«

»

Jan 28 2016

Print this Post

VMware Horizon View – Windows 10 Golden Image Creation

In this blog post I describe the steps required to create a Virtual Machine template using Windows 10 from scratch.

Only optimizations of the core OS are described, the impact of installed applications within the guest will also need to be evaluated.

Below are the steps to follow to create an optimized Golden Image for VDI

STEP 1: VMware Template Configuration

Create a new Virtual Machine using the vSphere Web client

  • Name: depending on naming convention standards (Note: use a name of less then 15 characters)
  • Location: depending on the environment
  • Compute Resource: depending on the environment
  • Storage: depending on the environment
  • Compatibility (=Hardware version): ESXi 6.0 and later (=Hardware version 11)
  • Reference: http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.vm_admin.doc/GUID-789C3913-1053-4850-A0F0-E29C3D32B6DA.html
  • Guest OS Family: Windows
  • Guest OS Version: Microsoft Windows 10 (64-bit)
  • Customise Hardware – Virtual Hardware Tab
  • vCPUs: 2
  • Memory: 3072 MB
  • Reserve all guest memory
  • HDD: 32 GB (disk size depends on the size of expected locally installed applications)
  • SCSI Controller: LSI Logic SAS
  • Network:
  • VLAN depending on the environment
  • Connect at Power On: YES
  • Adapter Type: VMXNET3
  • CD/DVD Drive:
  • Select “Datastore ISO File”
  • browse to the appropriate OS iso file
  • Connect at Power On: YES
  • Floppy Drive: Remove
  • Video Card:
  • Select “Specify Custom Settings”
  • Number of displays: 4
  • Total Video Memory: 128 MB
  • Enable 3D support: ONLY enable when you have a GPU card installed in the ESXi hosts
  • 3D renderer: Automatic
  • 3D Memory: 256 MB
  • Customise Hardware – VM Options tab
  • Boot options:
  • Force BIOS setup: Enable “The next time the virtual machine boots, force entry into the BIOS setup screen”
  • Advanced:
  • Settings:
  • Ensure “Enable logging” is unchecked
  • Configuration Parameters:
  • Edit Configuration Parameters
  • Add Row
  • Name: devices.hotplug
  • Value: false
  • Reference: See VMware KB 1012225
  • Click Finish

Power on the newly created VM and open the console from within the vSphere client to change the BIOS settings

  • Go to the Advanced tab – I/O Device Configuration and disable Serial Ports, Parallel Ports and Floppy Disk Controllers
  • Go to the Boot tab and change the boot order so the Hard Disk is 1st and the CD-ROM drive is the 2nd boot device
  • Save and exit (F10)

STEP 2: Win10 OS Installation

Boot the VM from the Win10 iso file

Ensure the language, time/currency format and keyboard/input method selections are correct and click “Next”

Click  “Install Windows”

Accept License terms and click “Next”

Select “Custom – Install Windows only”

Select the drive where you want to install Windows (There will be only one”) and click “Next”

Follow the Wizard to finalise a default Win10 installation (using the “Express Settings”)

  • When asked to create a user, create a user with the name “temp”

STEP 3: Win10 Base Image Customizations

Install VMware Tools (default installation) and reboot VM

  • Note: If you intend to use a vShield Endpoint based solution to protect your Virtual Machines from viruses makes sure to also install the “NSX Network Introspection Driver” (previously called the “vShield Endpoint Thin Agent driver” or “Guest Introspection Driver”) which is not installed by default during a typical VMware Tools installation process. (Custom Install – Add VMCI driver\NSX Network Introspection Driver)

Reboot the desktop

Logon to the desktop using the “temp” user

Enable the local Administrator account

  • Right Click on the Start button – Computer Management – Local Users and Groups – Users
  • Check properties of the Administrator account
  • Uncheck “Disable account”
  • Check “Password never expires”
  • Click OK
  • Set a password

Logoff the desktop

Logon to the desktop using the local administrator account

Change Computer Name

  • Right Click on the Start button – Control Panel – System and Security – System
  • Click on “Change Settings” in the section “Computer name, domain and workgroup settings”
  • Click on “Change” next to “To rename this computer or change …”
  • Type the computername (depending on naming convention standards (Note: use a name of less then 15 characters))
  • Click OK
  • Reboot the desktop

Logon to the desktop using the local administrator account

Delete “temp” user profile

  • Right Click on the Start button – Control Panel – System and Security – System – Advanced System Settings – Advanced
  • Click the “Settings” button under the User Profile section
  • Highlight the “temp” account and click Delete

Delete “temp” user

  • Right Click on the Start button – Computer Management – Local Users and Groups – Users
  • Right Click “temp” user and choose Delete

Add/Remove he following features (if they are enabled) from the OS (unless you really need them) and reboot VM:

  • Right Click on the Start button – Control Panel – Programs – Programs and Features – Turn Windows Features on or off
  • Unselect the following default installed features:
    • Print and Document Services – Internet Printing Client
    • Print and Document Services – Windows Fax and Scan
  • Select the following features that are not installed by default
    • .NET Framework 3.5
    • Telnet Client

Reboot the desktop

Logon to the desktop using the local administrator account

Cleanup manager:

