FOG V 1.3.0 on CentOS 7 Full Install Guide

Currently BETA !

 

Welcome to another FOG guide.  This time, lets install FOG

Base OS = CentOS 7 x64 (DVD Ver)
FOG = 1.3.0

Please note this guide follows the best practice for CentOS7 installation issued by the FOG Team.
I’ve just spent the extra time to hold your hand the hole way.

I will redo this guide into the FOG Wiki when I get time.

Anyway, Lets get on…

Step One – Install CentOS

This is basic but I will list all to make sure we are setting up the same.

1. Download CentOS7 (x64) (Direct Link) & burn to DVD.


http://mirror.ox.ac.uk/sites/mirror.centos.org/7/isos/x86_64/CentOS-7-x86_64-DVD-1503-01.iso

2. At installation of CentOS, select the following options:

-Select Language (UK)
-Select complete disk for installation location (unless you want something fancy)
-Setup Static IP (rename port to eth0 if not defaulted already) & Enable NIC
-Select KDE desktop from packages (Why not add some GUI, not required)
-NEXT / CONTINUE
-Set ROOT password (no need to add more accounts)
-Wait for install to complete, Remove media and reboot.

 

Step Two – Configure OS

1. Forget the GUI, Connect to the new server via SSH and lets begin.

2. Lets disable SELINUX & the firewall.

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld

3. Lets now update the OS.
(This may take a while to complete, and you might have to accept some overwrites)

yum -y update && reboot

INFORMATION:

OK, so now we have CentOS7x64  installed, patched, rebooted and ready to go.

 

 

Step Three- Adding Applications

1. A few items that FOG / we need to complete the mission.

yum -y install htmldoc ttf2pt1 t1utils fltk subversion wget mariadb-server mariadb

INFORMATION:

CentOS doesn’t use MySQL as std.  Instead we will be using MaridaDB.
This is mysql just renamed.

2. Now lets turn MaridDB on and keep it on.

systemctl start mariadb
systemctl enable mariadb

3. GOOD !.  Now lets make MaridDB secure.

mysql_secure_installation

4. Pick the following options

-current pwd = BLANK
-Set Root = Y (then add new pwd for SQL)
-Remove anon = Y
-Disallow root remote = N (you can pick this one)
-Remove test DB = Y
-Reload = Y

 

Step Four- Getting FOG

1. Lets 1st get to a DIR we all know (root home)

cd ~

2. Now Lets download FOG and put it into a DIR

ALERT:

Please note version 1.3.0 is in beta

svn co https://svn.code.sf.net/p/freeghost/code/trunk FogDownload

 

Step Five- Install FOG

INFORMATION:

Almost there, Just got to install Fog now:

WARNING:

(now is a good time to snapshot if in VM)

1. type below in terminal:

cd FogDownload/bin

2. type below in terminal:

./installfog.sh

3. Setup as I have below

-Choice = 1
-Type = <press return>
-IP (is shown) = <press return>
-DHCP Router = y  --(Enter IP of your DHCP server)
-DNS for DHCP = y --(Enter DNS Server)
-Change Default eth0 = n
-FOG as DHCP = n
-Language packs = n
-donate = n --(Sorry, not now)
-Continue = y

INFORMATION:

Fog will start to install before it stops to ask about SQL.

##What is the storage location for your images directory? (/images)

4. A question is asked of you.
did you leave the mysql password blank during install?

answer = n
input password & continue.

 

!!ALERT !!

! You must read the next bit carefully !

=============================

The script now tell you do go do something and then press continue when it’s been done.  

Don’t be the one to just press continue!

 

5.  When the script stops on “Press [Enter] “, open the following URL on another machine in the browser of your choice. (Lets just use IE 11 as a Standard)


http://<fog server ip>/fog/management

6. Click the button “install“.

7. Go back to the install script and now “Press [Enter] “.

INFORMATION:

Fog will continue to install & finish.

 

Step Six- Add DHCP Settings

1. Open DHCP

2.

https://wiki.fogproject.org/wiki/index.php/FOGUserGuide#Windows_Server_DHCP

**********************************

! Installation Complete !

