کد:
http://lynnlunik.net/2010/03/creating-and-maintaining-a-windows-7-image-using-virtual-pc-on-windows-7-part-3-of-3-step-by-step/
PART-3
In this the final post for this series titled ‘Creating and Maintaining a Windows 7 Image using Virtual PC on Windows 7′ I will demonstrate a method to ‘maintain’ a Virtual Machine Image that is ‘unsealed’. If you have not reviewed
Part 1 of 3 or
Part 2 of 3 you will find them at previous links.
As I begin this process you must understand that the maintenance of an ‘unsealed’ Windows Image is to provide the ability at some point in the future to ‘re-open’ that Image and apply Security Updates, Install Applications or add Files and Folders required for usage of the Image. Upon completion of these additions it is necessary to begin a new ’sealed’ Windows 7 Enterprise x86 Image dated according to the date of modification (most System Engineers use Version Numbers). The process of creating a new ’sealed’ Image for use includes maintaining both ’sealed’ (those Windows Images ’sealed’ with the Sysprep Process) and ‘unsealed’ (those Images simply ‘Shut Down’ without sealing with the Sysprep Process).
If you are reading this Blog entry without reading the prior associated entries in this sequence, here is a summary of those posts and the tasks addressed in this entry:
Part 1 of 3 – Create a Windows 7 Enterprise x86 Virtual Machine Image booting from an .ISO of the Windows 7 Enterprise x86 Source Media using a Windows 7 Enterprise Host Workstation.
Part 2 of 3- Use the File Copy Process to duplicate the Windows 7 Enterprise x86 Virtual Machine Image Hard Disk and then use the Sysprep Process to ’seal’ the Windows 7 Enterprise x86 Virtual Machine Image. Create a new Virtual Machine in Virtual PC from the ’sealed’ Windows 7 Enterprise x86 Virtual Machine Image. Use the New Virtual Machine in Virtual PC for Testing.
Part 3 of 3 – (This Blog entry) I will ‘re-open’ the ‘unsealed’ duplicate Windows 7 Enterprise x86 Virtual Machine Image Hard Disk and apply Security Updates and Install a selected Application. Then, duplicate the ‘updated’ and ‘unsealed’ Windows 7 Enterprise x86 Virtual Machine Hard Disk to be retained as the new ‘unsealed’ Virtual Machine Image. Use the Sysprep Process a second time to ’seal’ the ‘updated’ Windows 7 Enterprise x86 Virtual Machine Hard Disk to create the new ‘Master’ and ’sealed’ Virtual Machine Image. Finally, use the ‘master’ and ’sealed’ Windows 7 Enterprise x86 Virtual Machine Hard Disk Image to create a new Virtual Machine in Virtual PC for Testing.
Additionally, I use a specific folder structure at the Operating System level that works for me. You may find labeling of the folders these that the Virtual Machine Files are held requires different titles to suit your need. Again, my idea here is to offer my approach, understanding others will refine, change and pioneer modifications that are appropriate. Here’s the summary:
Drive\Directory\
Win7×86_Sealed
This folder holds the Sysprep ’sealed’ Virtual Machine Files through a defined Date when the Image was created. Use of the single .VHD (Virtual Hard Disk) file using a manual file copy process into a new folder permits creation of a Virtual Machine within Virtual PC that when the Virtual Machine Boots for the first time the Mini-Setup Wizard initiates. This allows creation of Virtual Machines as required.
Drive\Directory\
Win7×86_UnSealed
This folder holds the ‘unsealed’ Virtual Machine Files through a defined Date when the Image was created. The purpose of this folder is to store the ‘reference unsealed’ Virtual Machine for rebooting, adding Updates and Applications and then following the ‘copy off into a new unsealed folder’ and then use the Sysprep Process to ’seal’ the updated Workstation Image. This process allows quick updating when required.
Additionally, before getting underway with this last Blog entry in this sequence, let’s agree on terms that apply to this endeavor (used throughout these entries):
VHD – Virtual Machine Hard Drive Image
VMC – Virtual Machine Configuration File
VPCBackup – Virtual Machine Backup File
VUD – Virtual Machine Undo File (not used in this Blog series – but helpful to know!)
Let’s get underway now where I left off in Part 2 of 3. Let’s take a summary review of the Folders and Files compiled to date.
Figure 1 - A Virtual Machine Image created from the ’sealed’ (i.e. Sysprepped) Windows 7 Enterprise x86 Virtual Machine. The Host Name for this Virtual Machine is ‘WS-1′ and it is comprised a 3 Files in the Folder. File 1 – the Virtual Machine Hard Disk Image named ‘ws_1_vhd1.vhd’. File 2 – the Virtual Machine Configuration File named ‘ws-1′. File 3 – the Virtual PC Backup File named ‘ws-1.vmc.vpcbackup’. Note that I store all Virtual Machine Images used for Testing in a Folder titled ‘VMs_in_Use’.
