossible to perform on most systems. 0 is the minimum, it still compresses but is nearly nothing. This impacts speeds because of the data that would need to transfer over the network. 1GB plain on a 1gbps will take anywhere between 5-10 seconds on a “perfect” network. 1GB compressed to 50% would take half the time to transfer because the data size would be only about 500MB. The speed it writes to disk would primarily be slowed down by the system decompressing the system. You must think of this when capturing too because while it will ultimately mean faster deploy’s, this setting can slow the capture process quite a lot.

6. Hops over network. The most direct route to a system will give you the fastest speed. If you have to jump through 10 switches to get to the host, your delays are somewhat related to the network as the data has to traverse the different points to reach the target.

These, obviously, aren’t everything that might impact speeds, but a basic list of what I can think of for right now.

As you’ve seen with the many other posts however, your case appears to be the exception. I understand there may be others with similar results to your own, but please understand we aren’t making these changes to make your day go longer. If anything we’ve made these changes so the vast majority of people will have a faster deploy/capture time. It also helps that partclone is in active development where partimage seems to have lost their develoment.

I’ve fixed this in the code so fresh installs should no longer have this issue. That said this would not have caused any issues.

@x23piracy I have to be honest, that video is from 0.12 version of FOG and probably the same version of the client from between all of them. The new client is New and it’s labelled as such for a very specific reason.

@jbob wrote the new client more or less from scratch. He also built the printer manager helper that he linked which will tell you EXACTLY what to place for the printer definition. Why not just take it for a spin? We’re not telling you information to spin you on your head, rather to help you get to the tasking you needed to reach.

@Wayne-Workman It happens much faster than that sometimes. (sub 15 second patch?)

Ignore the wifi mac from client operations?

This was fixed last night, sorry I didn’t update sooner and as always thanks for the report.

@Arrowhead-IT said in Cortana/Windows Search breaks in default profile:

@Wayne-Workman

some quick notes. You do need to put your username and password in plain text for shares, unless you have shares that give everyone access. If anyone knows of a way to encrypt that, I’d love to hear it. I know it can be done with openssl in linux bash scripts but I am yet to find the equivalent for a batch script. But hey bash will come to windows 10 soon.

This script hasn’t been tested for windows 7 or 8 profiles. It does detect the windows version because I was preparing to add that kind of functionality but since I am ending up moving completely to windows 10, I never put the work into it

The create profile script prompts you for the name of the user profile you customized and asks you for what department/profile you are making it for.

The Apply simply takes one arguement of the profile name. So you can upload just the one script to fog and make a bunch of snapins with different args for each profile you have to deploy.

Also note that I have some extra app data folders for custom settings of specific programs we use. I left them in there as examples.

Bath script to create Deployable Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Create-Deployable-Default-Profile
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:23
:: Last Updated Date: 2016-04-12 17:09:35
:: Update Author: jfullmer
:: Version: 3.8
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM This script copies a Customized windows 10 profile to the default profile so that
	REM all new profiles are created with the same settings

SET pwd=%~dp0
call :main
del C:\Create-Deployable-Default-Profile.bat & exit

:main
	REM main Function that just calls the other Functions

	call :copySelf
	call :funcHead "Welcome to the Windows Default Profile Creator Script!"
	call :setVars
	call :funcHead "Copying Customized Profile From %custom% to %default% ..."
	call :AppData
	call :CustomSettings
	call :CopyToNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:copySelf
	rem In some instances running this from a share doesn't work, so copy itself and start the copied version to run local
	IF NOT %pwd%==C:\ (
		echo. Copying self to C drive
		net use \\path\to\share /USER:domain\user password	
		XCOPY \\path\to\share\Create-Deployable-Default-Profile.bat C:\ /H /Y
	 	rem Make sure it's being run as an admin
	 	net session >nul 2>&1
	    if %errorLevel% == 0 (
			echo opening copied version.
			start C:\Create-Deployable-Default-Profile.bat
			exit
	    ) else (
	        echo This needs to be run as admin, try again please.
	    	@pause
	    	exit
		)
    )
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	rem set cUser=adl
	echo. Don't run this script from the user you're copying!
	set /p cUser="What is the username of the profile you customized? -> "
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cPF=C:\Users\%cUser%\AppData\ProgramFiles
	set dPF=C:\Users\Default\AppData\ProgramFiles
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	rem The script will create windows version and department folders
	set profiles=\\path\to\share\with\profiles
	net use %profiles% /USER:domain\user password
	call :OSversion
	call :setDept
		
