1

Implementing the FOG Cloning Solution with Universal Windows 7 Images

2

Using FOG imaging solution

This is a writeup to provide guidance on the installation of an Ubuntu Server OS, the FOG (Free Open-Source Ghost)

imaging software, configuring FOG, then creating and deploying universal hardware images.

I’ve been able to use these tools to drastically reduce my installation times for new computer labs as well as more easily

“refreshing” labs or computers during the school year.

This document is divided into the following Topics

Installing Ubuntu Server

Configuring and Updating Ubuntu Server

Installing FOG Software

Configuring your FOG Installation

Workstation Image Creation

Uploading Your Reference Image to FOG

Deploying Images

I’d like to give a nod to the Ubuntu Forums, the FOG Project community, the DriverPacks.net Team and the Spiceworks

Community. As I worked on my initial implementation of FOG environment I found the resources and write-ups from the

various groups extremely valuable. While much of this information exists already, it was spread across a number of

sources and required numerous cross references to make my installation function to the level it has.

FogProject

Ubuntu Forums

Spiceworks Community

Driverpacks

What I’ve hoped to accomplish is provide a one-stop resource for FOG installation guidance as well as a number of

tweaks I’ve made to increase efficiency. I can’t guarantee that every option I’ve used will be the best option for your

environment, so I highly encourage a test environment that allows you to make any necessary tweaks before a full roll

out. If you notice any errors in the document or have suggestions for improvement, please let me know and I will add

them.

Now, on to the show!

3

INSTALLING UBUNTU SERVER:

1. Go to http://ubuntu.com . Click Download -> Ubuntu Server and for best results pick the LTS distribution. If

you’d prefer a GUI you can utilize the desktop system, but I’m breaking down line by line commands for the

server CLI so it won’t be necessary.

2. Preferably create a VM, otherwise this can be installed on physical hardware with similar specs.

Minimum of 512MB of RAM, usage is low on the server OS.

Minimum 1 NIC, preferably 1000 connectivity.

If using VLANS, be sure to set the VM in a network that can both route and broadcast to necessary client

machines.

NOTE To utilize FOG across subnets/VLANS you must insure that IGMP Multicast is enabled across your

switches!!

3. Leave the Ubuntu install settings at defaults, when it asks you to add packages select none. We’re looking for a

JEOS installation (Just Enough Operating System) the less extraneous software this box runs the better.

4. When it prompts you to create the user account, set it to whatever you want. I used FogUser. Realize that Linux

logons are case sensitive for username and MAKE SURE TO WRITEDOWN YOUR CONFIGURED USER

INFORMATION!!!

5. Now wait for the server to reboot.

Congratulations! You’ve now installed Ubuntu! We’ll step through configuring the server OS for usage and making sure

all necessary packages and updates are installed.

CONFIGURING AND UPDATING UBUNTU SERVER:

6. Logon with the credentials you configured.

7. First we want to set the IP of the server so that it doesn’t require DHCP and that DNS is properly configured.

Type sudo vi /etc/network/interfaces

Press Insert and navigate through the file with the arrow keys.

i. Using your environments IP schema configure it per my example. Italics are lines that need to be

added. **NOTE** Included IPs are examples only and will vary for your deployment!

1. # The loopback network interface 2. auto lo 3. iface lo inet loopback 4. 5. # The primary network interface 6. auto eth0 7. iface eth0 inet static ### Set to static IP 8. address 192.168.1.5 9. netmask 255.255.255.0 10. gateway 192.168.1.1

11. network 192.168.1.0

12. broadcast 192.168.1.255

13. dns-domain example.org ## Your internal Domain Name

14. dns-search example.org

15. dns-nameservers 192.168.5.3 192.168.5.4## enter your DNS server

addresses separated by a space

4

Also, if you are using a proxy that requires authentication you will need to allow open access for the

FOG server. Depending on your configuration it may be difficult getting Ubuntu to authenticate

properly.

