As I am doing a desktop that will be used in virtualization I disable most of the personalization and localization stuff as this is a virtual machine.

You were prompted to create an account. I created an account called setup. Don’t forget to remove the ISO you did the install from.

I like to have VMware Tools installed soonest to make working in the VM a little easier.

In this phase we tweak the OS and get it ready for a wide range of potential use. Meaning this is the template that is most general. It will be used to make other templates that are more specific – such as View desktop template. The changes below are the ones I make, and think useful but in this section you make the changes that work best for you and your organization.

We need to log in again so we can start making changes. Yes, our mouse should work good now!

I like to get the Date / Time right first. So first do the Time Zone. Start by clicking on the date in the bottom right corner of the screen. Select Date and time settings , Change timezone , pick the right timezone.

, , pick the right timezone. I like to use the 24 Hour clock and if you want to do that too click on the Clock in the taskbar and select Date and time settings, Change Date and Time formats, Change calendar settings, and make the appropriate changes.



When we first started all of this you may have noticed that the time of the VM was way off. In fact it was in Zulu or Universal Time because the host time was when the VM started. But now with the right Timezone it should be the right time. If not, your ESXi host may have the wrong time.

Now lets patch. Use Windows Update which I start from the Ask me anything field.

field. We should enable the Administrator account and set a password on it. Right+Click on Start , select Computer Management , Users , and finally Administrator . Give it a password and enabled it.

, select , , and finally . Give it a password and enabled it. I like to turn off the System Restore as patching seems to work pretty good and I have backups! So not using it saves disk space and makes some things – like patching faster. After you right+click Start (windows icon), Control Panel, select System & Security, followed by System and you will see the following screen.

We start with System Protection. Now you should see the screen below. And note it is now turned off by default? Nice.

While we are still on the properties screen, we can enable Remote Desktop support. Select Remote Settings on the properties screen – as seen above. You can now enable remote assistance and remote desktop as per your needs. In my case both on. You may be prompted about power savings, but ignore it for now as we will deal with it shortly.

Still on the properties screen, we use Advanced System Settings now. We start with Performance.

We want to adjust for best performance.

Now change to the Advanced tab, so we can set the min and max of the page file to 3072 (or whatever RAM setting you are using. People sometimes leave System Managed as the choice. More frequently now then in the past.

tab, so we can set the min and max of the page file to 3072 (or whatever RAM setting you are using. People sometimes leave System Managed as the choice. More frequently now then in the past. After you select OK, we want to work in Startup and Recovery.

I only make one change here and that is to display a list of operating systems for 5 seconds. But I know customers that make more changes in this area.

Two OK buttons are what we do to get back out to the desktop. You may need to restart.

You should change – while on the System screen the Windows name – I make it the same as the VM. Restart.

screen the Windows name – I make it the same as the VM. Restart. I will normally activate Windows now, as my template is kept for a long time and while only occasional on to be updated it will eventually cause me an issue if I don’t activate it now. This might save you from some odd sysprep errors during VM deployment from template. I see this less in Win 10. But I still suggest licensing your templates if you value them as I do.

Now we need to adjust the power profile. Start in the Control Panel, then System and Security, and finally Power Options.

There is a few things to do here. Start with the option Choose when to turn off the display .

. You can set to never both when to turn the monitor off, and when to put the computer to sleep.

Now select Control Panel Home. Follow that by Appearance and Personalization.

We want to turn off sounds, and the screen saver. First access Change sound effects and change the profile to No Sounds . Next access Change screen saver and make sure it is set to none



Working from the Control Panel, select Programs . Follow that by selecting Turn Windows features on or off .

. Follow that by selecting . Scroll through the list until you find Telnet Client, and select it.

You should remove the following installed features. Print and Document Services – Internet Printing Client Print and Document Services – Windows Fax and Scan.

You may need to restart and that is OK if you do.

