Create OS layer
May 30, 2018
An OS layer includes the software and settings for the operating system that you deploy as part of your layered images. The OS layer is used to create your Platform and App layers, and is used to build your layered images. Once you have prepared the OS image for deployment, you can create an OS layer by importing the OS disk into a new Layer.
Minimize the number of OS layers
Ideally, you create one OS layer that is as generic as possible, and add a new version to it whenever you need to update the OS. If you can support your users with a single OS layer, the work associated with creating and updating Platform layers and App layers is much reduced.
If you need to support more than one operating system, for example Windows Server 2016 and Windows 10, you create an OS layer for each one.
App layers and Platform layers are tied to the OS layer used to create them. For example, If you want to use Office on both Windows Server 2016 and , you need to create two different Office App layers, one for each operating system. Further, when delivering Elastic layers, those layers must be compatible with users’ desktops, and should use the same OS layer.
Labs feature: You can experiment with assigning an App layer as an Elastic layer on an image template that uses a different OS layer.
What to include in the OS layer
Include the base operating system fresh from ISO (patches applied), and:
- Your hypervisor tools.
- A legacy NIC, If you are using PVS in Hyper-V..
- .NET Framework v4.0 or later (so you only need to run Windows updates on the OS layer).
- All checkpoints collapsed.
- Any application that creates local users. Platform and App layers do not capture changes to local groups or local users.
- Disable Windows updates. Do so using local GPO rather than the Windows Update Service.
- If you remove Windows Store apps, remove them from the OS layer, not on an App layer.
- Use KMS for Windows Activation. When creating your OS layer, run SetKMSVersion.exe to configure the startup scripts that activate the correct version of Windows.
Any extra user accounts or groups need to be created in the OS layer. Any domain group membership changes need to be done through Group Policy.
What not to inlcude
- Do not include MS Office on this layer, but rather in an App layer.
- Any software associated with your provisioning service or connection broker should be installed on the Platform layer., not on the OS layer.
- Applications, including MS Office, should be installed on an App layer, not on the OS layer.
- Avoid upgrading the hypervisor tools on the OS layer. Otherwise, you might have to recreate the Platform layer.
- Although you can use VHDX disks, do not use converted VHDX disks.
- Do not use a diff disk.
- Do not use Gen2 machines.
- Do not join the OS layer to an Active Directory domain. Instead, join the domain in the Platform layer. This allows you to use the same OS in different domains.
When optimizing the OS for layering:
- Add a version for the optimizations to your OS layer so that you have a version to fall back on that has never been optimized. Run your desired optimizations. Don’t include any HKCU optimizations – leave those for Citrix profiles or GPOs.
- The advantage to optimizing in the OS layer is that your packaging machines include the optimizations. If an application doesn’t work with one of the optimizations, you can find out while packaging the layer.
- Always keep the original OS layer without optimizations. It can be very hard to back out of optimizations you’ve applied. This allows you to go back to that version, add a new version, and set up the optimizations again.
- If you have optimizations that are not the same for all images, then you can change those settings in an App Layer, and add the App Layer to the image template. This assumes you are not removing Universal Apps, which have to be removed in the OS layer..
OS layer maintenance
- Each time you need to deploy operating system patches and updates, you add a new version to the OS layer. You can continue to publish layered images by using any version of the OS layer.
- You can update the operating system using Windows Update, Windows Server Update Services (WSUS), or offline standalone update packages. Do not use tools like SCCM.
- Platform and App layers are tied to the OS layer you use to create them, but they are not dependent upon a specific version of the layer. When you add new versions to the OS layer, the App and Platform layers dependent on the OS layer continue to work.
- Be sure to apply updates to the OS layer before updating the Platform layer or MS Office App layer.