8. At the command line type the following commands.

sudo apt-get update

sudo apt-get upgrade

This will find any necessary updates and upgrade any packages that need it

9. Restart the server if necessary. (sudo shutdown –r now)

10. Now that networking and server updates are taken care of, we are ready to begin installing the FOG software.

INSTALLING FOG SOFTWARE:

The installation of FOG is fairly straightforward, once installed the bulk of configuration is handled from the Web GUI

through your browser. There are a couple of further tweaks that can be done from the system side but they are optional

depending on your environment.

11. First, open your web browser and go to http://sourceforge.net/projects/freeghost

At the top of the screen note the file name in the download link. As of 5.6.13 it’s fog_0.32.tar.gz

12. Enter the following at your Ubuntu command line.

cd /opt

sudo wget http://downloads.sourceforge.net/freeghost/fog_0.32.tar.gz

sudo tar –xvzf fog_0.32.tar.gz

cd fog_0.32/

cd bin

sudo ./installfog.sh

13. Follow the steps in the FOG installer wizard

Choose Option 2 (Ubuntu)

Choose N (normal)

Press enter to leave IP address

Press enter to leave gateway setup

Press enter to leave DNS

Choose NO when asked to change default NIC

If you already have DHCP configured, press NO to disable FOG DHCP

Choose language packs if needed

Press Enter to acknowledge MySQL warning

Set a password for MySQL when requested

Be awesome and send a notification to the FOG community!

14. FOG is now installed, we just want to check some of the MySQL settings real quick.

sudo vi /opt/fog/service/etc/config.php

Set MYSQL_PASSWORD to the password configured in the FOG wizard

Confirm MYSQL_USERNAME is set to root account

sudo vi /var/www/fog/commons/config.php

Set MYSQL_PASSWORD to the password configured in the FOG wizard

15. Congrats! FOG is fully installed!!

5

PREPARING FOG FOR USE There are still a few steps remaining before we can start to focus on image development and deployment. Some of

these will require modifications of FOG which can now be done through the web interface, others will require changes

on your existing DHCP and DNS server.

16. **OPTIONAL** this step is not necessary but is HIGHLY recommended.

On your DNS server open DNS MANAGEMENT

Go to FORWARD LOOKUP ZONES

Right click Your Domain example.org

Select NEW HOST (A or AAAA)…..

Enter a name (FogServer works well)

Enter the IP address you configured earlier

Press Add Host

17. Next go to your DHCP Server

Open DHCP Management

Expand IPV4

Right Click Server Options and select Configure Options

i. Scroll to option 66 and give the hostname you just set in DNS

ii. Scroll to option 67 and give the value pxelinux.0

Apply settings and close

18. Back on your workstation open http://fogserver/fog/management

(if you used another hostname enter that)

19. Login to FOG, the default credentials are fog/password

20. FOG CONFIGURATION **OPTIONAL**

USER MANAGEMENT

i. HIGHLY RECOMMENDED – Change the fog username/password from default.

ii. Optionally create a new user account for your helpdesk person to register and image computers.

This will leave the primary admin account for your usage.

FOG CONFIGURATION

i. There are many options here that the FOG client application can be used for. Most of the

functions are pretty straight forward but I’ll explain configurations on any that need it.

ii. Auto Log Out

1. The FOG client will auto-logout computers. This can be accomplished more granularly

through Group Policy deploying scheduled tasks to certain computers (e.g. student

computer labs). Not recommended though as forced logout can create data loss issues.

iii. Client Updater

1. If you update the FOG client on the server, it will automatically update the client

services installed on any workstations. Make sure to enable this!

iv. Directory Cleaner

1. This can be useful for cleaning out temp directories and other file locations on logoff. If

you’re using Deep Freeze or something similar already, you probably don’t need it.

