Posts Tagged ‘pass [specialize]’

h1

In-the-Lab: Windows Server 2008 R2 Template for VMware

September 30, 2010

As it turns out, the reasonably simple act of cloning a Windows Server 2008 R2 (insert addition here) has been complicated by the number of editions, changes from 2008 release through 2008 R2 as well as user profile management changes since its release. If you’re like me, you like to tweak your templates to limit customization steps in post-deployment. While most of these customizations can now be setup in group policies from AD, the deployment of non-AD members has become a lot more difficult – especially where custom defaults are needed or required.

Here’s my quick recipe to build a custom image of Windows Server 2008 R2 that has been tested with Standard, Enterprise and Foundation editions.

Create VM, use VMXNET3 as NIC(s), 40GB “thin” disk, using 2008 R2 Wizard

This is a somewhat “mix to taste” step. We use ISO images and encourage their use. The size of the OS volume will end-up being somewhere around 8GB of actual space-on-disk after this step, making 40GB sound like overkill. However, the OS volume will bloat-up to 18-20GB pretty quick after updates, roles and feature additions. Adding application(s) will quickly chew-up the rest.

  • Edit Settings… ->
    • Options -> Advanced -> General -> Uncheck “Enable logging”
    • Hardware -> CD/DVD Drive 1 ->
      • Click “Datastore ISO File”
        • Browse to Windows 2008 R2 ISO image
      • Check “Connect at power on”
    • Options -> Advanced -> Boot Options -> Force BIOS Setup
      • Check “The next time the virtual machine boots, force entry into the BIOS setup screen”
  • Power on VM
  • Install Windows Server 2008 R2

Use Custom VMware Tools installation to disable “Shared Folders” feature:

It is important that VMware Tools be installed next, if for no other reason than to make the rest of the process quicker and easier. The additional step of disabling “Shared Folders” is for ESX/vSphere environments where shared folders are not supported. Since this option is installed by default, it can/should be removed in vSphere installations.

  • VM -> Guest -> Install VMware Tools ->
    • Custom -> VMware Device Drivers -> Disable “Shared Folder” feature
  • Retstart

Complete Initial Configuration Tasks:

Once the initial installation is complete, we need to complete the 2008 R2 basic configuration. If you are working in an AD environment, this is not the time to join the template to the domain as GPO conflicts may hinder manual template defaults. We’ve chosen a minimal package installation based on our typical deployment profile. Some features/roles may differ in your organization’s template (mix to taste).

  • Set time zone -> Date and Time ->
    • Internet Time -> Change Settings… -> Set to local time source
    • Date and Time -> Change time zone… -> Set to local time zone
  • Provide computer name and domain -> Computer name ->
    • Enterprise Edition: W2K8R2ENT-TMPL
    • Standard Edition: W2K8R2STD-TMPL
    • Foundation Edition: W2K8R2FND-TMPL
    • Note: Don’t join to a domain just yet…
  • Restart Later
  • Configure Networking
    • Disable QoS Packet Scheduler
  • Enable automatic updating and feedback
    • Manually configure settings
      • Windows automatic updating -> Change Setting… ->
        • Important updates -> “check for updates but let me choose whether to download and install them”
        • Recommended updates -> Check “Give me recommended updates the same way I receive important updates”
        • Who can install updates -> Uncheck “Allow all users to install updates on this computer”
      • Windows Error Reporting -> Change Setting… ->
        • Select “I don’t want to participate, and don’t ask me again”
      • Customer Experience Improvement Program -> Change Setting… ->
        • Select “No, I don’t want to participate”
  • Download and install updates
    • Bring to current (may require several reboots)
  • Add features (to taste)
    • .NET Framwork 3.5.1 Feautures
      • Check WCF Activation, Non-HTTP Activation
        • Pop-up: Click “Add Required Features”
    • SNMP Services
    • Telnet Client
    • TFTP Client
    • Windows PowerShell Integrated Scripting Environment (ISE)
  • Check for updates after new features
    • Install available updates
  • Enable Remote Desktop
    • System Properties -> Remote
      • Windows 2003 AD
        • Select “Allow connection sfrom computers running any version of Remote Desktop”
      • Windows 2008 AD (optional)
        • Select “Allow connections only from computers runnign Remote Desktop with Network Level Authentication”
  • Windows Firewall
    • Turn Windows Firewall on of off
      • Home or work location settings
        • Turn off Windows Firewall
      • Public network location settings
        • Turn off Windows Firewall
  • Complete Initial Configuration Tasks
    • Check “Do not show this window at logon” and close

