Product Documentation

Prepare your OS image for layering

This topic explains how to prepare a clean OS image for layering, and then import the image into a new OS layer. Once created, you can use the OS layer to build as many App layers, Platform layers, and image templates as you need. For the list of supported Windows operating systems, refer to System requirements.

Prepare an OS in XenServer, Hyper-V, or vSphere

To prepare an operating system for layering, you:

Step 1: Install the OS on a virtual machine

It is crucial to start with an OS freshly installed from ISO, preferably from your hypervisor.

Windows 10:

You can speed up start times by removing Windows 10 built-in applications. If you do, we recommend removing these applications either on the OS image itself, or on a version of the OS layer.

In this procedure, be sure to follow steps and notes specific to the Windows version you are installing.

  1. Log into your hypervisor client.
  2. Create a virtual machine with the correct CPU, RAM, and network settings for your operating system type.
    • Memory:
      • Windows 7, Windows Server 2008R2
        • 1-2 CPUs
        • 2 GB RAM
      • Windows 8, Windows Server 2012
        • 1-2 CPUs
        • 2 GB RAM
      • Windows 10, WIndows Server 2016 R2
        • 4-8 GB CPUs
      • Hard drive: Large enough to accommodate an OS installation.
    • Network:
      • XenServer virtual machine: Make sure that only one network is selected.
      • VMware virtual machine: For network device you must select the VMXNET 3 network adapter.

        Notes:

        The E1000 NIC should never have been used. The default E1000 adapter (or even a ghost NIC leftover from an E1000 adapter) can cause customization timeout errors on the virtual machines.

        You can have one, and only one, network device.

  3. Configure a virtual hard disk that is large enough for a Windows installation. Make sure it can be accessed by the appliance.
  4. Attach the ISO and install the operating system. This machine should not be joined to the domain.
  5. Install your hypervisor tools on the OS image. If you have more than one hypervisor, install the tools for the second hypervisor on the Platform layer. The tools on the Platform layer take precedence over the tools installed on the OS layer.

    Hyper-V:

    Use the Microsoft Windows Integration Services Setup Disk to install Hyper-V Integration Services.

  6. If installing a server OS and you need a session host feature, install the feature as follows:
    1. In the Server Manager, select Add roles and features.
    2. For the Installation Type, select Role-based or Feature-based installation.
    3. For the Server Role, select Remote Desktop Services > Remote Desktop Session Host (Installed).
    4. Complete the process of adding the Server Roles.
  7. Install all important updates. Check for updates again after the virtual machine is rebooted, because some updates became available only after others are installed.
  8. Install all required service packs:
    • If using Windows 2008 R2 with PVS or Horizon View, install Windows Server 2008 R2 Service Pack 1 (SP1).
  9. Install all required hot fixes:
    • Windows 2008 R2 or Windows 7 with PVS or MCS:
      • If you are using PVS or MCS, install hotfix KB2550978 and restart the virtual machine.

        Note:

        You may need to uninstall KB3125574, before installing this one.

  10. Turn off Windows Automatic Updates and disable Windows System Restore using the local group policy editor, gpedit.msc. The system handles restore points for you. Layer versions allow you to specify when updates occur.
  11. Windows 10: Turn off Hibernation by entering this command:
    powercfg.exe /hibernate off
    
  12. Enable the built-in administrator and check Password never expires.
  13. If using KMS licensing, run a command window as Administrator, and enter these commands:
    slmgr /skms <kmsserverhost>
    slmgr /rearm
    reboot
    slmgr /ipk XXXX-YOUR-KMS-KEY-XXXX
    slmgr /ato
    
  14. If this is a server OS, add Domain Users to the Remote setting. Choose an option, and then specify who can connect.
  15. Check Network and ghost NICs and delete if any exist.
    1. Enter the commands:
      set devmgr_show_nonpresent_devices=1
      devmgmt.msc
      
    2. Uninstall any dead (ghost) NICs.

Step 2: Run the App Layering OS Machine Tools on the image

To prepare the OS image to run in a layer, you execute the the OS Machine Tools file on the image. This executable runs a GPO setup script (gposetup.cmd), and a Set KMS Version script (SetKMSVersion.hta).

