Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: (Repost)

Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation

2012GoldenImage

“Golden” Arguments

I’m not here to debate about the “best” method to create a Golden Image. It will all entirely depend on your organization’s processes/policies and standards you have devised. This is hopefully just a guide to show you where I discovered a couple “gotchas” during my “Golden Image Build”, in the hopes that you will be able to use the information to your advantage on your way down your very own “Golden” Path…

What makes this post different?

Well, probably not much, really, not inventing a new wheel or anything…big deal…wannafightaboudit?

In all reality, this is another blog more or less for my reference later when I actually get to start working on building out Server 2012 templates where I am employed. I have read multiple articles on building a “Golden Image” or “Golden Copy” of a VMWare guest VM, and will try to cite them wherever and often. This article is more or less the compilation of ALL those sources, giving me one place to find the info vs. spending another 10+ hours of reading and researching and testing (need we even mention documenting?).

I figured until I needed it again I could share the info I found useful to other people in the hopes to save them the time I had to spend connecting all the dots…

Requirements

BEFORE proceeding please make sure you have the following items handy:

  • Downloaded BGInfo v4.16, and have your config file ready to go
  • VMWare Workstation 8*/9 (ESX/ESXi should work almost the same way except the sysprep process)
  • Your freshly installed VM Guest with Server 2012 (I’m using
    Standard Edition, and have installed VMWare Tools)
  • Any personalization objects like background image files, icons, shortcuts, etc. ready to go
  • Print out or throw up this post by Jason Boche on another monitor for great beginner UI tweaks for Server 2012

* 8 I had issues with, but on the guide I mention later on building a 2012 VM Guest the author of that article was able to get it working. I switched to 9.0 and had no issues, so that’s what anything I’m doing in this article is based off of…

Getting Started – OS Installed! Now What?

I’m not going to tell you how to get Server 2012 onto a VM in VMWare Workstation, but I can tell you I had problems with version 8, which I later found out were probably attributed to the floppy .img issue described here, rather than it being that particular version of VMWare Workstation. I ended up using 9 without any issues (it adds support for 2012 so you don’t have to use the Windows 7 type in Workstation 8.

In any case, once you have the OS installed it’s time to log in. First thing you’ll notice is the login screen is akin to Windows 8. Oh, what fun we will have…

login_server2012

Once you’re logged in you’re going to see the tile setup that you do in Windows 8. We’ll come back to this. For now just click the Desktop tile.

Give the desktop a minute to load and wait for the Server Manager to appear. The very first thing I want to do is update this bad boy. This is how I got to the Windows Update Configuration screen (pictured below):

steps1-3

Click the Local Server(1) menu item on the left panel, and under the main Properties Info Box, use the scrollbar to slide all the way to the right(2), so you can see your Windows Update settings. Click the link for Windows Update Not Configured(3) to open the Windows Update settings.

Step 1: Windows Updates

Disclaimer : Personal Rant

[ Rant ]

Some may think the patch process I describe below is slower (or pointless). But for myself at least, I have found this prevents me from wasting time on troubleshooting why updates ‘y’ or ‘z’ didn’t install correctly during a “multi batch patch session” with a new image. Usually the culprit turned out to be something along the lines of “update ‘x’ was a dependancy but hadn’t fully completed IT’S OWN install operation on the prior reboot”.

Therefore, the “broken” updates actually were working just as intended, and were simply waiting for the dependency to get completely installed! I found through trial and error that if I simply shut down the machine and then powered it backup during these “batch update installs”, it sort of kicked it into forcing the completion of the updates upon the following boot up.

