Prepare your OS image for layering in Azure
This topic explains how to prepare a clean OS image for import into a new OS layer. Before you start, make sure that you meet the requirements. While preparing the image, you can Expedite Microsoft Ngen.exe operations, if you think it is taking too long.
If using Windows 10 and not running Citrix Provisioning, machine creation, or View, you can speed up desktop start times by removing Windows 10 built-in applications. However, we recommend removing the apps on a new version of the OS layer, not in the OS image itself.
Do not use an unattend file in Azure. The App Layering software removes the unattend file if it is present, because it is not necessary or recommended in Azure.
Install the OS on a virtual machine
- In the Microsoft Azure portal, create a new virtual machine from the Windows Server Remote Desktop Session Host Windows Server 2016 or 2012 R2 image by selecting: New > Compute > Virtual Machine > From Gallery > Windows Server Remote Desktop Session Host Windows Server 2012 R2
Choose Resource Manager from the Select a deployment model option list, and click Create.
The App Layering software does not support the Classic option from the Select a deployment model option list.
Complete the Create virtual machine wizard:
- Name: The name you specify for the new machine must comply with Azure naming conventions.
- Username and password: The user name and password of the new server machine you specify are used for any packaging machines that are created containing this OS layer.
- Resource group location: Be sure that the value for the Resource group location matches the Storage account location that you configured in the connector configuration.
- Storage: Under Use managed disks, select No, and specify a storage account.
- Select required network settings.
- Review the summary and create the virtual machine.
- Log into the new virtual machine, and reboot the machine.
- Install all important updates. Be sure to reboot the system and check for more updates. Some updates become available only after others are installed.
- Run Windows Ngen.exe.
- Remove or rename the Unattend file in
- Clear Windows Automatic Updates by selecting: Control Panel > System and Security > Windows Update > Change Settings
- Ensure that this machine is not joined to a domain.
- Enable the built-in administrator and check Password never expires.
If this is a server OS, run the following commands in PowerShell:
Set-ExecutionPolicy Unrestricted Enable-PSRemoting <!--NeedCopy-->
Run the App Layering OS Machine Tools on the image
- On the new machine, open a web browser, navigate to the Download Center and download the OS Machine Tools.
Download the following zip file onto the OS image:
Run the file, and it copies files to:
The file must be extracted to the above directory. Do not change the directory.
If using Key Management Service, configure license activation
Once the scripts are extracted, the
SetKMSVersion utility asks you to choose whether to use Key Management Service (KMS) licensing.
Note: Publishing images into environments where both KMS and Active Directory-based activation (ADBA) are being used at the same time causes problems with activation.
In the following dialog box, select whether to use Key Management Service (KMS) licensing.
To configure scripts for KMS, do the following.
Run SetKMSVersion.exe as Administrator to create a script file in the
When the operating system starts, the appropriate KMS activation script is run.
Install the App Layering services
- On the new machine, navigate to
C:\Windows\Setup\scriptsand run setup_x64.exe to install the App Layering drivers on the OS machine.
- The installation prompts you for the location of the Unattend.xml file (the default location is ‘C:\windows\panther).
- Ensure that this machine is not joined to a domain.
- Perform pending reboots on the OS machine so that you can import this image into a layer.
- Make sure that the new OS machine is in one of the following states before proceeding.
- Stopped (deallocated)
Expedite a Microsoft Ngen.exe operation, if necessary
Once all software updates have been installed, you must allow
Ngen.exe to essentially recompile
.NET byte code into native images and construct the registry entries to manage them.
Ngen.exe is the Microsoft Native Image Generator, which is part of the
.NET system. Windows determines when to run
Ngen.exe based on what software is being installed and what Windows detects in the configuration.
Ngen.exeis running, you must let it complete. An interrupted
Ngen.exeoperation can leave you with non-functioning
.NETassemblies or other problems in the
Ngen.exe is a background operation that pauses when there is foreground activity. If you want to expedite an
Ngen.exe operation, you can bring the task into the foreground to complete it as quickly as possible.
To bring the task into the foreground:
- Open a command prompt as Administrator.
Go to the
Microsoft.NET\Frameworkdirectory for the version currently in use:
Enter the following
Ngen.execommand to run all queued items. This command processes queued component installs before building assemblies.
ngen eqi 3
Ngen.exetask moves to the foreground in the command prompt, and lists the assemblies being compiled. It is OK if you see compilation messages.
You can use the Task Manager to see if an instance of
MSCORSVW.EXEis running. If it is, allow it to complete, or run
ngen update eqi 3.
Caution: Do not reboot to stop the task. Allow the task to complete!
- Ensure that all
Ngen.exeprocesses have run to completion.