  1. Download the following executable file onto the OS image: App_Layering_Citrix_App_Layering_OS_Machine_Tools_4.x.zip
  2. Run the executable. Files are extracted to:
    c:\windows\setup\scripts
    

    Note:

    The file must be extracted to the above directory. Do not change the directory.

Step 3: If using Key Management Service (KMS), configure license activation

Once the scripts are extractedm the SetKMSVersion utility asks you to choose whether or not to use KMS licensing.

  1. In the following dialog box, select whether or not to use Key Management Service (KMS) licensing.

    Set KMS version image

To configure scripts for KMS, do the following.

  1. Navigate to:

    c:\windows\setup\scripts

  2. Run SetKMSVersion.exe as Administrator. This creates a script file in the c:\windows\setup\scripts\kmsdir folder.

When the operating system starts, the appropriate KMS activation script is executed.

Step 4: Make sure the correct versions of .Net Framework are installed

The .Net Framework is a software framework provided by Microsoft that is required for many 3rd party applications to run. To install this feature, follow the steps below.

Version(s) of .NET Framework to install:

  • /.NET Framework 4.5: Must be installed on any OS you are using.

  • /.NET Framework 3.5: Must be installed on Windows 10 and Windows Server 2016.

To install .NET Framework:

  1. On the Start menu, select Control Panel > Programs and Features.
  2. In the left panel select Turn Windows features on or off. A window opens.
  3. Select the correct version of .NET Framework, click OK, and wait for the installation to complete.

    Important:

    Even if .NET is already installed, continue with the rest of these steps.

  4. Exit the Control Panel.
  5. In Notifications in the right-side of your taskbar, click All Settings, and open the Windows 10 Settings app.
  6. Select Settings > Update & Security.
  7. Check for updates, and install all updates available.
  8. Exit Settings.
  9. Open an administrator-level command prompt, and enter the following commands:

    cd \windows\Microsoft.Net\Framework\v4.nnnnn
    ngen update /force
    
  10. Wait for the command to complete, and enter the following commands:

    cd \windows\Microsoft.Net\Framework64\v4.nnnnn
    ngen update /force
    
  11. Exit the command prompt.

Step 5: If using PVS, remove any ghost NICs

  1. Enter the commands:

    set devmgr_show_nonpresent_devices=
    devmgmt.msc
    
  2. Remove any ghost NICs.
  3. Reboot the system.

Step 6: Install the App Layering services

  1. In the Citrix_App_Layering_OS_Machine_Tools folder, run the setup_x86.exe (32-bit) or setup_x64.exe (64-bit).

  2. The installation prompts for the location of the unattend.xml file (the default location is c:\windows\panther). In most cases, this can be ignored.

Once this is done, you are ready to import the image into a new OS layer.

Prepare an OS in Azure

To prepare Windows Server 2016, Windows Server 2012 R2, or Windows 10 for layering:

Step 1: Install the OS on a virtual machine

  1. In the Microsoft Azure portal, create a new virtual machine from the Windows Server Remote Desktop Session Host Windows Server 2016 or 2012 R2 image by selecting: New > Compute > Virtual Machine > From Gallery > Windows Server Remote Desktop Session Host Windows Server 2012 R2
  2. Choose Resource Manager from the Select a deployment model option list, and click Create.

    Note:

    The App Layering software does not support the Classic option from the Select a deployment model option list.

  3. Complete the Create virtual machine wizard: Basics:

    • Name: The name you specify for the new machine must comply with Azure naming conventions.
    • Username and password: The username and password of the new server machine you specify are used for any packaging machines that are subsequently created containing this OS layer.
    • Resource group location: Be sure that the value for the Resource group location matches the Storage account location that you configured in the connector configuration.

