Deploying a fully patched lab with PowerShell Deployment Toolkit (PDT)

To follow up on a post I did last week on deploying generation 2 VMs with PDT, I want to extend that example out to include patching the parent VHD for use with PDT.

I’m doing a lot more development with PowerShell Desired State Configuration (DSC) and some of the new functionality requires the GA Update Rollup for Windows Server 2012 R2 and 8.1 (KB2883200).

Instead of deploying virtual machines with a Windows Server 2012 R2 RTM image, I want to save some time and deploy an image with all the latest updates.

Fortunately, John Savill has already provided an easy process for Maintaining a patched VM image with Hyper-V, the easy way.

1) First we want to create a new VM image using Convert-WindowsImage. Here is an example command-line to create a Generation 2 image.

.\Convert-WindowsImage.ps1 -SourcePath V:\ISO\Windows_Server_2012_R2-Evaluation-Datacenter_Edition–EN-US-X64.ISO -VHDPath S:\VHD\WS12R2DG2.vhdx -SizeBytes 40GB -VHDFormat vhdx -VHDType Dynamic -VHDPartitionStyle GPT -Edition ServerStandardEval

2) At 52 seconds into the video, instead of creating a new hard drive, select Use an existing virtual hard disk and use the vhdx you just created, or make a copy in a new folder so that you can keep the original in tact. In my case, I have a folder called S:\VMTemplates, so I copied it to S:\VMTemplates\WS12R2Std-Gen2-Template\Virtual Hard Disks\WS1212R2Std-Gen2-Template.vhdx

3) Start your template VM, you will be asked to accept the Microsoft license agreement and enter a password. Passw0rd! works pretty well in the lab.

4) Make any customizations now, like disabling IE Enhanced Security or enabing Remote Desktop and configure Windows Update and install all patches.

5) Once the VM is patched, shut it down.

6) Create a VM checkpoint. This is our pre-Sysprep’d checkpoint and what we will to revert to after we finish creating our exported Vhdx template. You can rename it “Patched-PreSysprep” if you want to get descriptive.

7) Start the VM again and sysprep it. C:\Windows\System32\Sysprep\Sysprep.exe

8) Select System Out of box experience (OOBE), Generalize and Shutdown for the Shutdown Option.

9) Checkpoint the VM again, rename the checkpoint “Current”, right-click on the new checkpoint and select Export.

10) Save your export, in my case, S:\VMTemplates\Exported

11) Copy your exported Vhdx from the Exported directory to your folder holding all your VM images, in my case I’ll copy it to S:\VHD\WS12R2Std-Gen2.vhdx

12) Update your PDT Variable.xml to use this new Vhdx as your Parent disk.

13) Now we want to reset our template VM so that we can patch it again next month, or again before we deploy our new lab to ensure we have the latest updates. Select your template VM and then delete the “Current” checkpoint.

14) Select the original checkpoint “Patched-PreSysprep”, right-click and select Apply.

15) Now you can delete your original Checkpoint.

16) Once you have deleted the original checkpoint, you will have a VM image with all the latest Microsoft patches that doesn’t realize it has been sysprep’d, so you can repeat the process over and over again.

One word of warning, do not attempt to change a parent disk to your new image if you already have virtual machines deployed against it. Only use your new parent Vhdx for new VM deployments.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.