	call :dots
	EXIT /B

:setDept
	rem Function to set department via prompt. 
	echo. What department/group is this profile for? (no spaces)
	echo. The Current Choices are... (A different entry will create a new folder)
	rem list profiles
	dir /b %profiles%\%winVer%
	set /P dept="Enter The Dept Here -> "
	set share=%profiles%\%winVer%\%dept%
	if NOT EXIST %share% mkdir %share%
	if NOT EXIST %share%\logs mkdir %share%\logs
	set logs=%share%\logs
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:copyDir
	REM Function inputs - 1 = display of what is copying 2 = source folder 3 = destination folder 
	
	REM This Function simply displays what you're copying and copies it. Did a Function to have less
	REM copy paste of command line options and have cleaner code.
	REM Note that when calling the Function all passed parameters should be encased in double quotes
	REM otherwise ROBOCOPY won't read the directories as seperate
	
	REM ROBOCOPY or robust copy, is a tool for copying directories or files in windows command line
	REM The syntax is ROBOCOPY sourceFolder DestFolder options
	REM the options used make it so a mirrored version of the source and its subdirectories are copied
	REM to the destination with 64 threads (64 files at once) overwriting existin files retrying any failed files 
	REM only once after 1 second of waiting and all without any verbose output
	
	REM /S - subdirectories /MIR - mirror /MT:64 - multithreaded copy with 64 threads, i.e. 64 files at a time instead of 1. 
	REM /LOG - output to logfile instead of console, ROBOCOPY /? says this provides better performance in multithreaded mode
	REM /IS - include same files i.e. overwrite existing /R:1 retry on error once (default is 1 million) 
	REM W:1 - wait one second between retry on error (default is 30 seconds) 
	REM the /N* are all to decrease output for automation. Since they go to a log file you can take them out if you want ( I did take them out)
	REM /NP - no progress /NS - don't log file sizes /NC - don't log file classes /NFL - don't log file names /NDL - don't log directory names
	REM /NJH - no job header /NJS - no job summary

	echo. Copying %~1...
	ROBOCOPY "%~2" "%~3" /S /MIR /MT:128 /LOG:"%logs%\%~1.log" /IS /R:1 /W:1 /ZB
	echo. Done Copying %~1
	EXIT /B

:AppData
	REM Function to copy all Customizations settings that are stored in files in the AppData folder
	
	call :funcHead "Copying Customizations From AppData..."
	