    Settings:

    • Storage: Under Use managed disks, select No, and specify a storage account.

      localized image

  4. Select required network settings.
  5. Review the summary and create the virtual machine.
  6. Log into the new virtual machineReboot the machine.
  7. Install all important updates. Be sure to reboot the system and check for more updates. Some updates become available only after others are installed.
  8. Run Windows NGen.
  9. Remove or rename thw Unattend file in C:\Windows\OEM.
  10. Turn off Windows Automatic Updates by selecting: Control Panel > System and Security > Windows Update > Change Settings
  11. Ensure that this machine is not joined to a domain.
  12. Enable the built-in administrator and check Password never expires.

Step 2: Run the App Layering OS Machine Tools on the image

  1. On the new machine, open a web browser, navigate to the Download Center and download the OS Machine Tools.
  2. Download the following zip file onto the OS image:
    Citrix_App_Layering_OS_Machine_Tools_4.x.x.exe
    
  3. Execute the file, and it copies files to:

    c:\windows\setup\scripts

    Note:

    The file must be extracted to the above directory. Do not change the directory.

Step 3: If using Key Management Service (KMS), configure license activation

Once the scripts are extracted, the SetKMSVersion utility asks you to choose whether or not to use KMS licensing.

  1. In the following dialog box, select whether or not to use Key Management Service (KMS) licensing.

    Set KMS version image

To configure scripts for KMS, do the following.

  1. Navigate to:

    c:\windows\setup\scripts

  2. Run SetKMSVersion.exe as Administrator. This creates a script file in the c:\windows\setup\scripts\kmsdir folder.

When the operating system starts, the appropriate KMS activation script is executed.

Step 4: Install the App Layering services

  1. On the new machine, navigate to C:\Windows\Setup\scripts and run setup_x64.exe to install the App Layering drivers on the OS machine.
  2. The installation prompts you for the location of the Unattend.xml file (the default location is ‘C:\windows\panther).
  3. Ensure that this machine is not joined to a domain.
  4. Perform any pending reboots on the OS machine. This must be done before importing the OS.
  5. Make sure that the new OS machine is in one of the following states before proceeding.
    • Running
    • Stopped
    • Stopped (deallocated)

You are ready to import this OS image into a new OS layer.

Prepare an OS in Nutanix AHV

To prepare an operating system for layering, you:

Step 1: Install the OS on a virtual machine

  1. Log into the Prism Console.
  2. Select Task > VM, and switch to Table View to see the existing virtual machines.
  3. Click +Create VM in the upper right corner, and enter the specifics about the new virtual machine:
    1. Enter a Name and add a Description.
    2. Select the number of VCPUs.
    3. Set the Cores per CPU.
    4. Set Memory.
    5. Select Disks, and create a virtual machine with three disks. The first CD-ROM is the ISO for the OS, the second CD-ROM is for the Nutanix VIRTIO drivers that allow the Nutanix virtual machine to access the disk where you install the OS. To start, one CD-ROM is assigned.
      1. Edit the values for the assigned CD-ROM:
      2. For Operation, select Clone from ADSF file.
      3. For Bus Type, select IDE.
      4. Enter the path to your Windows ISO. The path is the combination of the Storage Container and the ISO Name. For example:

        /ISOStore/en_windows_10_enterprise_version_1511_x64_dvd_7224901.iso

      5. Click Update.
    6. Add another disk by clicking the +Add New Disk button:
      1. Set the Type to CDROM.
      2. Set the Operation to Clone from ADSF file.
      3. Set the Bus Type to IDE
      4. Enter the path to the Windows VIRTIO Drivers. For example:

