My Learnings on Sysprep, Answerfile and Mass Deployment -Post01

I started with a aim to find a information on how to mass deploy windows 2012R2 on AHV and end up learning whole lot of things. I want to know how can we clone VMs in AHV i.e. Acropolis Hypervisor. Well there are multiple ways of it. I want to talk about the one which is relevant to AHV. I will explore the other options via this series of posts.

Goal

Create OSE (operating system environment) based on windows 2012 R2 with following features

  1. Automatic partition of windows OS
  2. Automatic selection Windows 2012 R2 Standard Edition
  3. Automatic addition of Windows Server to domain
  4. Automatic creation of one local user id with admin priviliges
  5. Automatic enabling Remote desktop
  6. Automatic configuration of time zone
  7. Automatic disabling of Enchanced I.E. security features for Administrators
  8. Automatic disabling Welcome to Server Managed at logon
  9. Automatic configuration of powershell to executionmode=remotesigned
  10. Automatic installation of RSAT tools and Telnet client

List doesn’t end here

In order achieve it, you must know how to create an answer file. Answer file creation process is explained in all over places. But I didn’t found a simple post about it. First and foremost you need a Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update. It is here. Download and install it. Installation file is just under 1.5 MB. Install it and it will further ask you following question.

2016-04-06_19-41-26

Select appropriate choice of yours. I choose to install on same PC, so I left the default selection and press Next, Next and selected only deployment tools.

2016-04-06_19-44-40

Post installation, you need a take a trouble to find where is Windows System Image Manager. I prefer you create a shortcut on taskbar. Now you need the ISO. You can’t use evaluation version, you must have a ISO which is licensed. You can either mount the ISO or extract the ISO. I would prefer to extract. Create a directory of your choice. Mine is workingdir as shown below. After ISO is extracted go to the path shown below. 

2016-04-06_20-50-58

Copy install.wim into WorkingDir folder. Open Windows System Image Manager, open install.wim file by going to Windows Image, right click

2016-04-06_20-55-28

You will get a prompt as shown below, select the Edition of operation system.

2016-04-06_20-57-51

It is will prompt to create catalog. Just say “yes”. It will take ample time to create catalog.

2016-04-06_20-59-55

Now to create new answer file, click as shown below

2016-04-06_21-06-07

To complete answer file you need add various components shown above. This is very meat of entire post. Loads of options are available, which one to choose and what to fill is very important.let’s First add Microsoft-Windows-International-Core-WinPE this is basically going to automate default language, locale, and other international settings.

2016-04-06_21-16-33

After you add it to pass 1, fill in the details. If you are getting lost, just use Help, it is excellent source of information.

 

Then add Microsoft-Windows-Setup component it contains settings that enable you to select the Windows image that you install, configure the disk that you install Windows to, and configure the Windows PE operating system. Now this has lots of stuff. Let’s start from top to bottom. There is nothing in DiskConfiguration to configure other than shown below

2016-04-06_22-02-47

Right click on DiskConfiguration and Insert New Disk. For Disk0 we will wipe it as configured below.

2016-04-06_22-03-12

After disk is wiped, you need to create and define partition. All our SOE will have 80 GB drive just for installing Guest OS and basic softwares e.g. AV, monitoring agents, VMware Tools and etc. No applications.  We will create two partitions, one for system and other for windows.

2016-04-06_22-04-08

System partition will be 350 MB in size and has to be non-extending.

2016-04-06_22-04-37

similarly windows partition will be set to extending true and will be second partition

2016-04-06_22-16-00

If you are installing Windows to a blank hard disk, you must use the CreatePartitions and ModifyPartitions settings to create and format partitions on the disk

2016-04-06_22-19-46

Make partition1 active and it will be label as System. Order 1 suggest it will be first created

2016-04-06_22-24-22

Now Partition2 where OS will be installed will be label Windows and will be assigned Drive C:\

2016-04-06_22-48-10


 

Now lets move to ImageInstall, ImageInstall specifies the Windows image to install and the location to which the image is to be installed. InstallFrom doesn’t applies in ISO installation, so skip it. You must specify either the InstallTo or the InstallToAvailablePartition settings (shown below)

2016-04-06_23-18-25

2016-04-06_23-04-35

 

2016-04-06_23-04-53

However we need to specific installation path for Image and therefore we need to add MetaData

2016-04-06_23-05-18

Finally you must  specific InstallTo e.g. Disk0 and Partition2, it where you will install Operating System

2016-04-06_23-19-17

Task 1, 2 are achieved

UserData

In this screen, we will add EULA and skip product key as I don’t have valid product key. You can use license keys mentioned here.

2016-04-06_23-23-20

 

I’m skipping name of the computer.  As I don’t believe putting computer name in answer file is a recipe for mass deployment. I will explore this option in future post.

