Merry Christmas 2016

Regards X23

@themcv said in Image upload & deploy taking a long time:

@brad-schumann Try this, I ran into this on Surface’s.

Open command prompt as admin.

manage-bde -off

manage-bde -status

Fingers crossed that it will fix it. In my case, Windows was by default encrypting the free space which caused issues.

@Wayne-Workman #wiki worthy!

all the best to you tom live long and prosper.

Hi,

i would like to explain the way i sysprep, reimage Windows 10 OEM in Steps:

First of all Windows 10 OEM Version does not autoexecute SetupComplete.cmd, therefore i use FirstLogonCommands within unattend.xml to workaround that issue

Here is my unattend.xml:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>de-DE</UILanguage>
</SetupUILanguage>
<InputLocale>0407:00000407</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>de-DE</UILanguage>
<UILanguageFallback>de-DE</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>2</Order>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System Reserved</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID>0x27</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>OS</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
</OSImage>
</ImageInstall>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>admin</FullName>
<Organization>Company Group</Organization>
</UserData>
<EnableFirewall>true</EnableFirewall>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0407:00000407</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>de-DE</UILanguage>
<UILanguageFallback>de-DE</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<WindowsFeatures>
<ShowMediaCenter>false</ShowMediaCenter>
<ShowWindowsMail>false</ShowWindowsMail>
</WindowsFeatures>
<ShowWindowsLive>false</ShowWindowsLive>
<DoNotCleanTaskBar>true</DoNotCleanTaskBar>
<BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled>
<ComputerName>COMPANY-PC</ComputerName>
<CopyProfile>true</CopyProfile>
</component>
<component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BlockPopups>yes</BlockPopups>
<CompanyName>Company</CompanyName>
<Home_Page>http://www.google.de</Home_Page>
<DisableFirstRunWizard>true</DisableFirstRunWizard>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>Username</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
<Description></Description>
<DisplayName>Username</DisplayName>
<Group>Administrators</Group>
<Name>Username</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOrganization>Company Group</RegisteredOrganization>
<RegisteredOwner>admin</RegisteredOwner>
<DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Description>SetupComplete</Description>
<Order>1</Order>
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Description>Control Panel View</Description>
<Order>2</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Description>Control Panel Icon Size</Description>
<Order>3</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
</settings>
</unattend>

To remove any Windows 10 Apps except Store and Calculator i use:

Get-AppxPackage -AllUsers | where-object {$_.name –notlike “*store*” -And $_.packagename –notlike “*culator*”} | Remove-AppxPackage
Get-appxprovisionedpackage –online | where-object {$_.packagename –notlike “*store*” -And $_.packagename –notlike “*culator*”} | Remove-AppxProvisionedPackage -online

1. Download latest Windows 10 Pro OEM ISO by MS MEdia Creation Tool
2. Install it to a VM (i use Virtual Box)
3. After first reboot when the assistant ask you for express settings or with 1703 the inital language question goto admin mode with pressing STRG (CTRL) + SHIFT +F3
4. When entering the Admin mode close the Sysprep Window and start customizing windows and install your software and do your tweaks
5. Now to sysprep i use the following Script:

@echo off
delprof2 /q /id:retsch /i
NET USER retsch /DELETE
powercfg -h off
rem C:\Support\Tools\Shutup\OOSU10.exe ooshutup10.cfg /quiet
del /F c:\windows\system32\sysprep\panther\setupact.log
del /F c:\windows\system32\sysprep\panther\setuperr.log
del /F c:\windows\system32\sysprep\panther\ie\setupact.log
del /F c:\windows\system32\sysprep\panther\ie\setuperr.log
del /F "C:\Program Files (x86)\FOG\fog.log"
del /F "C:\Program Files (x86)\FOG\token.dat"
rem "C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe"
copy SetupComplete.cmd C:\Windows\Setup\scripts\ /Y
copy unattend.xml C:\Windows\System32\Sysprep /Y
reg import C:\Support\Tools\ResetERAgentUUID.reg
net stop FOGService
sc config FOGService start= disabled
sc config EraAgentSvc start= disabled
cleanmgr /sagerun:1
defrag c:
c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml

My SetupComplete.cmd look like:

del C:\Windows\System32\Sysprep\unattend.xml
sc config FOGService start= auto
net start FOGService
del C:\Windows\Setup\Scripts\SetupComplete.cmd

6. After executing this Windows will be sysprepped and shutdown after that, you can image now

7. When i need to rework that image i deploy it to a vm again and use the following to enter audit mode again:

@echo off
c:\windows\system32\sysprep\sysprep.exe /audit /reboot

If anyone is asking himself what i do with:

delprof2 /q /id:username /i
NET USER username /DELETE

This deletes the user i create with unattend.xml to workaround the problem with setupcomplete.cmd, i use firstlogoncommands to execute the script when the first user logon happens, to clean this i remove the profile and username before i sysprep because the user will be recreated from unattend.xml, as you can see in the unattend.xml there is 1 autologon for that user, else setupcomplete.cmd will not be executed.