Note: I’ve only experienced this in a virtual environment so that may have something to do with it as well…in any case, my update methodology described below may just simply be my own personal SysAdmin voodoo, so take it or leave it as a practice…

[ /Rant ]

Updates – Patching Process

I’ve tried to offer a visual matrix of the way I do “patching from scratch” below:

updates_processMatrix

* Will vary depending on your roles/features that you have installed per your requirements

The main gist of it is thus:

Updates – First Update Set

The top row of the above picture will show you that on my first round of “core-OS updates”, my scan resulted in 24 updates and a total of 300 MB to download:

windowsupdates_FirstCheckTotal

After they finished installing I did NOT restart as suggested. Instead, I used the keystroke Win+i to pull up the settings and “charms” on the right side of the screen, and shut down the OS completely (below)

updates_PowerCycle_PowerOff

Do two cycles of updates, then continue below…

Updates – After 2nd Pass, Install Roles / Features

localserver_manage_AddRolesFeatures

Just follow the matrix down the list. After step 2, it’s time to install your Roles/Features as per your requirements. Keep repeating the cycle after installing the roles until you do a scan and come back with no updates. This seems to have allowed me the best success rate with no troubleshooting necessary.

HINT:

Later on, I am going to provide a link to a page that talks about nice customizations for the “new to you” Server 2012 admin, as a way to keep around some of the more familiar icons and shortcuts. For some of the items discussed in that article to be enabled, you’ll need to at this time add the “Desktop Experience” feature (shown below).

desktopExperienceAddons

Please note: this also installs the Windows Store, so just be aware. I’m in my own lab so I’m not being very “big brother” on myself yet…

Oh, and this is for people who aren’t tied to WSUS or whatever and are just pulling updates down from the Internet. I still use the methods at work similar to this, but the number of updates and patches will be different most likely as it would be driven by your patching compliance SLA and other such policy documents.

Step 2: Customize Your Environment

I could go into great detail about hundreds of different ways to tweak your UI, but I would then be re-inventing the wheel.
With that said, I HIGHLY suggest that even if you don’t want to go overboard with customizations, that you still take a few minutes to review the excellent article on Windows Server 2012 Customizations by Jason Boche. Go through and cherry pick your favs.

One thing I noticed that was missing from the list though was how to get the old favorites like “always show menu” and “show file extensions” options. The thing you’ll need to get used to is that Windows Explorer has a ribbon type interface akin to the Office Suite (pictured below):

showExtensions_showMenus

So after finishing adding my customizations, the last thing I wanted to add is BGInfo so I could still have some critical information in a familiar spot until I become more comfortable with navigation Server 2012. Perhaps then I will find it less challenging, but until then, I’ll stick with ol’ reliable…

Step 3: BGInfo on Server 2012

I don’t know if it’s something I’m not doing, but I had a heck of a time getting bginfo working. Ultimately it was failing to update the background info when using Local Security Policy to add a startup script

I ended up taking the slightly different approach of changing permissions on the BGI folder so Users had Modify rights to the folder and it’s contents (shown below):

permissions

The batch file I was using was pretty simple (below):

START C:BgInfoBginfo.exe C:BgInfobgconfig.bgi /timer:0 /accepteula /silent

I had it sitting in the same directory as the other files (“C:BGInfo”) and called it launchbgi.bat (shown below):

bginfo_files

Once I had everything in place, the last thing I did was add a shortcut to my batch file to the following location:

C:Program DataMicrosoftWindowsStart MenuProgramsStartup (shown below):

shortcut

And that was that!!! It took two reboots to start working but then I was getting refreshed backgrounds on every log in. (shown below):

bginfoSuccess

It looks like I need to break this out into a 2-parter…so in Part 2 I will continue the process, and begin the sysprepping of the machine. This is where I was having the most issues…I’ll post that either tomorrow night or the following!

Till Next Time…

Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: Part 2 of 2

Part: 2 of 2

Ready…Set…Syspr-WAIT!

In my last post, I walked through how I got my “Golden Image” ready for Sysprep by updating through Windows Updates, and also went through and customized the system to my preferences, including adding BGInfo and getting my icons in place.

Now before we begin, there’s one last thing we want to do before we Sysprep this system…


“I just spent a good amount of time customizing my environment, and if I Sysprep the system…won’t it wipe out the profile settings?”