Modify and Silence Server Manager

(Optional) Parts of this step may violate your local security policies, however, it’s more than likely that a GPO will ultimately override this configuration. We find it useful to have this disabled for “general purpose” templates – especially in a testing/lab environment where the security measures will be defeated as a matter of practice.

  • Security Information -> Configure IE ESC
    • Select Administrators Off
    • Select Users Off
  • Select “Do not show me this console at logon” and close

Modify Taskbar Properties

Making the taskbar usable for your organization is another matter of taste. We like smaller icons and maximizing desktop utility. We also hate being nagged by the notification area…

  • Right-click Taskbar -> Taskbar and Start Menu Properties ->
    • Taskbar -> Check “Use small icons”
    • Taskbar -> Customize… ->
      • Set all icons to “Only show notifications”
      • Click “Turn system icons on or off”
        • Turn off “Volume”
    • Start Menu -> Customize…
      • Uncheck “Use large icons”

Modify default settings in Control Panel

Some Control Panel changes will help “optimize” the performance of the VM by disabling unnecessary features like screen saver and power management. We like to see our corporate logo on server desktops (regardless of performance implications) so now’s the time to make that change as well.

  • Control Panel -> Power Options -> High Performance
    • Change plan settings -> Turn off the display -> Never
  • Control Panel -> Sound ->
    • Pop-up: “Would you like to enable the Windows Audio Service?” – No
    • Sound -> Sounds -> Sound Scheme: No Sounds
    • Uncheck “Play Windows Startup sound”
  • Control Panel -> VMware Tools -> Uncheck “Show VMware Tools in the taskbar”
  • Control Panel -> Display -> Change screen saver -> Screen Saver -> Blank, Wait 10 minutes
  • Change default desktop image (optional)
    • Copy your desktop logo background to a public folder (i.e. “c:\Users\Public\Public Pictures”)
    • Control Panel -> Display -> Change desktop background -> Browse…
    • Find picture in browser, Picture position stretch

Disable Swap File

Disabling swap will allow the defragment step to be more efficient and will disable VMware’s advanced memory management functions. This is only temporary and we’ll be enabling swap right before committing the VM to template.

  • Computer Properties -> Visual Effects -> Adjust for best performance
  • Computer Properties -> Advanced System Settings ->
    • System Properties -> Advanced -> Performance -> Settings… ->
    • Performance Options -> Advanced -> Change…
      • Uncheck “Automatically manage paging file size for all drives”
      • Select “No paging file”
      • Click “Set” to disable swap file

Remove hibernation file and set boot timeout

It has been pointed out that the hibernation and timeout settings will get re-enabled by the sysprep operation. Removing the hibernation files will help in defragment now. We’ll reinforce these steps in the customization wizard later.

  • cmd: powercfg -h off
  • cmd: bcdedit /timeout 5

Disable indexing on C:

Indexing the OS disk can suck performance and increase disk I/O unnecessarily. Chances are, this template (when cloned) will be heavily cached on your disk array so indexing in the OS will not likely benefit the template. We prefer to disable this feature as a matter of practice.

