SCVMM Sample Unattend.XML for Windows Server 2008 & R2

SCVMM Sample Unattend.XML for Windows Server 2008 & R2

  • Comments 8
  • Likes

In today’s post, I thought I would share with you some XML that drives some of our dynamic provisioning.  The power of dynamic provisioning is found in taking a base image of a Server operating system that has nothing enabled and customizing it using the Windows Automated Installation Kit (WAIK) that is available in SCVMM.

Getting Started with Unattend.XML

The officially supported method of building unattended files for Windows Server 2008 & R2 is using the Windows System Image Manager that is part of the WAIK.  I will follow that party line and say this is the method you should go about building your unattended file though I can say that I haven’t followed this “support” method and have used my trusty Visual Studio editor and the WAIK unattended documentation.  This should be considered your warning and please don’t punish me if you do this. <grin>

With this said, you could start with this unattended.xml file and build upon it and let me teach you how to do this though, again, it is not the recommended approach.

Get Started:  Build your Base Unattended XML

You should open your favorite XML editor and start with this as your base.

Code Snippet
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <unattend xmlns="urn:schemas-microsoft-com:unattend">
  3.   <settings pass="oobeSystem">
  4.     <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
  5.       <Display>
  6.         <ColorDepth>16</ColorDepth>
  7.         <HorizontalResolution>1024</HorizontalResolution>
  8.         <RefreshRate>60</RefreshRate>
  9.         <VerticalResolution>768</VerticalResolution>
  10.       </Display>
  11.       <RegisteredOrganization>Contoso</RegisteredOrganization>
  12.       <OOBE>
  13.         <HideEULAPage>true</HideEULAPage>
  14.         <NetworkLocation>Work</NetworkLocation>
  15.         <ProtectYourPC>1</ProtectYourPC>
  16.         <SkipMachineOOBE>true</SkipMachineOOBE>
  17.         <SkipUserOOBE>true</SkipUserOOBE>
  18.       </OOBE>
  19.    </component>
  20.   </settings>
  21. </unattend>

This is a basic unattend that will do the following:

  1. Set your background to 16-bit color
  2. Set your resolution to 1024x768 with a refresh rate of 60
  3. Set your organization name to Contoso
  4. Hides the EULA
  5. Sets network location to Work
  6. Sets the automatic settings for Security
  7. Disables the Windows Machine Out-of-box-Experience

This is a good place to start.  The key thing to note is that the only piece of the <component> line that changes is the name=” “ section and the name is easily identifiable through the documentation.  Let’s, say for example you wanted to set the proxy settings in your unattended file you would search the documentation and you would find -

image You simply copy an existing <component> line and you change the name=” “ to whatever setting you desire and you are off.

Understanding how SCVMM handles the Unattend.xml at Run-time

The key thing for you to understand is how SCVMM will utilize your unattend.xml when it is deploying a PC.  In this section, I will talk a bit more about how specifically it configures your server and ensures that the base image’s specific machine data isn’t available.  SCVMM utilizes the templates & profiles to build the new virtual machine.  The primary data that is configured already by SCVMM is stored in the Guest OS Profile that is stored in your SCVMM library.  The Guest OS Profile stores the machine name, OS type, Domain Information, and also any scripts you would like to run against the newly created VM.  There is no magic sauce or voodoo here as SCVMM, if you do nothing else, still produces a unattend.xml that is used.

When SCVMM is creating the new virtual machine it produces a Virtual Floppy Disk file that is temporarily stored in the directory where the VHD is stored for the VM.  This VFD, ironically, attaches a unattend.xml that you could open with notepad if you like.  Here is a simple example from one of my deployments:

imageNOTE:  Ignore the “goo” as this is a VFD that isn’t expecting to get opened by Notepad.  The unattend.xml file starts at <?xml version …> 

Thus, after the server’s VHD is sysprep’d then you will see that it is provided settings to run during various passes such as Specialize & oobeSystem. 

Powerful Customizations Available & Usable

As mentioned, you can do a lot to a machine using the unattended file.  In a future post, I will outline how to take advantage of the AutoLogon feature that is super-handy for doing further customizations beyond what is initially in the unattend.xml file.

For now, lets talk about how you can add the base unattend.xml using Visual Studio and the WAIK Documentation for unattended settings.

