Image management in Windows Virtual Desktop deployment is one of the important and critical functions of WVD Administration. There are many ways and tools available for this, and here I am sticking to native azure tools for image deployment, management, and rollback tasks. Image standardizations ensure organizations to run their workloads in a consistent UpToDate virtualization environment. It will ensure VM images to include predefined security settings, configurations settings, applications, and necessary software with the latest windows and other updates.
Image management relies on three main steps; first, you should have a Source image. In WVD, this is the multi-session image reside in the Azure image gallery. Next, the image should be Customized according to your requirement. To do so, you should bring a VM up from the image and deploy all the software, security, and other configurations. From the last step, you should SysPrep and capture the image from the VM and Distribute it to the relevant image stores such as blob storages, shared image gallery, and managed images.
Creating the first VM (Golden Image)
- Log in to the Azure portal where your WVD resides.
- Go to the Virtual machine's blade and Add to create a new Virtual Machine.
- After the VM creation, before adding applications and customization, you can take a snapshot. So, if something goes wrong, you can always revert to the original condition. To take a snapshot, go to the VM settings and select Disks.
- Click to open the OS disk settings.
- Click Create Snapshot
- Name the Snapshot and click Full as the type.
Now you can start customizing the image according to your organization's needs. I have highlighted the below customizations.
Domain joins to access relevant applications and accessing resources. However, after the SysPrep generalization domain, the join will be removed.
Install Applications and Software’s
You can install all the relevant applications to your organization, Browsers, Office apps, Virus guards, security apps, document readers, and corporate apps. Also, you can install FSLogix client and log analytics agents, which are required for WVD configurations.
Deploying Configurations and settings.
You can push the configurations settings to the windows 10 VM so those will be replicated to all the VM’s. however, these settings can be pushed through group policies later with the support of the Active directory. The followings are a few changes you can add through Microsoft Management Console (MMC)
- Internet proxy configurations
- Host file changes
- Firewall configurations
- Local user, local admin changes
- Certificate configurations
- RDS restrictions and configurations.
- Windows updates
Restrict users accessing the temporary drive
All Azure VM’s have a temporary drive as D: drive, and if you save anything, it will auto wiped after a reboot. So, it is better to prevent users from accessing it. Use the following registry key.
Local computer policy - User configurations - Administrative Templates - Windows components - File Explorer - Prevent access to drivers from My Computer