Windows 7 can schedule this with tasks or some Group Policy settings.

v. Display Manager

1. This could be useful to force default screen size on a computer lab. But again, Windows

7 will automatically fit the optimal screen resolution and changes can be blocked

through Group Policy.

vi. Green FOG

6

1. A useful feature for auto-shutdown for power savings. Again, more granular controls

and easier configuration uses group policy and scheduled task deployments.

vii. Hostname Changer

1. One of my favorite features. After the imaging process FOG will automatically join the

computer to the domain and set its domain name to the unique client name you

configured on the imaging and inventory screen off the PXE boot.

viii. Host Registration

1. The FOG client can be deployed to existing computer systems but I haven’t found this to

be needed in my environment. Basically it would feed back all the MSinfo data to FOG to

create the client hardware asset and inventory list.

ix. Printer Manager

1. Automate deployment of printers to machines. Again I much prefer the interface and

options Group Policy/Preferences affords for printer deployment.

x. Snapin Client

1. FOG can be used to auto-deploy certain software packages. (Flash, Java, PDF Readers

etc). In my case I use Microsoft SCCM as it’s far more powerful so I’ve never used the

Snapin function, but there are a number of write-ups on how to handle deployments.

xi. Task Reboot

1. This is useful for hands-off imaging as you can schedule a deployment and the running

computer will restart automatically when it detects the waiting job.

xii. User Cleanup

1. Removes stale user accounts. Again, Windows 7 can handle this functionality through

group policy settings.

xiii. User Tracker

1. Logs local user login/logoff. If your local administrative accounts are secure there’s

really no need to log this.

FOG OTHER INFORMATION **OPTIONAL**

i. Other Information provides a range of settings to further enhance FOG functionality.

ii. VERSION INFO

1. Displays current version, if it doesn’t say up to date just follow the instructions to

update FOG.

2. LICENSE

a. Standard GPL license

3. KERNEL UPDATES

a. This part can be quite useful. I’ve had issues with certain computer models not

responding well to some of the PXE boot images, to remedy this download a

new kernel and replace the PXE image.

b. **If you have a number of older computers you may receive the best results

using the Kitchen Sink images (KS following the version number) ** The

“Kitchen Sink” kernels contain a wide variety of drivers for maximum device

compatibility. I used 2.6.35.7 KS

c. Click Download and change the kernel save name to something you’ll

remember (KitchenSinkPXE)

d. Click FOG Settings on the left navigation bar. Scroll down to TFTP Server section.

Change the entry for FOG_TFTP_PXE_KERNEL to read fog/kernel/kernelname,

where kernelname is the name you gave to the kernel you downloaded

(KitchenSinkPXE for me). Click Save Changes.

7

e. Log into the FOG Server (VM Console) and enter the following commands.

i. cd /tftpboot/pxelinux.cfg/

ii. sudo cp default default.old

iii. sudo vi default

iv. everywhere you see the line “kernel fog/kernel/bzImage” change it to

kernel fog/kernel/kernelname (again whatever you named it)

v. Press Esc, press the colon key and type wq!

vi. Restart the FOG server. (sudo shutdown –r now)

f. **NOTE** I have experienced an issue on certain Dells where you experience

what is known as chainloading. The process has been fixed in most of the

newer kernels but I’m linking the FOG wiki entry to assist in troubleshooting –

Chainloading WIKI.

g. Also, the information under the FOG Boot menu’s on that page, can be used to

create boot menu options for different kernels. Here is an image of

modifications I made to my default config file.

4. PXE BOOT MENU

5. It’s possible to add a wide variety of options to the FOG PXE boot, including emergency

boot CDs, system hardware test tools etc., but that is more in-depth then this guide will

get.

a. Your main configuration on this screen will be the passwords. If you feel the

need to set separate passwords for various functions you may do so, I set my

master password and typed random characters for all the other passwords. This

way I only need to remember one password to use the FOG services.

6. CLIENT UPDATER

a. This is where you can update the FOG Client software installer.

7. MAC ADDRESS LISTING

a. Here you can delete or update the MAC address database. Addresses are used

for easier manufacturer identification.

8

8. FOG Settings ***IMPORTANT*** 9. Most of these are auto-populated and the usage of the setting is viewed by hovering the

? icon. My main focus is proper configuration of the auto-domain join settings.

a. FOG_AD_DEFAULT_DOMAINNAME

i. Set to your domain name (example.org)

b. FOG_AD_DEFAULT_OU

i. Must be entered as proper OU syntax.

