Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: (Repost)

Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation

2012GoldenImage

“Golden” Arguments

I’m not here to debate about the “best” method to create a Golden Image. It will all entirely depend on your organization’s processes/policies and standards you have devised. This is hopefully just a guide to show you where I discovered a couple “gotchas” during my “Golden Image Build”, in the hopes that you will be able to use the information to your advantage on your way down your very own “Golden” Path…

What makes this post different?

Well, probably not much, really, not inventing a new wheel or anything…big deal…wannafightaboudit?

In all reality, this is another blog more or less for my reference later when I actually get to start working on building out Server 2012 templates where I am employed. I have read multiple articles on building a “Golden Image” or “Golden Copy” of a VMWare guest VM, and will try to cite them wherever and often. This article is more or less the compilation of ALL those sources, giving me one place to find the info vs. spending another 10+ hours of reading and researching and testing (need we even mention documenting?).

I figured until I needed it again I could share the info I found useful to other people in the hopes to save them the time I had to spend connecting all the dots…

Requirements

BEFORE proceeding please make sure you have the following items handy:

  • Downloaded BGInfo v4.16, and have your config file ready to go
  • VMWare Workstation 8*/9 (ESX/ESXi should work almost the same way except the sysprep process)
  • Your freshly installed VM Guest with Server 2012 (I’m using
    Standard Edition, and have installed VMWare Tools)
  • Any personalization objects like background image files, icons, shortcuts, etc. ready to go
  • Print out or throw up this post by Jason Boche on another monitor for great beginner UI tweaks for Server 2012

* 8 I had issues with, but on the guide I mention later on building a 2012 VM Guest the author of that article was able to get it working. I switched to 9.0 and had no issues, so that’s what anything I’m doing in this article is based off of…

Getting Started – OS Installed! Now What?

I’m not going to tell you how to get Server 2012 onto a VM in VMWare Workstation, but I can tell you I had problems with version 8, which I later found out were probably attributed to the floppy .img issue described here, rather than it being that particular version of VMWare Workstation. I ended up using 9 without any issues (it adds support for 2012 so you don’t have to use the Windows 7 type in Workstation 8.

In any case, once you have the OS installed it’s time to log in. First thing you’ll notice is the login screen is akin to Windows 8. Oh, what fun we will have…

login_server2012

Once you’re logged in you’re going to see the tile setup that you do in Windows 8. We’ll come back to this. For now just click the Desktop tile.

Give the desktop a minute to load and wait for the Server Manager to appear. The very first thing I want to do is update this bad boy. This is how I got to the Windows Update Configuration screen (pictured below):

steps1-3

Click the Local Server(1) menu item on the left panel, and under the main Properties Info Box, use the scrollbar to slide all the way to the right(2), so you can see your Windows Update settings. Click the link for Windows Update Not Configured(3) to open the Windows Update settings.

Step 1: Windows Updates

Disclaimer : Personal Rant

[ Rant ]

Some may think the patch process I describe below is slower (or pointless). But for myself at least, I have found this prevents me from wasting time on troubleshooting why updates ‘y’ or ‘z’ didn’t install correctly during a “multi batch patch session” with a new image. Usually the culprit turned out to be something along the lines of “update ‘x’ was a dependancy but hadn’t fully completed IT’S OWN install operation on the prior reboot”.

Therefore, the “broken” updates actually were working just as intended, and were simply waiting for the dependency to get completely installed! I found through trial and error that if I simply shut down the machine and then powered it backup during these “batch update installs”, it sort of kicked it into forcing the completion of the updates upon the following boot up.

