Deploying Windows 10 with FOG Server

Do you have a large handful of machines that occasionally need to have the OS wiped and reloaded? Or maybe you’re on-boarding a large group of new employees and need to mass deploy 10+ computers at once. Or maybe you’re also working on an equipment or OS refresh and want to make it easy on yourself so you don’t have to waste time doing the same task over and over. Imaging computers is nothing new. There are various methods and services available to do this, though some are fairly expensive (few hundred dollars) to really expensive (few thousand dollars). Why spend money on something that can easily be done for free? In this extensive tutorial, we’re going to show you how to setup a dedicated imaging server on your network using FOG – Free Opensource Ghost – to help you deploy Windows 10 en masse.

This tutorial will walk you through setting up a FOG server to manage and deploy your image from and how to properly create a Windows 10 image for deployment. If you’re still deploying Windows 7, this tutorial should work but your mileage may vary. Please read through this tutorial completely first before jumping into things! It covers everything and you may miss a few important steps if you just start.

At the time of writing, the latest version of FOG is 1.4.4 and I’m using both Windows 10 Enterprise LTSB 2016 and Windows 10 Enterprise version 1709.

A few notes first

  • FOG only runs on Linux. As of the current version, only Red Hat-based, Debian-based, and Arch Linux are supported. My background is in CentOS which is Red Hat-based and I am comfortable installing, configuring, and troubleshooting it which is why I used it for this guide. Ubuntu Server is another popular alternative, but since CentOS is used by enterprises globally and is extremely stable, I feel it’s best to use it. That’s simply my opinion. If you’re comfortable with Ubuntu Server, by all means use it but you’ll want to skip the first part as it covers installing and configuring CentOS.
  • Windows is a tricky beast. There are a few quirks so be sure to pay close attention when building your master image. Missing a step can sometimes mean you have to start over from square one again. See my virtualization note below.
  • Virtualization will be your best friend. Installing FOG server as a virtual machine means it’s easy to take snapshots, backup, and overall manage. If you need more room for images, you can simply give your server’s disk more space and then expand the partition. Virtualization isn’t required, it’s just helpful.
  • Building a master image on a virtual machine will also come in handy, though it’s not required. If you install Windows on a virtual machine, you can snapshot it before you sysprep so updating images is easier – just revert to your snapshot, run updates, update required software, remove software no longer needed, run updates, snapshot, and then sysprep to pick up where you left off before. I opted for a physical image master which means that updating my image means I literally have to rebuild it from scratch each time.

What you need

Before we jump into things, let’s make sure you’re ready with what you need.

  • CentOS 7 Minimal ISO
  • Enough storage space for your images
    • My customised Windows 10 image uses ~17 GB on my FOG server. Additional images will consume space. If you’re only working with a single image, ~20 to ~30 gigabytes of disk space will be plenty.
  • Master image machine
    • Virtualized is best, but a physical machine will work if you have standard hardware
  • SSH Client
    • If you run macOS or Linux as your primary workstation, it’s built in.
    • For Windows users, I recommend Putty.
  • Approximately 4 hours of time
    • This includes installing/configuring CentOS, installing FOG, and getting your master image up and running as well as capturing & deploying an image
  • HELPFUL: Gigabit network switches
    • 10/100 switches will work, but keep in mind that it’ll take 1 Windows client ~20 minutes to capture and deploy an image
    • Gigabit switches will have you capturing and deploying 1 Windows client in ~3 minutes.

Setting up FOG Server

FOG works off of Linux and can be installed on RHEL-based distros such as CentOS. It can also run off Debian-based distros such as Ubuntu Server. My background is with RHEL and I prefer CentOS for my Linux server installs so that is what I’m going to be using. The setup here is essentially the same on Ubuntu Server other than setting up the OS. CentOS has a few extra hoops to jump through. Since the process is a little bit more complicated, I’m going to show how to set it up.

Install CentOS

I use CentOS Minimal. You can download CentOS from the CentOS link under “What you need” section above.

Now, we can start installing CentOS. I am using a virtual FOG server, but you can use an old desktop computer, virtual machine, or whatever you’d like as long as it has disk space for storing images. If you’re only working with a single image, you won’t need much space. Windows 10 image with web browsers, Office 2016, and some updates will use ~17 GB.

Begin the CentOS install.

Next, we need to enable networking and set our hostname. Select Network & Hostname.