  • Open a command prompt
  • Run c:\windows\system32\cleanmgr /sageset:1
  • check all the boxes of items you want to delete
  • Click “OK”

Copy file vdi_cleanup.bat to c:\windows\system32

Run Windows update, install all the latest patches and service packs and reboot VM

  • Click on the Start button – Settings – Update & Security – Check for Updates
  • Install the necessary Windows updates
  • Reboot VM
  • Note: Repeat this process until all Windows updates have been installed)

VMware OS Optimization tool:

 

Shutdown the desktop

Disconnect the installation media in the VM properties in the VMware vSphere (web) Client (set to “Client Device”)

Power on the desktop

Logon to the desktop using the local administrator account

Pre-compile .NET framework assemblies

  • Open an elevated Windows command prompt.
  •  Navigate to the C:\Windows\Microsoft.NET\Framework\v4.0.30319 directory.
  •  Type ngen.exe update /force

Set Power Options to high

  • Right Click on the Start button – Control Panel – Hardware and Sound – Power Options
  • Click “Show Additional Power Plans”
  • Choose “High Performance”
  • Click “Create a Power Plan”
  • Choose “High Performance”
  • Plan name: type “VDI”
  • Click Next
  • Turn off the display: Select “Never”
  • Put the computer to sleep: Select “Never”
  • Click “Create”

Enable VerboseStatus

  • Open a command prompt
  • REG ADD HKLM\Software\\Microsoft\Windows\CurrentVersion\Policies\System /v verbosestatus /t REG_DWORD /d 1 /f

Disable some Active Setup components of Windows

  • As per VMware KB 2100337 logon time will be a lot faster when disabling all the Active Setup components of Windows.
  • Delete stubpath under
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}”
    • “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}”

Configure paging file size

  • Right Click on the Start button – Control Panel – System and Security – System – Advanced System Settings – Advanced
  • Click the “Settings” button in the “Performance” section
  • Select “Advanced” tab
  • Click the “Change” button under the “Virtual Memory” section
  • De-select “Automatically manage paging file size for all drives”
  • Select “Custom Size”
  • Initial size (MB): 3072 (equals the amount of memory of the VM)
  • Maximum Size (MB): 3072 (equals the amount of memory of the VM)
  • Click “Set”
  • Click “OK”
  • Reboot VM

 

STEP 4: Install Horizon View Agent

Logon to the desktop using the local administrator account

Install the VMware Horizon View Agent

  • Note: Make sure that the version of the VMware Horizon View Agent you are using is compatible with the View Connection server version you will be using. Version 7.01 was used in this article.
  • Network Protocol Communication: IPv4
  • Features to be installed (depending on the environment. The displayed options also depend on the Agent version):
  • Core: Yes
  • USB redirection: Yes
  • Real-Time Audio-Video: Yes
  • VMware Horizon View Composer Agent: Yes (if View Composer will be used), No (If Instant Clone technology will be used)
  • VMware Horizon Instant Clone Agent: No (If View Composer will be used), Yes (If  Instant Clone technology will be used)
  • Client Drive Redirection: Yes
  • Virtual Printing: Yes
  • vRealize Operations Desktop Agent: Yes
  • VMware Horizon View Persona Management: Yes
  • Scanner Redirection: No
  • Smartcard Redirection: No
  • Serial Port Redirection: No
  • VMware Audio: Yes
  • Flash Redirection: Yes
  • Note: An explanation of all these above features for Horizon View 7.0.x can be found here
  • Remote Desktop Protocol Configuration
  • Select “Enable the Remote Dekstop capability on this computer”

Reboot VM

Optional : Join the VM to your Active Directory Domain

Optional: Add an Active Directory group containing the users/groups which will be allowed to open Remote Desktop connections to the VM (= all users/groups which will be allowed to connect to a VMware View Desktop)

  • Note: This can also be done (and is preferred to be done) via an Active Directory Group Policy: Restricted Groups GPO – Remote Desktop UsersVDI_RestrictedGroups

Reboot VM

STEP 5: Installation of some standard applications (OPTIONAL STEP)

Install the latest version of Adobe Flash Player:

Install the latest version of Adobe Reader

  • Browse to http://get.adobe.com/reader with Internet Explorer
  • Do not select the option to install “McAfee Security Scan Plus”, “Google Toolbar”, …
  • Manually check for and install updates
  • Enable the “Adobe PDF LInk Helper” add-on
  • Delete shortcut which was added to the desktop
  • REG ADD “HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown” /v bUpdater /t REG_DWORD /d 0 /f
  • REG ADD “HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown” /v Mode /t REG_DWORD /d 0 /f
  • sc stop AdobeARMservice
  • sc config AdobeARMservice start= disabled
  • Adobe Reader test: https://courses.worldcampus.psu.edu/public/diagnostics/Acrobat.html

Install the latest version of Adobe Shockwave player

Install the latest version of Java (install both 32 and 64 bit on a Win7 64-bit OS)

Install Microsoft Silverlight

Reboot VM

Shutdown VM

STEP 6: Clean up

Open an elevated Windows command prompt

Run vdi_cleanup.bat

Take a Snapshot of your golden image

Permanent link to this article: https://ituda.com/vmware-horizon-view-windows-10-golden-image-creation/

Leave a Reply

%d bloggers like this: