image-forge.net

Server setup

From installer to first technician code in about five minutes.

First-run checklist

Use this after the installer finishes and the console opens at https://localhost:8967.

ACCESS
license storage access
server identitypinned
technicianJordan Bench
access codeIFG-4K8R- shown once
tls fingerprintAA:BB:CC:...:91
Create technician codes in access; copy each code immediately because it is only shown once.

Install

Download the ImageForge server installer from the Downloads page and run it. The installer does the whole job: installs the Forge as a Windows service (auto-start, elevated), prompts for a server name and an optional license key, opens the LAN firewall ports, and configures SMB file sharing so direct capture works out of the box. When it finishes, the web console is at https://localhost:8967.

Run it with rights — direct capture (streaming images to the Forge without staging) and offline image servicing both need elevated service rights. The installer configures the Windows service with the required permissions automatically.

First run, in order

  1. Set the admin password — the console demands one on first visit. Management stays locked until it exists.
  2. Install the license key — paste it in the license view. Capture/deploy APIs stay locked until the Forge is activated.
  3. Pick the image store — the storage view shows where images live and how much space is free. Windows images are 15–80 GB each: point the store at a disk with room (local disk or NAS/UNC path). See Storage & backup.
  4. Create technician access codes — in the access view. Each code is shown once, uses one licensed seat, and labels everything that technician does in the audit trail.
  5. Record the TLS fingerprint — shown in access → server identity. Technicians compare it on the boot client; site-specific media can pin it in advance.

Licensing

ImageForge licenses are offline: a signed key the Forge verifies locally, with no activation server and no phone-home — by design, so air-gapped imaging networks work. The licensee's name is embedded in the key and displayed on the console, on every technician's boot client, and in the audit trail.

Keys come in two forms:

Key typeBehavior
Node-locked (standard)Bound to one machine's install ID. Activates only on that machine; sharing the key elsewhere simply doesn't work.
Unbound / siteActivates on any machine — issued for evaluations and site agreements.

Your install ID

The console's license view shows this machine's install ID (IFGN-XXXX-XXXX-XXXX-XXXX).

Send the install ID with your order and your key arrives bound to that machine. The ID derives from the machine's firmware identity, so it survives OS reinstalls — rebuilding Windows on the same server keeps your license working. It reveals nothing about your hardware (it's a one-way hash).

Replacing the server hardware changes the install ID: contact support with the old and new IDs for a re-issue.

Network requirements

The installer configures the standard Windows firewall rules. Use this table for firewall reviews or locked-down networks where a network administrator wants to pre-approve access:

PortPurposeNeeded
TCP 8967HTTPS API + web consoleAlways
UDP 8968LAN discovery broadcastFor automatic server discovery
TCP 445Direct capture (SMB)For capture without local staging

Direct capture additionally relies on the Windows Server service (LanmanServer) running — the installer sets it to start automatically. If direct capture is blocked by policy, ask the Windows administrator to allow File and Printer Sharing for the Forge server on the imaging network.

Browser certificate warning

The Forge serves HTTPS with a self-signed certificate, so your browser shows an "untrusted" warning once — expected for on-prem tools with no public CA. Boot clients don't rely on the browser trust model at all: they pin the certificate's SHA-256 fingerprint.