I’m not here to debate about the “best” method to create a Golden Image. It will all entirely depend on your organization’s processes/policies and standards you have devised. This is hopefully just a guide to show you where I discovered a couple “gotchas” during my “Golden Image Build”, in the hopes that you will be able to use the information to your advantage on your way down your very own “Golden” Path…
What makes this post different?
Well, probably not much, really, not inventing a new wheel or anything…big deal…wannafightaboudit?
In all reality, this is another blog more or less for my reference later when I actually get to start working on building out Server 2012 templates where I am employed. I have read multiple articles on building a “Golden Image” or “Golden Copy” of a VMWare guest VM, and will try to cite them wherever and often. This article is more or less the compilation of ALL those sources, giving me one place to find the info vs. spending another 10+ hours of reading and researching and testing (need we even mention documenting?).
I figured until I needed it again I could share the info I found useful to other people in the hopes to save them the time I had to spend connecting all the dots…
BEFORE proceeding please make sure you have the following items handy:
- Downloaded BGInfo v4.16, and have your config file ready to go
- VMWare Workstation 8*/9 (ESX/ESXi should work almost the same way except the sysprep process)
- Your freshly installed VM Guest with Server 2012 (I’m using
Standard Edition, and have installed VMWare Tools)
- Any personalization objects like background image files, icons, shortcuts, etc. ready to go
- Print out or throw up this post by Jason Boche on another monitor for great beginner UI tweaks for Server 2012
* 8 I had issues with, but on the guide I mention later on building a 2012 VM Guest the author of that article was able to get it working. I switched to 9.0 and had no issues, so that’s what anything I’m doing in this article is based off of…
Getting Started – OS Installed! Now What?
I’m not going to tell you how to get Server 2012 onto a VM in VMWare Workstation, but I can tell you I had problems with version 8, which I later found out were probably attributed to the floppy .img issue described here, rather than it being that particular version of VMWare Workstation. I ended up using 9 without any issues (it adds support for 2012 so you don’t have to use the Windows 7 type in Workstation 8.
In any case, once you have the OS installed it’s time to log in. First thing you’ll notice is the login screen is akin to Windows 8. Oh, what fun we will have…
Once you’re logged in you’re going to see the tile setup that you do in Windows 8. We’ll come back to this. For now just click the Desktop tile.
Give the desktop a minute to load and wait for the Server Manager to appear. The very first thing I want to do is update this bad boy. This is how I got to the Windows Update Configuration screen (pictured below):
Click the Local Server(1) menu item on the left panel, and under the main Properties Info Box, use the scrollbar to slide all the way to the right(2), so you can see your Windows Update settings. Click the link for Windows Update Not Configured(3) to open the Windows Update settings.
Step 1: Windows Updates
Disclaimer : Personal Rant
[ Rant ]
Some may think the patch process I describe below is slower (or pointless). But for myself at least, I have found this prevents me from wasting time on troubleshooting why updates ‘y’ or ‘z’ didn’t install correctly during a “multi batch patch session” with a new image. Usually the culprit turned out to be something along the lines of “update ‘x’ was a dependancy but hadn’t fully completed IT’S OWN install operation on the prior reboot”.
Therefore, the “broken” updates actually were working just as intended, and were simply waiting for the dependency to get completely installed! I found through trial and error that if I simply shut down the machine and then powered it backup during these “batch update installs”, it sort of kicked it into forcing the completion of the updates upon the following boot up.
Note: I’ve only experienced this in a virtual environment so that may have something to do with it as well…in any case, my update methodology described below may just simply be my own personal SysAdmin voodoo, so take it or leave it as a practice…
[ /Rant ]
Updates – Patching Process
I’ve tried to offer a visual matrix of the way I do “patching from scratch” below:
* Will vary depending on your roles/features that you have installed per your requirements
The main gist of it is thus:
Updates – First Update Set
The top row of the above picture will show you that on my first round of “core-OS updates”, my scan resulted in 24 updates and a total of 300 MB to download:
After they finished installing I did NOT restart as suggested. Instead, I used the keystroke Win+i to pull up the settings and “charms” on the right side of the screen, and shut down the OS completely (below)
Do two cycles of updates, then continue below…
Updates – After 2nd Pass, Install Roles / Features
Just follow the matrix down the list. After step 2, it’s time to install your Roles/Features as per your requirements. Keep repeating the cycle after installing the roles until you do a scan and come back with no updates. This seems to have allowed me the best success rate with no troubleshooting necessary.
