How-To
15 Windows 10 Template Tips for Administrative VMs
Here's what Rick Vanover learned while making a new Windows 10 template virtual machine.
- By Rick Vanover
- 03/30/2018
I've been out of the template-making business for a while, but have recently had an opportunity to make a new Windows 10 template virtual machine (VM). I learned a lot during this process, so sharing those tips with you will hopefully help you out, too.
Let's first narrow down the use case. When I say "Administrative VMs," I'm referring to jump boxes, admin consoles and so on for use in a virtualized infrastructure. I'm not referring to Windows 10 VDI strategies for many like systems. This use case that I'm sharing is applicable to where Windows 10 systems are in the datacenter that you would work from for vSphere and Hyper-V administration. In my case, I'm using VMware View to access this Windows 10 system and after the 1709 update it was time to make a new template. This will provide me access to my vSphere and Hyper-V infrastructure (technically it's a lab -- but it's production to me) by being on the same network and available to me anywhere (office, home, traveling -- even on mobile devices).
This list is catered to the day-to-day tasks that I found useful and use frequently. This is not an exhaustive list, however; chances are you may take pieces of this into your own template for this use case. Here are my tips for Windows 10 templates for administrative systems:
- Perform Windows Updates: This is a given, but will improve the experience when a template is deployed. It's also good to ensure that the updates will be set on an ongoing basis either locally or have it addressed in a Group Policy Object when this system joins a domain. Also, decide on Windows 10 1709 -- now is a good time to start with it and note that you cannot sysprep systems that were upgraded to 1709.
- Disable IPv6: I'm sorry, but I'm just not using it. Maybe you are; but I'm not seeing it. Disabling it as a protocol will ensure that no erroneous DNS resolutions over IPv6 can occur.
- Install SQL Server Management Studio: This is a somewhat large installation; but for my use case I always find myself having to download it and install it. This is much better than remotely logging in to SQL Server systems for database work. Download it here, but do not leave it on disk -- it's a rather large install. Want something a bit lighter (and works with PostgreSQL and MySQL)? You can also consider HeidiSQL as a remote database client.
- Install your favorite Text editor: I like NoteTab, and there are plenty more.
- Install NBTScan: I love this free tool -- it's a great way to do a quick scan of Windows systems on a subnet to see what's present. I like to have a folder called C:\tools and put all of my command-line tools in that folder. The best part about NBTScan is that when you download it, it consumes a whopping 92.1KB, that's it.
Figure 1 shows how awesome NBTScan is.
- Put Putty on disk: In the same folder as NBTScan is a good place to put the Linux and Unix staple Putty.
- Configure Windows Firewall: Configuring Windows Firewall before joining a domain is a good idea. I generally don't use it on internal networks, and thus have committed this command to memory: netsh advfirewall set allprofiles state off.
- Configure/disable any local Windows accounts: You'll need at least one to make the template; but decide what should remain. You can also have a Group Policy Object do this after it's domain joined.
- Install a screen capture tool: This is handy for troubleshooting, building internal documentation and support cases. In my environment we use the free Greenshot tool; and it's decent enough to give you options after the screenshot is taken.
- Ensure there's adequate storage space: I've been building Windows 10 Administrative VMs either at 75GB or 100GB; less than 50GB just seems too small.
- Install Remote Desktop Connection Manager: If you use this Administrative VM like I do, it's truly a jump box to other systems. Connection Manager is great for viewing many at once and you can download it here.
- Install the Remote Server Administrative Tools: This can save you needless connections to other systems. Some of the everyday tools like Active Directory Users and Computers, Server Manager, Hyper-V Manager, DNS and more are included in this must-have download. If you also are using Windows Server 1709, make sure you get the edition of this tool that supports 1709 also! Once you have this installed, many popular consoles can be accessed remotely, as shown in Figure 2.
- Rearm Windows if you activate after you deploy the template: A good way to rearm easily (and get up to 180 more days of validity) is to run: slmgr /rearm from PowerShell as an administrator.
- Remove unnecessary files: Toward the end of your configuration, it's a good idea to run c:\windows\system32\cleanmgr to clean up a bit.
- Configure a mechanism to backup your template: You've done good work, now save it!
After you've done all of this in addition to your existing steps, it's a good time to set a reminder in one month to take this VM out of template format and do updates. While this isn't an exhaustive list of steps to perform for making a template, it likely has a few things you may incorporate into your own process. What do you put in an administrative VM template? Share your configuration with me.
About the Author
Rick Vanover (Cisco Champion, Microsoft MVP, VMware vExpert) is based in Columbus, Ohio. Vanover's experience includes systems administration and IT management, with virtualization, cloud and storage technologies being the central theme of his career recently. Follow him on Twitter @RickVanover.