How to Build a VMware vSphere VM Template for Windows Server 2008 R2

Original article can be found here:

Building a VMware template for Server 2008 vs. Server 2008 R2 has some differences. This blog post will cover everything we did to successfully get it working and a detailed explanation of why we chose certain settings. Big thanks to to Jeremy Waldrop and his blog post that described setting up a template for 2008 which helped us quite a bit in our research to create the perfect template for 2008 R2.

OS Used: Windows Server 2008 R2 Standard (x64) Volume License Edition

VM Hardware config:

  • Single vCPU
  • 4 GB RAM
  • 40 GB Primary Hard Drive (for Operating System)
  • 10 GB Secondary Hard Drive (for Page File
  • LSI Logic SAS SCSI Controller
  • VMXNet 3 Network Adapter

I know most organizations using Server 2003 have always done a 20 GB C: partition. With 2008, I suggest going to 40 GB OS drives as a standard. Server 2008 (especially x64 versions) requires more space. Out of the box 2008 R2 x64 takes up 10 GB. Also Server 2008 has a component store (c:\windows\winsxs) which is very large. This is because 2008 no longer uses i386, everything is stored locally already in this component store folder. Remember, Server 2008 and any future MS product is all about componentization!! When you install a component from this store, my understanding is that it is “projected” to the OS. So basically Windows 2008 installed components run from this component store essentially. As the system receives updates over time, expect this directory to grow even larger since it never deletes old stuff. Think of the different versions of kind of stacking on each other. I believe with each service pack there is a tool to uninstall components that are no longer necessary or superseded. So stick with a 40 GB OS partition and you should be fine for a long time. You will also notice we have a 10 GB secondary drive for a page file. We’ll get to that later in the article.

Now on to the actual build:

  1. First create a new VM
    • Select Custom Configuration
    • Enter VM Name and Inventory Location
    • Select Datastore
    • Select Virtual Machine Version: 7
    • Select “Microsoft Windows Server 2008 R2 (64-bit)” as OS Version
    • # of Virtual Processors: 1
    • Amount of RAM: 4GB
    • Network
      • # of NICs: 1
      • Adapter Type: VMXNET 3
      • Select “Connect at Power On
    • SCSI Controller: LSI Logic SAS
    • Create New Virtual Disk: 40GB
    • Advanced Options: No Change
  2. Now prepare the virtual hardware:< >Edit VM Settings > Options > General Section > Uncheck “Enable logging”