(OU=Computers,DC=example,DC=org)

c. FOG_AD_DEFAULT_USER

i. This should be created as a service account. Must be delegated rights to

create new computer accounts in whatever computer OU you are using,

although if the password is secure you could give it Domain Admin

rights, but that’s not optimal. (example.org\FOG-JOIN)

d. FOG-AD_DEFAULT_PASSWORD

i. The FOGCRYPT tool is used to encrypt the password to make it secure.

Follow the steps below to use it.

1. Using winscp or some other sftp tool copy the fogcrypt folder

from your fog server (/opt/fog-setup/fog_0.32/) to a windows pc 2. Move it to c: 3. Go to Start, Run and type cmd and hit the Enter key. 4. To get to the c: type cd c:\ 5. cd fog_0.32 (replace with name of the version you are using) 6. cd FOGCrypt 7. FOGCrypt.exe your password >encrypted-password.txt (This

is the FOG Domain Join password you set in your directory

service) 8. Open the file you created encrypted-password.txt with any text

editor like notepad and the encrypted password can be copied

into FOG via the FOG web interface. 10. The rest of the options on the page are for diagnostics and referring back to the FOG

information pages and as such are not under the scope of this write-up.

21. Congratulations! FOG is FULLY configured!

9

WORKSTATION IMAGE CREATION The installation of FOG only helps if you have an image to deploy. I’m going to focus first on the unattend.xml sysprep

file, then we’ll quickly go through image creation and installation/configuration of the FOG client on the workstation.

22. First download the Windows Automated Installation Kit (WAIK) for Windows 7 – Here

23. Download and install the Windows 7 x64 ISO image from your Volume Licensing Center

24. Using a zip tool (I like 7-zip) extract the ISO to a folder.

25. Open the Windows System Image Manager (the WAIK executable for our next step)

In the Bottom Left frame right click Select a Windows image or catalog file.

Browse to the extracted Windows 7 folder \Sources\install.wim and click Open.

Now we need to configure these unattended installation configuration. The settings are similar for an

x86 installation but I’m going to be focusing on the 64 bit configuration in this guide.

Under Windows Image expand the section Components.

i. Scroll down to amd64_Microsoft-Windows-Security-SPP_ (NOT the UX!!)

1. Right Click -> Add to Pass 3 Generalize

2. You’ll now see it appear under Components -> Pass 3 Generalize in the Answer File

Frame.

3. Select it, and in the right frame Microsoft-Windows-Security-SPP set SKIPREARM to 0

ii. On the left frame scroll down to amd64_Microsoft-Windows-Deployment_neutral

1. Right Click -> Add to Pass 4 Specialize

a. Expand amd64_Microsoft-Windows-Deployment_neutral

b. Right Click -> Extend OS Partition -> Add to Pass 4 Specialize

c. Select in the middle frame

d. In the right frame set

i. Extend -> True

e. Back in the left frame Expand -> RunSychronous

f. Right Click -> RunSynchronousCommand -> Add to Pass 4 Specialize

g. Select in the middle frame, and in the right

i. Action -> AddListItem

ii. Order -> 1

iii. Path -> net user administrator /active:yes

iv. Windows 7 natively disables the local admin account, we want to make

sure it’s turned back on.

iii. On the left frame scroll down to amd64_Microsoft-Windows-Shell-Setup_Neutral

1. Right Click -> Add to Pass 4 Specialize

a. Select and add the following settings to the right frame

b. ComputerName -> *

c. CopyProfile -> True

d. ProductKey -> If you use a KMS server you can enter the generic KMS client key

for your copy of windows. Otherwise enter your Volume Activation License key.

e. ShowWindowsLive -> False

10

f. TimeZone -> your current time zone. **NOTE** the documentation isn’t clear

on how to enter these. You need to fully write it out e.g. Eastern Standard

Time

iv. In the left frame scroll down to amd64_Microsoft-Windows-International-Core_neutral