	REM directories used in all versions of windows
	call :copyDir "Desktop" "%custom%\Desktop" "%default%\Desktop"	
	call :copyDir "Firefox Customizations" "%cRoam%\Mozilla" "%dRoam%\Mozilla"
	call :copyDir "Google Chrome Customizations" "%cLocal%\Google" "%dLocal%\Google"
	call :copyDir "Task Bar Pin Shortcuts" "%cRoam%\Microsoft\Internet Explorer" "%dRoam%\Microsoft\Internet Explorer"
	call :copyDir "Saleslogix" "%cRoam%\Saleslogix" "%dRoam%\Saleslogix"
	call :copyDir "Sage Software" "%cRoam%\Sage Software" "%dRoam%\Sage Software"
	call :copyDir "Saleslogix" "%cLocal%\Saleslogix" "%dLocal%\Saleslogix"
	call :copyDir "Sage Software" "%cLocal%\Sage Software" "%dLocal%\Sage Software"
	rem IF %dept%==IT (
	rem 	call :copyDir "Terminals" "%cLocal%\Robert_Chartier" "%dLocal%\Robert_Chartier"
	rem 	call :copyDir "VMware Vsphere" "%cLocal%\VMware" "%dLocal%\VMware"
	rem 	call :copyDir "VMware Vsphere" "%cRoam%\VMware" "%dRoam%\VMware"
	rem 	call :copyDir "Camtasia" "%cRoam%\TechSmith" "%dRoam%\TechSmith"
	rem 	call :copyDir "Camtasia" "%cLocal%\TechSmith" "%dLocal%\TechSmith"
	rem 	call :copyDir "slack" "%cLocal%\slack" "%dLocal%\slack"
	rem 	call :copyDir "ProgramFiles" %cPF% %dPF%
	rem )
	call :copyDir "VLC settings" "%cRoam%\vlc" "%dRoam%\vlc"
	call :copyDir "FaxFinder settings" "%cRoam%\FaxFinder Client Software" "%dRoam%\FaxFinder Client Software"
	
	REM The remaining dirs are specific to Windows 10 
	REM Note: A starup script will be required on first login to copy the favorites for Microsoft edge to the Packages directory in the newly created User
	REM That logon script would only need to be one line like so...
	REM ROBOCOPY "%localAppData%\MicrosoftEdge\User" "%localAppData%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" /S /MIR /MT:64 /LOG:C:\logs\edgeBookmarks.txt /IS /R:1 /W:1 
	
	rem call :copyDir "Microsoft Edge Customizations" "%cLocal%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User" "%dLocal%\MicrosoftEdge\User"
	call :copyDir "Start Menu Tiles Part 1 of 3" "%cLocal%\TileDataLayer" "%dLocal%\TileDataLayer"
	call :copyDir "Start Menu Tiles Part 2 of 3" "%cRoam%\Microsoft\Windows\Start Menu" "%dRoam%\Microsoft\Windows\Start Menu"
	call :copyDir "Start Menu Tiles Part 3 of 3" "%cLocal%\Microsoft\Windows\Shell" "%dLocal%\Microsoft\Windows\Shell"
	
	echo. Done Copying AppData Folders...
	call :dots
	EXIT /B

:CustomSettings
	REM This Function copies the ntuser.dat and related system files that store things like task bar pin order, 
	REM mapped network drives, taskbar toolbars, explorer settings, desktop background settings, etc.
	REM It uses xcopy to copy all files that start with ntuser via * wildcard and uses the options...
	REM \H - copy hidden system files /Y - overwrite existsing files without prompt 

	call :funcHead "Copying custom settings (i.e. task bar pins and toolbars, desktop background, etc.) from ntuser .dat system files..."
	
	XCOPY %custom%\ntuser* %default%\ /H /Y > %logs%\ntuserFiles.log

	echo. Done Copying Custom Settings
	call :dots
	EXIT /B

:CopyToNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile to network!"

	ROBOCOPY %default% %share%\Default /S /MIR /R:1 /W:1 /MT:128 /ZB /XJ
	XCOPY %default%\ntuser* %share%\Default\ /H /Y > %logs%\ntuserFilesRemote.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Batch script/snapin to Apply Default Profile

::-----------------------------------------------------------------------------
:: Script Name: Apply-Default-Profile-args
:: Original Author: jfullmer
:: Created Date: 2016-02-18 16:39:27
:: Last Updated Date: 2016-05-11 16:29:08
:: Update Author: jfullmer
:: Version: 2.7
::-----------------------------------------------------------------------------

