How to push out FAH via Active Directory (complete instructions)
the_technocrat
IC-MotY1Indy Icrontian
Hey all, I took the time to figure some of this out, since I couldn't find a site that had the process laid out A-Z. I'm in the middle of using this procedure to push out to 180 clients or so, with more to come. It works. (a little net admin knowhow is needed, basic stuff like how to make a Group Policy Object, etc)
1.) Make sure all of the machines to want to run FAH on are in OU's. You need something to apply the GPO to. Or you could just apply it to the entire domain... Wink (Just kidding, don't do that)
2.) Make a shared folder (preferably hidden, so people don't mess with it) on your network...somewhere all the FAH machines can access it at any time. I made my share at \\servername\fah$, where \\servername is the name of a domain-wide accessible server that is always on.
3.) In the folder that is shared as fah$, download and extract the CONSOLE VERSION of the bluetentacle FAH deployment application. These should be a few .exe's and a readme file:
http://devel.bluetentacle.co.uk/dc/fahservice/service.zip
(if the URL above changes, check out the readme page at:
http://devel.bluetentacle.co.uk/dc/fahservice/index.htm)
4.) Download the latest version of the FAH-Console application from Stanford's site. I downloaded FAH502-Console.exe. Put it in the shared folder.
5.) Make a shortcut to the FAH Console program (in my case, FAH502-Console.exe). Edit the properties of the shortcut so that the target has the -configonly extension. The 'target' field will look something like this: D:\fah\FAH502-Console.exe -configonly
6.) Double-click the shortcut. What you are doing right now is making a configuration file that all the clients will use. Keep this in mind when choosing the settings here. For example, when deciding what priority FAH will run as, and whether or not to run FAH when using battery power (no...otheriwse any laptops you apply this to will have severely diminished battery times). I would encourage you to set the advanced settings. When you are done, the console window will close.
7.) You should now have a client.cfg file. Open its properties window and make it read-only.
8.) Make a the FAH Deploy GPO, and make a new startup script called fah-deploy.bat. Tell the GPO to run the fah-deploy.bat script as a startup script. Note that this is a startup script, not a logon script!! (otherwise FAH will only run when someone is logged on, instead of when the machine is on)
9.) The contents of fah-deploy.bat are as follows, change the share location to your installation:
@ECHO OFF
\\servername\fah$\service.exe -cpu=1 -dir="c:\fah" -sn="fah" -params="-local" -clientexe="FAH5xx-Console.exe" -noconfig -downloadclient="\\servername\fah$\FAH5xx-Console.exe" -startservices
Note that this batch file is only two lines: the 'echo off', and the bluetentable installer with switches.
There are a lot of switches and parameters for the bluetentacle installer program (service.exe). Make sure you read the documentation at:
http://devel.bluetentacle.co.uk/dc/fahservice/index.htm
for proper use of the switches. Also keep in mind that you have to change the lines I listed here to show the correct network share location and FAH Console executable.
10.)Apply the FAH Deploy GPO to any computer OU's you want to run FAH as a service.
Note that it may take a while for the machines to get the new policy, since machines only look up changes to their group policy every once in a while. If you're going to test the install immediately, go to one of your test clients and enter in the command console: gpupdate /force
This will force the computer to download the latest copy of its group policies from its domain controller. Keep in mind that you may need to wait for replication to occur between domain controllers if your test machines' DC and the DC you made your GPO on are different DC's.
11.) Restart the test machine. You should see a black window flash on the screen around the time the logon screen appears. This is the bluetentacle application copying down the config files from your share and installing the FAH Console application as a service.
NOTE: the bluetentacle application sets the FAH app to run as a service, and to do run every time the machine boots. That means that right now, the application has been set as a service, and set to start when the machine starts...but the machine hasn't been (re)started since this setting took place.
What this means is that although the service is installed correctly, the machine will not be folding until the next restart.
NOTES
1.) The black box that flashes for a second at the logon screen is the bluetentacle app installing FAH as a service on the machine. I'm guessing that this is because somewhere along the line they have some commands being sent to the console window, and maybe aren't using @ECHO OFF to hide them. The end result is that an end user might see the box flash, and you *might* get a support call if they are on a slow machine that leaves the box up for more than a second. These commands are insode of the bluetentacle app, so there's not much you can do. I recommend assigning the GPO to the machine OU, and then restarting the machines when you know no-one will be logging on for the first 30 seconds or so that the logon screen is up.
2.) Once this is done, the FAH Console app will run as a service every time that machine boots up. Even if you don't link your GPO to the OU any more. If you ever want to take this install off of a machine, or off of an OU of machines, just make a new GPO called 'FAH Kill' or something, and put this in the logon script:
@ECHO OFF
net stop fah1
sc delete fah1
rmdir C:\fah1 /S /Q
This stops the FAH service, deletes it, and kills the C:\fah1 directory (and all the files inside)
3.) If you then decide to put FAH back on the machine after killing it, just re-assign the FAH Deploy GPO to the machine OU. The scripts will see that the files aren't there and go through the install script again. The install scripts here are set up to install FAH as a service, unless the files are already there. If the files are there, the startup script just quits without doing anything, because it assumes the FAH service was installed correctly on the machine and is running.
EDITS: deleted some outdated information and fixed some mis-typed words
1.) Make sure all of the machines to want to run FAH on are in OU's. You need something to apply the GPO to. Or you could just apply it to the entire domain... Wink (Just kidding, don't do that)
2.) Make a shared folder (preferably hidden, so people don't mess with it) on your network...somewhere all the FAH machines can access it at any time. I made my share at \\servername\fah$, where \\servername is the name of a domain-wide accessible server that is always on.
3.) In the folder that is shared as fah$, download and extract the CONSOLE VERSION of the bluetentacle FAH deployment application. These should be a few .exe's and a readme file:
http://devel.bluetentacle.co.uk/dc/fahservice/service.zip
(if the URL above changes, check out the readme page at:
http://devel.bluetentacle.co.uk/dc/fahservice/index.htm)
4.) Download the latest version of the FAH-Console application from Stanford's site. I downloaded FAH502-Console.exe. Put it in the shared folder.
5.) Make a shortcut to the FAH Console program (in my case, FAH502-Console.exe). Edit the properties of the shortcut so that the target has the -configonly extension. The 'target' field will look something like this: D:\fah\FAH502-Console.exe -configonly
6.) Double-click the shortcut. What you are doing right now is making a configuration file that all the clients will use. Keep this in mind when choosing the settings here. For example, when deciding what priority FAH will run as, and whether or not to run FAH when using battery power (no...otheriwse any laptops you apply this to will have severely diminished battery times). I would encourage you to set the advanced settings. When you are done, the console window will close.
7.) You should now have a client.cfg file. Open its properties window and make it read-only.
8.) Make a the FAH Deploy GPO, and make a new startup script called fah-deploy.bat. Tell the GPO to run the fah-deploy.bat script as a startup script. Note that this is a startup script, not a logon script!! (otherwise FAH will only run when someone is logged on, instead of when the machine is on)
9.) The contents of fah-deploy.bat are as follows, change the share location to your installation:
@ECHO OFF
\\servername\fah$\service.exe -cpu=1 -dir="c:\fah" -sn="fah" -params="-local" -clientexe="FAH5xx-Console.exe" -noconfig -downloadclient="\\servername\fah$\FAH5xx-Console.exe" -startservices
Note that this batch file is only two lines: the 'echo off', and the bluetentable installer with switches.
There are a lot of switches and parameters for the bluetentacle installer program (service.exe). Make sure you read the documentation at:
http://devel.bluetentacle.co.uk/dc/fahservice/index.htm
for proper use of the switches. Also keep in mind that you have to change the lines I listed here to show the correct network share location and FAH Console executable.
10.)Apply the FAH Deploy GPO to any computer OU's you want to run FAH as a service.
Note that it may take a while for the machines to get the new policy, since machines only look up changes to their group policy every once in a while. If you're going to test the install immediately, go to one of your test clients and enter in the command console: gpupdate /force
This will force the computer to download the latest copy of its group policies from its domain controller. Keep in mind that you may need to wait for replication to occur between domain controllers if your test machines' DC and the DC you made your GPO on are different DC's.
11.) Restart the test machine. You should see a black window flash on the screen around the time the logon screen appears. This is the bluetentacle application copying down the config files from your share and installing the FAH Console application as a service.
NOTE: the bluetentacle application sets the FAH app to run as a service, and to do run every time the machine boots. That means that right now, the application has been set as a service, and set to start when the machine starts...but the machine hasn't been (re)started since this setting took place.
What this means is that although the service is installed correctly, the machine will not be folding until the next restart.
NOTES
1.) The black box that flashes for a second at the logon screen is the bluetentacle app installing FAH as a service on the machine. I'm guessing that this is because somewhere along the line they have some commands being sent to the console window, and maybe aren't using @ECHO OFF to hide them. The end result is that an end user might see the box flash, and you *might* get a support call if they are on a slow machine that leaves the box up for more than a second. These commands are insode of the bluetentacle app, so there's not much you can do. I recommend assigning the GPO to the machine OU, and then restarting the machines when you know no-one will be logging on for the first 30 seconds or so that the logon screen is up.
2.) Once this is done, the FAH Console app will run as a service every time that machine boots up. Even if you don't link your GPO to the OU any more. If you ever want to take this install off of a machine, or off of an OU of machines, just make a new GPO called 'FAH Kill' or something, and put this in the logon script:
@ECHO OFF
net stop fah1
sc delete fah1
rmdir C:\fah1 /S /Q
This stops the FAH service, deletes it, and kills the C:\fah1 directory (and all the files inside)
3.) If you then decide to put FAH back on the machine after killing it, just re-assign the FAH Deploy GPO to the machine OU. The scripts will see that the files aren't there and go through the install script again. The install scripts here are set up to install FAH as a service, unless the files are already there. If the files are there, the startup script just quits without doing anything, because it assumes the FAH service was installed correctly on the machine and is running.
EDITS: deleted some outdated information and fixed some mis-typed words
0
Comments
If you will allow it, I'd like to post that info as an article on our FAH page. There's no money in it, but the fame you receive will be everlasting.
Oh, and if you're an admin, here's how I convinced the administration here to let me push this out: (I work at a school)
1. This will be using more electricity and creating more heat, so we'll just fold in the winter months. The cost of using many points of electrical heat sources *should* be more efficient than a single vent of natural-gas-heated central HVAC system blowing hot air around. So we pay more electric, but need less gas.
(Since school is in session during winter, that works...)
2. We might be able to write off the expense, if we can get a good estimate of our usage. Getting heat in the building by using a cost we can deduct is better than just paying for gas.
3. (most importantly) we're making use of a resource that was going unused, and doing good for our community at the same time
That was about it. Either they were bored listening to me or were convinced... :-)
of course!
Once I have some spare time, I'll try to write something up on how to watch the OU machines with em3 or something. (haven't looked into it yet)
Just posted my 1K milestone too. (at 1094 right now...after having the GPO enabled for one day...)
Tomorrow should be interesting, I noticed a lot of the labs were left on as I left for the day...
thought I'd celebrate with a hacked-up avatar
A useful use for group policy besides locking peoples machines down
Btw.. quality avatar