  • C: -> Properties -> General ->
    • Uncheck “Allow files on this drive to have contents indexed in addition to file properties”
    • Apply -> Apply changes to C:\ only (or files and folders, to taste)

Housekeeping

Time to clean-up and prepare for a streamlined template. The first step is intended to aid the copying of “administrator defaults” to “user defaults.” If this does not apply, just defragment.

Remove “Default” user settings:

  • C:\Users -> Folder Options -> View -> Show hidden files…
  • C:\Users\Default -> Delete “NTUser.*” Delete “Music, Pictures, Saved Games, Videos”

Defragment

  • C: -> Properties -> Tools -> Defragment Now…
    • Select “(C:)”
    • Click “Defragment disk”

Copy Administrator settings to “Default” user

The “formal” way of handling this step requires a third-party utility. We’re giving credit to Jason Samuel for consolidating other bloggers methods because he was the first to point out the importance of the “unattend.xml” file and it really saved us some time. His blog post also includes a link to an example “unattend.xml” file that can be modified for your specific use, as we have.

  • Jason Samuel points out a way to “easily” copy Administrator settings to defaults, by activating the CopyProfile node in an “unattend.xml” file used by sysprep.
  • Copy your “unattend.xml” file to C:\windows\system32\sysprep
  • Edit unattend.xml for environment and R2 version
    • Update offline image pointer to correspond to your virtual CD
      • E.g. wim:d:… -> wim:f:…
    • Update OS offline image source pointer, valid sources are:
      • Windows Server 2008 R2 SERVERDATACENTER
      • Windows Server 2008 R2 SERVERDATACENTERCORE
      • Windows Server 2008 R2 SERVERENTERPRISE
      • Windows Server 2008 R2 SERVERENTERPRISECORE
      • Windows Server 2008 R2 SERVERSTANDARD
      • Windows Server 2008 R2 SERVERSTANDARDCORE
      • Windows Server 2008 R2 SERVERWEB
      • Windows Server 2008 R2 SERVERWEBCORE
      • Windows Server 2008 R2 SERVERWINFOUNDATION
    • Any additional changes necessary
  • NOTE: now would be a good time to snapshot/backup the VM
  • cmd: cd \windows\system32\sysprep
  • cmd: sysprep /generalize /oobe /reboot /unattend:unattend.xml
    • Check “Generalize”
    • Shutdown Options -> Reboot
  • Login
  • Skip Activation
  • Administrator defaults are now system defaults
  • Reset Template Name
    • Computer Properties -> Advanced System Settings -> Computer name -> Change…
      • Enterprise Edition: W2K8R2ENT-TMPL
      • Standard Edition: W2K8R2STD-TMPL
      • Foundation Edition: W2K8R2FND-TMPL
    • If this will be an AD member clone, join template to the domain now
    • Restart
  • Enable Swap files
    • Computer Properties -> Advanced System Settings ->
      • System Properties -> Advanced -> Performance -> Settings… ->
      • Performance Options -> Advanced -> Change…
        • Check “Automatically manage paging file size for all drives”
  • Release IP
    • cmd: ipconfig /release
  • Shutdown
  • Convert VM to template

Convert VM Template to Clone

Use the VMware Customization Wizard to create a re-usable script for cloning the template. Now’s a good time to test that your template will create a usable clone. If it fails, go check the “red letter” items and make sure your setup is correct. The following hints will help improve your results.

  • Remove hibernation related files and reset boot delay to 5 seconds in Customization Wizard
  • Remember that the ISO is still mounted by default. Once VM’s are deployed from the template, it should be removed after the customization process is complete and additional roles/features are added.

That’s the process we have working at SOLORI. It’s not rocket science, but if you miss an important step you’re likely to be visited by an error in “pass [specialize]“ that will have you starting over. Note: this also happens when your AD credentials are bad, your license key is incorrect (version/edition mismatch, typo, etc.) or other nondescript issues – too bad the error code is unhelpful…

Follow

Get every new post delivered to your Inbox.

Join 49 other followers