Below is a sealing script I created which is designed for a VMware Horizon environment with FSlogix. It also calls VMware OSOT tool and can run a report of existing OSOT settings, apply an optimization template and generate a report of the result, and then run the Finalize steps to prepare the image for a snapshot.
You may wish to chop and change it to fit the technologies in your environment. I have also attached screenshot example of how to configure a .ps1 shortcut to run the script with elevated rights and bypass Execution policy.
#######################################################################
# Image sealing script to be run before shutting down master images and creating a snapshot for a Horizon VDI pool
#Created 07/02/2020
#Author: Dave Baker
###INSTRUCTIONS###
# Create a folder on your master image "C:\VDI" then create a subfolder C:\VDI\OSOT and extract the OSOT tool to this directory. Place the script in the root of \VDI folder.
# OSOT folder should reside in (C:\VDI\OSOT) and your optimization template filename should be adjusted accordingly, but in the below example I used: 'OSOT_Win_10_1909.xml'.
#Steps
#Update AV agent
#Delete Horizon, FSlogix and Appvolumes logs
#Hide VMware Tools icon
#
Set default username to blank
#Delete unwanted profiles
#Empty recycle bin - *note - do not delete %temp% or c:\windows\temp folder contents - OSOT writes to these locations.
#Pop-up option to report on current osot settings, apply the template, and then reboot prompt.
#Disable windows update and windows modules installer service, set the recovery action to 'Take No Action'
#Wipe your Profile Management solution GUIDs - delete if not required.
#Wipe your AV Solution guids - delete section if not required.
################# UPDATE AV ##########################################
#ADD SWITCHES TO UPDATE YOUR AV AGENT HERE - the below example uses McAfee ####
Write-Host "'Updating AV agent..."
Start-process "c:\Program Files\McAfee\Agent\cmdagent.exe" -ArgumentList "-c" -wait -ErrorAction SilentlyContinue -WindowStyle Hidden
}
Pause 5
################# DELETE LOGS #################################################
Write-Host "Deleting FSlogix, Appvolumes and Horizon Agent log files..."
$FSlogixLogs = "C:\ProgramData\FSLogix\Logs\"
$AppVolumesLogs = "C:\Program Files (x86)\CloudVolumes\Agent\Logs\"
$HorizonAgentLogs = "C:\ProgramData\VMware\VDM\logs\","C:\ProgramData\VMware\VMware Logon Monitor\Logs\",'C:\ProgramData\VMware\VMware Blast\','C:\ProgramData\VMware\logs\'
Get-ChildItem -Path $fslogixlogs -include *.log -Recurse -ErrorAction SilentlyContinue | Remove-Item -ErrorAction SilentlyContinue
Get-ChildItem -Path $AppVolumesLogs -include *.log -Recurse -ErrorAction SilentlyContinue | Remove-Item -ErrorAction SilentlyContinue
foreach ($folder in $HorizonAgentLogs) {
Get-ChildItem -Path $folder -Include "*.txt", "*.log" -Recurse -ErrorAction SilentlyContinue | Remove-Item -ErrorAction SilentlyContinue
}
################## HIDE TOOLS ###################################################
Write-Host "Hiding Vmware Tools icon..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\VMware, Inc.\VMware Tools" -Name ShowTray -Value "0" -ErrorAction SilentlyContinue
##################### SET DEFAULT USERNAME ######################################
Write-host "Setting default username to Blank..."
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultUsername -Value "" -ErrorAction SilentlyContinue
#################### DELETE PROFILES ##############################################
write-host "Deleting unwanted local profiles..."
Start-Process -FilePath "C:\SDI\DelProf2.exe" -ArgumentList '/u' -Wait
#################### CLEAR RECYCLE BIN ################################################
write-host "Empty recycle bin..."