Note: I’ve only experienced this in a virtual environment so that may have something to do with it as well…in any case, my update methodology described below may just simply be my own personal SysAdmin voodoo, so take it or leave it as a practice…

[ /Rant ]

Updates – Patching Process

I’ve tried to offer a visual matrix of the way I do “patching from scratch” below:

updates_processMatrix

* Will vary depending on your roles/features that you have installed per your requirements

The main gist of it is thus:

Updates – First Update Set

The top row of the above picture will show you that on my first round of “core-OS updates”, my scan resulted in 24 updates and a total of 300 MB to download:

windowsupdates_FirstCheckTotal

After they finished installing I did NOT restart as suggested. Instead, I used the keystroke Win+i to pull up the settings and “charms” on the right side of the screen, and shut down the OS completely (below)

updates_PowerCycle_PowerOff

Do two cycles of updates, then continue below…

Updates – After 2nd Pass, Install Roles / Features

localserver_manage_AddRolesFeatures

Just follow the matrix down the list. After step 2, it’s time to install your Roles/Features as per your requirements. Keep repeating the cycle after installing the roles until you do a scan and come back with no updates. This seems to have allowed me the best success rate with no troubleshooting necessary.

HINT:

Later on, I am going to provide a link to a page that talks about nice customizations for the “new to you” Server 2012 admin, as a way to keep around some of the more familiar icons and shortcuts. For some of the items discussed in that article to be enabled, you’ll need to at this time add the “Desktop Experience” feature (shown below).

desktopExperienceAddons

Please note: this also installs the Windows Store, so just be aware. I’m in my own lab so I’m not being very “big brother” on myself yet…

Oh, and this is for people who aren’t tied to WSUS or whatever and are just pulling updates down from the Internet. I still use the methods at work similar to this, but the number of updates and patches will be different most likely as it would be driven by your patching compliance SLA and other such policy documents.

Step 2: Customize Your Environment

I could go into great detail about hundreds of different ways to tweak your UI, but I would then be re-inventing the wheel.
With that said, I HIGHLY suggest that even if you don’t want to go overboard with customizations, that you still take a few minutes to review the excellent article on Windows Server 2012 Customizations by Jason Boche. Go through and cherry pick your favs.

One thing I noticed that was missing from the list though was how to get the old favorites like “always show menu” and “show file extensions” options. The thing you’ll need to get used to is that Windows Explorer has a ribbon type interface akin to the Office Suite (pictured below):

showExtensions_showMenus

So after finishing adding my customizations, the last thing I wanted to add is BGInfo so I could still have some critical information in a familiar spot until I become more comfortable with navigation Server 2012. Perhaps then I will find it less challenging, but until then, I’ll stick with ol’ reliable…

Step 3: BGInfo on Server 2012

I don’t know if it’s something I’m not doing, but I had a heck of a time getting bginfo working. Ultimately it was failing to update the background info when using Local Security Policy to add a startup script

I ended up taking the slightly different approach of changing permissions on the BGI folder so Users had Modify rights to the folder and it’s contents (shown below):

permissions

The batch file I was using was pretty simple (below):

START C:BgInfoBginfo.exe C:BgInfobgconfig.bgi /timer:0 /accepteula /silent

I had it sitting in the same directory as the other files (“C:BGInfo”) and called it launchbgi.bat (shown below):

bginfo_files

Once I had everything in place, the last thing I did was add a shortcut to my batch file to the following location:

C:Program DataMicrosoftWindowsStart MenuProgramsStartup (shown below):

shortcut

And that was that!!! It took two reboots to start working but then I was getting refreshed backgrounds on every log in. (shown below):

bginfoSuccess

It looks like I need to break this out into a 2-parter…so in Part 2 I will continue the process, and begin the sysprepping of the machine. This is where I was having the most issues…I’ll post that either tomorrow night or the following!

Till Next Time…

Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: Part 2 of 2

Part: 2 of 2

Ready…Set…Syspr-WAIT!

In my last post, I walked through how I got my “Golden Image” ready for Sysprep by updating through Windows Updates, and also went through and customized the system to my preferences, including adding BGInfo and getting my icons in place.

Now before we begin, there’s one last thing we want to do before we Sysprep this system…


“I just spent a good amount of time customizing my environment, and if I Sysprep the system…won’t it wipe out the profile settings?”

By default, yes it would. But we can add a couple items to an XML file and make sure all those settings stay with the image after being Sysprepped…

CopyProfile Setting

So according to TechNet, there is a setting called CopyProfile that can be overridden from it’s default (false) by using a special XML tag in the unattend file.
Note:
If you want these settings to be copied to default the easiest way is to be logged on as THE “Administrator” account. Once logged in, make your customizations, then proceed.