We should disable the index on drive C:. Use Explorer to explore This PC and right+click on drive C: and select Properties . You will see at the bottom of the screen the option to disable indexing – it is Allow files on this drive to have contents indexed – deselect the box for it. You can enable indexing on your data drives like H: or whatever using GPO. There may be a few files that cannot be removed from the index – just ignore them.

. You will see at the bottom of the screen the option to disable indexing – it is Allow files on this drive to have contents indexed – deselect the box for it. You can enable indexing on your data drives like H: or whatever using GPO. There may be a few files that cannot be removed from the index – just ignore them. Now we should defragment the drive. This option is on the Tools tab.: and follow that by selecting the Optimize option. While you are here you should disable the weekly optimize option as it is not necessary.

tab.: and follow that by selecting the option. While you are here you should disable the weekly optimize option as it is not necessary. Now we need to do a cleanup of the disk using the command c:\windows\system32\cleanmgr /sageset:1 and then select all the boxes you can – I do all.

and then select all the boxes you can – I do all. I suggest turning off automatic Store updates. This article can help with that.

Another change that you might consider is look at this list of services and use it as a guide to disable services. The more you disable the better but think about them. For example do not disable anything Defender if that is your anti-malware too.

You may wish to remove ONE drive and you can find help to do that in this article.

Incidentally, this would be the time that you would use the VMware OS Optimization Tool, but I am not as I don’t have time to fiddle with it. Here is an article you can learn more about using the VMware OSOT as well as obtain a Win10 template for OSOT. I will work on this one day and do an article about using it in concert with a template update.

Configuration – Installing Optional Software

We only install software here that we really need and is useful for most users. Some of what I install is listed below. Remember this template is general and will be used to make the View desktop template (with the addition of the View specific software) or any other software. So software that will be used by most users like – anti – malware, Acrobat Reader, maybe some helpdesk or troubleshooting tools should be installed.

Bginfo – find it here and info on making it work here.

Acrobat Reader – make sure to open it to accept the EULA and update if necessary.

Google Chrome

Firefox – just in case!

Autoruns – a great tool to make sure you know what starts with your OS.

Process Explorer – a great tool for troubleshooting.

7-Zip – from here, more flexible than what is built in – for example can extract ISO.

PowerCLI – from here – a very useful admin tool!

Notepad++ – from here – nice editor for PowerCLI or other things.

Something that many would consider not optional is antivirus software. I would suggest you need to do a scan as one of the last actions too.

The VMRC should be installed if you will manage VMs – from here. I had some issues with this. VMware has this article and this article but it did not help me. I had to uninstall the CIP, and PowerCLI, and restarted. Then I could install it, and install PowerCLI and CIP again. Update – just did the VMRC again and no problems on a later build of Win10 and with v9 of the VMRC.

Plus, again if you are doing vSphere stuff 6.0x you should get the CIP from vSphere 5.5 U3a (or later) as that works great for integrated log in.

Disable OneDrive – see how in this. Unless you want to keep it. This article may also help.

Note: For things like Chrome and Acrobat they will install fine since they have installers and they can be seen or used by other users logging in as you might expect. For things like BgInfo and Autoruns which have no installer it is more complex. Basically you will create a Utilities program group for them and install them manually. This is an example of software that is harder to install via GPO since they have no MSI. For this and other reasons that is why we need to manage the profile – meaning to copy the profile I have been working under to the default user.

Note2: I also make a few other changes. I like to see file extensions, and I like to get rid of some of the extra cruft in the All Programs area. But to each his own.

Test Time – before

Is this desktop ready for the prime time? Some things to check would include:

Does the Boot / Snapshot time look right on your wallpaper?

Is there any errors when you log in using your admin account?

Does your installed software all start?

Does a restart cause anything odd to occur at log in or otherwise?

Ready to Make it a template?

We are ready to make this virtual machine a template now.

If necessary remove this VM from the domain and restart.

I always like to check Windows Update before I finish and yes, today I did find a bunch of updates that I did not find earlier. So I update and restart as necessary. This took a long time. An update yesterday was small but today it took quite some time. There was some sort of big upgrade.

