My Old IIS.NET BlogTechNet Magazine Articles Learn about IIS7 from a book I wrote a few years back!
In today’s post, I thought I would share with you some XML that drives some of our dynamic provisioning. The power of dynamic provisioning is found in taking a base image of a Server operating system that has nothing enabled and customizing it using the Windows Automated Installation Kit (WAIK) that is available in SCVMM.
The officially supported method of building unattended files for Windows Server 2008 & R2 is using the Windows System Image Manager that is part of the WAIK. I will follow that party line and say this is the method you should go about building your unattended file though I can say that I haven’t followed this “support” method and have used my trusty Visual Studio editor and the WAIK unattended documentation. This should be considered your warning and please don’t punish me if you do this. <grin>
With this said, you could start with this unattended.xml file and build upon it and let me teach you how to do this though, again, it is not the recommended approach.
You should open your favorite XML editor and start with this as your base.
This is a basic unattend that will do the following:
This is a good place to start. The key thing to note is that the only piece of the <component> line that changes is the name=” “ section and the name is easily identifiable through the documentation. Let’s, say for example you wanted to set the proxy settings in your unattended file you would search the documentation and you would find -
You simply copy an existing <component> line and you change the name=” “ to whatever setting you desire and you are off.
The key thing for you to understand is how SCVMM will utilize your unattend.xml when it is deploying a PC. In this section, I will talk a bit more about how specifically it configures your server and ensures that the base image’s specific machine data isn’t available. SCVMM utilizes the templates & profiles to build the new virtual machine. The primary data that is configured already by SCVMM is stored in the Guest OS Profile that is stored in your SCVMM library. The Guest OS Profile stores the machine name, OS type, Domain Information, and also any scripts you would like to run against the newly created VM. There is no magic sauce or voodoo here as SCVMM, if you do nothing else, still produces a unattend.xml that is used.
When SCVMM is creating the new virtual machine it produces a Virtual Floppy Disk file that is temporarily stored in the directory where the VHD is stored for the VM. This VFD, ironically, attaches a unattend.xml that you could open with notepad if you like. Here is a simple example from one of my deployments:
NOTE: Ignore the “goo” as this is a VFD that isn’t expecting to get opened by Notepad. The unattend.xml file starts at <?xml version …>
Thus, after the server’s VHD is sysprep’d then you will see that it is provided settings to run during various passes such as Specialize & oobeSystem.
As mentioned, you can do a lot to a machine using the unattended file. In a future post, I will outline how to take advantage of the AutoLogon feature that is super-handy for doing further customizations beyond what is initially in the unattend.xml file.
For now, lets talk about how you can add the base unattend.xml using Visual Studio and the WAIK Documentation for unattended settings.
The following utilize the <settings pass=”specialize”> pass:
Enable Remote Desktop for Server Code Snippet <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <fDenyTSConnections>false</fDenyTSConnections> </component> Disable Internet Explorer’s Hard Admin Code Snippet <component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <IEHardenAdmin>false</IEHardenAdmin> </component> Disable Server Manager from Opening Automatically on First Boot Code Snippet <component name="Microsoft-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> </component> Disable Windows OOBE experience
Enable Remote Desktop for Server
Disable Internet Explorer’s Hard Admin
Disable Server Manager from Opening Automatically on First Boot
Disable Windows OOBE experience
Code Snippet <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> </component>
Moving on, let’s look at utilizing the <settings pass=”oobeSystem”> pass:
COMPONENT: name="Microsoft-Windows-Shell-Setup"
Add domain users to local administrators group and also set password for Local Administrator account Code Snippet <UserAccounts> <DomainAccounts> <DomainAccountList wcm:action="add"> <Domain>Contoso</Domain> <DomainAccount wcm:action="add"> <Name>Chris</Name> <Group>Administrators</Group> </DomainAccount> </DomainAccountList> </DomainAccounts> <AdministratorPassword> <Value>P@$$W0rd!</Value> <PlainText>true</PlainText> </AdministratorPassword> </UserAccounts>
Add domain users to local administrators group and also set password for Local Administrator account
These are just a few of the settings available and there are a host of them that allow you to configure the server the way that you would like. This is extremely important as it allows you granular access so that the server is literally zero touch.
The last step, once you have the actual XML created, is to publish it to your library share. I created a directory called UnattendFiles and placed it there on the Library share as you can see below:
In order for it to be available, you will need to manually fire off a library refresh by doing the following:
To add your newly created unattend to a Guest OS Profile, do the following:
The most useful way to learn about the various pass’s and the settings that you might want to utilize is to the WAIK download. For your assistance, I’m including these as references:
WAIK for Windows Vista & Server 2008 WAIK for Windows 7 & Server 2008 R2 (Direct Link to ISO)
WAIK for Windows Vista & Server 2008
WAIK for Windows 7 & Server 2008 R2 (Direct Link to ISO)
Enjoy!
-Chris
Hi Chris,
Thanks for the info. Even though I've added my <unattend>.xml file the the new folder as you did...the xml file doesn't show up in the "Select answer file..." window. I'll note, it does show up when I select "Library Server" in the screen above.
Ideas?
Thanks in advance,
Brent
...follow-up. If i place a .inf file in the same folder, it shows up. Seems something is wrong with the .xml filtering of ths dialog box.
I'm using SCVMM ver 2.0.4271.0. I beleive this is the RTM version.
Hey Brent-
The default interval for a Library refresh is every 60 minutes. I didn't catch whether you refreshed the library server in question?
Can you confirm?
Thanks,
I was able to try a refresh. The same procedure was used to make the inf appear.
It's kinda weird!
Anything you can offer is greatly appreciated,
Make sure you set the correct OS type in the Guest OS properties, otherwise you will not see the unattend.xml specific to the OS version when you browse for it.
Hey Jeff-
This is a great point and one that I failed to mention. It does scope it based on your Guest OS selection. Great post and thanks for sharing!
Hello Chris,
nice how to for the first steps.
Perhaps, you can give me some hints why it doesn't work.
At first, I created a template ("Windows Web Server 2008 R2") for the creation of VMs. Second, I created a AutoUnattend.xml with the WAIK (WSIM) based on the same OS. Validation of the xml file works well, no warning or errors. After this, I imported the answer file into my library.
So, I began to create a VM, based on the template. And on the section of the os profile, I choosed the created autounattend.xml and all seems to be correct.
But, after the deployment of the VM, I recognized that all my configurations and settings in the autounattend.xml were disregarded.
Do you have any ideas why or hints for debugging this issue?
thanks in advance
basti78
Hey Basti-
I apologize that I just saw this comment (Oops!). Let me see what I can do to help you. The easiest method, I've found, is to watch the deployment closely and specifically the location where the actual VM's VHDs are created (this is like D:\VMs, etc.)
SCVMM will always merge together both the settings you configure in VMM & the unattend settings into a vfd file that is attached to the VM during creation. This vfd is a virtual floppy disk and it will be a file like unattend.vfd. If you are monitoring this folder, you can grab this file (a copy)and then view it in Notepad. It will usually show you the master configuration settings. Give this a shot if you are still having problems...