The following utilize the <settings pass=”specialize”> pass:

Enable Remote Desktop for Server

Code Snippet
  1.     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  2.         <fDenyTSConnections>false</fDenyTSConnections>
  3.     </component>

Disable Internet Explorer’s Hard Admin

Code Snippet
  1.     <component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  2.         <IEHardenAdmin>false</IEHardenAdmin>
  3.     </component>

Disable Server Manager from Opening Automatically on First Boot

Code Snippet
  1.     <component name="Microsoft-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  2.       <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
  3.     </component>

Disable Windows OOBE experience

Code Snippet
  1.     <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  2.       <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
  3.     </component>

Moving on, let’s look at utilizing the <settings pass=”oobeSystem”> pass:

COMPONENT:  name="Microsoft-Windows-Shell-Setup"

Add domain users to local administrators group and also set password for Local Administrator account

Code Snippet
  1.       <UserAccounts>
  2.     <DomainAccounts>
  3.         <DomainAccountList wcm:action="add">
  4.             <Domain>Contoso</Domain>
  5.             <DomainAccount wcm:action="add">
  6.                 <Name>Chris</Name>
  7.                 <Group>Administrators</Group>
  8.             </DomainAccount>
  9.         </DomainAccountList>
  10.     </DomainAccounts>
  11.             <AdministratorPassword>
  12.               <Value>P@$$W0rd!</Value>
  13.               <PlainText>true</PlainText>
  14.             </AdministratorPassword>
  15.       </UserAccounts>

These are just a few of the settings available and there are a host of them that allow you to configure the server the way that you would like.  This is extremely important as it allows you granular access so that the server is literally zero touch.

Adding your unattend.xml to your Guest OS Profile

The last step, once you have the actual XML created, is to publish it to your library share.  I created a directory called UnattendFiles and placed it there on the Library share as you can see below:

image

In order for it to be available, you will need to manually fire off a library refresh by doing the following:

  1. Open the VMM Administrator Console
  2. Click Library Menu
  3. Locate the Library server, right-click and select refresh (default refresh is every 60 minutes)

To add your newly created unattend to a Guest OS Profile, do the following:

  1. Open the VMM Administrator Console
  2. Click Library Menu
  3. Click Profiles
  4. Right-click on the Guest OS Profile and select properties
  5. Click Guest OS tab
  6. Under Scripts, click Answer File
  7. Click Browse
  8. Select your unattend.XMLimage

The most useful way to learn about the various pass’s and the settings that you might want to utilize is to the WAIK download.  For your assistance, I’m including these as references:

WAIK for Windows Vista & Server 2008

WAIK for Windows 7 & Server 2008 R2 (Direct Link to ISO)

Enjoy!

-Chris

Digg This
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi Chris,

    Thanks for the info.  Even though I've added my <unattend>.xml file the the new folder as you did...the xml file doesn't show up in the "Select answer file..." window.  I'll note, it does show up when I select "Library Server" in the screen above.

    Ideas?

    Thanks in advance,

    Brent

  • ...follow-up.  If i place a .inf file in the same folder, it shows up.  Seems something is wrong with the .xml filtering of ths dialog box.

    I'm using SCVMM ver 2.0.4271.0.  I beleive this is the RTM version.

  • Hey Brent-

    The default interval for a Library refresh is every 60 minutes.  I didn't catch whether you refreshed the library server in question?  

    Can you confirm?  

    Thanks,

    -Chris

  • I was able to try a refresh.  The same procedure was used to make the inf appear.

    It's kinda weird!

    Anything you can offer is greatly appreciated,

    Brent

  • Make sure you set the correct OS type in the Guest OS properties, otherwise you will not see the unattend.xml specific to the OS version when you browse for it.

  • Hey Jeff-

    This is a great point and one that I failed to mention.  It does scope it based on your Guest OS selection.  Great post and thanks for sharing!

    -Chris

  • Hello Chris,

    nice how to for the first steps.

    Perhaps, you can give me some hints why it doesn't work.

    At first, I created a template ("Windows Web Server 2008 R2") for the creation of VMs. Second, I created a AutoUnattend.xml with the WAIK (WSIM) based on the same OS. Validation of the xml file works well, no warning or errors. After this, I imported the answer file into my library.

    So, I began to create a VM, based on the template. And on the section of the os profile, I choosed the created autounattend.xml and all seems to be correct.

    But, after the deployment of the VM, I recognized that all my configurations and settings in the autounattend.xml were disregarded.

    Do you have any ideas why or hints for debugging this issue?

    thanks in advance

    basti78

  • Hey Basti-

    I apologize that I just saw this comment (Oops!).  Let me see what I can do to help you.  The easiest method, I've found, is to watch the deployment closely and specifically the location where the actual VM's VHDs are created (this is like D:\VMs, etc.)

    SCVMM will always merge together both the settings you configure in VMM & the unattend settings into a vfd file that is attached to the VM during creation.  This vfd is a virtual floppy disk and it will be a file like unattend.vfd.  If you are monitoring this folder, you can grab this file (a copy)and then view it in Notepad.  It will usually show you the master configuration settings.  Give this a shot if you are still having problems...

    Thanks,

    -Chris