Disconnect the ISO and reset to Client Device.

Make sure you are really ready to proceed!

We now need to manage the profile We first install the Copy Profile tool – called DefProf. We use it to copy my profile (with all the edits) to the Default Profile – so copy the tool to the local hard drive of the template, unzip, and execute defprof your_account_name and you are done – I have better success when I am not not logged in as me – who did all the customization – when I run the tool. So I create and use an account that is admin equivalent and called temp. Log in as it and run the defprof command and delete the temp account. When that is done we remove the tool, And shut the VM down.

Once the VM is shut down we are ready to turn it into a template.

If you did install anti-virus or anti-malware software you may need to do something so that when a VM is deployed from this template and starts up it is going to get its own identity for management purposes and not be the same as the installed copy on the template.

I generally now do an update in the Notes section to account for what I have done.

Plus, when the testing confirms both the template, and the customization spec are good, I will clone the template for View use.

Deploy from Template

I suspect everyone knows how to deploy from this new template but remember that any passwords put into the customization script should be done using the vSphere Client and not the vSphere Web Client (this is a bug and I am sure it will fixed. Any day now). I also suggest using the following commands in the Run Once part of the customization specification.

powercfg -h off

bcdedit /timeout 5

I have seen a lot of different things done via Run Once. Scripts for example that install applications, or do inventory related tasks, so remember that and you can use it as you need. Always test your deploy from template before you use the template in VDI or automated anything. In particular make sure the joining the domain works. Troubleshooting template issues inside View or VRA operations is much tougher then it needs to be.

Here is a very nice article that is about the guest customization script in case that helps.

Test Time – after

Now that we have deployed a VM from our template we need to make sure it all works. This is testing our VM but also the custom specification. Some things to check include:

Did our VM join the domain? This is most important.

Can we RDP to the newly deployed VM successfully?

Does a restart cause anything odd to occur at log in or otherwise?

Things to think about

I like to create a customization spec before I deploy from template and that normally is just a copy and paste on an old one and small update for things like the IP address or license. You can learn more about creating and using custom spec’s in this article.

Troubleshooting

Here is some miscellaneous things to think about if you have troubles. The most common one is when you deploy a VM from the template it doesn’t join the domain.

Check out this article of mine for ideas.

Did you remove the VM from domain before you turned it into the template?

Did you confirm that the account credentials in the spec to join the domain work?

Did you enter the passwords – both administrator account and the domain add account – using the vSphere Client. This was a bug once where entering the password via the vSphere Web Client would not work properly and I find myself a little skeptical that it was fixed. Confirmed fixed.



Confirmed fixed. Accounts should be in the format of mwhite@thewhites.ca and not mwhite.

Check the logs in c:\windows\temp\vmware-imc.

Use this article to find the log location for sysprep (Win7 SP1).

Updating your Template

You should update your template approximately once every month or so. This will allow you to catch any outstanding patches for the OS as well as application patches. Just convert the template to virtual machine, turn it on, patch, than restart it, and convert it to template. You may consider joining it to your domain to catch new GPO type stuff that may be sticky but remember to remove it from the domain before you turn it back into the template. I know people that do this using VRO and how cool is that! Don’t forget about updating things like PowerCLI or the apps you have in the template.

Links

Here are the links that may be helpful or useful somehow. They contributed to this article or may be helpful.

History

I plan on keeping this page updated with what I am using and what works well! I will use this section to update you with what I updated when I do updates.

2/12/19 – added a variety of links and comments around boot from EFI, services to disable, remove ONE drive and more.

3/11/18 – added the link to the custom spec article.

3/10/18 – added a missing link, and info on disabling Store updates.

4/14/17 – added a link to a guest customization script article.

3/8/17 – two people – one a co-worker – has said if they use my template articles that all the VMs deployed from them will have the same SID. That has not been true for so many years I was shocked, but since two people have said that I need to do something. Here below is a screenshot in the custom spec that reassures those people.