1. Right Click -> Add to Pass 7 oobeSystem

2. Select in the middle frame

3. In the right frame.

a. InputLocale -> en-US

b. SystemLocale -> en-US

c. UILanguage -> en-US

d. UserLocale -> en-US

v. In the left frame scroll down to amd64_Microsoft-Windows-Shell-Setup_Neutral

1. Right Click -> Add to Pass 7 oobeSystem

a. DisableAutoDaylightTimeSet -> False

b. DoNotCleanTaskBar -> True

2. Expand amd64_Microsoft-Windows-Shell-Setup_Neutral

a. Right Click -> OOBE -> Add to Pass 7 oobeSystem

i. HideEULAPage -> True

ii. NetworkLocation -> Work

iii. ProtectYourPC -> 1

b. Expand -> UserAccounts

i. Right Click -> AdministratorPassword -> Add to Pass 7 oobeSystem

1. Set Value – to your desired local administrator account

password.

ii. Right Click -> Local Accounts -> Add to Pass 7 oobeSystem

iii. Right Click -> Local Accounts in middle frame

iv. Insert New Local Account

1. Action -> AddListItem

2. Description -> LocalAdministrator

3. DisplayName -> Administrator

4. Group -> Administrators

5. Name -> Administrator

v. Set password to match previous administrator password.

vi. It seems odd to add this twice, but otherwise after sysprep it will still

prompt for an initial local account name. It may be possible to remove

the OOBE section, but I haven’t experimented with it.

vi. You can also configure Taskbar and Start Menu settings to apply to all users. Technet Article

Save this file as unattend.xml

26. Now for the easier part – Creating the windows install.

I like configuring my Windows 7 client images by installing them in a VM. This gains me the advantage of

taking a snapshot prior to the sysprep. That way I can occasionally do windows update, add new

software etc. then sysprep and recapture the image instead of starting over. I also recommend setting

the hard drive or partition size at 20-25GB depending on how much you need to install. The reason for

this is that the image can then be cloned to anything with a hard drive over that size, instead of needing

to match the original drive size.

Either mount your ISO image or insert the CD into your test computer.

11

i. After installing Windows, when you reach the Windows Welcome Screen and it asks you to

create a username press SHIFT-CTRL-F3

1. This will enter Windows Audit mode, this mode is meant for image configuration prior

to deployment and greatly simplifies the sysprep process.

ii. One you’re at the desktop proceed with installing any necessary software, Windows Updates

etc. This will really depend on your personal workstation needs for labs, offices and the like. My

software image is pretty sparse as I use SCCM to auto-install most of my lab apps.

iii. For best results DO NOT ADD THIS COMPUTER TO YOUR DOMAIN!!

1. **OPTIONAL**

a. ninite.com – They offer a one click installer that allows you to select from a wide

range of open source or freeware applications. PDF Readers, Open Office, Java,

Flash etc. Saves time vs installing them separately.

b. I configure my major system options through Group Policy, but you may want to

set things such as System restore settings, Power Options, defrag, disk cleanup

options etc.

iv. FOG Client Installation

1. On your build system open your web browser and navigate to

http://Fogserver/fog/client

a. Download the FOG Client Service

b. Extract the file and run Setup.exe

c. On the Configuration page

i. Enter the host name of the FOG Server. (you can use IP, but depending

on firewalls and routing non-domain computers may have issues

communicating which will disable the auto-domain join feature)

ii. You can leave all other options selected as once the client service

connects to the server it will copy the configured FOG options.

d. Browse to C:\Program Files (x86)\FOG\etc

i. Open Config.ini

ii. Scroll down to where it says Path to netdom.exe

1. Change the path to C:\Windows\System32\netdom.exe

iii. Netdom is the built in windows utility that handles domain join

requests. Windows 7 stores it in a different location than older versions

of Windows and the client path was not updated to reflect this due to

the number of people still using XP.

v. ***DRIVERPACKS!!!!***

1. This will be the greatest thing you ever use. Windows 7 has a number of built-in drivers

and auto-detects a ton of hardware, but it can always be improved.

