Things to have ready
- VMware Infrastructure – I am using a vCenter 6.0 U1(was 5.5) environment patched to current. I am also using the vSphere Web Client – and so should you – and so my screenshots reflect that client usage.
- Windows 7 ISO up in your infrastructure – and know where it is!
- PID – have the Windows license handy.
- Any software you like to have installed in a template – you will see below what I like to have and links to them
- You will need to use a utility to copy the profile that you can find here. This is important as Microsoft has been working since Win2K8 to make it difficult to copy a profile – this is important since a lot of our customization will be done as ourselves. We will want to copy that customization to the default user profile so other new users will get it.
- You should have the VMRC ready to use, as it is a much better experience then using the normal remote console. Find the bits here to install on your work machine, and you can read a little about it here.
Virtual Machine and Operating System
- Since this is going to end up as a desktop – likely in a VDI environment too – I like to have it as a 60 GB disk, and 1x vCPU, with 4 GB of memory. I sometimes will clone the template and set it up as a new template with different parameters – like more vCPU and memory and use it for a specific VDI pool – such as for admins. I do agree that 60 is big but it does make sense in my case – going to be admin type desktops.
- Create a new VM, and give it a good name. I will use win7TPL – remember there is a 15 character limit you should work within.
- You should change the network to vmxnet3 and attach the Win7 ISO.
- Once we have this virtual machine created, we need to make some changes before we power it on. So right+click on the VM and select Settings and change to VM Options.
- We need to Enable the next boot to enter BIOS setup, and we need to Disable logging. See below for what this should look like.
- Before we power up, I like to take care of tags and annotations.
- Now we can power up, and we boot to BIOS.
- Now change to Advanced, and than I/O Device Configuration.
- We want to disable the Serial, Parallel ports, and the Floppy controller.
- Now you can hit F10 to Save and Exit and you should boot right to the OS install. If it doesn’t then when that happens to me it is due to my forgetting to connect the ISO. You can change to the vSphere Web Client and connect the CD in the VM Settings area and by the time you return to the Console it should be installing.
- The first place the OS stops and waits for you is seen below.
- You can just hit Next to continue. BTW, I get to this screen by clicking on the Launch Console in the vSphere Web Client – on the VM Summary screen. I was not able to right click on the VM and launch console successfully (Client Integration Plug-in not installed is the likely reason). If you use the VMRC you will not have this issue.
- Just do a normal install to get things working.
OS Configuration – VMware Tools
- Has the VM restarted successfully and ready for log in? It does restart a few times during the OS install.
- You will be prompted when it is ready for human interaction.
- I do in fact license my templates as I keep them around for a long time.
- When you do the VMware Tools, you trigger it in the VM Summary in the vSphere Web Client. See the screenshot below.
- When you trigger the tool install you will see this message.
- When you Mount, normally you will see when you change back to the console the following screen.
- Remember that Tab is useful when the mouse sucks. And of course it really sucks right now – unless you are using the VMRC.
- After the tools are installed you should reboot. Now you don’t need to use Tab (thanks goodness) as the mouse works!
OS Configuration – Tweaks and Tuning
In this phase we tweak the OS and get it ready for a wide range of potential use. Meaning this is the template that is most general. It will be used to make other templates that are more specific – such as View desktop template. The changes below are the ones I make, and think useful but in this section you make the changes that work best for you and your organization.
- We need to log in again so we can start making changes. Yes, our mouse should work good now!
- I like to get the Date / Time right first. So first do the Time Zone. Start by clicking on the date in the bottom right corner of the screen. Select Change date and time settings, Change timezone, pick the right timezone, and then a couple of OKs and you will be done.
- I like to use the 24 Hour clock and if you want to do that too click on the Clock in the taskbar and select Change date and time settings, Change Date and Time, Change calendar settings, then select the Time tab.
- When we first started all of this you may have noticed that the time of the VM was way off. In fact it was in Zulu or Universal Time because the host time was when the VM started. But now with the right Timezone it should be the right time. If not, your ESXi host may have the wrong time.
- Now lets patch. Use Windows Update and after it has you restart check again. There will be really a lot of patches outstanding, and also restart and see if there is more patches outstanding. There was about 189 patches, and 13 optional ones to do. So took a while. BTW, keep an eye on it as I think that Security Essentials will require input and slow things down. In fact, since I was starting from a Win7 ISO and had so many updates Security Essentials had to be dealt with twice (note: I went through this on 2/9/16 and it was more then 1GB and 218 patches).