        /ISOStore/virtio-win-0.1.102.iso

      5. Click Add.
    7. Click the +Add New Disk button.
      1. Set the Type to Disk.
      2. Set the Operation to Allocate on Container.
      3. Set the Bus Type to SCSI.
      4. Select the Container you want to use.
      5. Enter the Size.
      6. Click Add.
    8. Click +Add new Nic, and enter the VLAN Name.
    9. Click Save.
  4. Power on the virtual machine.
    1. Select Tasks > VM.
    2. Switch to the Table View to see existing virtual machines.
    3. Select the virtual machine in the Table, and click Power On.
  5. Launch the Console by selecting the VM and clicking Launch Console. When the VM boots it begins to install the Windows OS from the ISO disk. When the VM boots it will begin to install the Windows OS from the ISO disk.
    1. When asked, “Where do you want to install Windows?” notice that even though you added a disk in the VM creation wizard, there is no disk.
    2. Select the Load Driver option, and select Browse.
    3. Select the CD with the virtio-win-0.1.1 drivers.
    4. Select the vioscsi folder, and choose the folder for your Windows OS.
  6. After the OS is installed you will need to manually install the VirtIO drivers:
    1. Launch Device Manager.
    2. Select Other Devices, right-click Ethernet Controller and choose Update Driver Software.
    3. Browse My Computer, and choose the VirtIO CD. The ethernet drivers are stored in the NetKVM folder.
  7. Server OS: If you need a session host feature:
    1. Select Add roles and features.
    2. For the Installation Type select Feature-based installation.
    3. For the Server Role, select Remote Desktop Services > Remote Desktop Session Host.
    4. Complete the process of adding server roles.
  8. Install all important updates. Restart the system and check for more updates. Some updates only become available after others are installed.
  9. Install all required service packs.
  10. Install all required hot fixes: Windows Server 2008 R@ SP1 and Windows 7: Install KB2550978 for PVS
  11. Disable Windows System Restore and Windows Automatic Updates.
  12. Enable built-in administrator and check Password never expires.
  13. If using KMS licensing, run a command window as Administrator, and enter these commands:
    slmgr /skms <kmsserverhost>
    slmgr /rearm
    reboot
    slmgr /ipk XXXX-YOUR-KMS-KEY-XXXX
    slmgr /ato
    
  14. Server OS: Add Domain Users to Remote setting for server OS.
  15. Check for dead (ghost) NICs and delete if any exist: ``` Enter the commands: set devmgr_show_nonpresent_devices=1 devmgmt.msc

  16. Uninstall any dead (ghost) NICs.

Step 2: Run the OS Machine Tools on the OS image

To prepare the OS image to run in a layer, you execute the the OS Machine Tools file on the image. This executable runs a GPO setup script (gposetup.cmd), and a Set KMS Version script (SetKMSVersion.hta).

  1. Download the following executable file onto the OS image:

    Citrix_App_Layering_OS_Machine_Tools_4.x.x.exe

  2. Run the executable. Files are saved to:

    c:\windows\setup\scripts

    Note:

    The file must be extracted to the above directory. Do not change the directory.

Step 3: If using Key Management Service (KMS), configure license activation

Once the scripts are extracted, the SetKMSVersion utility asks you to choose whether or not to use KMS licensing.

  1. In the following dialog box, select whether or not to use Key Management Service (KMS) licensing.

    Set KMS version image

To configure scripts for KMS, do the following.

  1. Navigate to:

    c:\windows\setup\scripts

  2. Run SetKMSVersion.exe as Administrator. This creates a script file in the c:\windows\setup\scripts\kmsdir folder.

When the operating system starts, the appropriate KMS activation script is executed.

Step 4: Make sure the correct versions of .Net Framework are installed

The .Net Framework is a software framework provided by Microsoft that is required for many 3rd party applications to run. To install this feature, follow the steps below.

Version(s) of .NET Framework to install:

  • /.NET Framework 4.5: Must be installed on any OS you are using.
  • /.NET Framework 3.5: Must be installed on Windows 10 and Windows Server 2016.

To install .NET Framework:

  1. On the Start menu, select Control Panel > Programs and Features.
  2. In the left panel select Turn Windows features on or off. A window opens.
  3. Select the correct version of .NET Framework, click OK, and wait for the installation to complete.

    Important:

    Even if .NET is already installed, continue with the rest of these steps.