Later on, I am going to provide a link to a page that talks about nice customizations for the “new to you” Server 2012 admin, as a way to keep around some of the more familiar icons and shortcuts. For some of the items discussed in that article to be enabled, you’ll need to at this time add the “Desktop Experience” feature (shown below).
Please note: this also installs the Windows Store, so just be aware. I’m in my own lab so I’m not being very “big brother” on myself yet…
Oh, and this is for people who aren’t tied to WSUS or whatever and are just pulling updates down from the Internet. I still use the methods at work similar to this, but the number of updates and patches will be different most likely as it would be driven by your patching compliance SLA and other such policy documents.
Step 2: Customize Your Environment
I could go into great detail about hundreds of different ways to tweak your UI, but I would then be re-inventing the wheel.
With that said, I HIGHLY suggest that even if you don’t want to go overboard with customizations, that you still take a few minutes to review the excellent article on Windows Server 2012 Customizations by Jason Boche. Go through and cherry pick your favs.
One thing I noticed that was missing from the list though was how to get the old favorites like “always show menu” and “show file extensions” options. The thing you’ll need to get used to is that Windows Explorer has a ribbon type interface akin to the Office Suite (pictured below):
So after finishing adding my customizations, the last thing I wanted to add is BGInfo so I could still have some critical information in a familiar spot until I become more comfortable with navigation Server 2012. Perhaps then I will find it less challenging, but until then, I’ll stick with ol’ reliable…
Step 3: BGInfo on Server 2012
I don’t know if it’s something I’m not doing, but I had a heck of a time getting bginfo working. Ultimately it was failing to update the background info when using Local Security Policy to add a startup script
I ended up taking the slightly different approach of changing permissions on the BGI folder so Users had Modify rights to the folder and it’s contents (shown below):
The batch file I was using was pretty simple (below):
START C:BgInfoBginfo.exe C:BgInfobgconfig.bgi /timer:0 /accepteula /silent
I had it sitting in the same directory as the other files (“C:BGInfo”) and called it launchbgi.bat (shown below):
Once I had everything in place, the last thing I did was add a shortcut to my batch file to the following location:
C:Program DataMicrosoftWindowsStart MenuProgramsStartup (shown below):
And that was that!!! It took two reboots to start working but then I was getting refreshed backgrounds on every log in. (shown below):
It looks like I need to break this out into a 2-parter…so in Part 2 I will continue the process, and begin the sysprepping of the machine. This is where I was having the most issues…I’ll post that either tomorrow night or the following!
Till Next Time…
Part: 2 of 2
In my last post, I walked through how I got my “Golden Image” ready for Sysprep by updating through Windows Updates, and also went through and customized the system to my preferences, including adding BGInfo and getting my icons in place.
Now before we begin, there’s one last thing we want to do before we Sysprep this system…
“I just spent a good amount of time customizing my environment, and if I Sysprep the system…won’t it wipe out the profile settings?”
By default, yes it would. But we can add a couple items to an XML file and make sure all those settings stay with the image after being Sysprepped…
So according to TechNet, there is a setting called CopyProfile that can be overridden from it’s default (false) by using a special XML tag in the unattend file.
If you want these settings to be copied to default the easiest way is to be logged on as THE “Administrator” account. Once logged in, make your customizations, then proceed.
Hrmmm…lets use this simple “Autoattend.xml” file below as our test. You can add many other options, but we’re doing only a little bit since we wanna keep the code short and get to the point:
Placing the Autounattend.xml file
Take the code above (and of course put in your own key and other settings as you would wish) and place it in the same directory as the sysprep executable: C:WindowsSystem32Sysprep (shown below):
Once I had my unattend.xml file in place, I opened up an administrative command prompt via the Server 2012 shortcut key Win+X. This opens up little “Power User” menu that you can easily access some common tools for the everyday Systems Administrator (shown below):
Then I ran the fateful command, held my breath, and prayed:
DID IT WORK!??!?!?
So now the test. I just flat straight up copied that sumbitch to another location on a different drive.
Now I wanna be able to keep track of these VMs as I clone them, so I’m gonna edit the settings of my freshly copied clone in VMWare Workstation to “DEVSQL12” (shown below):
Next, when I powered it up, I was asked if this was moved or copied, and I selected “I copied it” (shown below):
This is a good sign, it’s asking me for a new admin password…
VOILA! My new server ready to roll and freshly updated and customized!!!
Now you can copy this Golden Template off into new folders, fire it up, and you have a new, updated server ready for config!!! That’s it! This was just a quick tutorial. Hopefully it helps set the stage for you to get familiar with Windows Server 2012, while at the same time guides you in finding your way around quickly to set up some of the features and custom settings you want with minimal headache.