The good thing is this user can persist on the machine after deployment because it’s our local admin account on that machine additional to the locked local admin account.

The System will automatically reboot when fog client has joined the machine into the domain, so the machine will finish with a logon screen not with a logged in user

Good luck

Regards X23

Hi,

since it’s RC i am really cool with all the updates, you have to expect that if using a RC release.
So we all should be really happy that bugs are fixed as fast as hell.

@Tom-Elliott Thank you for all the hard work not to forget the guys working in the background…

@John-L-Clark if you are not familar with GPO’s i can recommend PDQ Deploy, in free Version it’s enough to deploy simple stuff around your network.

Regards X23

@george1421 hi, yes we did. a user enabled this on his own and we had’nt disabled that feature by gpo.
Maybe useful for people very often work in public wlan networks but for fog it’s contra productive.

https://winaero.com/blog/enable-random-mac-address-in-windows-10-for-wi-fi-adapter/

The old thread: https://forums.fogproject.org/topic/10209/about-50-pending-macs-for-one-host-beware-of-windows-10-random-mac-feature-for-wlan/33

Regards X23

https://forums.fogproject.org/topic/9059/images-are-not-deleting

Why should only show associated image require a lot of code changes? @Tom-Elliott @Wayne-Workman
Is there no easy way to say make everything else not showing up in that list without association?

I really would also like to have that option.

I have some notebooks out there where the employees reset to a default image again when they make test installation of our own software. Actually they can pick up every image that is on the node, and i like to prevent them from choosing what ever they want.

Regards X23

Hey Tom

nice to hear from you, all the best…

It’s not time to make a change
Just relax, take it easy
You’re still young, that’s your fault
There’s so much you have to know
Look at me
I am old, but I’m happy

I was once like you are now
And I know that it’s not easy
To be calm when you’ve found
Something going on
But take your time, think a lot
Why, think of everything you’ve got
For you will still be here tomorrow
But your dreams may not

Regards Cat

Since i don’t know how the nic adapter name may be wildcard can be used to say set it to every intel nic.

Set-IntelNetAdapterSetting -Name "*"–RegistryKeyword "*WakeOnPattern"  –RegistryValue "0"

In the end… Who the hell want to have machine’s waking up by ping?

Regards X23

@Wayne-Workman i won the race

Hi,

@Wayne-Workman this was a suggestion right? “Only install” isn’t actually available.
If so good idea and “Only install” should be default. @tom-elliott

Regards X23

Maybe a duplicate of https://forums.fogproject.org/topic/8907/adding-needed-repository-failed ?

? @Joe-Schmitt

Regards X23

to complete this:

https://www.adminarsenal.com/blog/automating-software-installs-for-imaged-computers/
https://www.adminarsenal.com/wp-content/uploads/2017/02/pdq-deploy-start-deployment.txt

<#
.SYNOPSIS
Start a PDQ Deploy Deployment on a target machine

.DESCRIPTION
Trigger a PDQ Deploy deployment to start locally or on a remote machine with PDQ Deploy installed

.EXAMPLE
Start-Deployment -PackageName "Example Package" -Targets "Wolverine"

.EXAMPLE
Start-Deployment -ScheduleName "Example Schedule" -Targets "Wolverine"

.EXAMPLE
Start-Deployment -ScheduleID 123 -Targets "Wolverine"

.PARAMETER DeployComputerName
The machine with PDQ Deploy installed. This defaults to the local machine

.PARAMETER PackageName
The names of packages on DeployMachine that you wish to use

.PARAMETER ScheduleName
The names of schedules on DeployMachine that you wish to use

.PARAMETER ScheduleID
The schedule IDs on DeployMachine that you wish to use

.PARAMETER Targets
A list of targets that you wish to deploy a package or schedule to. Leave blank if you wish to target the local machine.
#>
[cmdletbinding(
    SupportsShouldProcess = $True
)]
Param(

    [String]$DeployComputerName = $env:COMPUTERNAME,

    [Parameter (ParameterSetName = "Package")]
    [string]$PackageName,

    [Parameter (ParameterSetName = "Package")]
    [String[]]$Targets = $env:COMPUTERNAME,

    [Parameter (ParameterSetName = "Schedule")]
    [string]$ScheduleName,

    [Parameter (ParameterSetName = "ScheduleID")]
    [Int]$ScheduleID

)

Process {
    
    # Add parameters to a hashtable to easily push into invoke-command as an argument
    $MyParameters = @{
        DeployComputerName = $DeployComputerName
        PackageName        = $PackageName
        Targets            = $Targets
        ScheduleName       = $ScheduleName
        ScheduleID         = $ScheduleID
        DeploymentType     = $PSCmdlet.ParameterSetName
    }

