H

hrumph2

Member

Last active 14 hours ago

  1. 6 weeks ago
    Tue Oct 9 19:16:19 2018
    H hrumph2 posted in Make CloneDeploy mobile.

    @clonedeploy If you don't have access to the dhcp server and want to pxe boot, CloneDeploy Proxy DHCP is your only option.

    I have to differ with this....DNSmasq is working great and since its more standard on linux I think it should be the prefered option if installing clone deploy on Linux

  2. Thu Oct 4 17:18:31 2018

    I wouldn't fix this if I were you. People should be using sysprep and clearly a lot of people aren't.

  3. 2 months ago
    Fri Sep 7 19:00:03 2018

    Maybe this is a bit off topic but I've set things up so clonedeploy installs the salt management system (by copying the necessary files over to windows/setup/scripts. This results in a fluid transition from deployment (using CloneDeploy) to management (using salt). I'm not autojoining the machines at the moment however because our business process for naming and joining is a bit ad hoc.

    Edit the salt id's (names) we use remain static for the life of the computer. The windows names can change depending on deployment usage. In the CloneDeploysystem the computers have the salt names. They are given those names on deployement sand the salt installer picks up that name (and uses that salt id from thence forth). Computers are also physically labeled with the salt ID's. The Windows computer names will change to something else before domain joining. It would seem logical that a similar approach could be taken depending on which management system you want to go with (be it salt puppet ansible, or various windows tools etc.)

  4. Fri Sep 7 16:27:26 2018
    H hrumph2 posted in Win 10 Imaging.

    @NMGAdmin Ok, I have a sample file now. Does the unattend.xml file goes on the PC that is being captured as the source image?

    Yes it does and unattend.xml can be put in C:\WIndows\system32\sysprep (but I don't think it has to go there or anywhere in particular). It gets validated (and cached somewhere) when you call sysprep with the unattend switch
    (e.g. sysprep.exe /oobe /generalize /shutdown /unattend:C:\Windows\system32\sysprep\unatttend.xml).
    It gets used when you start up a freshly imaged PC assuming the image has been sysprepped.

    First attempt to fully prepare your PC in audit mode (this may not always be possible to to update issues). To do this, rather then creating a user and logging in after the initial install, instead hit CTRL-SHIFT-F3. This will take you straight into audit mode as the admin user.

    When in audit mode attempt to get the PC fully updated and install software. You can then write an unattend file yourself which might work, but if its your first go round you should probably install windows ADK, specifically the system image manager component. With the system image manager you can load in a file called install.wim (found in the sources directory of your installation disk [or USB]). Once you do that you can start creating an answer file using the GUI and then save it.

    When you are in audit mode, if you reboot your PC it will reboot again in audit mode.

  5. 3 months ago
    Mon Aug 20 17:48:32 2018

    Same problem on Fedora 27. I assume that this has something to do with the mono upgrade too.

  6. 6 months ago
    Wed May 9 18:59:01 2018
    H hrumph2 started the conversation Questions about sysprep tags.

    Hi,
    I was just experimenting with the sysprep tags. My undersanding is that if

       {OPENING_TAG} .... {CLOSING_TAG}

    is found in the answer file then

       {OPENING_TAG} .... {CLOSING_TAG}

    will be replaced by the tag contents (no matter what's in between the tags). So far so good (if my understanding is correct),
    but the *only* example I could find online used html/xml angle brackets as part of the tagnames. e.g.

    Opening tag: <opening_tag>

    Closing tag: </closing_tag>

    When I try to enter in these tag names, I get the following error:

    Request validation detected a potentially dangerous input value from the client and aborted the request. This might be an attemp of using cross-site scripting to compromise the security of your site. You can disable request validation using the 'validateRequest=false' attribute in your page or setting it in your machine.config or web.config configuration files. If you disable it, you're encouraged to properly check the input values you get from the client.<br>
    You can get more information on input validation <a href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">here</a>.

    It looks like this would be easy to fix, so I have a few questions.

    1. Is this a bug or do I misunderstand tags?
    2. If this is not a bug, do we have to use the xml/html style tags with the angle brackets or is this just recommended practice?
  7. Mon May 7 01:52:23 2018
    H hrumph2 posted in Secure Boot Hurdles.

    Create the free and paid versions. I don't think it will hurt with the core mission at all. It may actually help in some way. If you tell people they have to pay (or work) for something it can bring respect.

  8. Fri May 4 18:02:11 2018
    H hrumph2 posted in Security Question.

    I did eventually recompile ipxe.efi. WHen building it seemed that I also had to embed an efi script that looked something like this:

    #!ipxe
    dhcp
    tftp://[server ip]/proxy/efi64/pxelinux.cfg/default.ipxe

    The build command looked like this:

    make bin-x86_64-efi/ipxe.efi TRUST=[path to certificate] CERT=[path to certificate]  EMBED=[path to script]

    The good news is that things are working now (so far).

    Edit: I also had to edit a source file to enable HTTPS downloading before building.

  9. Fri May 4 17:54:28 2018
    H hrumph2 posted in Got this working on Fedora 25.

    Ok I still haven't tried out CloneDeploy Proxy DHCP. I'm still using DNSmasq. This is the first time I've worked with efi boot and so far I've only been able to get ipxe.efi to work.

    The critical line seems to be
    pxe-service=X86-64_EFI, "PXELINUX (EFI)", "/proxy/efi64/ipxe.efi",
    and I know I can granularise by PC because you can tag by mac address in dnsmasq.

    For the computer I was testing on ipxe.efi worked but syslinux.efi did not. For syslinux.efi is there something more that the DHCP service must do other than send the file? Do you think this is my failure
    to configure Dnsmasq properly, or would it be the case that syslinux.efi doesn't work this this particular model?

  10. Thu May 3 14:54:01 2018
    H hrumph2 posted in Security Question.

    I just realised that manually editing the files isn't really going to cut it because the specific menu files that get created when a task is started would also have to be edited and that's too much manual work. Anyway it's not a big deal. Thanks a lot for clonedeploy. I love it but I recognise that it's still not getting the deserved acclaim.

View more