ogrechko/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
scripts/templates/win2025-sysprep
T
History

README.md

Win2025-Sysprep

Files for building a reusable Win2025-Sysprep template for vSphere, Terraform, and Ansible Semaphore.

Included

  • scripts/Prepare-Win2025Sysprep.ps1 prepares Windows Server 2025 for templating.
  • files/unattend.xml is the answer file used by sysprep.

Manual prep before running the script

  1. Install Windows Server 2025 in a dedicated VM.
  2. Install VMware Tools.
  3. Sign in as local Administrator.
  4. Apply Windows updates and any baseline OS settings you want baked into the template.
  5. Copy this folder to the VM, for example C:\Build\Win2025-Sysprep.

What the script does

  • enables WinRM for Ansible;
  • opens firewall rules for WinRM and RDP;
  • enables RDP;
  • enables the built-in Administrator account;
  • switches network profiles to Private when possible;
  • cleans temporary files;
  • generates unattend.xml;
  • runs sysprep /generalize /oobe /shutdown.

Run

Open PowerShell as Administrator and run:

Set-ExecutionPolicy Bypass -Scope Process -Force
cd C:\Build\Win2025-Sysprep
.\scripts\Prepare-Win2025Sysprep.ps1

If you want OpenSSH installed too:

.\scripts\Prepare-Win2025Sysprep.ps1 -InstallOpenSsh

If you want a different timezone:

.\scripts\Prepare-Win2025Sysprep.ps1 -TimeZone "Russian Standard Time"

After the VM shuts down

  1. Confirm the VM is powered off in vSphere.
  2. Convert the VM to a template.
  3. Name the template Win2025-Sysprep.
  4. Use that name in Terraform variable vm_template.

Checklist before converting to template

  • VMware Tools are installed and healthy.
  • WinRM is responding.
  • The VM shut down because of sysprep.
  • The VM is not domain joined.
  • No machine-specific secrets or unique data remain on the server.

Quick WinRM check

Before running sysprep, you can verify locally:

winrm enumerate winrm/config/listener
Test-WSMan

Notes

  • The computer name inside the source VM is not important because Terraform windows_options will rename cloned VMs.
  • Do not join the template to the domain in advance.
  • If you plan to use WinRM over HTTPS, it is usually better to issue the certificate after cloning, not inside the golden image.
Reference in New Issue View Git Blame Copy Permalink