Hrmmm…lets use this simple “Autoattend.xml” file below as our test.  You can add many other options, but we’re doing only a little bit since we wanna keep the code short and get to the point:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-US</InputLocale>
        <SystemLocale>en-US</SystemLocale>
        <UILanguage>en-US</UILanguage>
        <UILanguageFallback>en-US</UILanguageFallback>
        <UserLocale>en-US</UserLocale>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OOBE>
            <HideEULAPage>true</HideEULAPage>
            <NetworkLocation>Work</NetworkLocation>
            <ProtectYourPC>1</ProtectYourPC>
        </OOBE>
        <TimeZone>Pacific Standard Time</TimeZone>
    </component>
</settings>
<settings pass="specialize">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey>
        <CopyProfile>true</CopyProfile>
    </component>
</settings>
</unattend>

Placing the Autounattend.xml file

Take the code above (and of course put in your own key and other settings as you would wish) and place it in the same directory as the sysprep executable: C:WindowsSystem32Sysprep (shown below):

Running Sysprep

Once I had my unattend.xml file in place, I opened up an administrative command prompt via the Server 2012 shortcut key Win+X. This opens up little “Power User” menu that you can easily access some common tools for the everyday Systems Administrator (shown below):

server2012_winX

Then I ran the fateful command, held my breath, and prayed:

commandForSysprep

DID IT WORK!??!?!?

So now the test. I just flat straight up copied that sumbitch to another location on a different drive.

Now I wanna be able to keep track of these VMs as I clone them, so I’m gonna edit the settings of my freshly copied clone in VMWare Workstation to “DEVSQL12” (shown below):

Next, when I powered it up, I was asked if this was moved or copied, and I selected “I copied it” (shown below):

This is a good sign, it’s asking me for a new admin password…

VOILA! My new server ready to roll and freshly updated and customized!!!

All Done!!

Now you can copy this Golden Template off into new folders, fire it up, and you have a new, updated server ready for config!!! That’s it! This was just a quick tutorial. Hopefully it helps set the stage for you to get familiar with Windows Server 2012, while at the same time guides you in finding your way around quickly to set up some of the features and custom settings you want with minimal headache.

Post navigation

6 comments on “Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation: Part 2 of 2”

  1. Magroll says:

    Hi have you ever tried to do the Sysprep via VMWare VCenter? I tried to import the unattend.xml to a vSphere Windows Guest Cusomization. But than the Sysprep Specification don’t work as excepted. 😦

    • Yea I will dig around in a bit and see if I can find reference links, but from what I remember you should stick to the sysprep files that are available through vcenter. The tricks I’ve found that were usually skipped when an ESX template deployment fails to “fully” provision itself are:
      1) Make sure your key is right, be it KMS or VL or whatnot

      2) Make sure your server is iin a clean shutdown state before sysprepping. (Google it, there’s a reg key and (I think) one other thing to check)
      3) Make sure you are changing the network on the NIC (if different from the vSwitch/VLAN your template was created on) and then edit the network settings during a customized deployment to reflect the actual network/IP the new server should reside on.

      This of course allows the post sysprepped machine to connect to the domain and the kms server (or internet) to join the domain, activate, etc.

      That’s just from my experience though, and as mentioned in the beginning, I’ve found sysprepping following the KBs on vmware’s site.

      Ps: sorry for not including links I’m posting this from my phone

  2. […] tenemos un VHD con una instalación de Windows personalizada y generalizada, que podemos usar como Imagen Maestra para crear nuevas máquinas […]

  3. As an addition to your posts: You could also shut the VM down after sysprepping it and set the VM to cloning mode withing VMWare Workstation through Settings –> Options tab –> Advanced –> Check Ënable Template Mode”. This way you can quickly generate linked clones / full clones for a quick lab setup 🙂

How to build a Windows 2012 R2 VMware Template (Repost)

Things to get ready

You should have the following handy when you start.