- I like to turn off the System Restore as patching seems to work pretty good and I have backups! So not using it saves disk space and makes some things – like patching faster. After you press Start, <right+click> on Computer and select Properties you will see the following screen.
- We start with System Protection. Then select Configure. Now you should see the screen below.
- Now we can turn off system protect, but we can also Delete what is already in use.
- While we are still on the properties screen, we can enable Remote Desktop support. Select Remote Settings on the properties screen – as seen above. You can now enable remote assistance and remote desktop as per your needs. In my case both on. You may be prompted about power savings, but ignore it for now as we will deal with it shortly.
- Still on the properties screen, we use Advanced System Settings now. We start with Performance.
- We want to adjust for best performance.
- After you select OK, we want to work in Startup and Recovery.
- I only make one change here and that is to display a list of operating systems for 5 seconds. But I know customers that make more changes in this area.
- Two OK buttons are what we do to get back out to the desktop.
- I will normally activate Windows now, as my template is kept for a long time and while only occasional on to be updated it will eventually cause me an issue if I don’t activate it now. This might save you from some odd sysprep errors during VM deployment from template.
- Now we need to adjust the power profile. Start in the Control Panel, then System and Security, and finally Power Options.
- There is a few things to do here. Start with the option Choose when to turn off the display.
- You can set to never both when to turn the monitor off, and when to put the computer to sleep.
- Now select Control Panel Home. Follow that by Appearance and Personalization.
- We want to turn off sounds, and the screen saver.
- First access Change sound effects and change the profile to No Sounds.
- Next access Change screen saver and make sure it is set to none.
- Now select Taskbar and Start Menu. Change to the Start menu tab. The power button default should be Log Off.
- In the left menu, select Network and Internet. Follow this by selecting next Network and Sharing center. In the left menu you will find change adapter settings. Now you will see the adapter. Here is mine.
- We want to remove some settings – like IPv6 and QoS so right click on the adapter and select Properties.
- We can select OK and exit back out to the desktop.
- Working from the Control Panel, select Programs. Follow that by selecting Turn Windows features on or off.
- Scroll through the list until you find Telnet Client, and select it.
- We should remove the backups that were caused by the 189 or more updates I did.
- We will use the Disk Cleanup tool. It is found in Start \ All Program \ Accessories \ System Tools.
- It is important to click on it and Run as Admin. If you forget to do this you will not see Windows Update Cleanup in it the list as you see below.
- It only shows 516 MB in use but it is still good to clean it up. Use the OK button to start the cleaning.
- After this we should empty the trash – likely is but be sure..
- We should disable the index on drive C:. Use Explorer to explore This PC and right+click on drive C: and select Properties. You will see at the bottom of the screen the option to disable indexing – it is Allow files on this drive to have contents indexed – deselect the box for it. You can enable indexing on your data drives like H: or whatever using GPO. There may be a few files that cannot be removed from the index – just ignore them.
- Now we should defragment the drive. This option is on the Tools tab.: and follow that by selecting the Optimize option. While you are here you should disable the weekly optimize option as it is not necessary.
Configuration – Installing Optional Software
We only install software here that we really need and is useful for most users. Some of what I install is listed below. Remember this template is general and will be used to make the View desktop template (with the addition of the View specific software) or any other software. So software that will be used by most users like – anti – malware, Acrobat Reader, maybe some helpdesk or troubleshooting tools should be installed.
- Bginfo – find it here and info on making it work here.
- Acrobat Reader – make sure to open it to accept the EULA and update if necessary.
- Google Chrome
- Autoruns – a great tool to make sure you know what starts with your OS.
- Process Explorer – a great tool for troubleshooting.
- 7-Zip – from here, more flexible than what is built in – for example can extract ISO.
- PowerCLI – from here – a very useful admin tool!
- Notepad++ – from here – nice editor for PowerCLI or other things.
- If this is a desktop that admins are going to use, it may be good to add Adobe Flash to it.
- Something that many would consider not optional is antivirus software. I would suggest you need to do a scan as one of the last actions too.
- The VMRC should be installed if you will manage VMs – from here.
- The RVTools are handy too for admins – from here.
- Plus, again if you are doing vSphere stuff you should get the CIP from vSphere 5.5 U3a (or later) as that works great for integrated log in.
Note: For things like Chrome and Acrobat they will install fine since they have installers and they can be seen or used by other users logging in as you might expect. For things like BgInfo and Autoruns which have no installer it is more complex. Basically you will create a Utilities program group for them and install them manually. This is an example of software that is harder to install via GPO since they have no MSI. For this and other reasons that is why we need to manage the profile – meaning to copy the profile I have been working under to the default user.
