Overview
Windows 10 is one of the many operating systems that can be deployed and run in virtual environments, however, there are some pre requisites that need to be fulfilled before you can successfully deploy a Windows 10 VM with CloudBolt CMP
By default, Windows 10 disables the local Administrator account and this causes issues for any post provisioning scripts to run. It also will run the welcome and configure for the admin account, so depending on the script, it may not make the changes you would like.
We will work through what is one of the simpler solutions to achieve success with deploying a Windows 10 workstation
Considerations
Are using the appropriate version of Windows 10 (Windows 10 home is not supported)
Have a template created for Windows 10 that has been converted back to a VM
Know how to create a Server Action in CloudBolt CMP
Know how to add an action to a blueprint
Procedure
Adding the SetupComplete.cmd file to you Windows 10 template
In this section, we will create a part of the sys prep file and store it on the Windows 10 Template. This is required in order to enable the Local Administrator account and have it ready for scripts to run.
In your Windows 10 VM, create the folder path c:\windows\Setup\Scripts
Create a file called SetupComplete.cmd and edit this file
Add the following lines to this file and then save the file
NOTE: You may not want to add the Enable Auto Logon for administrator account section. This is used if you are going to run a remote script against the Windows 10 Desktop. Else please have this managed by your group policies.:Enable Admin Account net user Administrator /ACTIVE:YES :Set-Execution Policy C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Set-ExecutionPolicy -executionPolicy unrestricted -scope LocalMachine -Force :Enable auto login for administrator account REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d administrator /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d <yourtemplatepassword> /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f :Reboot System shutdown /r
Shutdown the VM and convert it back to a template
Adding a Sleep action before
We will add a sleep action to your blueprint in order to provide time for your Windows 10 deployment to reboot. The reason for the reboot is to allow you to utilize the Administrator account as part of your deployment ie; Domain Join, run scripts etc.
Create a Server Action, in this example we will name it Windows 10 Sleep
In the file location place a check in Enter code later
Click on Create
Locate your server action, click the arrow to drop down then paste in the following code snippet and click on Save
NOTE: I set mine to 300 seconds for sleep as it takes time for Windows 10 to run through the first time logon configuration then reboot. If you don’t need the first time auto logon, then this could be set as low as 60 seconds. This will vary pending on your environment""" This is a working sample CloudBolt plug-in for you to start with. The run method is required, but you can change all the code within it. See the "CloudBolt Plug-ins" section of the docs for more info and the CloudBolt forge for more examples: https://github.com/CloudBoltSoftware/cloudbolt-forge/tree/master/actions/cloudbolt_plugins """ import time from common.methods import set_progress def run(**kwargs): seconds_to_sleep = "300" seconds_to_sleep = int(seconds_to_sleep) set_progress("Sleeping for {} seconds".format(seconds_to_sleep)) time.sleep(seconds_to_sleep) return "", "", ""Click on the Plugin name
Click on the button that says Not Shared and change it to say Shared
Go to your Windows 10 blueprint and add the Action you created to your blueprint. In this example you will see it is just after the Windows10 Server build but before the Join OU in AD Domain
You can set this item to not show on order form if require by dropping down the Windows 10 Sleep Action and clicking to If Needed under Show on order form.
Now you can deploy your Windows 10 Blueprint and the local admin account will be enabled and scripts after deployment will run as required with the local admin account.
An example deployment for me was to do a Join OU in AD Domain after build. Which works without fault now.
Another example is if you are running a script to make change to the OS. You will want to amend the auto logon to remove this after your script has run, or, have your group policies manage this for you. Below is an example of rolling back the auto logon of the local administrator account which was just run as part of another remote script on the Windows 10 Desktop.
cmd.exe /c REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /f cmd.exe /c REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f cmd.exe /c REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /f cmd.exe /c shutdown /r
Additional information
CloudBolt Blueprint Actions : https://docs.cloudbolt.io/articles/#!cloudbolt-latest-docs/blueprint-actions
CloudBolt Actions : https://docs.cloudbolt.io/articles/#!cloudbolt-latest-docs/actions
Microsoft how to enable local admin on Windows 10 : https://www.onmsft.com/how-to/how-to-enable-the-default-administrator-account-in-windows-10
Microsoft Add a custom script to Windows Setup : https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup
0 Comments