  • vSphere infrastructure
  • Windows 2012 R2 ISO up on your virtual infrastructure – and know where it is!
  • Windows PID
  • You will need to use a utility to copy the profile that you can find here.  This is important as Microsoft has been working since Win2K8 to make it difficult to copy a profile – that we do a bunch of customization in, to the default user so after our template is used to provision, new users will get our customization.
  • You might consider to use the Microsoft EMET tool to secure your Windows 2012 template but I have not done that yet and am in fact hesitating.

Note: I am not installing the PVSCSI driver in this process.  I may add a new article for that, or update this one. Not sure yet.  I should also note that I am not using PVSCSI in any of my labs currently but plan on in the near future.

Process

BTW, I am putting what I consider is more than I need to in terms of instructions and screenshots.  This is to make sure I can help the people that need more help, but yet I am trying to not put too much so I don’t put off those who don’t need more help.  You can always skim through if you only need a little help.  Update – Thanks to a comment from @vStorage I thought I would add a little more info on the process.  I do more configuration of the virtual machine below then I need to.  Some of my config can be done by GPO.  However, I like to be careful, and I think a little extra work on the VM before it becomes a template is good.  After all, it may not be used on the domain after all.

Virtual Machine and Operating System

  • Create a new virtual machine.  Use a good name.  For example I use wn2k12r2STD-TPL  (fifteen character limit here to remember).
  • I use a 40 GB drive C:, 1 vCPU, and 4 GB of RAM.  Both of those can be changed later after you deploy from this template.
  • You should change your Network type to VMXNET3, and attach the Win2K12R2 ISO.  See below for an example of what this should look like.

VM virtual hardware info

  • Note: this is the time we would do PVSCSI if we were doing that.  I will add that later but for now we will not cover it off.
  • Once we have this virtual machine created, we need to make some changes before we power it on.  So right+click on the VM and select Settings and change to VM Options.
  • We need to Enable the next boot to enter BIOS setup, and we need to Disable logging.  See below for what this should look like.

VM options to change

  • Before we power up, I like to use the Tags and Notes to identify this VM.  I find this useful, especially in big environments.

Notes and Tags Info

  • Now we can power up.  Do that and than use the right+click to open a console.  You should see the BIOS when you get the console open.

main BIOS screen for a VM

  • Now change to Advanced, and than I/O Device Configuration.
  • We want to disable the Serial, Parallel ports, and the Floppy controller.  Note, if we were doing the PVSCSI we would have to disable the floppy controller after the VM had the OS installed and running as the driver for PVSCSI is floppy based.

IO devices - disabled

  • Now you can hit F10 to Save and Exit and you should boot right to the OS install.  If it doesn’t then when that happens to me it is due to my forgetting to connect the ISO.  You can change to the vSphere Web Client and connect the CD in the VM settings area and by the time you return to the Console it should be installing.  You may have to hit the Send Ctrl+Alt+Delete button to help.
  • The first place the OS stops and waits for you is seen below.

WinSetup1

  • You can just hit Next to continue.
  • Of course that assumes you can actually mouse over to Next and click.  I do not have much luck with that and I find that the TAB key is more efficient – of course as no Tools installed yet to help!
  • You will need to enter a license.  I have to type it in as I am not able to do copy and paste successfully!
  • The next screen gives you a choice between installing Server Core, or Server with a GUI.  I suggest that you do the Server with a GUI.  It is more familiar and you can change to the Server Core later if necessary.

Server Core, or Server with a GUI - GUI Please!

  • Again, the TAB key will help, and the arrow keys.
  • Accept the license and let’s go.
  • In the next screen you will be prompted to select a Type of Installation.

Make sure to use Custom choice

  • I was confused the first time I used this screen and I used the default choice which was wrong.  Not sure why it let me do that.  So make sure to use the Custom choice.
  • The next screen will ask you about where to install Windows.  We are not using PVSCSI so the disk is visible and we can actually hit Next.  If we were using PVSCSI I believe this is where we would load the required driver disk to see the disk.  (BTW, the floppy image is on a datastore.  You will need to browse to it via VM Settings, Floppy drive, Use existing floppy image, vmimages, floppies, and than select and use pvscsi-Windows2008.flp file.)