**********************************

 

-FOG Login

1. Lets take a look at fog !!

http://<fog server ip>/fog
username = fog
password = password

 

 

 

 

-Troubleshooting

You can control services as in examples below:


systemctl start <service>

systemctl stop <service>

systemctl status <service>

 

more e.g.

systemctl status httpd

systemctl status mariadb

Print Friendly

XenServer – Change DNS Server IP

If you want to change the config of the nameservers in xenserver you can just edit this file.


1) login to xenserver via SSH or console

2) Type "nano /etc/resolv.conf"

3) Make changes

4) Press Crtl+W to write (Y to confirm)

5) Press Ctrl+X to exit.

Print Friendly

VBS Clean Printer list

If your looking to delete all the printers via script this is your code.
You can change the SELECT to pick certain printers.

This .vbs can be deployed using GPO as a user login script.


strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colInstalledPrinters = objWMIService.ExecQuery _
("Select * From Win32_Printer Where ServerName = '\\\\servername'",,48)
For Each objPrinter in colInstalledPrinters
objPrinter.Delete_
Next

All Printers


("SELECT * FROM Win32_Printer")

All printers where they are offline


("SELECT * FROM Win32_Printer WHERE ExtendedPrinterStatus = 2")

 

 

For more select statements please compile them using the information below.

http://msdn.microsoft.com/en-gb/library/windows/desktop/aa394363(v=vs.85).aspx

http://www.scriptinternals.com/new/us/support/Internal/WMI_Win32_Printer.htm

or search for “WMI Win32_Printer class”

Another useful tool is WMI Code Creator.
This will show you the values of current WMI records and build your select.

Print Friendly

Specify directory with spaces in /etc/fstab

If you want to add a filesystem to mount in /etc/fstab you need to use the octal ASCII value which is \040. In my case I have created a separate filesystem for VMware virtual machines:

/dev/mapper/vmwarefs  /var/lib/vmware/Virtual\040Machines ext3 defaults 1 1

If you have any other special characters which are causing problems you can check with

man ascii

for the value you need to specify.

Print Friendly

Windows 7, kick logged on users like XP did

This little program allows any user of the local admin group to log off a user who has locked their machine, just like in windows XP without using fast user switching. It basically takes seconds to install and when a user locks their machine, they get the message stating that user x has locked this machine … “This computer is locked. Only the logged on user can unlock the computer” and to unlock it you need to press control, alt, del and log in with the users details who have locked the machine.

 

Download Application & Code

Source site: View forum post

 

Print Friendly

mount samba share on MAC desktop

Locate apple script on your system under utilities.  Create a new document and do one of the two below actions.

 

tell application "finder"
map volume "smb://servername/servershare"
end tell

OR with username and password

tell application "Finder"
mount volume "smb://WORKGROUP;username:password@servername/servershare"
end tell

Save the file, I change it from a script to an application so I can still edit it, but i can just double click it to use it.

If you want this to work automatically, add the script to the user account startup options found in the account settings in settings.

 

Other apple commands, good read ;)

http://www.tuaw.com/2007/12/29/applescript-finder-commands/

Print Friendly

Lost MAC password

So someone asked me to access their MAC to which they added they had lost the password and didn’t have any OSX disks.  Difficult I thought, BUT no, EASY !

So this manual doesn’t change or retrieve the lost password. but does allow you to create another administrator account on the MAC. Once your in as a new administrator you can get your data back or just to into account and change the password for the original account.

1) Boot your MAC from off (not sleep) and hold the “command” key and the “S” key at the same time.

2) Once at the prompt root# let go and type the following:

mount -uw /

rm /var/db/.AppleSetupDone
shutdown -h now

4) the MAC will reboot and you will do the welcome setup (where you create a new account)

5) login as that new user and then change the account password for the locked account in settings.

6) Clean up by logging in as your unlocked your and delete the temp admin account we just created in the MAC settings.

Please try and add a note to confirm.

Print Friendly

Check Windows 7 Activation Using VBS

So i had some issues trying to use windows activation and wanted to be able to report on the OS status using BGInfo.

My below script can be referenced  inside BGInfo.

I might be worth downloading WMI Code Creator v1.0 This can be used to show what other information is ready for the picking.

Editing the below script will be able to report on any of the records WMI can throw your way.