From here, move the slider to the enabled position. If you have DHCP, your network adapter will grab an address. Since this is a server, you may want to make it static instead. You can do this by clicking the Configure button. Once you’re done, hit the “Done” button.

Now, we need to custom partition. Select Installation Destination.

Select “I will configure partitioning” and select the Done button.

Click the + button to add a new mount point. From the drop down, select SWAP and give it the same amount of space as physical RAM. For example, my virtual server has 2 GB of RAM so I am making my SWAP partition 2 GB. Click Add mount point.

Click the + button again. This time, select / which is the root partition. Size this to 20 GB. If you’re going to use a lot of plugins and snapins, you may want to increase this. The bare minimum this should be is 15 GB. 20 GB is a good safeground. Click Add mount point.

Click the + button again and this time select /boot. Give the boot partition 1 GB of space. Click add mount point.

Now click the + button one more time. This time we’re creating the /images partition. Since we don’t have /images in the drop down as it’s a non-standard partition, just type in /images. Leave the desired capacity empty to let it use the remaining disk space. Click add mount point.

Review your partitioning and then click Done.

Now review the partitioning one last time and then write the partitions to disk.

Now you can continue with CentOS installation.

Be sure to set a strong root password and then wait for the installation to finish.

Once the installation is finished, remove your media (if it’s a physical server) otherwise, reboot.

Once your FOG server reboots, it’s time to switch over to your SSH client. I use SecureCRT, but Putty is free and popular.

We need to make sure all of the packages on CentOS are updated. Run:

yum update -y

Packages will download and install.

Since we’re doing this, let’s install GIT:

yum install git -y

SELinux will get in the way. We need to disable it. Use your favourite console editor (I like nano, but this needs to be installed via yum first otherwise vi or vim will work) to edit the following file:

nano /etc/selinux/config

and set the following line:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save the file. Now we need to disable the firewall. Since imaging will need to respond on every port for multicasting, it’s best to just disable the firewall. Definitely do not do this in an environment where you don’t have a network firewall protecting the environment!

Run the following commands:

systemctl disable firewalld

systemctl stop firewalld

We need to reboot the server to disable SELinux and apply any of the updates that we downloaded, especially because we probably downloaded a new system kernel. Issue the reboot command:

reboot

When your server is back online, reconnect to SSH. Now we can install FOG!

Installing FOG

Issue the following commands:

cd ~
mkdir git
cd git
git clone https://github.com/FOGProject/fogproject.git

After you run the clone command, it may take a while to download based on the speed of your internet connection.

cd fogproject/bin
./installfog.sh

Once the install script starts, you’ll get the following. Select 1 since we’re using RHEL based Linux. If you are using Ubuntu, you’ll select option 2.

[[email protected] bin]# ./installfog.sh
Installing LSB_Release as needed
 * Attempting to get release information.......................Done
systemd


   +------------------------------------------+
   |     ..#######:.    ..,#,..     .::##::.  |
   |.:######          .:;####:......;#;..     |
   |...##...        ...##;,;##::::.##...      |
   |   ,#          ...##.....##:::##     ..:: |
   |   ##    .::###,,##.   . ##.::#.:######::.|
   |...##:::###::....#. ..  .#...#. #...#:::. |
   |..:####:..    ..##......##::##  ..  #     |
   |    #  .      ...##:,;##;:::#: ... ##..   |
   |   .#  .       .:;####;::::.##:::;#:..    |
   |    #                     ..:;###..       |
   |                                          |
   +------------------------------------------+
   |      Free Computer Imaging Solution      |
   +------------------------------------------+
   |  Credits: http://fogproject.org/Credits  |
   |       http://fogproject.org/Credits      |
   |       Released under GPL Version 3       |
   +------------------------------------------+


   Version: 1.4.4 Installer/Updater

  What version of Linux would you like to run the installation for?

          1) Redhat Based Linux (Redhat, CentOS, Mageia)
          2) Debian Based Linux (Debian, Ubuntu, Kubuntu, Edubuntu)
          3) Arch Linux

  Choice: [1] 

On the next step, you’ll want to do Normal installation. We’ll cover Storage at a later time.

  Starting Redhat based Installation


  FOG Server installation modes:
      * Normal Server: (Choice N) 
          This is the typical installation type and
          will install all FOG components for you on this
          machine.  Pick this option if you are unsure what to pick.

      * Storage Node: (Choice S)
          This install mode will only install the software required
          to make this server act as a node in a storage group

  More information:  
     http://www.fogproject.org/wiki/index.php?title=InstallationModes

  What type of installation would you like to do? [N/s (Normal/Storage)] 

Verify that the IP you set is correct. If it is, just press enter.

What is the IP address to be used by this FOG Server? [10.130.0.121]

If you have multiple NICs on your FOG server, you can change the default interface. Since we only have one, we’re going to select No.

Would you like to change the default network interface from ens33?
  If you are not sure, select No. [y/N] 

If you already have a DHCP server in your imaging subnet or the subnet that you’re using to image, select No.

Would you like to setup a router address for the DHCP server? [Y/n]

Same as above, select no if you already have an existing DHCP server.

Would you like DHCP to handle DNS? [Y/n]

This question should really be first, but the FOG team put it last. If you have a DHCP server, select No.

 Would you like to use the FOG server for DHCP service? [y/N]

If English isn’t your primary language, you may want to select Y here to install additional languages, otherwise select N.

This version of FOG has internationalization support, would  
  you like to install the additional language packs? [y/N]

This is the last step! Since you’re not using DHCP, you must set the DHCP options to what is provided:

   ######################################################################
   #     FOG now has everything it needs for this setup, but please     #
   #   understand that this script will overwrite any setting you may   #
   #   have setup for services like DHCP, apache, pxe, tftp, and NFS.   #
   ######################################################################
   # It is not recommended that you install this on a production system #
   #        as this script modifies many of your system settings.       #
   ######################################################################
   #             This script should be run by the root user.            #
   #      It will prepend the running with sudo if root is not set      #
   ######################################################################
   #           ** Notice ** FOG is difficult to setup securely          #
   #        SELinux and IPTables are usually asked to be disabled       #
   #           There have been strides in adding capabilities           #
   #          The recommendations would now be more appropriate         #
   #    to set SELinux to permissive and to disable firewall for now.   #
   #  You can find some methods to enable SELinux and maintain firewall #
   #   settings and ports. If you feel comfortable doing so please do   #
   ######################################################################
   #            Please see our wiki for more information at:            #
   ######################################################################
   #             https://wiki.fogproject.org/wiki/index.php             #
   ######################################################################

 * Here are the settings FOG will use:
 * Base Linux: Redhat
 * Detected Linux Distribution: CentOS Linux
 * Server IP Address: 10.130.0.121
 * Server Subnet Mask: 255.255.0.0
 * Interface: ens33
 * Installation Type: Normal Server
 * Internationalization: 0
 * Image Storage Location: /images
 * Using FOG DHCP: No
 * DHCP will NOT be setup but you must setup your
 | current DHCP server to use FOG for PXE services.

 * On a Linux DHCP server you must set: next-server and filename

 * On a Windows DHCP server you must set options 066 and 067

 * Option 066/next-server is the IP of the FOG Server: (e.g. 10.130.0.121)
 * Option 067/filename is the bootfile: (e.g. undionly.kpxe)


 * Are you sure you wish to continue (Y/N) 

FOG will now add a repo and grab additionally required packages. This may take awhile depending on your internet connection.

 * Installation Started

 * Installing required packages, if this fails
 | make sure you have an active internet connection.

 * Adding needed repository....................................OK
 * Preparing Package Manager...................................OK
 [THIS HAS BEEN TRUNCATED]
 * Installing package: xinetd..................................OK
 * Updating packages as needed.................................OK

 * Confirming package installation

 * Checking package: bc........................................OK
 * Checking package: curl......................................OK
 * Checking package: gcc.......................................OK
[THIS HAS BEEN TRUNCATED]
 * Checking package: vsftpd....................................OK
 * Checking package: wget......................................OK
 * Checking package: xinetd....................................OK

 * Configuring services

 * Setting up fog user.........................................OK
 * Setting up fog password.....................................OK
 * Stopping FOGMulticastManager.service Service................OK
[THIS HAS BEEN TRUNCATED]
 * Setting up and starting MySQL...............................OK
 * Backing up user reports.....................................Done
 * Stopping web service........................................OK

At this point, you’ll be asked if the MySQL password is blank. Assuming you don’t already have MySQL setup on this machine, you’ll answer “Y” because it was just downloaded and installed.