WinSetup5

  • Now we wait, and watch.

Watch now ....

  • Like the screen says, there may be several restarts.
  • We will need to add a password to the administrator account.

Now we are done with the creation of the virtual machine, and install of the OS.  We now need to configure Win2K12R2.

OS Configuration – VMware Tools

I generally want to get VMware Tools installed and working so we can work a little easier (meaning that your mouse works now!

  • We need to log in.
  • Once you are logged in, you will be in the Server Manager.  Change over to the vSphere Web Client and start the install of VMware Tools.  You will see the option for that on the Summary tab for the VM.  You can also find it when you right+click and select All vCenter Actions, followed by Guest OS and finally selecting Install VMware Tools.  See both of these options below.

Installing VMware Tools

  • Once you select you will see the option below.

VMwareTools2

  • I have had some odd experiences installing VMware Tools in Win2K12R2.  Sometimes it works best if you can click on the popup of how to handle the CD message.  Sometimes you can close and open the Console to make things work a bit better.  But this is fustrating.  In Win2K8 and Win2K8R2 this was manageable since the install could be unattended and just restart.  But for whatever reason I cannot do that any longer with Win2K12.
  • The best advice for this is stop the install (unmount is the term) and start it again if necessary.  Than use the TAB button. Use it to move to the Server Manager in the task bar.  Than use the arrow keys to arrow over to the Explorer option, and than use the TAB and arrow keys to maneuver through the Explorer until you can select the VM CD.

VMwareTools3

  • Now you can use the Return key to start the process.  Again the TAB key will help enormously and before you know it the mouse will work nice.  Restart when prompted.

OS Configuration – Tweaks and Tuning

In this phase we tweak the OS and get it ready for a wide range of potential use.  Meaning this is the template that is most general.  It will be used to make other templates that are more specific – such as SQL.  The changes below are the ones I make, and think useful but in this section you make the changes that work best for you and your organization.

  • We need to log in again so we can start making changes.  Yes, our mouse should work good now!
  • I like to get the Date / Time right first.  So first do the Time Zone.  Click on the Clock in the taskbar and select Change date and time settings …
  • When we first started all of this you may have noticed that the time of the VM was way off.  In fact it was in Zulu or Universal Time because the host time was when the VM started.  But now with the right Timezone it should be the right time.  If not, your ESXi host may have the wrong time.
  • I also like to have the 24 Hour clock in use so this is when I do that change (Change date and time, Change calendar settings, followed by changing to the Time tab).
  • We should be back in the Server Manager now.  Use the Local Server setting in the top left corner and you will see something like below.

ServerManagerLocal

  • We will make a number of changes here.
  • Lets start in the top right – we want to work with Manage Server Manager Properties.

ServerManagerProperties

  • Literally only one thing to change.  We want to select the checkbox for Do not start Server Manager automatically at logon.  Don’t forget it is in the task bar all of the time – it has a toolbox in the icon.
  • Now we want to get fully patched.  Again in the top right, we can see Windows Update, and it shows as Not configured.  Configure it as appropriate in your world.
  • Now update until there is no more patches.  Reboot as necessary.  BTW, the way I reboot is to right+click on the bottom left corner where you see the funny Windows icon.  Than use Shut down or sign out and select Restart.  This is a very powerful Right Click!

rightclick

  • See all of the choice on this menu?  Very handy.
  • Once you restart, and log back in, please start up the Server Manager again.  It is the first icon in your task bar.
  • Select Local Server again.
  • You should start with Computer name and change it to match your VM name.  You will be limited to 15 characters and that is a little tight so there may be a change.  Restart later.
  • You can use the Advanced option here on System Properties (found in Server Manager by clicking on Computer Name) to tweak the Performance in Visual Effects for Adjust for best performance.