 

Copy and paste the following code into a new .vbs file


Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * From SoftwareLicensingProduct")
Coltest = int(0)
IsWinActivated = True

For Each objitem In colItems
IF int(objitem.GracePeriodRemaining) = 0 Then Coltest = True else Coltest = False
IF Coltest = False then IsWinActivated = False
Next

IF IsWinActivated = False then
call echo "Failed"
ELSE
call echo "Successful"
END IF

Print Friendly

Bring laptop in for maintenance (Build for windows 7 32/64)

Please Explain…

OK, So at work I was asked to devise a way to make users return their laptops to us in IT for maintenance reviews. Now if anyone else has tried to get users to return hardware of maintenance on their own, it’s impossible…

So I have created a script that disables user logins after a X number of days. They also receive warnings after a different X number of days.  In my environment the PC’s are not connected to the domain. they run Windows7 32-bit.

I would like to know if I could get this to work on a domain system, but I’m going to say no for now.. No user to lockout, but you could amend to corrupt some type of file.

Basicly, I have created a services that runs a script to check the current date is not grater than or equal to the date of lockout. The script then locks specific user accounts if the date is grater than or equal to today’s date. If it’s not grater than or equal to today’s date then it checks if the notify period is grater than or equal to today’s date. Again, if this is grater than or equal to today’s date it will start to display messages to the user. The background login wallpaper will also change to a warning. Once the lockout date as been reached or passed, the lockout action is committed and the users cannot login. The wallpaper on the login screen changes to access denied. Now the only user who can use the computer is the local administrator account.

So now they bring the PC back to you because it’s now useless to them in it’s current state. When you login it runs the notify.bat as it does when any user logs in, but instead or it’s normal action of displaying a pop-up message, it will reset the restriction an set the schedule back to X days in the future. This is because you logged in as administrator, not because you are an administrator of the PC.

This service will lock administrator accounts as well, it just works on username. So even if the user is a local admin, this will still work. Although they could go into the Win7Checker folder and edit the dates so to stop lockout. So a normal user account for users is best. The service runs as an administrator so can make changes that the current your can’t make.

There is also a grace of one extra login after expiry. this is to allow access if the PC have been off for months. It also allows updates of the wallpaper to take place.

Install Instructions…. — DOWNLOAD SOFTWARE

1. Download

2. Extract files to a temp folder

3. Run install.bat as an administrator user with elevated privileges.

NOTE: When installing on x64 OS take the (x86) off the Program files on install of the RKTools.exe


5. Navigate to the folder "c:\windows\system32\Win7Checker\"

6. Right Click run.bat and click properties

7. Under the General Tab, Click Unlock

8. Repeat steps 6 & 7 for notify.bat & doff.exe in the same folder.

9. Reboot And COMPLETE

10. Use the .psd (Adobe Photoshop 3 document) to create your own JPG messages..

NOTE: the JPG files have to be less than 256kb in size otherwise windows will not use it.

Files Explained…

Below is a basic idea of what each files does.

BackgroundDefault.jpg - Normal background wallpaper.

BackgroundDefault2.jpg - Warning Wallpaper.

BackgroundDefault3.jpg - Access Denied Wallpaper.

doff.exe - Required for processing the dates.

notify.bat - Display messages. Admin user login does a reset.

run.bat - service run script. Main processing script

date.txt - This holds the date of expiry

notify.txt - This holds the date of starting to notify user.

today.txt - This holds the current date for processing.

bginfo.txt - This holds a readable date of expiry, I use BGInfo to put this on the desktop wallpaper.
Print Friendly

FOG .29 & .32 My Windows 7 Guide (32/64 Bit) DocV1

UPDATED: JAN-2012

OK so lots of people including me have been having issues with Windows7 deployment using FOG (This guide covers versions .29/.32) I spend two days on this due to conflicting information on the FOG website/support forum. Although I found everyone very helpful !!