Note2: I also make a few other changes. I like to see file extensions, and I like to get rid of some of the extra cruft in the All Programs area. But to each his own.
Test Time – before
Is this desktop ready for the prime time? Some things to check would include:
- Does the Boot / Snapshot time look right on your wallpaper?
- Is there any errors when you log in using your admin account?
- Does your installed software all start?
- Does a restart cause anything odd to occur at log in or otherwise?
Ready to Make it a template?
We are ready to make this virtual machine a template now.
- If necessary remove this VM from the domain and restart.
- I always like to check Windows Update before I finish and yes, today I did find a bunch of updates that I did not find earlier. So I update and restart as necessary.
- Disconnect the ISO and reset to Client Device.
- Make sure you are really ready to proceed!
- We now need to manage the profile
- We first install the Copy Profile tool – called DefProf.
- We use it to copy my profile (with all the edits) to the Default Profile – so copy the tool to the local hard drive of the template, unzip, and execute defprof your_account_name and you are done – I have better succes when I am not not logged in as me – who did all the customization – when I run the tool. So I create and use an account that is admin equivilent and called temp. Log in as it and run the defprof command and delete the temp account.
- When that is done we remove the tool,
- And shut the VM down.
- Once the VM is shut down we are ready to turn it into a template.
- If you did install anti-virus or anti-malware software you may need to do something so that when a VM is deployed from this template and starts up it is going to get its own identity for management purposes and not be the same as the installed copy on the template.
- I generally now do an update in the Notes section to account for what I have done.
Plus, when the testing confirms both the template, and the customization spec are good, I will clone the template for View use.
Deploy from Template
I suspect everyone knows how to deploy from this new template but remember that any passwords put into the customization script should be done using the vSphere Client and not the vSphere Web Client (this is a bug and I am sure it will fixed. Any day now). I also suggest using the following commands in the Run Once part of the customization specification.
- powercfg -h off
- bcdedit /timeout 5
I have seen a lot of different things done via Run Once. Scripts for example that install applications, or do inventory related tasks, so remember that and you can use it as you need. Always test your deploy from template. In particular make sure the joining the domain works.
BTW, here is a very nice article about the customization specification. with good screenshots and lots of info.
Test Time – after
Now that we have deployed a VM from our template we need to make sure it all works. This is testing our VM but also the custom specification. Some things to check include:
- Did our VM join the domain? This is most important.
- Can we RDP to the newly deployed VM successfully?
- Does a restart cause anything odd to occur at log in or otherwise?
Things to think about
- I like to create a customization spec before I deploy from template and that normally is just a copy and paste on an old one and small update for things like the IP address.
Here is some miscellaneous things to think about if you have troubles. The most common one is when you deploy a VM from the template it doesn’t join the domain.
- Check out this article of mine for ideas.
- Did you remove the VM from domain before you turned it into the template?
- Did you confirm that the account credentials in the spec to join the domain work?
- Did you enter the passwords – both administrator account and the domain add account – using the vSphere Client. This was a bug once where entering the password via the vSphere Web Client would not work properly and I find myself a little skeptical that it was fixed.
- Accounts should be in the format of email@example.com and not mwhite.
- Check the logs in c:\windows\temp\vmware-imc.
- Use this article to find the log location for sysprep (Win7 SP1).
Updating your Template
You should update your template approximately once every month or so. This will allow you to catch any outstanding patches for the OS as well as application patches. Just convert the template to virtual machine, turn it on, patch, than restart it, and convert it to template. You may consider joining it to your domain to catch new GPO type stuff that may be sticky but remember to remove it from the domain before you turn it back into the template.
Here are the links that may be helpful or useful somehow. They contributed to this article or may be helpful.
- Diskclean Windows Update backups – but it forgot to mention to run as Admin.
- My Windows 2012 template article was helpful too!
- Bad PID causes Win2K8 to reboot continuously during deployment
I plan on keeping this page updated with what I am using and what works well! I will use this section to update you with what I updated when I do updates.
- 4/14/17 – added the link for the custom specification article.
- 3/9/16 – added the troubleshooting section.
- 2/10/16 – updated with VMRC info, miscellaneous updates, and vSphere 6. Plus ran through it again to make sure it works. Also removed the BGInfo section as we have this article to take care of that.
- 11/29/15 – added the comment about VMRC and CIP.
- 5/2/15 – Updated and released.
- 4/30/15 – original work
Thanks for checking out my article – I hope it helps. I will keep this article current and that means updates so revisit if you use it for help. Questions and comments are always welcome.
=== END ===