Startupetc

  • Also on the Advanced tab you can change the Startup and Recovery settings so that the Time to display is changed from 30 to 5.  Some people will deselect the option to Automatically restart here but it is something rather to think about.
  • While in here remove the swap file – we will add it back later (found in Performance Settings / Advanced).
  • Now tweak the Firewall if necessary.
  • Do you need to change the Remote Management option – I suggest not if you are not sure.
  • You very likely need to change the Remote Desktop option.  To add users (or even better groups) it is a little hard if you are not in the domain.  If you cannot, during deployment from the template when the server is added to the domain you can manage the users (using for example Restricted Groups).
  • We will tweak the network now.  We likely do not need QoS Packet Scheduler or TCP/IP v6.  By the way, when you are back in Server Manager if you do not see what you think you should, than use the Refresh button at the top of the screen and it will update things so they look more appropriate. You can click on the IPv4 in Ethernet0.
  • Windows Update may show never updated but it has been so ignore that.
  • We generally want to enable Windows Error Reporting and Customer Experience Improvement Program.  Both of these end up helping users and we are users so that is good!
  • Often people will change IE Enhanced Security Configuration to off.  I am turning it off for Administrators.
  • Now we should add features.  Scroll to the bottom of the Server Manager page.

RolesAndFeatures

  • Now you can select Add Roles and Features from under the Tasks menu.
  • Roles is where you would add things like IIS.
  • I like to add Telnet Client as a feature to help with testing.  This is where you might add things like .NET or IPAM.
  • Now leave Server Manager.
  • I like to pin IE to my Task Bar.  So click on the Window icon in the bottom left.  This will change your desktop to Aero.
  • Now right+click on IE and select Pin to taskbar.  Now return to the normal desktop.
  • Right+Click on the Window icon in the lower left corner and select Control Panel, followed by Hardware.
  • We want to use High performance in the power plan.  You can also set the Turn off Display here to never.
  • Now start IE and save the home page as About:blank.
  • We need to make a change at the command line before we restart.  So right + click on the Windows icon at the lower left and select Command Prompt (Admin).
  • Use the following command at the command line.

powercfg -h off

  • We should disable the index on drive C:.  Use Explorer to explore This PC and right+click on drive C: and select Properties.  You will see at the bottom of the screen the option to disable indexing.
  • Now we should defragment the drive. This option is on the Tools tab.: and select the Optimize option.
  • While you are here you should disable the weekly optimize option as it is not necessary.
  • Often people will want to lower or disable the User Account Settings.  You can do that by right+click on the Windows icon in lower left corner and select Control Panel, followed by System and Security, than select Change User Account Control Settings.  Chose the setting that is best for you.
  • Now we should restart.

Configuration – Installing software

We only install software here that we really need and is useful for most users.  Some of what I install is listed below.  Remember this template is general and will be used to make the SQL template (with the addition of SQL) or any other software.  So software that will be used by most users like – anti – malware, Acrobat Reader, maybe some helpdesk or troubleshooting tools should be installed..

  • Bginfo – see this for help.
  • Acrobat Reader – make sure to open it to accept the EULA and update if necessary.
  • Google Chrome
  • Autoruns – a great tool to make sure you know what starts with your server.
  • Process Explorer – a great tool for troubleshooting.
  • 7-Zip – from here more flexible than what is built in – for example can extract ISO.
  • Thanks to StuartM I now suggest installing the Sysmon utility which you can find here.  You may not want it running all of the time but you might.
  • Generally by now I am prompted to activate the Microsoft license.  I do let it activate.  If you don’t you may have some issues with sysprep.  You can see more about this in this article.

Note: For things like Chrome and Acrobat they will install fine since they have installers and they can be found on the Aero Desktop as you might expect.  For things like BgInfo and Autoruns which have no installer it is more complex.  Use the info in the BgInfo article to help.  Basically you will create a Utilities program group for them and install them manually.  This is an example of software that is harder to install via GPO since they have no MSI.

Ready to make it a template?

We are ready to make this virtual machine a template now.  If you have connected it to the domain previously, for reasons such as getting the GPO’s to help configure it you should remove it from the network now.