 * Is the MySQL password blank? (Y/n)

Setup will continue setting up various required services.

 * Stopping FOGMulticastManager.service Service................OK
 * Stopping FOGImageReplicator.service Service.................OK
 * Stopping FOGSnapinReplicator.service Service................OK
[THIS HAS BEEN TRUNCATED]
 * Copying new files to web folder.............................OK
 * Creating config file........................................OK
 * Downloading binaries needed.................................

Once all of this is complete, you’ll be directed to go to the web URL of your FOG server to complete the database setup. Once that is complete, return to your SSH session and press Enter to complete FOG setup. Now, you’re done with your SSH session and FOG server. Onward to creating your master image!

Windows 10 Master Image

Now that FOG is setup, we need to create a master image. It is important that you have the media for the version of Windows you wish to deploy. You cannot capture the image of an upgraded machine! For example, if you install Windows 10 Enterprise 1703 and upgrade to 1709, this will not work. You will need to stick with 1703 or 1709. Likewise, you cannot install Windows 7 and then upgrade to Windows 10 1709 using the media creation tool and then image.

Chances are you are doing this in a corporate environment so you have a volume license. While this will work if you don’t have a volume license, it certainly makes it easier.

Let’s get building!

Insert your Windows 10 media and do a fresh and clean installation of Windows 10. If this is a fresh machine from an OEM, I like to completely wipe the drive. This removes bloat and recovery tools you definitely don’t want your users getting into. I’ve had users inadvertently wipe their systems before.

Entering Audit Mode

When you get to the following screen, STOP! This is the screen you need to be at to enter audit mode. If you click the “Use Express Settings” button, you’re going to have to run though the Windows installation again. When you get here, press CTRL+SHIFT+F3 and Windows will reboot into Audit Mode.

Once in audit mode, start installing and customizing your software including any drivers (if this is a specific image for a specific model).

Important note about rebooting in Audit Mode:

We all have that software that wants to reboot right after it’s installed. If you need to reboot whilst in Audit Mode, opt to manually restart. The System Preparation Tool box should still be open (if you closed it, go to C:\Windows\System32\Sysprep and double click on sysprep.exe. Set the drop down to Audit Mode and restart and then click OK. This will make sure the system starts back up in Audit Mode so we can continue customizing. This is especially important once you run Windows update as you’ll have updates that need to reboot the machine. Do not click restart though Windows update or through any software installer! Restart using the Sysprep utility.

Be sure to install the FOG client. This can be done by navigating to http://yourfogserver/fog and clicking the FOG Client link at the bottom. Install the new Smart Installer. When you run the installer, you’ll have a few options. Make sure you set your FOG server. It’s never a good idea to hard-code an IP address because even static IPs change. Do yourself a favour and setup an internal DNS name and put that name into the client. Why? What happens when the subnet your FOG server lives on changes? Or you go from a 192.168.1.0/24 address to a 10.15.28.0/24 address? You’re going to have a lot of clients that can’t communicate back. So it’s best to setup something like “fog.myad.domain.com” (using your internal domain name, obviously). If you’re doing this in a really small environment or you don’t have an internal domain, using an IP address will be okay.

Once the FOG client is installed, we need to disable the service. If we don’t, once you image a machine you’re going to get stuck in a reboot loop with the error:

“The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click “OK” to restart the computer, and then restart the installation.”

Disabling the service can be done by going to Windows Control Panel -> View by Small Icons -> Administrative Tools -> Services -> Right click FOGService -> Properties -> Startup Type -> Disabled. Once this is disabled, we need to create a batch file on the system that will run after imaging to enable and start the service. Open Notepad as administrator (Start -> Notepad -> Right click -> “Run as Administrator”) on your master image machine and add the following:

sc config FOGService start=auto
shutdown -t 0 -r

Save this file in C:\Windows\Setup\scripts\ as SetupComplete.cmd.

Once your system is ready, we need to generate an unattended answer file. To do this, use the Windows Answer File Generator (this link is for Windows 10 EUFI; use this link for Windows 10 MBR). Copy the output to Notepad or your favourite text editor. Around line 174 you should see

<FirstLoginCommands>

. Depending on your customizations you selected in the Windows Answer File generator, add the following:

<SynchronousCommand wcm:action="add">
<Description>SetupComplete</Description>
<Order>1</Order>
<CommandLine>C:\Windows\Setup\Scripts\SetupComplete.cmd</CommandLine>
<RequiresUserInput>false</RequiresUserInput>
</SynchronousCommand>

Place this command last in your answer file. For example, I added some customizations so here is where I placed mine.