Figure 2 – This is the current ‘master sealed’ Windows 7 Enterprise x86 Image in the Library. To create a new Virtual Machine from this ‘master’ Image I manually copy the .VHD File to a new Folder and use that .VHD File as the Bootable Hard Disk for the new Virtual Machine as the Boot source. This Blog entry will demonstrate how to create a replacement for this ‘master sealed’ Windows Image that includes the lastest Security Updates and Applications necessary for your Virtual Machine Testing.
Figure 3 – This ‘unsealed’ Windows 7 Enterprise x86 Image is retained for use as the mechanisms from which to create a new Virtual Machine to which are applied Security Updates and Applications Installed to maintain a current Virtual Machine Image that includes all appropriate Applications for Testing. If you observe closely this Folder will retain both the historical and new ‘unsealed’ Virtual Machine Images in the form of a Virtual Machine Hard Disk (.VHD) File.
Figure 4 – Here the work of this Blog entry begins. I first create a new Folder titled ‘ Win7×86_Sealed_thru_3-9-2010′. I place a copy of the ‘unsealed’ VHD File (found in the folder titled ‘Win7×86_Unsealed’) into the new Folder. Finally, I rename the VHD File to ‘Win7×86_3-9-2010′ which reflects the Date in which this ‘unsealed’ VHD will be updated (with Security Updates and Installed Applications) through.
Figure 5 – In Figure 4 I created a Folder and placed a VHD File within that Folder. Now, I will create a Virtual Machine to use the VHD File. Again, with this Virtual Machine I will Boot from the VHD File (the ‘unsealed’ VHD File) and then apply Security Updates and Install an Application. Once current, this Virtual Machine will be copied off for safe keeping and then ’sealed’ using the Sysprep Process to become the new ‘master sealed’ Windows 7 Enterprise x86 Workstation Image within Virtual PC. I open Virtual PC on Windows 7 using the ‘Manage Virtual Machines’ Menu Option.
Figure 6 – I initiate the ‘Create Virtual Machine’ Task focused on the opening the ‘unsealed’ Virtual Machine Hard Disk Image.
Figure 7 – Using the ‘Create a Virtual Machine’ Wizard in Virtual PC I offer the Virtual Machine Image a ‘Name’ and ‘Location’. I select both a descriptive name and location for easy reference.
Figure 8 – Following the same process for creating a New Virtual Machine as found in the prior Blog entry (Step 2 of 3) I select specific Memory and Networking Options.
Figure 9 – Here’s an important step. Select the VHD File manually copied into the new Folder under ‘Use an Existing Virtual Hard Disk’. In this configuration the VHD File selected is the Boot mechanism for the Virtual Machine Image. I have highlighted the File Name in yellow above.
Figure 10 – Upon completing the ‘Create a Virtual Machine’ Wizard no event happens. I move to start the New Virtual Machine using the ‘Manage Virtual Machines’ Task from the All Programs Menu.
Figure 11 – The ‘Manage Virtual Machines’ Task details all Virtual Machine Images available within Virtual PC on the Host Workstation. I select the appropriate Virtual Machine to Open.
Figure 12 – The Virtual Machine using Windows 7 Enterprise x86 opens correctly providing the ability to Login.
Figure 13 – The intent for opening this ‘unsealed’ Windows 7 Enterprise x86 Virtual Machine Image is to 1) apply Security Updates through the current Date/requirement, and, 2) Install Applications necessary for the Testing Environment. I begin by updating Malware Definitions for Microsoft Security Essentials. I also Install the latesting version of Adobe Reader 9.X. Before I begin these processes I choose to change the Workstation Host Name and Reboot.
Figure 14 – I navigate to ‘Control Panel, then ‘System and Security’ and then to the ‘System’ Application. Observe the Host Name of ‘win7×86-3-2-10′. I use this naming convention to quickly identify the Date through which this Virtual Machine was last updated. I will next advance this Host Name to ‘win7×86-3-9-10′ for reference.
Figure 15 – I complete the processes of applying Malware Updates and I changd the Host Name. Finally, I initiate a Reboot.
Figure 16 – After a successful Reboot I observe the Host Name change is also successful.
Figure 17 – Here I use an Administrative Command Prompt to issue an appropriate Product Key for the Windows 7 Enterprise x86 Image. The Product Key is accepted with confirmation.
Figure 18 – The process of identifying required Security Updates includes navigating to ‘Control Panel’, then ‘System and Security’ and finally ‘Windows Update’. I then select ‘Check for Updates’ to query the Microsoft Update Services for outstanding Security Updates. Note that 3 ‘Important Update’s are required.
