Prepare and customize a master VHD image

This article tells you how to prepare a master virtual hard disk (VHD) image for upload to Azure, including how to create virtual machines (VMs) and install software on them. These instructions are for a Windows Virtual Desktop Preview-specific configuration that can be used with your organization's existing processes.

Create a VM

Windows 10 Enterprise multi-session is available in the Azure Image Gallery. There are two options for customizing this image.

The first option is to provision a virtual machine (VM) in Azure by following the instructions in Create a VM from a managed image, and then skip ahead to Software preparation and installation.

The second option is to create the image locally by downloading the image, provisioning a Hyper-V VM, and customizing it to suit your needs, which we cover in the following section.

Local image creation

Once you've downloaded the image to a local location, open Hyper-V Manager to create a VM with the VHD you copied. The following instructions are a simple version, but you can find more detailed instructions in Create a virtual machine in Hyper-V.

To create a VM with the copied VHD:

  1. Open the New Virtual Machine Wizard.

  2. On the Specify Generation page, select Generation 1.

    A screenshot of the Specify Generation page. The "Generation 1" option is selected.

  3. Under Checkpoint Type, disable checkpoints by unchecking the check box.

    A screenshot of the Checkpoint Type section of the Checkpoints page.

You can also run the following cmdlet in PowerShell to disable checkpoints.

Set-VM -Name <VMNAME> -CheckpointType Disabled

Fixed disk

If you create a VM from an existing VHD, it creates a dynamic disk by default. It can be changed to a fixed disk by selecting Edit Disk... as shown in the following image. For more detailed instructions, see Prepare a Windows VHD or VHDX to upload to Azure.

A screenshot of the Edit Disk option.

You can also run the following PowerShell cmdlet to change the disk to a fixed disk.

Convert-VHD –Path c:\\test\\MY-VM.vhdx –DestinationPath c:\\test\\MY-NEW-VM.vhd -VHDType Fixed

Software preparation and installation

This section covers how to prepare and install FSLogix, Windows Defender, and other common applications.

If you're installing Office 365 ProPlus and OneDrive on your VM, see Install Office on a master VHD image. Follow the link in Next steps of that article to return to this article and complete the master VHD process.

If your users need to access certain LOB applications, we recommend you install them after completing this section’s instructions.

Disable Automatic Updates

To disable Automatic Updates via local Group Policy:

  1. Open Local Group Policy Editor\Administrative Templates\Windows Components\Windows Update.
  2. Right-click Configure Automatic Update and set it to Disabled.

You can also run the following command on a command prompt to disable Automatic Updates.

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /f

Specify Start layout for Windows 10 PCs (optional)

Run this command to specify a Start layout for Windows 10 PCs.

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SpecialRoamingOverrideAllowed /t REG_DWORD /d 1 /f

Set up user profile container (FSLogix)

To include the FSLogix container as part of the image, follow the instructions in Set up a user profile share for a host pool. You can test the functionality of the FSLogix container with this quickstart.

Configure Windows Defender

If Windows Defender is configured in the VM, make sure it's configured to not scan the entire contents of VHD and VHDX files during attachment.

This configuration only removes scanning of VHD and VHDX files during attachment, but won't affect real-time scanning.

For more detailed instructions for how to configure Windows Defender on Windows Server, see Configure Windows Defender Antivirus exclusions on Windows Server.

To learn more about how to configure Windows Defender to exclude certain files from scanning, see Configure and validate exclusions based on file extension and folder location.

Configure session timeout policies

Remote session policies can be enforced on Group Policy level since all VMs in a host pool are part of the same security group.

To configure remote session policies:

  1. Navigate to Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits.
  2. In the panel on the right side, select the Set time limit for active but idle Remote Desktop Services sessions policy.
  3. After the modal window appears, change the policy option from Not configured to Enabled to activate the policy.
  4. In the drop-down menu beneath the policy option, set the amount of time to 4 hours.

You can also configure remote session policies manually by running the following commands:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v RemoteAppLogoffTimeLimit /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fResetBroken /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxConnectionTime /t REG_DWORD /d 10800000 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v RemoteAppLogoffTimeLimit /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxDisconnectionTime /t REG_DWORD /d 5000 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxIdleTime /t REG_DWORD /d 7200000 /f

Set up time zone redirection

Time zone redirection can be enforced on Group Policy level since all VMs in a host pool are part of the same security group.

To redirect time zones:

  1. On the Active Directory server, open the Group Policy Management Console.
  2. Expand your domain and Group Policy Objects.
  3. Right-click the Group Policy Object that you created for the group policy settings and select Edit.
  4. In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection.
  5. Enable the Allow time zone redirection setting.

You can also run this command on the master image to redirect time zones:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableTimeZoneRedirection /t REG_DWORD /d 1 /f

Disable Storage Sense

For Windows Virtual Desktop session host that use Windows 10 Enterprise or Windows 10 Enterprise multi-session, we recommend disabling Storage Sense. You can disable Storage Sense in the Settings menu under Storage, as shown in the following screenshot:

A screenshot of the Storage menu under Settings. The "Storage sense" option is turned off.

You can also change the setting with the registry by running the following command:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\StoragePolicy" /v 01 /t REG_DWORD /d 0 /f

Include additional language support

This article doesn’t cover how to configure language and regional support. For more information, see the following articles:

Other applications and registry configuration

This section covers application and operating system configuration. All configuration in this section is done through registry entries that can be executed by command-line and regedit tools.

Note

You can implement best practices in configuration with either Group Policy Objects (GPOs) or registry imports. The administrator can choose either option based on their organization's requirements.

For feedback hub collection of telemetry data on Windows 10 Enterprise multi-session, run this command:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 3 /f

Run the following command to fix Watson crashes:

remove CorporateWerServer* from Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting

Enter the following commands into the registry editor to fix 5k resolution support. You must run the commands before you can enable the side-by-side stack.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxMonitors /t REG_DWORD /d 4 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxXResolution /t REG_DWORD /d 5120 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxYResolution /t REG_DWORD /d 2880 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\rdp-sxs" /v MaxMonitors /t REG_DWORD /d 4 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\rdp-sxs" /v MaxXResolution /t REG_DWORD /d 5120 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\rdp-sxs" /v MaxYResolution /t REG_DWORD /d 2880 /f

Prepare the image for upload to Azure

After you've finished configuration and installed all applications, follow the instructions in Prepare a Windows VHD or VHDX to upload to Azure to prepare the image.

After preparing the image for upload, make sure the VM remains in the off or deallocated state.

Upload master image to a storage account in Azure

This section only applies when the master image was created locally.

The following instructions will tell you how to upload your master image into an Azure storage account. If you don’t already have an Azure storage account, follow the instructions in this article to create one.

  1. Convert the VM image (VHD) to Fixed if you haven’t already. If you don’t convert the image to Fixed, you can't successfully create the image.

  2. Upload the VHD to a blob container in your storage account. You can upload quickly with the Storage Explorer tool. To learn more about the Storage Explorer tool, see this article.

    A screenshot of the Microsoft Azure Storage Explorer Tool's search window. The "Upload .vhd or vhdx files as page blobs (recommended)" check box is selected.

  3. Next, go to the Azure portal in your browser and search for “Images.” Your search should lead you to the Create image page, as shown in the following screenshot:

    A screenshot of the Create image page of the Azure portal, filled with example values for the image.

  4. Once you’ve created the image, you should see a notification like the one in the following screenshot:

    A screenshot of the "successfully created image" notification.

Next steps

Now that you have an image, you can create or update host pools. To learn more about how to create and update host pools, see the following articles: