The procedure described here is for Windows Vista onwards. However, different versions versions of Windows add and remove obsolete options; if in doubt, see the official documentation from Microsoft.
Automatically configuring and activating Windows desktops is specially useful when using volatile desktops: installations that are created, configured, used for a short time (from some minutes to a few days), and then deleted, to make room for creating fresh desktops. So in this this page we will refer to the Guests as volatiles, although this method can be used for long-life Guest machines.
Sysprep
Sysprep is a utility (included with the OS) that allows us to generalize a Windows system: erase all configuration information that makes that machine unique, to regenerate it on the next reboot. It is very useful for creating clones of a particular system image, as flexVDI does when creating clones with a desktop policy. The idea is to run sysprep, turn off the machine, turn it into a template and create clones that will be configured in their first boot. This configuration can be automated with an answer file.
You can find more information about sysprep on the following links:
Preparing a Windows Template with Sysprep
The correct right way to create a Windows guest Guest to serve as a template is to enter audit mode during the installation of Windows . Thus any no local user will be created, other than the administrator. In audit mode, you can configure the template installing any programs you want. Once finished, you must run sysprep . This tool will shut down the guest at the end, so we must keep it in RunOnce mode.
| Info |
|---|
There is no limit to the number of times sysprep can be run on a system. But after executing it, Windows will need to be activated again, which can be done up to three times on a given Windows installation, or Windows will stop letting users to log in the system after 30 days. To avoid this problem, |
after configuring the template, create a copy |
where you will execute sysprep. Thus, if you need to make changes to the template, |
you can make them on the original (which has not gone through the generalization/activation cycle) and repeat the procedure on new copies as often as necessary. |
When you run sysprep us the following window:
For the task at hand, we must will select "Start Enter System Out-of-Box Experience (OOBE) system", "generalize" and "OffShutdown". Pressing "OK", the process of generalization is made, then the guest will turn off. From here we can turn it into a template.
| Info | ||
|---|---|---|
|
From Windows 8 / Windows Server 2012, the sysprep command supports a new option |
|
boot are noticeably faster |
. However, all clones must run on |
machines with the same hardware profile. The complete command line would be: |
Answer File
When we have prepared a template with sysprep, we can use an answer file is used to automate the initial configuration at the next boot. That file is searched in a series of predefined paths. In particular, one of which is " A:\unattend.xml " ( APB Implicit Answer File Search Order No. 4). For that reason, desktop policies have a field to set up a file /flexvdi/local as answer file. If this file exists, the host agent insert flexVDI Host Agent will copy it into the a floppy disk in each volatile clone named , renamed to "unattend.xml", so that it can be used to automatically configure the clones. In addition, you can use the following three variables within the file, which will replace the host be replaced by flexVDI Host agent before inserting it into the floppy disk, with specific values for each volatile:
- WINDOWSDOMAIN is replaced by the domain specified in the policy Windows desktop.
- COMPUTER is replaced by the name of the volatile. This name is generated in one of two ways:
- vxxxxxxxx, where x represents the number of volatile (the guest name suffix that appears in the session table VDI).
- An arbitrary name assigned in the LDAP attribute that defines the possible policies a user's desktop in the form "computer = xxxxx" as if it were a political more.
- VDIUSER is replaced by:
- uxxxxxxx, if the volatile has been prewritten deskprecreated (done when the field "Precreated desktops" in the Desktop Policy is greater than 0), where x represent is the number of volatile. Precreation makes the specialization and activation of the desktop happen before the user logs in.
- The name of the user who has been authenticated in flexVDI if the desktop has been created as a result of that request.
- uxxxxxxx, if the volatile has been prewritten deskprecreated (done when the field "Precreated desktops" in the Desktop Policy is greater than 0), where x represent is the number of volatile. Precreation makes the specialization and activation of the desktop happen before the user logs in.
The format of this file is XML. Describes It describes the actions and values to be applied in the different phases Windows Installerconfiguration passes during startup. Its format is similar to the following:
...
The tag component specifies a component of the installer, and the properties that it will be automatically assigned automatically. The atrbuto The processorArchitecture attribute indicates to which architecture is applied this section applies, the . The remaining attributes is are fixed. You can duplicate each component tag component , each with using a different architecture (x86 or amd64) for use in any casein each one, to be used always.
The tag cpi:offlineImage refers to the location of the base image on which where the response file appliesis applied. It only makes sense during the process creation of creating the file.