    # This outputs a pwoershell.log to the root directory of the target machine
    $MyParameters | Out-String | Out-File C:\powershell.log

    # Testing to see if PSRemoting is enabled
    If (Test-WSMan -ComputerName $DeployComputerName) {
            
        Write-Verbose "Test-WSMan test passed on $DeployComputerName"

        # Added -Whatif capability to script
        If ( $PSCmdlet.ShouldProcess($DeployComputerName, "Starting deployment with the following parameters:`n $($MyParameters | Out-String)") ) {
            
            # Connect to Deploy machine and attempts to start a deployment
            Invoke-Command -ComputerName $DeployComputerName -ArgumentList ($MyParameters) -ScriptBlock {
                Param ($MyParameters)

                # This outputs a powershell.log to the root directory of the deploy machine
                $MyParameters | Out-String | Out-File C:\powershell.log

                # Build command string based on deployment type
                Switch ($MyParameters.DeploymentType) {

                    "Package" {

                        $PDQDeployCommand = "pdqdeploy deploy -package ""$($MyParameters.PackageName)"" -targets $($MyParameters.Targets)"
                    
                    }
        
                    "Schedule" {
                    
                        $DB = "$env:ProgramData\Admin Arsenal\PDQ Deploy\Database.db"
                        $SQL = "SELECT ScheduleID FROM Schedules WHERE Name = '$($MyParameters.ScheduleName)' COLLATE NOCASE;"
                        $ScheduleID = $SQL | sqlite3.exe $db
                        $PDQDeployCommand = "pdqdeploy StartSchedule -ScheduleId $ScheduleID"
                    
                    }

                    "ScheduleID" {
                    
                        $PDQDeployCommand = "pdqdeploy StartSchedule -ScheduleId $($MyParameters.ScheduleID)"
                    
                    }
                }                    

                # Append the actual command that will be run to powershell.log
                "Invoke-command: $PDQDeployCommand" | Out-File C:\powershell.log -Append

                # Create and invoke scriptblock
                $PDQDeployCommand = [ScriptBlock]::Create($PDQDeployCommand)
                $PDQDeployCommand.Invoke()

            } 
        }
    }
}

the webcast contains a lot of questions regarding to fog that couldn’t been answered by the two scotch loving guys.

Regards X23

It’s all working again, i had to readd the vendor filter in the dhcp options. That was gone after removing the DHCP and readding it to the server, these options were not covered by our backup. @george1421 thank you for making my mind think, it was your post bringing me back to road

Hi,

you will only get tv msi if your are corporate user, if you don’t have a corporate license you can do it like that:
Setup Teamviewer the way you like it, export the settings in options. Then…

reg import "%cd%\Standard.reg"
"%CD%\TeamViewer.exe" /MSI /S

This is what i used before we had the corporate license
I’ve used SFXMaker to make a exe package to use as a snapin.

i can give u the current msi file if you like, they don’t embed the license in the installier so i can give it to you without any harm :), FYI the normal exe installer contains the msi

Latest Teamviewer 12 msi in english language:
REMOVED FOR SECURITY REASONS, talk to me if you need the file in chat.

Additionally: http://www.itninja.com/question/deploying-teamviewer-host-with-req-file
Read all!

Something else, the tv msi is not a real msi, it’s just wrapped around the exe installer. i don’t know why they won’t use a real msi and give corporate a chance the get a license embedded installer, maybe because they are afraid that installers are may shared

Regards X23

Hi,

this is an important information to anyone who will make windows 10 more silent with tools like O&O Shutp and its derivates out in the net.

With it’s default recommended settings to make Windows 10 silent this program disables the dmwappushservice (known as Windows Telemetrie 2), if you run sysprep it will hang forever.

I the between time is stopped using that but today i found that two important things on the net:

https://github.com/W4RH4WK/Debloat-Windows-10

https://social.technet.microsoft.com/Forums/de-DE/618f4531-f824-476d-9327-f9f3f4f8d0b4/slow-sysprep-and-first-logon?forum=win10itprosetup

For me sysprep is now working well when using O&O

Btw. after deploying this windows itself will reenable the following stuff that was recommeded by O&O to disable:

Therefore i added the following to my SetupComplete.cmd:

C:\Support\Tools\Shutup\OOSU10.exe C:\Support\Tools\Shutup\ooshutup10.cfg /quiet

The result with the first user is then:

Still some stuff reenabled by ms.

To be sure dmwappushservice is running when i sysprep i’ve added the following to my sysprep batch file:

sc config dmwappushservice start= delayed-auto
net start dmwappushservice

So you have to use the tool again after deployment but for the future you know that have to reenable dmwappushservice if you like to sysprep again.

Regards X23