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
#################### APPLY OSOT ######################################################
Add-Type -AssemblyName PresentationFramework
function Request-YNC {
param (
[string]$Text,
[string]$Title
)
$MsgResult = [System.Windows.MessageBox]::Show(
$Text,
$Title,
[System.Windows.MessageBoxButton]::YesNoCancel,
[System.Windows.MessageBoxImage]::Warning
)
if ($MsgResult -eq [System.Windows.MessageBoxResult]::Cancel) {
exit
}
else {
$MsgResult -eq [System.Windows.MessageBoxResult]::Yes
}
}
if (Request-YNC 'Generate report of existing OSOT settings?' 'OSOT Analysis Report') {
if (!(test-path C:\VDI\OSOT\Reports)) {New-Item -ItemType Directory -Path C:\VDI\OSOT\Reports}
Start-process c:\VDI\OSOT\VmwareOSOptimizationTool.exe -ArgumentList "-v -r c:\VDI\OSOT\Reports\Pre_OSOTApplied" -Wait
}
if (Request-YNC 'Apply the current Win 10 1909 OSOT template and write results to report file?' 'Re-apply OSOT Template') {
write-host "Applying OSOT template Win_10_1909..."
Get-Service -Name TrustedInstaller | set-service -StartupType Auto
start cmd.exe "/c c:\VDI\OSOT\VmwareOSOptimizationTool.exe -o -t C:\VDI\OSOT\Win_10_1909.xml" -Wait
write-host "Generating report of applied OSOT settings..."
start cmd.exe "/c C:\VDI\OSOT\VmwareOSOptimizationTool.exe -v -r c:\VDI\OSOT\Reports\Post_OSOTApplied" -wait
}
if (Request-YNC 'If you applied OSOT for the first time, you must reboot, reboot the machine now? Remember to re-run the script afterwards' 'Restart') {
Restart-Computer -Confirm -Wait
exit
}
############### DISABLE SERVICES ##################################################################
Write-Host "Disabling Windows Update Service..."
Write-Host "Disabling Windows Modules Installer Service..."
$svc= Get-Service -Name svservice, wuauserv, TrustedInstaller
foreach ($service in $svc) {
Stop-Service -Name $service.Name
}
Set-Service -Name svsvc -StartupType Automatic
Get-Service -Name wuauserv, TrustedInstaller | set-service -StartupType Disabled
#Set recovery options for Win Update Services to "Take No Action"
cmd.exe /c "sc.exe failure wuauserv reset=5 actions=""/""/"""
cmd.exe /c "sc.exe failure TrustedInstaller reset=5 actions=""/""/"""
################### WIPE PROFILE MANAGEMENT GUIDS ###########################################################
#######May not be applicable if using DEM/Profile Unity######
$software = "Ivanti Environment Manager";
$installed = Test-path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{974CAB85-D3C8-412E-9FDA-72F82E740382}"
If(-Not $installed) {
Write-Host "'$software' NOT installed.";
} else {
Write-Host "'$software' IS installed, wiping GUIDs..." -NoNewline
$cca= "C:\Program Files\AppSense\Management Center\Communications Agent\CcaCmd.exe"
$args= "/imageprep"
start-process $cca $args -Wait
}
################# WIPE MCAFEE GUIDS ##########################################################
########May not be applicable to your AV solution#####
$software = "McAfee Agent";
$installed = (gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -Contains "McAfee Agent"
If(-Not $installed) {
Write-Host "'$software' is NOT installed.";
} else {
Write-Host "'$software' IS installed, wiping GUIDs..." -NoNewline
Start-process "c:\Program Files\McAfee\Agent\maconfig.exe" -ArgumentList "-enforce -noguid" -wait
}
########## FINALIZE AND SHUTDOWN ##########################
write-host "Applying OSOT Finalize steps..." -NoNewline
start cmd.exe "/c c:\SDI\OSOT\VmwareOSOptimizationTool.exe -f all" -wait
write-host "Complete. Shut down and take a snapshot"
Stop-Computer -confirmTo configure an elevated shortcut:
- Create a shortcut and set the target as:
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy unrestricted -noexit -file "C:\VDI\VDISealingScript.v2.ps1" - Set the properties of the shortcut to Run As Administrator
- Set Start In value to the root of powershell folder.
I hope you find this useful.
All things IT, EUC and Virtualization 