Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The procedure described here is for Windows Vista onwards. However, different versions versions of Windows add and remove obsolete options; if in doubt, see the official documentation from Microsoft.

Sysprep

Sysprep is a utility (included with the OS) that allows us to generalize a Windows system: erase all configuration information that makes that machine unique, to regenerate it on the next reboot. It is very useful for creating clones of a particular system image, as flexVDI does when creating clones with a desktop policy. The idea is to run sysprep, turn off the machine, turn it into a template and create clones that will be configured in their first boot. This configuration can be automated with an answer file.

You can find more information about sysprep on the following links:

Preparing a Windows Template with Sysprep

The correct way to create a Windows guest to serve as a template is to enter audit mode during the installation of Windows . Thus any local user will be created, other than the administrator. In audit mode, you can configure the template installing any programs you want. Once finished, you must run sysprep . This tool will shut down the guest at the end, so we must keep it in RunOnce mode.

Attention

 

Sysprep can only run a limited number of times on the same system. To avoid this problem, once you finished configuring the template, create a copy on which to execute sysprep. Thus, if you need to make changes to the template, they can be made in the original and repeat the procedure as often as necessary.

When you run sysprep us the following window:

For the task at hand, we must select "Start Box Experience (OOBE) system", "generalize" and "Off". Pressing "OK", the process of generalization is made, then the guest will turn off. From here we can turn it into a template.

New from Windows 8 / Windows Server 2012

 

From Windows 8 / Windows Server 2012, the sysprep command supports a new option mode , only the command line. By passing the "choice /mode:vm " hardware information, so that subsequent start - ups are noticeably faster is not deleted. However, all clones must run on a machine with the same hardware profile. The complete command line would be:
> sysprep.exe /generalize /oobe /shutdown /mode:vm

Answer File

When we have prepared a template with sysprep, an answer file is used to automate the initial configuration at the next boot. That file is searched in a series of predefined paths. In particular, one of which is " A:\unattend.xml " ( APB No. 4 ). For that reason, desktop policies have a field to set up a file /flexvdi/local as answer file. If this file exists, the host agent insert it into the floppy disk each volatile clone named "unattend.xml", so that can be used to automatically configure the clones. In addition, you can use the following three variables within the file, which will replace the host agent before inserting it into the floppy disk, with specific values for each volatile:

  • WINDOWSDOMAIN is replaced by the domain specified in the policy Windows desktop.
  • COMPUTER is replaced by the name volatile. This name is generated in one of two ways:
    • vxxxxxxxx, where x represents the number of volatile (the guest name suffix that appears in the session table VDI).
    • An arbitrary name assigned in the LDAP attribute that defines the possible policies a user's desktop in the form "computer = xxxxx" as if it were a political more.
  • VDIUSER is replaced by:
    • uxxxxxxx, if the volatile has been prewritten desk, where x represent the number of volatile.
    • The name of the user who has been authenticated in flexVDI if the desktop has been created as a result of that request.

The format of this file is XML. Describes the actions and values to be applied in the different phases Windows Installer during startup. Its format is similar to the following:

unattend.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="...">
        <component name="..." processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http:/
            ...
        </component>
        ...
    </settings>
    ...
    <cpi:offlineImage cpi:source="..." xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

 

The tag settings includes a set of components that will be applied during a certain phase of the installer, specified with the attribute pass .

The tag component specifies a component installer, and properties will be assigned automatically. The atrbuto processorArchitecture indicates which architecture this section applies, the remaining attributes is fixed. You can duplicate each tag component , each with a different architecture (x86 or amd64) for use in any case.

The tag cpi:offlineImage refers to the location of the base image on which the response file applies. It only makes sense during the process of creating the file.

Creating a response file

The recommended procedure to create answer files is to use Windows System Image Manager . The alternative is to write the file by hand and then optionally validate with WSIM . When you open WSIM see the following:

To create an answer file, it is necessary from a Windows image. We can simply take the picture \ sources \ install.wim that comes in a Windows installation ISO. When you open the image, WSIM create a catalog file first if not exist. To do this, the image must have permission to read and write, so we copy the ISO to the hard drive and will remove the read - only flag. Once you open the image and created the catalog, create the initially empty answer file. Then you just have to go dragging the components of the image to the corresponding section in the answer file, and configure them. See reference Unattended Windows to understand what each component. Examples for the most common situations occur.

Basic configuration

To set the language, the name of the machine and local users, add the following components:

  • Microsoft-Windows-International-Core to the oobeSystem section. The "InputLocale", "SystemLocale", "UserLocale" and "UILanguage" properties must be set to "en-US"
  • If you do not want to have any local user, Microsoft-Windows-Deployment to specialize section, adding a RunSynchronousCommand with the following properties:
    • Path = reg add HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Setup \ OOBE / v UnattendCreatedUser / t REG_DWORD / d 1 / f
    • Order = 1
  • Microsoft-Windows-Shell-Setup in the specialize section with the following properties:
    • ComputerName = COMPUTER
    • TimeZone = Romance Standard Time
    • CopyProfile = true. It will overwrite the profile in \ Users \ Default User with the current user.
    • ShowWindowsLive = false. Do not show a link to Windows Live in the start menu.
    • ProductKey = product key to activate Windows.
  • Microsoft-Windows-Shell-Setup in the oobeSystem section with the following properties:
    • OOBE, to hide configuration pages to start first, with the following properties:
      • HideEULAPage = true
      • NetworkLocation = Work
      • ProtectYourPC = 2 (see reference for possible values)
    • UserAccounts, with the following properties:
      • AdministratorPassword / Value = administrator password. However, by default, the administrator account is disabled.
      • LocalAccounts, one for each local user you want to add. If only domain users will be used, can not be added none.
    • RegisteredOwner RegisteredOrganization and, optionally, with their corresponding values.

Licensing volatile desktops

 

Volume licensing should be used KMS a similar method to decrease the number of licenses used to destroy a clone for volatile desks, or. MAK licenses are not supported.

It is likely that the boot process requests a product key if it is not provided in the response file. To prevent this from happening, you can use a key file \sources\product.ini is in the Windows installation media. As a result, the boot process will not request the key, but Windows is not active.

Example of basic configuration   Expand source

Add computer to a domain

To add the volatile desktop to the domain specified in politics desktop, add the following components:

  • Microsoft-Windows-UnattendedJoin in the specialize section with the following properties:
    • Identification / JoinDomain = WINDOWSDOMAIN
    • Identification / Credentials with user credentials with permission to add machines to the domain.

Example Component   Expand source

Unattend.xml delete cached files

Answer files are cached in C:\Windows\Panther . This is a security problem because they contain credentials that users should not be able to see. Therefore, it is best to delete files A:\unattend.xml and C:\Windows\Panther\unattend.xml . For that, the most common option is to create a batch command in the template called C:\Windows\Setup\Scripts\SetupComplete.cmd with the following contents:

 del /Q /F a:\unattend.xml del /Q /F c:\windows\panther\unattend.xml 

This command will be executed at the end of the preparation of the volatile guest, obliterating the two answer files.

More information

You can find more information about response files in the following links:

  •  
  • No labels