Creating Remote Workstations from a Windows 10 Image¶
This section outlines the steps involved to configure a Windows 10 image through Cloud Access Manager. You must first create the image and then update or create a remote workstation template. For an increased level of security Teradici recommends users use managed disks instead of unmanaged disks.
The following points should be addressed before an image is provisioned:
You are required to have the Microsoft Azure PowerShell module installed and configured in your PowerShell session.
If you are deploying your own Windows VHD image and not an Azure image provided through Azure, you need to enable the Script Execution policy from within the Group Policies in the Domain Controller, and set the value to Allow all scripts.
PCoIP Agent Installation on an Azure Image
If you are creating your own image do not install a PCoIP Agent on the image you are creating. The PCoIP Agent will be installed on the Azure image when Cloud Access Manager deploys the remote workstation.
Startup Type Value
Before you create an image based on Windows 10, change the startup type value for the Windows Remote Management service, WS-Management or WinRM, from Automatic [Delayed Start] to Automatic. This ensures the Azure DSC configuration runs when the machine is deployed. If this value is not changed the PCoIP Agent installation and licensing will not be performed when the remote workstation is created.
In order to create the Windows 10 remote workstation and image you need to have the correct
.json files for the deployment.
These files need to be added to the cloud storage account on the Azure portal. These
.json files are available through github: https://github.com/teradici/deploy/tree/master/win10-templates.
They will be used in the Powershell script as outlined in the section below.
Creating a Windows 10 Image with Azure¶
This section outlines how to create an Windows 10 image file, and prepare it to be used in a new remote workstation deployment. You need to perform certain licensing procedures and run the sysprep tool in the command prompt on your remote workstation:
- Update the
"adminPassword"value in the
.jsonfiles are available through github: https://github.com/teradici/deploy/tree/master/win10-templates.
- Open up a Powershell terminal within your Azure account directly through Azure Cloud Shell. This will create a storage account within your Azure account.
Click the upload icon from the Cloud Shell banner to upload the
.jsonfiles to the correct storage account:
From this location run the following script:
$RGName = "<Name-of-RG>" New-AzureRmResourceGroup -Name $RGName -Location "westus" New-AzureRmResourceGroupDeployment ` -DeploymentName "Win10" ` -ResourceGroupName $RGName ` -TemplateFile .\Win10Generic.json ` -TemplateParameterFile .\Win10Generic.parameters.json
Ensure that the TemplateFile and TemplateParameterFile names are correct and match the files you have uploaded to the storage account on Azure.
Once the deployment has completed successfully, check that the new resource group has been created in the Resource Groups location within the Azure Portal. The below image outlines the contents of the deployment:
Configuring the Windows 10 Remote Workstation¶
Once you have succesfully created a Windows 10 remote workstation within a resource group on Azure, you need to connect to this remote workstation and configure it:
- From the resource group select the Public IP address field and copy the public IP address.
- RDP to this remote workstation. Ensure that you are connecting from the correct domain and use the username and password you provided in the Win10Generic.parameters.json file.
- Once connected navigate to Settings and click Network and Internet Settings.
- Click Change connection properties.
- Change the network profile to private. This will enable file sharing.
- Open a Windows Powershell terminal as an administrator and run:
This will enable the wsman service.
To allow script execution during deployment run:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine
Enter Y to confirm that you want to enable the policy change.
Navigate to the Services application in Windows and set
Windows Remote Managementto start Automatic without Delayed Start.
In order for the image to get licensed after it joins a domain you need to change the product key. Open the Settings application.
Click Update and Security.
- Click the Activation tab from the left hand menu.
- Click Change product key and enter the KMS key for your image and enterprise license. For more information KMS Client keys, see KMS Client Keys.
- Click Next and Activate to connect to the organisations activation service.
- Once this is done close out of the Settings application.
The next step of the configuration process involves performing a sysprep on the image. With Windows 10 you may encounter issues running sysprep due to pre-configured Microsoft store applications. To stop Windows 10 from downloading and installing these types of applications apply the changes outlined here Windows 10 Auto Applications. Once the remote workstation has been rebooted the sysprep should succeed. More information on sysprep and Microsoft store applications can be found here Sysprep Issues.
Running the Sysprep application:
- Open a command prompt window as an administrator, and run the Sysprep tool. Change the directory to
%windir%\system32\sysprepand run the
- Click the Generalize option and select Shutdown from the System Preparation Tool window.
- Once the OS has shut down, go the Azure portal and in the Azure Cloud Shell terminal
deallocate the remote workstation using
$rw = "<Name-of-RW>" $rg = "<Name-of-RG>" Stop-AzureRmVM -ResourceGroupName $rg -Name $rw -Force # Run the following command to set the status of the remote workstation to Generalized Set-AzureRmVM -ResourceGroupName $rg -Name $rw -Generalized # Once the remote workstation has been generalized, you need to convert it to an image by running the following command: $vm = Get-AzureRmVm -name $rw -ResourceGroupName $rg $image = New-AzureRmImageConfig -Location $vm.Location -SourceVirtualMachineId $vm.Id $imageInfo= New-AzureRmImage -Image $image -imageName $vm.Name -ResourceGroupName $vm.ResourceGroupName $imageInfo.Id
$imageInfo.Idparameter will give you the image information you need when you are configuring the template file, as outlined below.
Configuring the Template File¶
This section outlines how to create a new .json template file that includes the Windows 10 image you created and the parameters that need to be added, removed, and configured through the Cloud Access Manager Administrators management interface:
- Select server2016-standard-aent.json template from the ARM Template Files dropdown menu.
- From the ARM Template Parameter File section navigate to the
"imageReferenceId"parameter and populate the value: This value is the
$imageInfo.Idthat you determined in the above process. You can also locate this information by going to the correct image through the Azure portal and clicking on the Properties field to locate the resource ID.
- Click Save Resource Configuration Template. Teradici recommends saving as windows10-standard-agent.json. This needs to be done for both the graphics and standard agents.
Creating a Remote Workstation Using an Windows 10 Image¶
This section outlines how to use the Cloud Access Manager Administrators management interface to create a new remote workstation, based off the template file you configured with the Windows 10 Image:
- Once you have configured the image file, click Save Resource Configuration Template As.
- Enter a file name and click Ok.
- Create a new remote workstation from within the Cloud Access Manager Administrators management interface, see Creating and Deleting Remote Workstations.
New Machine ARM Template
Ensure that you select the newly created template file with the correct parameters from the New Machine ARM Template dropdown menu.
The new remote workstation is now deploying. Select the Deployments tab within the resource group in the Azure Portal to track the deployment.