By default, yes it would. But we can add a couple items to an XML file and make sure all those settings stay with the image after being Sysprepped…

CopyProfile Setting

So according to TechNet, there is a setting called CopyProfile that can be overridden from it’s default (false) by using a special XML tag in the unattend file.
Note:
If you want these settings to be copied to default the easiest way is to be logged on as THE “Administrator” account. Once logged in, make your customizations, then proceed.

Hrmmm…lets use this simple “Autoattend.xml” file below as our test.  You can add many other options, but we’re doing only a little bit since we wanna keep the code short and get to the point:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-US</InputLocale>
        <SystemLocale>en-US</SystemLocale>
        <UILanguage>en-US</UILanguage>
        <UILanguageFallback>en-US</UILanguageFallback>
        <UserLocale>en-US</UserLocale>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OOBE>
            <HideEULAPage>true</HideEULAPage>
            <NetworkLocation>Work</NetworkLocation>
            <ProtectYourPC>1</ProtectYourPC>
        </OOBE>
        <TimeZone>Pacific Standard Time</TimeZone>
    </component>
</settings>
<settings pass="specialize">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey>
        <CopyProfile>true</CopyProfile>
    </component>
</settings>
</unattend>

Placing the Autounattend.xml file

Take the code above (and of course put in your own key and other settings as you would wish) and place it in the same directory as the sysprep executable: C:WindowsSystem32Sysprep (shown below):

Running Sysprep

Once I had my unattend.xml file in place, I opened up an administrative command prompt via the Server 2012 shortcut key Win+X. This opens up little “Power User” menu that you can easily access some common tools for the everyday Systems Administrator (shown below):

server2012_winX

Then I ran the fateful command, held my breath, and prayed:

commandForSysprep

DID IT WORK!??!?!?

So now the test. I just flat straight up copied that sumbitch to another location on a different drive.

Now I wanna be able to keep track of these VMs as I clone them, so I’m gonna edit the settings of my freshly copied clone in VMWare Workstation to “DEVSQL12” (shown below):

Next, when I powered it up, I was asked if this was moved or copied, and I selected “I copied it” (shown below):

This is a good sign, it’s asking me for a new admin password…

VOILA! My new server ready to roll and freshly updated and customized!!!

All Done!!

Now you can copy this Golden Template off into new folders, fire it up, and you have a new, updated server ready for config!!! That’s it! This was just a quick tutorial. Hopefully it helps set the stage for you to get familiar with Windows Server 2012, while at the same time guides you in finding your way around quickly to set up some of the features and custom settings you want with minimal headache.

Post navigation

6 comments on “Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: Part 2 of 2”

  1. Magroll says:

    Hi have you ever tried to do the Sysprep via VMWare VCenter? I tried to import the unattend.xml to a vSphere Windows Guest Cusomization. But than the Sysprep Specification don’t work as excepted. 😦

    • Yea I will dig around in a bit and see if I can find reference links, but from what I remember you should stick to the sysprep files that are available through vcenter. The tricks I’ve found that were usually skipped when an ESX template deployment fails to “fully” provision itself are:
      1) Make sure your key is right, be it KMS or VL or whatnot

      2) Make sure your server is iin a clean shutdown state before sysprepping. (Google it, there’s a reg key and (I think) one other thing to check)
      3) Make sure you are changing the network on the NIC (if different from the vSwitch/VLAN your template was created on) and then edit the network settings during a customized deployment to reflect the actual network/IP the new server should reside on.

      This of course allows the post sysprepped machine to connect to the domain and the kms server (or internet) to join the domain, activate, etc.

      That’s just from my experience though, and as mentioned in the beginning, I’ve found sysprepping following the KBs on vmware’s site.

      Ps: sorry for not including links I’m posting this from my phone

  2. […] tenemos un VHD con una instalación de Windows personalizada y generalizada, que podemos usar como Imagen Maestra para crear nuevas máquinas […]

  3. As an addition to your posts: You could also shut the VM down after sysprepping it and set the VM to cloning mode withing VMWare Workstation through Settings –> Options tab –> Advanced –> Check Ënable Template Mode”. This way you can quickly generate linked clones / full clones for a quick lab setup 🙂