  4. Exit the Control Panel.
  5. In Notifications in the right-side of your taskbar, click All Settings, and open the Windows 10 Settings app.
  6. Select Settings > Update & Security.
  7. Check for updates, and install all updates available.
  8. Exit Settings.
  9. Open an administrator-level command prompt, and enter the following commands:

    cd \windows\Microsoft.Net\Framework\v4.nnnnn
    ngen update /force
    
  10. Wait for the command to complete, and enter the following commands:

    cd \windows\Microsoft.Net\Framework64\v4.nnnnn
    ngen update /force
    
  11. Exit the command prompt.

Step 5: Install the App Layering services

  1. In the Citrix_App_Layering_OS_Machine_Tools folder, run the setup_x86.exe (32-bit) or setup_x64.exe (64-bit).

  2. The installation prompts for the location of the unattend.xml file (the default location is c:\windows\panther).

Once this is done, you are ready to import the image into a new OS Layer.

Expedite a Microsoft NGen operation

NGen is the Microsoft Native Image Generator. It is part of the .NET system, and basically recompiles .NET byte code into native images and constructs the registry entries to manage them.

Windows decides when to run NGen based on:

  • What is being installed.
  • What Windows detects in the configuration.

When NGen is running, you must let it complete. An interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.

Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the foreground can help the task to complete as quickly as possible.

Force an NGen operation to the foreground

  1. Open a command prompt as Administrator.
  2. Go to the Microsoft .NET Framework directory for the version currently in use:

    cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
    
  3. Enter the NGen command to execute the queued items:

    ngen update /force
    

    This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.

    It is okay if you see several compilation messages. You can use Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or run `ngen update /force.

    Caution:

    Do not reboot to stop the task. You must allow it to complete.

  4. Ensure that all NGen processes have run to completion.
  5. When complete, you can now shut down the virtual machine.

OS Optimization Script for Microsoft Office

The Optimization script, included in the App Layering installation package, is now required for layering Microsoft Office. This script allows you to save memory and CPU by disabling services you don’t need, enabling services you do need, and removing installation-specific drivers and settings.

  1. In the c:\windows\setup\scripts folder, run the optimizations.cmd file to create a file that will be run when the image is created.

  2. If you run the Unattend.hta file, the optimizations.cmd file is run automatically. If you run optimizations.cmd without first running Unattend.hta, follow the instructions to run it on the OS Image.

    If you are using the Optimizations script and you are enabling the View Persona feature, you must go to the section of the script called Disable Unnecessary Services to Save Memory and CPU, deselect the option to Disable Offline File Service, and click Save File. This is because View Persona folder redirection requires Offline files to be enabled, and by default, the optimization script turns off any offline files that are not a requirement for App Layering.

Answer file (Unattend.hta) for unattended installation (optional)

Our Unattend.hta file is included in the App Layering installation package. In the rare case that you need to run Windows Mini Setup with an Unattend.hta file, use these steps.

  1. In the c:\windows\setup\scripts folder, right-click the unattend.hta tool and choose Run as administrator. The unattend builder form opens.
  2. Complete the unattend form.Product key activation.
    • For KMS activation, select KMS Server.
      • For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK.
      • For Retail Licensing with a MAK, select Retail with MAK, and the MAK.
    • Local Administrator account
      • If you want to use the unattend.xml file to enable the Administrator account on each Layered Image, select Enable. Remember to also enable this account in your OS Image or Operating System Layer revision. It is possible to enable the Administrator account for your OS Image and then have it disabled in the deployed Layered Images by clearing the check box
      • If you want to add an alternate Administrator account, select Enable and enter the account information. This account cannot be pre-configured in the OS Image.
      • You can create a Layered Image where the Administrator is disabled and the alternate administrator is created and enabled. However for this to work, the Administrator account must be enabled in the OS Image and it cannot be renamed.
    • Time zone
      • Select the time zone. If your time zone is not listed, you can add it to the Other box. Be sure to use the time zone, not the display setting. A list of time zone settings can be found in Microsoft TechNet.
    • Disabling automatic activation
      • Select this option if you plan to use the Microsoft Volume Activation Management Tool.
  3. Click Save File.