Prepare your OS image for layering in Azure

This topic explains how to prepare a clean OS image for import into a new OS layer. Before you start, make sure that you meet the requirements. While preparing the image, you can Expedite Microsoft NGen operations, as described at the end of this article.

If using Windows 10 and not running Citrix Provisioning, machine creation, or View, you can speed up desktop start times by removing Windows 10 built-in applications. However, we recommend removing the apps on a new version of the OS layer, not in the OS image itself.


Do not use an unattend file in Azure. The App Layering software removes the unattend file if it is present, because it is not necessary or recommended in Azure.

Install the OS on a virtual machine

  1. In the Microsoft Azure portal, create a new virtual machine from the Windows Server Remote Desktop Session Host Windows Server 2016 or 2012 R2 image by selecting: New > Compute > Virtual Machine > From Gallery > Windows Server Remote Desktop Session Host Windows Server 2012 R2
  2. Choose Resource Manager from the Select a deployment model option list, and click Create.


    The App Layering software does not support the Classic option from the Select a deployment model option list.

  3. Complete the Create virtual machine wizard:


    • Name: The name you specify for the new machine must comply with Azure naming conventions.
    • Username and password: The username and password of the new server machine you specify are used for any packaging machines that are subsequently created containing this OS layer.
    • Resource group location: Be sure that the value for the Resource group location matches the Storage account location that you configured in the connector configuration.


    • Storage: Under Use managed disks, select No, and specify a storage account.
  4. Select required network settings.
  5. Review the summary and create the virtual machine.
  6. Log into the new virtual machine, and reboot the machine.
  7. Install all important updates. Be sure to reboot the system and check for more updates. Some updates become available only after others are installed.
  8. Run Windows NGen.
  9. Remove or rename the Unattend file in C:\Windows\OEM.
  10. Turn off Windows Automatic Updates by selecting: Control Panel > System and Security > Windows Update > Change Settings
  11. Ensure that this machine is not joined to a domain.
  12. Enable the built-in administrator and check Password never expires.
  13. If this is a server OS, run the following commands in PowerShell:

    Set-ExecutionPolicy Unrestricted

Run the App Layering OS Machine Tools on the image

  1. On the new machine, open a web browser, navigate to the Download Center and download the OS Machine Tools.
  2. Download the following zip file onto the OS image:

  3. Execute the file, and it copies files to:



    The file must be extracted to the above directory. Do not change the directory.

If using Key Management Service (KMS), configure license activation

Once the scripts are extracted, the SetKMSVersion utility asks you to choose whether or not to use KMS licensing.

  1. In the following dialog box, select whether or not to use Key Management Service (KMS) licensing.

    Set KMS version image

To configure scripts for KMS, do the following.

  1. Navigate to:


  2. Run SetKMSVersion.exe as Administrator. This creates a script file in the c:\windows\setup\scripts\kmsdir folder.

When the operating system starts, the appropriate KMS activation script is executed.

Install the App Layering services

  1. On the new machine, navigate to C:\Windows\Setup\scripts and run setup_x64.exe to install the App Layering drivers on the OS machine.
  2. The installation prompts you for the location of the Unattend.xml file (the default location is ‘C:\windows\panther).
  3. Ensure that this machine is not joined to a domain.
  4. Perform any pending reboots on the OS machine. This must be done before you can import this image into a layer.
  5. Make sure that the new OS machine is in one of the following states before proceeding.
    • Running
    • Stopped
    • Stopped (deallocated)

Expedite a Microsoft NGen operation by forcing it to the foreground

NGen is the Microsoft Native Image Generator. It is part of the .NET system, and in essence recompiles .NET byte code into native images, and constructs the registry entries to manage them. Windows decides when to run NGen based on what is being installed and what Windows detects in the configuration.


When NGen is running, you must let it complete. An interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.

(Optional) Force an NGen operation to the foreground

Normally, NGen is a background operation that pauses if there is foreground activity. If an NGen operation pauses, you can force it into the foreground so that it completes sooner:

  1. Open a command prompt as Administrator.
  2. Go to the Microsoft .NET Framework directory for the version currently in use:

    cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
  3. Enter the NGen command to execute the queued items:

    ngen update /force

    This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.

    It is okay if you see several compilation messages. You can use Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or run `ngen update /force.


    Do not reboot to stop the task. You must allow it to complete.

  4. Ensure that all NGen processes have run to completion.
  5. When complete, you can now shut down the virtual machine.