  • Enable the swap file.
    • Start Server Manager, select Local Server
    • Click on Workgroup, than select Advanced
    • Select Settings in Performance.
    • Now select Advanced and select Change in the Virtual Memory section.
    • You can select Automatically manage paging file size for all drives if that works for your organization.  I should mention that I like to have a separate drive and put the paging file on it.
  • If necessary remove this VM from the domain and restart.
  • I always like to check Windows Update before I finish and yes, today I did find a bunch of updates that I did no find earlier.  So I update and restart as necessary.
  • Disconnect the ISO and reset to Client Device.
  • Remove the backup copies of the patches – use this command – dism /online /cleanup-image /StartComponentCleanup /ResetBase
  • Make sure you are really ready to proceed!
  • We now need to manage the profile
    • We first install the Copy Profile tool – called DefProf.
    • We use it to copy my profile to the Default Profile – unzip, and execute defprof your_account_name and you are done.
    • When that is done we remove the tool,
    • And shut the VM down.
  • Once the VM is shut down we are ready to turn it into a template.
  • I generally now do an update in the Notes section to account for what I have done.

TagsNotes2

  • Now we use right+click on the VM, select All vCenter Actions and Convert to Template as seen below.

ConvertTemplate

  • Done.  We now have a Windows 2012 R2 template.

 Deploy from Template

I suspect everyone knows how to deploy from this new template but remember that any passwords put into the customization script should be done using the vSphere Client and not the vSphere Web Client.  I also suggest using the following commands in the Run Once part of the customization specification.

  • powercfg -h off
  • bcdedit /timeout 5

I have seen a lot of different things done via Run Once.  Scripts for example that install applications, or do inventory related tasks, so remember that and you can use it as you need.  Always test your deploy from template.  In particular make sure the joining the domain works.

Things to think about

  • I believe that if the User Profile Manager tool works for you that it should be purchased.
  • If you are doing a template that has a bunch of drive letters – like a SQL server, you will lose the order of those drive letters after you deploy.  It can be fixed – problem avoided – if you use the info in this article.  Thanks Michael for this!

Updating your Template

You should update your template approximately once every month or so.  This will allow you to catch any outstanding patches for the OS as well as application patches.  Just convert the template to virtual machine, turn it on, patch, than restart it, and convert it to template.  You may consider joining it to your domain to catch new GPO type stuff that may be sticky but remember to remove it from the domain before you turn it back into the template.

Links

I found useful information in a variety of places.  In particular at the links below.

  • How to build a Windows 2012 VMware Template – here
  • In-the-Lab: Windows Server 2008 R2 Template for VMware – here
  • Microsoft Windows Server 2012 Tips – here
  • Windows Server 2012 R2 Template on ESXi 5.5 vSphere – here
  • CopyProfile help from Microsoft – here
  • Microsoft EMET 5.0 tool – here

History

I plan on keeping this page updated with what I am using and what works well!  I will use this section to update you with what I updated when I do updates.

  • v2.4 – 1/4/15 – added some verbage and link to Michael Websters article on Dude Where’s my Drive Letters?
  • v2.4 – 11/5/14 – added link to Sysmon – thanks to Stuart for the suggestion.
  • v2.31 – 8/10/14 – added the link to the EMET tool.
  • v2.3 – 7/27/14 – added the command to remove the backup copies of Windows Update patches – thanks to Andreas for this.
  • v2.2 – 7/20/14 – miscellaneous grammar and spelling updates.
  • v2.1 – 7/18/14 – updated with DefProf instead of User Profile Manager 2.6.
  • v2.0 – 6/14/14 – updated with updated process and new tool (thanks to Chip for the idea on using the tool).
  • v1.3 – 5/26/14 – updated various areas to make it smoother and more clear.
  • v1.2 – 5/25/14 – don’t use the Update suggestions above.  Found some odd stuff when updating Win2K12 templates so I need to confirm things.
  • v1.2 – 5/18/14 – miscellaneous grammar and spelling plus some small clarification.
  • v1.1 – 5/18/14 – added info on process (thanks @vStorage) and info on BGInfo (thanks @seanpmassey).
  • v1.0 – 5/17/14 – first published.

As always, comments welcome and in fact appreciated!  Also, if you have suggestions on how to make this better let me know.

Michael