VIRTUAL MACHINE TEMPLATE GUIDELINES FOR VMWARE – “WINDOWS 7”

It’s time to start.

1-First create a new VM

• Right Click on Server and Choose “New Virtual Machine”
• Enter VM Name (according to defined naming convention) and Inventory Location
• Select Datastore
• Select Virtual Machine Version: select latest available
• Select “Microsoft Windows 7 (32/64-bit)” as OS Version
• # of Virtual Processors: 1
• Amount of RAM: 1GB
• Network
  • # of NICs: 1
  • Adapter Type: VMXNET 3
  • Select “Connect at Power On”
• SCSI Controller: LSI Logic SAS
• Create New Virtual Disk: 30GB
  • Disk Provisioning: Thin Provision
• Virtual Device Node: SCSI (0:0)

NOTE: Thin Provision is good practice to store templates files. because, it will save some storage space.

2-Now prepare the virtual hardware

• Right click on VM ->Hardware Upgrade(If Applicable)
• Edit VM Settings > Options->VMWare Tools->Advanced->
• • Check upgrade Tool during power cycling check box
  • Check synchronize guest time with host check box
• Edit VM Settings->Memory /CPU Hot plug (enable both)
• Edit VM Settings->Advance->General Section ->Uncheck “Enable logging”

3-OS Configuration

• Edit VM Settings->Remove Extra Hardware(USB & floppy etc)
• Power on the VM and Install Windows 7 32/64bit
• Once installed shutdown the VM and go to “Edit VM Settings”->Boot Options > Select “Check box to force going into the BIOS on next boot”
• Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
  • Disable Serial port A
  • Disable Serial port B
  • Disable Parallel port
  • Disable floppy drive
• Disconnect Windows 7 ISO and set “device type” to “Client Device”
• Power on the VM and install VMware Tools-> While installation choose “Custom Install Type” and select all components
• Set Windows “Time Zone” and time configuration.
• Install any Windows Update and Service Pack
• add static route (if required). below is an example, edit it according to you needs)
  • cmd: route add 172.17.0.0 mask 255.255.0.0 10.0.9.2 –p
  • cmd: route print(to verify route)
• Enable “remote desktop”, uncheck “remote assistance”
• In Control Panal->Windows Firewall->Add “remote desktop” in exception list.
• Install .Net Framework and Java (if required)
• Add inbound Rule in the firewall(if it is on)for ICMP(Ping)

4-Create Snapshot

• Create snapshot for safe side in case anything goes wrong in later configuration
  • Snapshot name->(Win7_32bit_Snap01_Date and Time) and add description(FRESH OS INSTALLATION with basic configuration)

5-Test VM Alignment

• There is not need to check the alignment because, OS later then “Windows XP/2003” are already aligned.

6-Network Configuration

• Control Panel->View by->small icons
• From Control Panel-> Network Connections->Right click on “Local Area Connection” and select properties->Uninstall QoS Packet Scheduler

** We don’t do QOS at the server level, our switches do that.

• Uncheck IPv6 and close network connection screens ** We don’t use IPv6 yet so we disabled it for now

Or

• Run below command on cmd (I prefer to use this option).

reg ADD “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters” /v DisabledComponents /t REG_DWORD /d 0xffffffff /f

7-Task Manager Changes

• Right click 3rd icon from Start Button (Windows MediaPlayer) and select “Unpin this program from taskbar”
• Right click 2nd icon from Start Button (Windows explorer) and select “Unpin this program from taskbar”
• Right click Taskbar and choose Properties->Taskbar (Tab)->use small icons
• Right click Taskbar and choose Properties and choose Customize under Notification Area->
  • Select “Turn system icons on or off”
  • turn Volume off
  • Turn action center off
• Notification bar: Always show all icons and notifications on the taskbar
• Customize Start Menu:
  • Number of recent programs to display: 0
  • Number of recent items to display in Jump List: 0
  • uncheck some options like “help”
  • Uncheck “highlight newly installed programs”.
• Right click on desktop-> view ->small icons

8-Folder and Search Options

• Open “Computer” > Select Organize > Choose Folder and search options->Under View Tab
  • Select “Show hidden files, folders and drives”
  • Uncheck “Hide extensions for known file types”
  • Check “Allows show icons, never thumbnails + Allows show menus”
  • Check “Display the full path in the title bar”