2. So what we want to do is look at the DriverPacks repository - here

3. Find the version of Windows you are working with from the list.

4. Not all of these files are needed, for most peripheral hardware (Touchpads, webcams

etc.) the built-in windows drivers will function fine. What we need is the main system

drivers crucial to booting the machine and getting network connectivity.

5. I download Audio, Chipset, Graphics A, B, Mobile; LAN, Mass Storage and WLAN.

6. Extract these files into C:\Windows\inf\DriverPacks

7. There are other ways to install drivers but I found for adding 3-4GB to your image but

gaining universal hardware functionality this is the easiest.

12

vi. Preparing to Sysprep

1. **If using a VM as suggested, I HIGHLY recommend taking a snapshot before starting

this process. If something is misconfigured you can easily revert back and fix it or use

the snapshot to update software before refreshing your image file. **

2. Browse to C:\Windows\System32\sysprep

3. Copy your unattend.xml file to this location.

4. Open a command prompt in administrative mode and browse to

C:\Windows\System32\sysprep

5. When you are absolutely ready to create your initial image, enter the following

command

6. sysprep /oobe /generalize /unattend:c:\windows\system32\sysprep\unattend.xml

a. I’ll breakdown what this does as you may find you want to play with other

settings.

b. OOBE – configures Windows Welcome Mode, we’ve passed the initial user

configuration to re-enable the admin account which is all this is used for

c. Generalize – This resets the Security ID of the computer, removes all restore

points and event logs and passes the initial hardware configuration and services

startup to make the image hardware independent.

d. Unattend – Just the command to reference our unattend.xml file for

predetermined options.

7. **OPTIONAL**

a. You may find it useful to include a script for other functions post setup. If so

create the directory C:\Windows\Setup\Scripts. At this location make a file

SetupComplete.cmd

b. The passwords are encrypted, but you may want to delete the unattend.xml

after the workstation is fully setup or reference Microsoft Office’s license key

service to automatically register itself.

Uploading your reference image to FOG

27. After sysprep completes it will shut down your VM or workstation.

28. On another machine, open your Fog Management Console http://FogServer/Fog/Management

29. Clicks Image Management -> New Image

Name the image something meaningful, enter a description if you desire and for Windows 7 make sure

to set Image Type -> Multiple Partition Image – Single Disk (Not Resizable)

i. This is why you need to use a smaller partition and we set the System Disk – Extend feature in

the unattend.xml file.

Save your changes.

30. Power the sysprep computer on and enter the BIOS screen. Ensure that the computer is set to PXE boot and that

FOG’s PXE functionality is working on your network.

31. When the computer reaches the FOG PXE boot menu, select Registration and Inventory and register the host. It

helps to name it something that reminds you of its purpose. I usually do Win7x64Sysprep or the like.

32. As you enter the options, make sure to select your new Host Image from the options and you can set the HOST

OS.

33. After the host registers shut the computer down.

13

34. Now back in the web management interface; click Host Management -> List all Hosts – Select your imaging host.

(Win7x64Sysprep)

35. Click Update to save your changes.

36. Click Basic Tasks (on the left) -> Upload

37. Select Shutdown after Task Completion, if you need any scheduling you can enter that, and click Upload Image.

38. Start up your VM or workstation you sysprepped. As it starts the PXE boot it will detect a waiting task from FOG

and begin the image upload process.

39. Once completed let the workstation power off and Congrats! You’ve just created a universal Windows 7 image

with easy deployment through FOG!!

Deploying Your Image from FOG

40. Make sure desired client computers are enabled to PXE boot.

41. If not using the FOG Client to auto-register existing computer, you will need to physically go to each workstation

to perform the initial Host Registration and Inventory.

42. When selecting options, enter your Host Image and Host OS from the options and select Y for auto-domain join

and Would you like to image this computer - Y.

43. After the initial registration, tasks can be queued for client computers and if WOL if functioning on your network

they can be started and imaged without leaving your desk! Otherwise queue up tasks, walk to the lab and power

on the computer then get a cup of coffee!

I hope this information has been of use to you. Feel free to ask any questions you may have and I’ll do my best to be of

assistance.