Figure 19 – Upon completing the Installation of the 3 Security Updates I initiated a Reboot using the ‘Restart Now’ Button.
Figure 20 – After a successful Reboot, I use Internet Explorer to navigate to the Adobe Web Site to download Adobe Reader 9.X.
Figure 21 – Installation of the Adobe Reader 9.X occurs without incident. I am quickly closing in upon all the required Security Updates, Malware Updates and Applications for Installation to update this Windows 7 Enterprise x86 Virtual Machine Image.
Figure 22 – Prior to ’sealing’ this freshly updates Windows 7 Enterprise x86 Virtual Machine Image I ’shutdown’ the Virtual Machine. Once ’shutdown’ I can then use a file copy process to move a copy of the ‘unsealed’ and newly updated Virtual Hard Disk into a retention folder. Storage of the VHD in its current state is required for use in the future when more Security Updates, Malware Updates or Applications for Installation are required.
Figure 23 – I have not ’sealed’ this Virtual Machine Image yet (so the naming can be a bit confusing at this point). I copy the Virtual Hard Disk (.VHD) file named ‘Win7×86_3-9-2010′ to the ‘Win7×86_Unsealed’ Folder for storage. This Folder still holds the prior ‘unsealed’ VHD File originally generated on 3-2-2010.
Figure 24 – Examination of the ‘Win7×86_Unsealed’ Folder yields clarity as to the contents. The 2 Files (VHD Files) held within this Folder are the 2 ‘unsealed’ Virtual Machine Images maintained in the Library of ‘unsealed’ Virtual Machine Images. I am able to use either File over and over based upon need. If the need is for a Virtual Machine without Adobe Reader 9.X I can use the VHD File named ‘Win7×86_3-2-2010′. If a Virtual Machine Image is required that includes Malware Updates on Microsoft Security Essentials through 3-9-2010 I use the VHD File named ‘Win7×86_3-9-2010. ‘
In both cases it is important to note I must follow the process to copy the ‘unsealed’ VHD File to a new Folder, create a new Virtual Machine, ’seal’ the new Virtual Machine using the Sysprep process then use this ’sealed’ Virtual Hard Disk (VHD) as the Bootable Virtual Hard Disk to the new Virtual Machine Image running Windows 7 Enterprise x86.
If you this seems like alot of steps – it is! Once mastered the number of steps becomes insignificant compared to including the appropriate Security Updates, Malware Updates and Installed Applications. If you are considering doing this in an automated fashion there are several ‘Enterprise’ Products that automate this whole process. The folks at Microsoft (System Center Virtual Machine Manager), VMWare and Citrix make products that automate this whole process.
Figure 25 – I focus back on the ‘Win7×86_Sealed_thru_3-9-2010′ Folder to prepare to ‘Restart’ the Virtual Machine Image to then use the Sysprep Process to ’seal’ the Virtual Machine Image.
Figure 26 – After a successful ‘Restart’ of the Windows 7 Enterprise x86 Virtual Machine Image I confirm all settings as ‘final’ prior to using the Sysprep Process.
Figure 27 – I open an Administrative Command Prompt to invoke the Sysprep Process. Then, I select ‘Enter System Out-of-Box Experience (OOBE)’, ‘Generalize’ and ‘Shutdown’ from the ‘Shutdown Options’ Drop Down Menu. These selections will remove any unique characteristics for this Virtual Machine Image and using the ‘Generalize’ Check Box will require Plug-and-Play to detect the Hardware Configuration.
Again, the power of this approach to creating ’sealed’ Virtual Machine Images is upon completion of this process the VHD File can be used as the basis for creating new Virtual Machine Images that are unique.
Figure 28 – As validation of the effectiveness of the method outlined in this 3 Part Blog entry I will generate a new Virtual Machine running Windows 7 Enterprise x86 using the newly updates Virtual Machine Image (the Image from 3-9-2010). If you recall, the original Virtual Machine Image is from 3-2-2010 and DOES NOT include Adobe Reader 9.X. I begin by creating the new Virtual Machine named ‘WS-2′ in a Folder titled ‘WS_2_Win7×86′ under the ‘VMs_in_Use’ Folder.
Figure 29 – Using the same process outlined twice previously I rename the VHD to match the Naming Convention suitable for easy recognition (previously named ‘Win7×86_3-9-2010.vhd’ and renamed ‘ws_2_vhd1.vhd’).
Figure 30 – Virtual PC is opened using the ‘Manage Virtual Machines’ Task from the Virtual PC Menu option on the Start Menu in Windows 7.