    Boot Options > Check box to force going into the BIOS on next boot

  3. Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
    • Disable Serial port A
    • Disable Serial port B
    • Disable Parallel port
  4. Exit and Save
  5. Install Windows 2008 R2 Standard – Full Install
  6. After OS install and reboot, change Administrator Password (will prompt)
  7. Disconnect Windows 2008 R2 ISO and set device type to Client Device
  8. Set Time Zone
  9. VMware Tools Install
    • Install VMtools, choose Custom Install Type
    • Disable the “Shared Folders” drive and install Tools ** Note we are disable Shared Folder due to profile loading issues which was documented even back in ESX 3.5 and VMware Tools here on the VMare Communities forum. I have not personally had an issue leaving it enabled but just to be cautious and the fact we don’t use this feature in our organization, we have left it disabled.
    • Set time synching between the VM and ESX host
    • Reboot after Tools Install
  10. Network Configuration
  11. From Server Manager, select View Network Connections
  12. Right click on Local Area Connection and select properties
  13. Uninstall QoS Packet Scheduler and both Link-Layer Topologies (Mapper & Responder) ** We don’t do QOS at the server level, our switches do that. Link Layer is not used by us.
  14. Uncheck IPv6 and close network connection screens ** We don’t use IPv6 yet so we disabled it for now
  15. From Server Manger select Change System Properties
  16. On System Properties screen click Change on Computer Name Tab
  17. Set Server Name and restart
  18. From Server Manager under Security Information, select Configure Updates
  19. Select Let me choose
  20. Under Important Updates, select Never check for updates, click ok
  21. Start > All Programs > Windows Update > Check for updates and install all Recommended Updates
  22. Server Name
  23. Windows Updates
  24. Enable Remote Desktop, choose “Allow connections from computers running any version of Remote Desktop” (2nd option)
  25. Right click 3rd icon from Start Button (Windows Explorer) and select “Unpin this program from taskbar”
  26. Right click 2nd icon from Start Button (Windows PowerShell) and select “Unpin this program from taskbar”
  27. Right click Taskbar and choose Properties and choose Customize under Notification Area
  28. Select “Turn system icons on or off”, and turn Volume Off, click Ok
  29. From Server Manager select Change System Properties
  30. Select Advanced Tab > Settings and choose “Adjust for best performance”
  31. Open “Computer” > Select Organize > Choose Folder and search options
  32. Under View Tab
    • Select “Show hidden files, folders and drives”
    • Uncheck “Hide extensions for known file types”
  33. From Security Information Section, select Configure IE ESC
    • Change Administrators to Off and leave Users On ** My reasoning for this is the only “Users” should be service accounts on a server so leaving it On should not matter
  34. Disable Windows Firewall **Not best practice to disable, but my environment requires it
  35. Apply changes to c:\ and all subfolder/files
  36. Continue/Ignore on Access Denied errors
  37. Change option to High Performance
  38. Command Prompt, enter powercfg.exe –h off
  39. From Server Manager, select “Do not show me this console at logon” and close Server Manager
  40. Taskbar Changes
  41. Edit VM Properties
  42. Add a 2nd hard drive (10GB) and change to SCSI (1:0)
  43. Run Disk Manager and format as Z:\ drive ** We use Z: as the drive letter so it does not interfere with adding additional drives later on.
  44. From Server Manager, select System Properties > Advanced > Performance Settings > Advanced > Virtual Memory Change
    • Assign 1024MB Page file to c:\
    • Assign 5120MB Page file to z:\
  45. Server Manager > Add Features > SNMP
  46. Server Manager > Configuration > Services > SNMP > Security
    • Accepted community names – Add your community (as READ ONLY)
    • Accept SNMP Packets from these hosts – Add your hosts (remember to leave localhost in there)
  47. System Performance
  48. Folder and Search Options
  49. IE ESC
  50. Change IE Home Page to blank so you don’t get that pesky Internet Exploer Enhanced Security Configuration warning page
  51. Under Computer, right click c: and select properties, uncheck “Allow files on this drive to have contents indexed in addition to file properties”
  52. Power Options (from Control Panel)
  53. Disable Hibernation
  54. Delete the Page file and reboot (so c:\ can be fully defragmented)
  55. Run defrag
  56. Page File
  57. SNMP
  58. Release the IP and turn VM into a template in Virtual Center
  59. OS Installation and Configuration
  60. Turn VM into a Template
    This procedure will copy the Administrator account profile into the default user profile so that all users that login or that will be created in the future will get the same profile with all the customizations you have done above. When you sysrep a server template and create a new VM from it, a new SID is generated which means a new local Administratior account is created during the sysrep procedure. This means all the customizations you have done will be wiped out above unless you copy all your settings above when you create a new VM. In the past with Server 2003 and even Server 2008, you had the “Copy To” feature to copy a user profile to another. With Server 2008 R2, Microsoft has disabled this feature. It is now done via an unattend.xml file using the “CopyProfile” node. I actually prefer this method now after doing it a few times. This procedure is detailed per the Microsoft KB article< >Create unattend.xml in “c:\windows\system32\sysprep” folder as follows. NOTE: Do not copy and paste the text below because WordPress messes up the quotes which will lead to errors during sysprep. Please right click-save as this link and copy and paste from the txt file instead.

     <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi=""> <RegisteredOrganization>Your Organization Name</RegisteredOrganization> <RegisteredOwner>Your Registered Owner</RegisteredOwner> <CopyProfile>true</CopyProfile> </component> </settings> <cpi:offlineImage cpi:source="wim:f:/sources/install.wim#Windows Server 2008 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend> 

    At command prompt, type the following command:  C:\windows\system32\sysprep\sysprep.exe  /generalize /unattend:unattend.xml

  61. System Preparation Tool 3.14

    Choose Enter System OOBE

    Check Generalize button

    Leave shutdown option as reboot

    Click OK