It would be good for you to read this all before you start your image (I recommend the virtual box idea)

 

So this is the settings that worked for me A-Z and some things I found out on the way…

Basic overall of this document

Step One - Installing Windows
Step Two - Using Sysprep
Step Tree - Cleaning PC for Deployment
Step Four - Upload Settings

Something to think about!
MUST READ WARNINGS
Your possible Questions

Step One – Install / Make Ready Windows 7 (32/64 Bit)

1. Install Windows7 (32Bit/64Bit) from CD,
2. Allow windows to create the 100MB partition.
3. Use the rest of the disk for the C, Don't have any other partitions
4. Complete Install, bla bla bla
5. Name the PC and create the first user. for this document call it "admin"

At this point personally I would enable the administrator account in windows > set password > login as administrator > can use the enabled administrator account from now on. (leave the admin account where it is, we will use it later)

So if you did my step or not your at the Windows 7 desktop as an administrator

6. Install All Required software
7. Install All Updates
8. Install Drivers ( If not doing in sysprep) - I just do it now.
9. Install FOG Service (Don't bother to start service now)
Base build "ready"

Step Two – Sysprep
you only need to create a sysprep unattend.xml file if you want your install to finish at a “login stage” instead of a “manual complete Windows install stage” – I recommend using an unattend.xml
On another machine download and install Automated Installation Kit (AIK) for Windows® 7
Important Note: I’m told If you are building a 32bit image then you will need to install and configure on a 32-bit OS, Same for the 64-Bit. But it’s easy to convert a x32bit XML into a x64Bit XML file or the other way around. just changing all “x86″ records in the XML to “x64″ will make a 32-bit XML into a x64 bit XML.

For more help with making the sysprep document I would read this for idea’s. I did not do the audit mode section. I Just created the XML file.

I have another good video source  Link to Video | Link to site
Below is a basic outline of what I did with sysprep.Download my unattend.xml (usable)
Important Note: I have removed passwords from my unattend.xml, so you need to edit.

MY IMAGE IS x64 SO I ADDED THE AMD64 OPTIONS
1. Set Owner Information
2. Enable the administrator account and set password
3. Skip Activation
4. Hide License Info
5. Protect PC = 1 (basic protection)
6. Network Location = Work
7. Hide Wireless Setup
8. Set Language to UK
9. Show Windows Live = false

10. Skip Rearm = 1
This allows you to run sysprep more than 3 times on a machine, but i would recommend NOT using it.

http://technet.microsoft.com/en-us/library/ff716063(WS.10).aspx

11. copyprofile=true
copy profile will copy the administrator profile on sysprep and make it the default for any new user login. could be handy (i will use)

Important Note: Please note SkipReam & KMS
copy the finished unattend.xml to the “system32\sysprep” folder – keep a backup

Step Three – Cleaning PC for Deployment
So at this point we have a PC with windows7(32/64Bit) loaded with all your software , updates and settings ready. You should also have a unattend.xml file in the correct location.

I would recommend

1. Disable UAC
2. Disable System Restore
3. Disable Firewall
4. Disable Windows Updates
5. Disable Any software updates (e.g adobe updates)
6. Empty Recycle Bin
7. Clean Temp Folders
8. Clear Windows Update Uninstaller Files
9. Defrag C
10. Chkdsk C
11. Clear Event Logs

== Run below commands to clear Event Logs via Command Prompt
wevtutil cl Application
wevtutil cl Security
wevtutil cl Setup
wevtutil cl System

Please follow this link for the FOG guide to a clean system (for more idea’s)

My last cleanup action is to clean the “administrator” profile

1. Login as that admin account we setup & left. 
2. Take a copy of the "administrator" profile as a backup.
3. Go into system settings & Manage user profiles section & then delete the administrator account data.
Then Log back in as administrator and setup the last tweaks like use small icons, show run command etc….

Step Four – Upload Settings
OK, so almost done.
On your image you need to run sysprep regardless of creating the unattended file.

MEGA WARNING: If your not using the SkipRearm in your unattend.xml you will be locked out of using sysprep after 3 preps. but i would recommend not using SkipRearm. Use Virtual Box to undo the sysprep once uploaded (snapshots).

1. Open Command Prompt
2. type "cd c:\windows\system32\sysprep"

IF YOU HAVE UNATTEND.XML
3. sysprep /generalize /oobe /shutdown /unattend:unattend.xml

======= OR =======

IF YOU DO NOT HAVE UNATTEND.XML
3. sysprep /generalize /oobe /shutdown

The PC will complete it’s task and shutdown. Leave it there.
Now on the FOG server complete the following:

1. Create a new Image
2. Name it etc...
3. Select Windows 7
4. Select NTFS Single Partition from the list.
5. Assign the Image to the computer and Start an Upload Job.