Figure 31 – Upon using the ‘Open’ Menu Option the ‘Create a Virtual Machine’ Wizard provides Options for completion for the ‘Name’ and ‘Location’. The ‘Location’ is the File Path selected in Figure 29.
Figure 32 – I select ‘Memory’ and ‘Networking’ Options and proceed.
Figure 33 – Finally, I select the ’sealed’ VHD File that was copied (using file copy) and renamed from Figure 29.
Figure 34 – The ‘Create a Virtual Machine’ Wizard completes succesfully. Next I ‘Open’ the Virtual Machine Image running Windows 7 Enterprise x86 using a ‘Right Mouse Click’ and then ‘Open’ from the Drop Down Menu.
Figure 35 – The Virtual Machine Image for Host Name ‘ws-2′ launches the Out-of-Box Experience (OOBE) from the Mini-Setup Wizard.
Figure 36 – I input the ‘Initial Administrator’ User Name and the ‘Computer Name’.
Figure 37 – Next, input of a Password for the ‘Initial Administrator’ User ID and a ‘Password Hint’.
Figure 38 – Next, acceptance of the ‘License Terms’ advances the process.
Figure 39 – The ‘Automatic Update’ Settings require a selection to advance.
Figure 40 – Next, I select the appropriate ‘Time Zone’ to proceed.
Figure 41 – Finally, I select the ‘Network Location’ for the Virtualized Image. Upon completing this final step we can validate the Installed Applications include Adobe Reader 9.X as the ’sealed’ Windows 7 Enterprise x86 Virtual Machine Image should include.
Figure 42 – Success! The Virtual PC Virtual Machine Image running Windows 7 Enterprise x86 includes Adobe Reader 9.X. This confirms succesful completion of a process to use the newly ’sealed’ Windows 7 Enterprise x86 Virtual Machine Image updated through 3-9-2010.
Since this process includes 3 Blog entries and over 130 Figures I felt it appropriate to review the contents of the Files and Folders contents that are part of this sequence. Here’s is the summary of the File and Folder contents.
Figure 43 – In the Sub-Folder under ‘VMs_in_Use’ titled ‘WS_1_Win7×86′ are the Virtual Machine Files for Workstation 1 supporting a Virtualized Machine named ‘ws-1′. This Virtual Machine was generated using a ’sealed’ Windows Image updated through 3-2-2010.
Figure 44 – In the Sub-Folder under ‘VMs_in_Use’ titled ‘WS_2_Win7×86′ are the Virtual Machine Files for Workstation 2 supporting a Virtualized Machine named ‘ws-2′. This Virtual Machine was generated using a ’sealed’ Windows Image updated through 3-9-2010 and included specific Security Updates, Malware Updates and a spefically Installed Application of Adobe Reader 9.x.
Figure 45 – In the Folder titled ‘Win7×86_Sealed’ includes a ’sealed’ Virtual Machine with Updates through 3-2-2010. This Windows 7 Enterprise x86 Virtual Machine Image was generated using the Sysprep Process. Duplication of the VHD File provides the ability to create numerous additional unique Virtual Machines using a defined process.
Figure 46 – In the Folder titled ‘Win7×86_Sealed_thru_3-9-2010′ includes a ’sealed’ Virtual Machine with Updates through 3-9-2010. This Windows 7 Enterprise x86 Virtual Machine Image was generated using the Sysprep Process with the ‘Win7×86-3-2-2010′ ‘unsealed’ Virtual Hard Disk (VHD) as the basis. Duplication of the VHD File provides the ability to create numerous additional unique Virtual Machines using a defined process. This Virtual Machine Image includes the Adobe Reader 9.X Application as an example.
Figure 47 – In the Folder titled ‘Win7×86_Unsealed’ includes 2 ’unsealed’ Virtual Machines unique based upon the ‘Date Modified’ and the File Naming Convention. These Windows 7 Enterprise x86 Virtual Machine Images retain the Security Updates, Malware Updates and Installed Applications through each respective Date and Time. Duplication of each respective VHD File occurred and was the basis through which each of the ’sealed’ Virtual Machine Images including those updated on 3-9-2010 was generated.
Summary:In this Blog entry, Part 3 of 3 I demonstrated a method to use an ‘unsealed’ Virtual Machine Image running Windows 7 Enterprise x86, update the Security Update, Malware Updates and Installed Applications, to then copy the updated Virtual Machine Image and then use the Sysprep Process to generate a ’sealed’ Virtual Machine Image. This ’sealed’ Virtual Machine Image can then be used in a defined duplication process for creating numerous unique Virtual Machine Images running Windows 7 Enterprise x86. This Blog series, consisting of 3 Parts includes a sequential series of steps leading up to the final steps in Part 3 of 3.
Lynn Lunik
Chief Security Architect
IT Pro Secure Corporation