Best Practices for Preparing a Windows Virtual Machine
If you use Virtual Machines in your lab (either with Hyper-V, VMWare Workstation, Virtual Box or other), you probably would love to have a list of steps to create a nice usable Virtual Machine. There are probably annoyances you have with your Virtual Machines that if you only knew how you could make them go away.
Also, it is frustrating to revert and have to redo settings, so knowing when is best to snapshot is also nice.
This document is to help you with just that: Creating the perfect Virtual Machine that is easy to use and avoids annoyances.
Note: I have been using VMWare Workstation since 2004. I have also used ESX, Virtual Box, and Hyper-V. I have worked with lab environments the most, but I have also worked with Virtual Machines in production and consider myself highly experienced.
Setting up a new Virtual Machine
Note: These steps provide general guidelines for when to snaphsot
- Create a new VM in your favorite Virtual Machine Manager.
Note: I have used VMWare Workstation and ESX, Virtual Box, and Hyper-V and find I like them all fine. - Use a very large disk image size, but do not choose to use allocate disk space now.
Note: It is very frustrating to run out of space, so avoid this. - Delete the floppy disk if the hardware configuration has one.
Note: VMWare workstation will annoy you to no end if you leave a floppy on the system. - Install Windows.
- Note: Do not activate or enter a Product Key if it allows you to skip this step.
Note: I will use Windows Server 2008 R2 for this example. - Create a snapshot called “Clean Install” here.
- Apply all patches and updates and driver updates.
- Add a secondary admin account in case you forget the primary admin account.
- Create Snapshot called clean install with Patches.
Windows Activation
If this is to be a base OS to use to clone other Virtual Machines, never activate the base Operating System, only activate a Virtual Machine after it has been cloned and after you are sure the Virtual Machine will not be discarded as lab Virtual Machines can be discarded often.
Activation can be a delicate balance. You don’t want to active every time, but at the same time, you don’t to revert a virtual machine and have to activate again. As soon as you know you will use the Virtual Machine for a while, activate it and snapshot it. Hopefully you never have to revert to a state before it was activated.
Making the Virtual Machine Easier to Use
Allow the Virtual Machine to Shutdown from the Login Screen
- Run gpedit.msc to launch the Local Group Policy Editor.
- Click to expand Computer Configuration | Windows Settings |Security Settings |Local Policies | Security Options.
- Scroll down in the right pane and right click on “Shutdown: Allow system to be shut down without having to log on” and choose Properties.
- Click Enabled and then OK.
Disable the shutdown event tracker
Virtual Machines, especially in a lab, shutdown often and unlike production machines, tracking these shutdowns is not necessary, so lets turn this off.
- Run gpedit.msc to launch the Local Group Policy Editor.
- Click to expand Computer Configuration | Administrative Templates |System.
- Scroll down in the right pane and right click on “Display Shutdown Event Tracker” and choose Edit.
- Click Disabled and then OK.
Disable Internet Explorer Enhanced Security Configuration
It is a pain in a lab to be prompted on every web site and for every download. Labs usually trade security for speed and agility.
- Go to Server Manager.
- Under Security Information on the right, click on Configure IE ESC.
- Set the values to Off.
- CLick OK.
Making the Virtual Machine more efficient
Turn off unnecessary services
If you need to run a lot of Virtual Machines and you need to squeeze every last bit of processor power out of your Virtual Machines, then they should only run the bare minimum they need to run.
Make a list of services you do not need but are running by default and disable them.
Note: Google search for “Services you can turn off in Server 2008” or whatever Operating System you are using.
Note: Often developers install Visual Studio, which includes SQL Express, and even if they never use SQL Express, they leave the service running. Stop such services and set them to manual so they don’t restart every reboot.
Software on the Virtual Machine
Install commonly used software
This one appears easy at first. However, it is different and there is more to it than you think.
- Make a list of software you use on your Virtual Machine. Here are a few examples:
Notepad++
7zip
Acrobat Reader
Firefox or Chrome (or your favorite browser)
etc… - Install your desired software.
- Update your software.
- Snapshot.
Delete Unique Values for Some Software
If you are going to use this as a base Virtual Machine to clone other Virtual Machines, then you don’t want anything that should be unique to be the same on each machine. Any software that has unique values should have those unique values removed. I’ve seen VPN software have unique values, the LANDesk Agent, etc… Remove these unique value before you Sysprep.
Using Virtual Machines with Active Directory
Using the Virtual Machine as a base
If you are going to create a base Virtual Machine that you will clone often, just never join it to the domain. Instead, take the time to get the system perfect and sysprep the Virtual Machine so it will join the domain and prompt for a computer name on first boot.
Sysprepping a Virtual Machine
Sysprep is eithe ron the ISO or already installed.
- Run c:\windows\system32\sysprep\sysprep.exe.
(Or find sysprep on the ISO) - For System Cleanup Action, choose Enter System Out-of-Box Experience (OOBE)
- For Shutdown Options, choose Shutdown.
- Click OK.
- Snapshot once the machine has shutdown.
Prevent the Virtual Machine from ever losing a trust with the domain
When a Windows Virtual Machine is joined to the domain, reverting can cause a huge delay, especially if the snapshot is from a while ago, because a machine and the domain have a trust based on a system password (that is all under the covers) and this password can update. When reverting after the password has changed, your reverted state will no longer have a trust with the domain. This can be prevented.
- Join your machine to the domain.
- Apply DisablePasswordChange registry key.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] "DisablePasswordChange"=dword:00000001
- Create a snaptshot called “Machine joined to domain, DisablePasswordChange set”.
For more information, read this post: Virtual Machines, Snapshots, Domain Membership, and trust relationship
Change the domain password requirements to be easy or off
Again, in lab environments, security is often traded for speed and efficiency. You may want to allow passwords that are blank or two characters.
Also, because of snapshots and reverting it will eliminate Virtual Machine problems if passwords never expire.
If your Active Directory server is also in your lab, you may be able to change the passwords requirements to be easy or even turn them off completely. If your Active Directory server is not in your lab, you may have to live with them.
Don’t clone machines joined to the domain
If you clone a machine joined to the domain, you have created two machines that have the same domain membership, which should be unique. If one machine changes, it can break the trust relationship for the other machine.
The only time you should clone a machine that is joined to the domain is when you plan to discard the Virtual Machine you are cloning from.
Other Steps
Everyone has unique needs, and these are supposed to be general needs. You should document your needs and add them to your Virtual Machine creation.
If you have an idea that isn’t listed here and it is a general step, please comment.
Great stuff! I am staying stuned and learning from your posts.