Boot the PC and boot to PXE to upload image.  All done and now you can deploy..

Something to think about!

1. IMAGE CONTROL - I said that sysprep only lets you run 3 times before it's unusable. This is true, but instead of saving to another drive or something. I have downloaded VirtualBox and created my master image as a virtual PC. This works fine. I went with VirtualBox because it's free and i lets you take snapshots. So just before you run sysprep you take a snapshot. Once uploaded you just undo the snapshot and your ready to modify again. You can also export your image at any snapshot point to backup as a single file. VirtualBox runs on windows and Linux. You will need to download the expansion pack so you can the PXE feature. This has to be the best way of keeping your image safe and sysprep free. (oh and you can jump back to an old snapshot if your last image update failed for some reason) - TESTED AND CONFIRM WORKING

2.FINISHING UP - So I use FOG to add my PC's to the domain. All well and good but when it's finished the PC is left at login (don't want to use auto off idle settings in fog), anyway in my unattend.xml I added a command to add some domain login details to auto login. So once FOG has rebooted the PC twice to get it on the domain, the PC will login and run another script I have placed. The PC locks so no one can play with it. This script then runs any installs I need to run after (e.g Anti-Virus Agent), then removes the auto login details and shuts down. This is simple to do. If you interested let me know and i'll give you a hand and the script I have made.

3.COPY PROFILE - Some software leaves information in your profile. I was finding that domain users logging into a new image for the first time was taking a long time. I then found the profile size was 600MB. So evey time a new user is created the PC has to make a 600MB profile for them, this takes time. (2 mins) So remember to clean the administrator profile before you image; if you use the copy profile function in then unattend.xml. Now my administrator/default profile is only 20MB (20 Sec first login)

================================WARNINGS:


1. Sysprep can only be run 3 times on a Windows 7 install if the SkipRearm is not used.

2. Sysprep disables the default Administrator account so if you use, you need to enable in the unattend.xml

3. in the unattend.xml I set PC-name as * --This means windows will pick a random name, this is fine because FOG will rename it for you.

4. my unattend.xml has no passwords so you need to edit them using the software or notepad (software best)

5. Once you have deployed the image the unattend.xml is still on the machine with import info like passwords etc.. (c:\windows\system32\sysprep & c:\windows\panther\) DELETE THEM

6. If your thinking of using a Virtual Environment for your master image, It has been reported FOG doesn't like scsi controller settings. Select IDE as your Virtual HDD connector - Not personally confirmed.

7. If you are using KMS or planning on using a KMS server, don't use the skiprearm. (so set it to 0). Now if you have this on and your using KMS, Your KMS server will think all the hosts are the same host. We got out of this jam by making the change & then deploying 25 hosts. All our other machines kicked in as they all thought they where host 26.

8. You still have another "admin" account on your image that you don't needs. A) delete it before upload. B) Use GPO to remove account on deployment. (i use option B)


Let me know if there is anything you would like to add !
================================

Your possible Questions

Do I need to use Sysprep? I’ll put it another way, I spent two days trying to make it work without sysprep and then as soon as i used it, it worked. For a test you could sysprep without anser file just to check it will deploy OK. once tested and OK, then create unattend.xml

Set Image Type to Vista? Again I tried but did not need it once I completed as above. It didn’t work when i tried vista and no sysprep.

What about Fogprep? I didn’t run it. I did try using it but it didn’t seem to do anything that sysprep didn’t do. Frogprep’s main use is to delete all records from the registry key “[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]”. You could run it before sysprep if you wished, I just don’t see it’s use.

Did you try running the following as people say do?
bcdedit /set {bootmgr} device boot
bcdedit /set {default} device boot
bcdedit /set {default} osdevice boot

I did try them but the didn’t seem to help or hinder…

Did I Need to install NETDOM? Nope, Versions above .28 do not need it. The FOG service does it.

ASK SOME IF RELEVANT  TO DOCUMENT

Print Friendly