ogrechko/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Win2025-Sysprep template files

Browse Source
This commit is contained in:
ogrechko
2026-05-06 10:18:57 +03:00
commit 2bbe956644
3 changed files with 208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/win2025-sysprep/README.md
+79
View File
@@ -0,0 +1,79 @@
# Win2025-Sysprep
Files for building a reusable `Win2025-Sysprep` template for vSphere, Terraform, and Ansible Semaphore.
## Included
- `scripts/Prepare-Win2025Sysprep.ps1` prepares Windows Server 2025 for templating.
- `files/unattend.xml` is the answer file used by `sysprep`.
## Manual prep before running the script
1. Install Windows Server 2025 in a dedicated VM.
2. Install VMware Tools.
3. Sign in as local `Administrator`.
4. Apply Windows updates and any baseline OS settings you want baked into the template.
5. Copy this folder to the VM, for example `C:\Build\Win2025-Sysprep`.
## What the script does
- enables WinRM for Ansible;
- opens firewall rules for WinRM and RDP;
- enables RDP;
- enables the built-in `Administrator` account;
- switches network profiles to `Private` when possible;
- cleans temporary files;
- generates `unattend.xml`;
- runs `sysprep /generalize /oobe /shutdown`.
## Run
Open PowerShell as Administrator and run:
```powershell
Set-ExecutionPolicy Bypass -Scope Process -Force
cd C:\Build\Win2025-Sysprep
.\scripts\Prepare-Win2025Sysprep.ps1
```
If you want OpenSSH installed too:
```powershell
.\scripts\Prepare-Win2025Sysprep.ps1 -InstallOpenSsh
```
If you want a different timezone:
```powershell
.\scripts\Prepare-Win2025Sysprep.ps1 -TimeZone "Russian Standard Time"
```
## After the VM shuts down
1. Confirm the VM is powered off in vSphere.
2. Convert the VM to a template.
3. Name the template `Win2025-Sysprep`.
4. Use that name in Terraform variable `vm_template`.
## Checklist before converting to template
- VMware Tools are installed and healthy.
- WinRM is responding.
- The VM shut down because of `sysprep`.
- The VM is not domain joined.
- No machine-specific secrets or unique data remain on the server.
## Quick WinRM check
Before running `sysprep`, you can verify locally:
```powershell
winrm enumerate winrm/config/listener
Test-WSMan
```
## Notes
- The computer name inside the source VM is not important because Terraform `windows_options` will rename cloned VMs.
- Do not join the template to the domain in advance.
- If you plan to use WinRM over HTTPS, it is usually better to issue the certificate after cloning, not inside the golden image.