4 Specialize

Add Microsoft-Windows-Shell-Setup to specialize Pass.

we need to add same key again in 7 oobe System but options are completely different which you will observed

2016-04-07_19-29-24

Enter Name of the organization, Registered Owner and Time zone as shown above. Task 6 is achieved

Add Microsoft-Windows-IE-ESC in Pass 4 and enter False of IEHardenAdmin and True(which is default) for IEHardenUser. Task:07 is achieved

2016-04-07_19-43-35

Add Microsoft-Windows-ServerManager-SvrMgrNc in Pass 4 and enter True for DoNotOpenServerManagerAtLogon. Task:08 is achieved

2016-04-07_19-46-22

Add Microsoft-Windows-UnattendedJoin in Pass 4 and edit JoinDomain name shown below. Next add Identification specifies credentials to join a domain. Task3 is achieved.

2016-04-07_19-59-20

Use either Provisioning or Credentials to join an account to the domain.

2016-04-07_20-51-05

Add Microsoft-Windows-TerminalServices-LocalSessionManager in Pass 4 and edit False for fDenyTSConnections to remote desktop and below to open firewall port. Task 5 is achieved.

2016-04-07_19-47-26

Add Networking-MPSSVC-Svc in Pass 4 to add remote desktop group. You must add firewall group as shown below. You must insert firewall group to enable or disable firewall for. To achieve Task 5

2016-04-07_20-54-40

2016-04-07_20-53-58

Now let’s provide IP Address to VM, I don’t believe IP Address should be part of unattend.xml. It is the property which changes per VM and it should be dynamic. I have a post reserved for it. It will be coming soon. For sake of this post let’s complete the parameters. Drag wow64_Microsoft-Windows-TCPIP component into Answer file shown below.

2016-04-10_20-31-27

In the interface tab, right click and create Insert New Interface.

2016-04-10_20-29-16

In the Interface type Identifier. This identifier is “Ethernet” you can’t say Local Area Connection here. It has to be Ethernet.

2016-04-10_20-35-02

Below in Ipv4Settings, Don’t touch anything here as everything here is optional.

2016-04-10_20-36-34

Then there is Routes, It is for providing gateway details. Right click Routes and Insert New Route.

2016-04-10_20-37-40

You can say any number for integer. It is of little use here. Leave Metric blank. NextHopAddress should be default gateway. Prefix for 255.255.255.0 should be 0.0.0.0/0.  

2016-04-10_20-39-11

 

Finally Unicast IP Address which is IP Address of the VM. Right click and select Insert New IP Address. Key is 1 and value is IP Address as shown below.

2016-04-10_20-40-542016-04-10_20-41-46

7 oobe System

Add Microsoft-Windows-Shell-Setup to oobe pass to enable autologon as shown below

2016-04-07_20-56-45

Create a local user and give him administrator rights as shown below. Task 4 is achieved

2016-04-07_20-58-34

 

For every account you create you must add password value as shown above

Now final piece, FirstLogonCommands. These commands are made to run when you have enabled autologon for administrator. These commands run under administrator privileges.  I have selected Synchronous command and provided the order in which they should run. I’m using Powershell to install RSAT tool and Telnet tools. And in second command I’m changing powershell execution mode to remotesigned. Both commands I have copied and pasted for better visibility.

2016-04-10_20-42-56

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command Import-Module ServerManager; Add-WindowsFeature RSAT-Role-Tools; Add-WindowsFeature RSAT-DNS-Server; Add-WindowsFeature Telnet-Client

2016-04-10_20-44-12

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command set-executionpolicy remotesigned -force >> C:\Users\Public\Documents\setExecution.log

2016-04-10_20-45-09

Task 9 & 10 is achieved.At this stage answer file is ready.

Few tips

  1. Select Sensitive data to hide password.

2016-04-11_9-50-03

  1. Domain Join password doesn’t get encrypted. You need to find a workaround for it. It is my next post.
  2. Every time you save answer file it is by default validated.

Attaching answer file

Answer file can be attached using

  1. USB drive
  2. External disk
  3. CDROM Image

For AHV, I have yet to figure this out. But there are posts around which advocate burning unattended file directly on Windows CD or inserting into Windows ISO. Both approach are not  scalable.  XML file will be unique per VM, so you need to look at the mechanism how to ensure XML file is generated & Unique for each VM without much hassle and same file much be seamless attached as CDROM/made visible to boot process.

For this post I’m going to use inbuilt tool which is oscdimg.exe. This exe is part of Windows AIK and located in

C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg folder.

Save a xml file to some folder. In my case I created a folder Answer and copied unattended file into it as shown below.

2016-04-10_20-47-54

run following command

oscdimg.exe -n c:\Answer c:\ans999.iso

2016-04-10_20-48-36

That is all. Attach answerfile.iso to AHV and boot VM and it should read the answer file. Only caveat, you have to attach additional CDROM to the VM and ensure it is second IDE device and not first. First IDE device is used to boot from ISO.