@ECHO OFF
	REM @ECHO off to not output the commands being run to the console
	REM Requires args passed of department
	rem if department is Touchscreen autologon is enabled and fog will reboot after applying the profile

set dept=%1
call :OSversion

call :main
exit

:main
	REM main Function that just calls the other Functions

	call :funcHead "Welcome to the Windows 10 Default Profile Copy Script!"
	call :setVars
	call :CopyFromNetwork
	call :funcHead "Done creating custom default profile! & echo.Goodbye"	
	EXIT /B

:setVars
	REM Function to set script variables

	REM c stands for Custom, d stands for default. cUser should be the name of the user you Customized
	REM These variables just point to the user folders and the local and roaming appdata folders that 
	REM store all the settings for a user profile

	call :funcHead "Setting directory variables..."
	
	set cUser=adl
	set custom=C:\Users\%cUser%
	set default=C:\Users\Default
	set cLocal=C:\Users\%cUser%\AppData\Local
	set dLocal=C:\Users\Default\AppData\Local
	set cRoam=C:\Users\%cUser%\AppData\Roaming
	set dRoam=C:\Users\Default\AppData\Roaming
	set share=\\path\to\share\%winVer%\%dept%
	net use %share% /USER:domain\user password
		
	call :dots
	EXIT /B

:OSversion
	:: Function to get current OS version
	echo. Getting OS...
	FOR /F "tokens=4-5 delims=. " %%i in ('ver') do set os=%%i.%%j
	if "%os%" == "5.1" set winVer=WinXP
	if "%os%" == "5.2" set winVer=WinXP
	if "%os%" == "6.1" set winVer=Win7
	if "%os%" == "6.2" set winVer=Win8
	if "%os%" == "6.3" set winVer=Win8.1
	if "%os%" == "10.0" set winVer=Win10

	EXIT /B

:CopyFromNetwork
	REM This copies the newly created profile to the network share

	call :funcHead "Copying profile From network!"
	echo. Delete and recreate default profile folder so there aren't remnants of other profiles...
	rmdir %default% /S /Q
	mkdir %default% 
	ROBOCOPY %share%\Default %default% /S /MIR /R:1 /W:1 /MT:128 /ZB /LOG:C:\defaultProfileApplied-%dept%.log
	XCOPY %share%\Default\ntuser* %default%\ /H /Y > C:\defaultProfile-ntuser-%dept%.log

	net use %share% /delete 

	EXIT /B

:dots
	REM just echoing dots in a Function instead of copy pasting them so that it's consistent
	echo ......................................................................
	EXIT /B

:funcHead
	REM A simple function for displaying a consistent header at the start of functions
	call :dots
	echo. %~1
	call :dots
	EXIT /B

Imma say #wiki -worth?

Understood, and completed.

Here’s a couple of quick and dirty txt files containing all the hook events, and their respective tie-ins for plugins or hooks for operationally using them.

I’m posting this because the AccessControl plugins uses these very emphatically to help with granularly controlling access. This, ultimately, means a full documentation of all the things that can be done natively.

One file is the “Core” events. These are the events that can be enacted upon and integrated directly with the “base” of FOG using no plugins. The other file is all the hooks that plugins also generate.

My hope is to get the access control plugin more on a dynamic nature than a guessing game. In the past I had tried documenting all the hook events into the database, and while this approach can work, it only inserts new entries when the event is to be processed in the first place.

What’s wrong with the above approach? Well, to limit constant read/write to the database, the hooks were only inserted into the database as they were spawned. So let’s just say, for example, you never visited the User page. Your hookEvent’s table would never contain any of the hooks that are available on the user page.

In these files, particularly the core file, is some commonalities between all pages I think. This will be evident just by looking at these files. A couple of places, however, use a generic approach to generate the event. These are using a % symbol to symbolize Host, Group, User, etc…

Some of these will also function for the Plugins too (just a note).

Hopefully this will help prepare people with some of our changes for when 1.6 is able to be published.

Hooks_And_Tie-ins.txt

Hooks_And_Tie-ins - Plugins.txt

@Arrowhead-IT The error with the percent problem you saw should now be fixed as well. I hope I finally do something right.