As you can see, I adjusted the order to 3 so that this is the last command ran as it reboots the system.

Save this file as customize.xml. I saved this on the flash drive that I stored my Windows installation on so that I can easily move it to my master image machine. Now, on your master image machine, go into C:\Windows and create a new folder called Customize and copy customize.xml into this folder.

Running Sysprep

Now it’s time to get your image ready to capture. To do this, we need to run Sysprep. If the Sysprep GUI window is open, close it. Open CMD and type in:

cd C:\Windows\System32\Sysprep

Now, we need to run sysprep.exe referencing our custom answer file.

sysprep /generalize /shutdown /unattend:C:\Windows\Customize\customize.xml

The Sysprep GUI might open. If it does, select Enter System Out-of-Box Experience (OOBE), tick Generalize, and select Shutdown under Shutdown Options. Click OK and let sysprep run. Once sysprep is done, your image is ready for capture. Time to swing back into your FOG server.

Create an image on FOG

Now navigate to http://yourfogserver/fog/management and click on the Image Management icon (it’s the icon of a picture). On the left hand menu, click Create New Image. Fill out a name for your image, a helpful description, and the operating system type. Most other options can be left as default.

Once the image is created, we now need to boot our image master computer and register it with FOG. PXE boot your master and select “Perform Full Host Registration and Inventory”.

(Yes, the background can be customized! I’ll show you how to do this later.)

Give your master a unique name.

Select the image that you wish to associate with. If this is your first image, the ID will be 1. If you’ve had a few images, check the ID by entering ? and it will show you all the images on the server or the next ID if you’ve removed a few images.

You’ll be asked a few additional questions. Answer “n” to all of these. When asked about the primary user, other tag #1 and #2, just it enter. The last question is would you like to deploy the image. Be sure you hit “n” here as we don’t have the image yet!

FOG will then go through and inventory the host and add it to the Inventory section of the FOG server. FOG will then reboot your computer. Hold the power button down to shut it down as we don’t want Windows to load. If Windows begins loading before we have a chance to do the next step, your image can be damaged! Once the host is in inventory, we need to tell FOG to capture the image from this client. So go to http://yourfogserver/fog/management and then click on Host Management and then List All Hosts. Find your image master and then click on the capture icon.

Now we just need to set some properties for the task.

I like to set the machine to shutdown after the task is done so I know it’s done if I walk away. We also want to make sure that it’s an instant task. Once we click on Create Capture Task, the task will go into queue and will immediately run on the machine on its next PXE boot which we’re going to do.

Reboot your image master and PXE boot. Instead of seeing the menu screen, FOG will immediately begin capturing the image. One of the cool things about FOG is that you can monitor the progress directly from the FOG management interface under tasks. This is especially helpful for when you’re multicasting and image.

Once the image is captured, you can now deploy!

Deploying an Image

This is almost the same as capturing an image, but this time we’re going to enter the final hostname we want to give the computer, when asked if we want to join a domain select “Y” (assuming you have an Active Directory domain and set the settings within the FOG server), and at the end we’re going to select “Y” to image the machine now. All other options will be exactly the same as when we captured the image. “N” and blank. Remember, we set a few of these options via the answer file. FOG will then begin deploying the image from the server. Once the image is deployed and Windows boots up, let the computer sit for a few minutes. The FOG client will reach out to the server and pick up any configuration settings you may have made within FOG such as joining an Active Directory domain.

Congratulations! You’re now ready to be an image master!

Wrap-up

Whew! That was a lot of work, but in the end it’ll pay off as you save hundreds to thousands of hours. Since this tutorial is incredibly long and there’s lots of room for error, I’ll be creating a companion video for it and I’ll update this article with a link.

This is a tutorial I’ll continue to keep updated and build upon such as showing you how to upgrade FOG, etc.

I also wanted to thank all the FOG developers for a fantastic product that keeps getting better and the helpful users on the FOG community forums as I ran into some issues with getting things working perfectly.

If you found this tutorial useful or saved you a lot of time, please consider donating to us. I love creating content that other IT pros find useful.

Be the first to comment

Leave a Reply