9-Control Panel Settings

• Control Panel->Program features->Turn Window features on/off-> Uncheck
  • Games
  • Media Features
  • Print and Document Services
  • Tablet PC components
  • Windows Gadget Platform
  • XPS services
  • XPS Viewer
• Control Panel->Porgram features->Turn Window features on/off-> check
  • Microsoft .NET Framwork 3.5.1
• Control Panel ->Power Options
  • Change Power Plan -> Balanced->Change plan settings->Change settings that are currently unavailable->
  • Turn off display-> never
  • Put the computer to sleep->never
• Control Panel -> Sound -> Sound-> Sound Scheme: No Sounds
  • Pop-up: “Would you like to enable the Windows Audio Service?” – No->
  • Uncheck “Play Windows Startup sound”
• Control Panel -> System ->System Protection>System Protection (Tab) -> Configure->Turn Off system protection.
• Control Panel > Sync Center > Manage offline files->General (Tab) > Disable offline files
• Control Panel –> Action Center –> Change Action Center Settings –>
  • deselect all options
  • Customer Experience improvement program- > Choose : no I don’t want to participate
  • Problem Reporting Settings: Never check for solutions (for all users)
  • Windows Update:
  • Never check for updates
  • Uncheck “Give me recommended updates …”
  • Uncheck “Allow all users to install updates on this computer”
• Control Panel –> Action Center-> Change user account Control Settings -> never notify
• Control Panel > Troubleshooting > Change Settings ->under Computer Maintenance ->select OFF
• Disable Hibernation(run cmd as administrator)
  • cmd: powercfg.exe –h off
  • cmd: bcdedit /timeout 5

10-System Performance

• Control Panel -> System -> Advance system Settings->Select Advanced Tab
  • Performance->Settings->“Adjust for best performance”
  • Startup and Recovery->
  • Uncheck : time to display the list of operating systems
  • Time to display recovery option when needed (set to 5)
  • Uncheck: write event to the system log
  • Write debugging information: Small memory dump (128 KB)
• Turn off indexing- >Go to “C:” Drive-> Properties -> General
  • Uncheck “Allow files on this drive to have contents indexed in addition to file properties”
  • Choose Apply -> Apply changes to C:\ only (or files and folders, to taste)

11-IE Settings

• Control Panel->Internet options: Use blank + Check “Delete browsing history on exit”
• Turn on IE Option (EMPTTY Temporary internet file folder when browser is closed)
• Go to Tools-> Compatibility view settings-> add websites (abc.com,xyz.net)
• Delete temporary files from C:\Users\<Current login user>\appdata\local\temp

12-Swapping and defragment

• Control Panel->System->Advanced System Properties->performance->Advance->Virtual Memory->Change
  • Uncheck “Automatically manage paging file size for all drives”
  • Select “No paging file”
  • Click “Set” to disable swap file
• Defragment
  • Go to C: -> Properties -> Tools -> Defragment Now…
  • Select “(C:)”->Click “Defragment disk”

13-Create Snapshot

• Create snapshot for safe side in case anything goes wrong in later configuration
• Snapshot name->(Win7_32bit_Snap02_Date and Time) and add description(Customization 1-Before Services and Profile Setting)

14-Customized settings Using Script (optional)

Following things, you may disable in windows 7. Either you should do it manually or save the attached “Services-Registry-and-GPOSettingsWin7.txt” script file. Rename .txt to .cmd and execute with administrator, it will do all the settings automatically for you.

NOTE: you can edit the script file to customized it and remove any setting if you will not want to configure

Apply HKCU Setting to Registry

Open HKCU for editing	Screen Save Secure	Disable RSS Feeds
Default Screen Saver	Set Default wallpaper	Disable Action Center Icons
Screen Saver timeout	Temporary Internet Files to Non Persistent	Close HKCU for Editing

Apply HKLM (HKEY_LOCAL_MACHINE) Settings

Disable IE Wizard	Application Event Log Max Size	Disable Creation of Crash Dump
Disable Superfetch(Registry)	Application Event Log Retention	Disable Storing Recycle Bin Files
Disable Windows Update	Network Location	Enable Remote Desktop
Disable System Restore	System Event Log Max Size	Remote Desktop Authentication
Disk Timeout Value	System Event Log Retention	UAC Disable
Image Revision	Security Event Log Max Size	Disable Windows Side show
Image Virtual	Security Event Log Max Retention	Change Menu Show Delay Time
Disable IPV6