Creating a response file
The recommended procedure to create best practices for authoring answer files is to use Windows System Image Manager. The alternative is to write the file by hand and then optionally validate with WSIM. When you open WSIM see the following:
To create an answer file, it is necessary to start from a Windows image. We can simply take the picture file \sources\install.wim that comes in a Windows installation ISO. When you open opening the image, WSIM create a catalog file first, if it does not exist. To do this, the image must have permission to read and write permission, so we have to copy the content of the ISO to the hard drive and will remove the read-only flag. Once you open the image and created create the catalog, we will create the an initially empty answer file. Then you just have to go dragging drag the components of the image to the corresponding section in the answer file, and configure them. See reference Unattended Windows Setup Reference to understand what the usage of each component. Examples
Some examples for the most common situations occur.:
Basic configuration
To set the language, the name of the machine and local users, add the following components:
- Microsoft-Windows-International-Core to the oobeSystem section. The "InputLocale", "SystemLocale", "UserLocale" and "UILanguage" properties must be set to "en-US"
- If you do not want to have any local user, Microsoft-Windows-Deployment to specialize section, adding a RunSynchronousCommand with the following properties:
- Path = reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f
- Order = 1
- Microsoft-Windows-Shell-Setup in the specialize section with the following properties:
- ComputerName = COMPUTER
- TimeZone = Romance (valid zones can be listed with "tzutil /l") for instance "Pacific Standard Time"
- CopyProfile = true. It will overwrite the profile in "\Users\Default User" with the current user.
- ShowWindowsLive = false. Do not show a link to Windows Live in the start menu.
- ProductKey = product key to activate Windows.
- Microsoft-Windows-Shell-Setup in the oobeSystem section with the following properties:
- OOBE, to hide configuration pages to start first, with the following properties:
- HideEULAPage = true
- NetworkLocation = Work
- ProtectYourPC = 2 (see reference for possible values)
- UserAccounts, with the following properties:
- AdministratorPassword/Value = administrator password. However, by default, the administrator account is disabled.
- LocalAccounts, one for each local user you want to add. If only domain users will be used, can not be added noneadd no user.
- RegisteredOwner and RegisteredOrganization and, optionally, with their corresponding values.
- OOBE, to hide configuration pages to start first, with the following properties:
| Info | ||
|---|---|---|
|
Volume licensing should be used KMS a similar method to decrease the number of licenses used to destroy a clone for volatile desks, or. MAK licenses are not supported. |
It is likely that the boot process will requests a product key if it is not provided in the response file. To prevent this from happening, you can use a key in file \sources\product.ini which is in the Windows installation media. As a result, the boot process will not request the key, but Windows is will not active. Example of basic configuration be activated.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>COMPUTER</ComputerName>
<TimeZone>Pacific Standard Time</TimeZone>
<CopyProfile>true</CopyProfile>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
<Description>Disable create user account</Description>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>2</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>awBpAG8AcwBrAG8ALgAxADIAMwBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAFAAYQBzAHMAdwBvAHIAZAA=</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
</UserAccounts>
<RegisteredOrganization>flexVDI</RegisteredOrganization>
<RegisteredOwner>flexVDI</RegisteredOwner>
</component>
</settings>
<cpi:offlineImage cpi:source="catalog:d:/sources/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend> |
Add computer to a domain
To add the volatile desktop to the domain specified in politics desktop policy, add the following components:
- Microsoft-Windows-UnattendedJoin in the specialize section with the following properties:
- Identification/JoinDomain = WINDOWSDOMAIN
- Identification/Credentials with user credentials with permission to add machines to the domain.
| Code Block | |||
|---|---|---|---|
|
Example Component
...
| |||
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>WINDOWSDOMAIN</Domain>
<Password>Foobarz1!</Password>
<Username>Administrator</Username>
</Credentials>
<JoinDomain>WINDOWSDOMAIN</JoinDomain>
</Identification>
</component> |
Delete Unattend.xml cached files
Answer files are cached in C:\Windows\Panther . This is a security problem because they contain credentials that users should not be able to see. Therefore, it is best to delete files A:\unattend.xml and C:\Windows\Panther\unattend.xml. For that, the The most common option is to create a batch command in the template called C:\Windows\Setup\Scripts\SetupComplete.cmd with the following contentscontent:
del /Q /F a:\unattend.xml
del /Q /F c:\windows\panther\unattend.xml This command will be executed at the end of the preparation of the volatile guest, obliterating removing the two answer files.
More information
You can find more information about response files in the following links:
- Windows Setup Technical Reference Windows Setup
- Settings for automating OOBE
- Automating the Automate Windows Setup
- Introduction to automation Windows Setup
...