SCVMM Sample Unattend.XML for Windows Server 2008 & R2
In today’s post, I thought I would share with you some XML that drives some of our dynamic provisioning. The power of dynamic provisioning is found in taking a base image of a Server operating system that has nothing enabled and customizing it using the Windows Automated Installation Kit (WAIK) that is available in SCVMM.
Getting Started with Unattend.XML
The officially supported method of building unattended files for Windows Server 2008 & R2 is using the Windows System Image Manager that is part of the WAIK. I will follow that party line and say this is the method you should go about building your unattended file though I can say that I haven’t followed this “support” method and have used my trusty Visual Studio editor and the WAIK unattended documentation. This should be considered your warning and please don’t punish me if you do this. <grin>
With this said, you could start with this unattended.xml file and build upon it and let me teach you how to do this though, again, it is not the recommended approach.
Get Started: Build your Base Unattended XML
You should open your favorite XML editor and start with this as your base.
- <?xml version="1.0" encoding="utf-8"?>
- <unattend xmlns="urn:schemas-microsoft-com:unattend">
- <settings pass="oobeSystem">
- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
This is a basic unattend that will do the following:
- Set your background to 16-bit color
- Set your resolution to 1024x768 with a refresh rate of 60
- Set your organization name to Contoso
- Hides the EULA
- Sets network location to Work
- Sets the automatic settings for Security
- Disables the Windows Machine Out-of-box-Experience
This is a good place to start. The key thing to note is that the only piece of the <component> line that changes is the name=” “ section and the name is easily identifiable through the documentation. Let’s, say for example you wanted to set the proxy settings in your unattended file you would search the documentation and you would find -
Understanding how SCVMM handles the Unattend.xml at Run-time
The key thing for you to understand is how SCVMM will utilize your unattend.xml when it is deploying a PC. In this section, I will talk a bit more about how specifically it configures your server and ensures that the base image’s specific machine data isn’t available. SCVMM utilizes the templates & profiles to build the new virtual machine. The primary data that is configured already by SCVMM is stored in the Guest OS Profile that is stored in your SCVMM library. The Guest OS Profile stores the machine name, OS type, Domain Information, and also any scripts you would like to run against the newly created VM. There is no magic sauce or voodoo here as SCVMM, if you do nothing else, still produces a unattend.xml that is used.
When SCVMM is creating the new virtual machine it produces a Virtual Floppy Disk file that is temporarily stored in the directory where the VHD is stored for the VM. This VFD, ironically, attaches a unattend.xml that you could open with notepad if you like. Here is a simple example from one of my deployments:
Thus, after the server’s VHD is sysprep’d then you will see that it is provided settings to run during various passes such as Specialize & oobeSystem.
Powerful Customizations Available & Usable
As mentioned, you can do a lot to a machine using the unattended file. In a future post, I will outline how to take advantage of the AutoLogon feature that is super-handy for doing further customizations beyond what is initially in the unattend.xml file.
For now, lets talk about how you can add the base unattend.xml using Visual Studio and the WAIK Documentation for unattended settings.
The following utilize the <settings pass=”specialize”> pass:
Enable Remote Desktop for Server
- <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Disable Internet Explorer’s Hard Admin
- <component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Disable Server Manager from Opening Automatically on First Boot
- <component name="Microsoft-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Disable Windows OOBE experience
- <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Moving on, let’s look at utilizing the <settings pass=”oobeSystem”> pass:
Add domain users to local administrators group and also set password for Local Administrator account
- <DomainAccountList wcm:action="add">
- <DomainAccount wcm:action="add">
These are just a few of the settings available and there are a host of them that allow you to configure the server the way that you would like. This is extremely important as it allows you granular access so that the server is literally zero touch.
Adding your unattend.xml to your Guest OS Profile
The last step, once you have the actual XML created, is to publish it to your library share. I created a directory called UnattendFiles and placed it there on the Library share as you can see below:
In order for it to be available, you will need to manually fire off a library refresh by doing the following:
- Open the VMM Administrator Console
- Click Library Menu
- Locate the Library server, right-click and select refresh (default refresh is every 60 minutes)
To add your newly created unattend to a Guest OS Profile, do the following:
- Open the VMM Administrator Console
- Click Library Menu
- Click Profiles
- Right-click on the Guest OS Profile and select properties
- Click Guest OS tab
- Under Scripts, click Answer File
- Click Browse
- Select your unattend.XML
The most useful way to learn about the various pass’s and the settings that you might want to utilize is to the WAIK download. For your assistance, I’m including these as references:
WAIK for Windows 7 & Server 2008 R2 (Direct Link to ISO)