Disable Services list

BitLocker Drive Encryption Service	Windows Update	Superfetch
Block Level Backup Engine Service	Tablet PC Input Service	Themes
IP Helper – Only if IPv6 is not being used	WWAN AutoConfig	Security Center
Desktop Window Manager Session Manager	UPnP Host Service	Offline Files
Microsoft iSCSI initiator service	Windows Defender	Windows Backup
Microsoft Software Shadow Copy Provider	Home Group Listener	Disk Defragmenter
Secure SocketTunneling Protocol Service	Home Group Provider	Windows Search
Volume Shadow Copy Service	Diagnostic Policy Service	SSDP Discovery
Windows Error Reporting Service	Interactive Services Detection	WLAN AutoConfig
Windows Media Center Scheduler Service	Windows Audio Endpoint Builder	Windows Audio
Windows Media Center Receiver Service	Shell Hardware detection	Printer Spooler

 Disable Features

Disable Boot GUI	Disable System Restore	Disable Hibernation for Power Config
Delete Restore Points for System Restore	Disable Firewall (All Profiles)	Stop Superfetch Service
Disable Last access Timestamp

 Disable Schedule Task

Disable Defrag Schedule	Disable Registry Idle Backup Task	Disable Windows Defender Schedule
Disable System Restore Schedule	Disable Windpws Defender idle Task	Disable WinSAT

 15-Create Snapshot

• Create snapshot for safe side in case anything goes wrong in later configuration
• Snapshot name->(Win7_32bit_Snap03_Date and Time) and add description(Customization 2-Before Profile Setting)

16-User Profile Settings

In Windows Server 2008 and Windows 7, Microsoft has disabled the Copy To.. Button on the User Profiles screen.

This issue is known to Microsoft but no fix has been released yet, but luckily there is an alternate way to achieve this.

• You can download a tool called ‘Windows Enabler ‘from the below link or save from attachment of this document at start.
• http://www.freewarefiles.com/downloads_counter.php?programid=980
• Save the file to your Template VM’s desktop and extract the file.
• Right click on “.exe“ file.
• Once you have started the Windows Enabler application you will notice a new icon in the system tray
• Make sure you click on it once to enable the application.
• In the ‘Run’ prompt type cpl and hit Enter
• Navigate to ‘Advanced’ tab -> User profiles -> Settings
• Click on the desired profile and you will notice that ‘Copy To‘button is disabled.
• Now, click on the disable button and it will become enabled thanks to ‘Win Enabler’ application.
• Now copy the profile (in our case, it would be the user which we are using for configuration in most case it is administrator) to “Default users”(C:/Documents and Settings-/Default Users) profile.

17-Finalizing

• Enable Swap files
• Server manager-> change system properties->Advance -> Performance -> Settings… ->
  • Advanced -> virtual memory->change -> Always set the custom Size (1.5 of actuall RAM)
• Join Domain (optional), because customization wizard will automatically join domain to every VM.
• Register Windows-optional (Customization Wizard will do this for us)
• Clear Event Logs
• cmd: ipconfig /release

18-Create Snapshot

• Create snapshot for safe side in case anything goes wrong in later configuration
• Snapshot name->(Win7_32bit_Snap03_Date and Time) and add description(Fully Configured except Antivirus)

19-Install Antivirus (optional)

• It is the time to install an antivirus security. It’s optional, if you may want to install one.

20-Sysprep the Windows in Generalized mode

Running a SYSPREP allows the PC to be generalized with new unique IDs so that you get an “Out of the Box” experience (OOBE) on the next boot.  The next boot will bring you to the Windows Welcome Screen, where you’ll be prompted to accept the EULA (End User License Agreement) and enter an Administrator password (if running Windows Server).

To SYSPREP a Windows 7/8 PC or Windows Server 2008/2012 from Command Line:

• Open an Administrative Command Prompt.
• Type the following then press <Enter>: CD \Windows\System32\Sysprep
• Type the following then press <Enter>: SYSPREP /generalize /shutdown

21-Convert VM to Template

Use the VMware Customization Wizard to create a re-usable script for cloning the template.

Domain Setting Syntax in Customization Wizard.

• Username: administrator@example.com
• Domain: example.com

NOTE: You should also have windows volume license key for mass deployment.

Now’s a good time to test that your template will create a usable clone and make sure while creating a production VM from template choose “disk provision” method from“thin provision” to “thick provision”.