the perfect way to seal your Base Image
by Matthias Schlimm, March 2018
The Base Image Script Framework (BIS-F) is the perfect way to seal your Base Image. Whatever your environment has run Citrix XenApp, Citrix XenDesktop with PVS or MCS, Citrix AppLayering, VMware Horizon View, you must prepare your Base Image before you can distribute this Image to multiple devices. If you install your Base Image from scratch or update them with new software, for the sealing process of your Base Image run this framework (preparation), it makes it also unique if you booting up your cloned device (personalization).
Out of the Box, BIS-F 6.1.0 optimize the following Products, if the Product is not installed in your environment, BIS-F does nothing with that (Ignore Mode):
Microsoft Optimizations
AntiVirus
Electronic Software Deployment (ESD)
Application Virtualization
System Monitoring
Citrix
VMware
The BIS-F 6.1.0 Documentation is available at http://edocs.eucweb.com
To get the latest news, tips and update from the BIS-F team you can follow us on Twitter @BISF2017
Many thanks to the following people who helped us to make this tool better and betteTrond Eirik Haavarstein,
Version 6.1.0 build 01.101
13.03.2018 MS: migrate BIS-F to Github, new ID’s for Issue 25.02.2018 MS: Bugfix 29: AppLayering does not detect the right layer 15.02.2017 MS: Bugfix 32: Fslogix – When in the GPO specify “Configure FSLogix central rule share” to Disabled, the script still prompt for the path when is executed. 11.02.2018 MS: Bugfix 33: if sysprep is enabled and other Management SW like Citrix VDA, PVS Target Device Driver, VMWare View Agent is installed, the script breaks and create the BIS-F scheduled task with an empty string, so the personalization never be run and if you enable the Citrix Broker Desktop Delay in the BIS-F ADMX the VDA will never be registered
Release Notes (Erweiterung für Version 6.1.0 build 01.100):
26.11.2017 MS: ADMX: change Category Ivanti Automation to Ivanti 24.11.2017 MS: 10_PrepBISF_AV-SEP.ps1 – Change Name in Log and Display from VIEtool.exe to Symantec Virtual Image Exception (VIE) Tool 22.11.2017 JP: Fixed spelling and grammar errors in AMDX, AMDL files 22.11.2017 JP: Added XML tag in ADMX, ADML files 21.11.2017 MS: If Error appears, exit script with Exit 1 15.11.2017 MS: Bugfix: on the Mounted Disk, the same UniqueID must be set to fix boot record issues (https://blogs.technet.microsoft.com/markrussinovich/2011/11/06/fixing-disk-signature-collisions/) 15.11.2017 MS: Feature 216: during uninstall of BIS-F, the schedule task is deleted also 11.11.2017 MS: Bugfix: show the right Eventlog during move to the WCD 11.11.2017 MS: Bugfix: Retry 30 times if Logshare on network path is not found with fallback after max. is reached 10.11.2017 MS: Feature: .NET Optimization controled in ADMX, Category Microsoft 09.11.2017 MS: Feature: support now for Office x64 and x86, Read Office Installationpath from regisrty instead of hardcoded Filepath 07.11.2017 MS: add $LIC_BISF_3RD_OPT = $false, if vmOSOT or CTXO is enabled and found, $LIC_BISF_3RD_OPT = $true and disable BIS-F own optimizations 03.11.2017 MS: Feature: Function Use-BISFPVSConfig – if PVS Target Device Driver not installed, write info to BIS-F log and set the value $Global:Redirection=$true; $Global:RedirectionCode=”NoPVS” 03.11.2017 MS: Feature: Function Get-BISFBootMode – writing BootMode (UEFI or Legacy) in Function to BISF log 02.11.2017 MS: Bugfix: if booting up in private Mode the vhdx and custom unc-path for P2V is configured, defrag runs on the UNC-Path and not on the BaseDisk itself. 01.11.2017 MS: Feature Preparation: get detailed OS License Information and write them to the BIS-F Log 01.11.2017 MS: Feature Preparation: Office Rearm state writes to BIS-F Log 01.11.2017 MS: Feature Personalization – get Office activation state and License state back to the BIS-F log 01.11.2017 MS: check if Defrag Service is running, thx to Lejkin Dmitrij 29.10.2017 MS: Bugfix: IF $DiskNameExtension -eq “noVirtualDisk” and custom UNC-Path is enabled, runnig OfflineDefrag on custom UNC-Path 29.10.2017 MS: Replacing DiskMode MCS with VDA value 29.10.2017 MS: Bugfix AppLayering, Outside ELM no UniService must be running 29.10.2017 MS: Bugfix: Custom UNC-Path get the wrong value back and does not perform a defrag on the vhd(x) and set the right value now $Global:TestDiskMode
Version 6.0.2:
01.05.2017 MS: Removing BIS-F Version from ADMX, no longer showing the version in the GPO editor 01.05.2017 MS: Bugfix 178: defrag arguments are different between client and server os, thx to Jeremy Saunders 01.05.2017 MS: Bugfix: after sucessfull syprep, running PostCommand now for defrag and shutdown
Version 6.0.1:
20.04.2017 MS: Issue 175: – After Patchday in April 2017 powershell command stop-computer does not work as expected (privilege not held), using shutdown /s now – tested on Windows 2008 R2 and Server 2016
Version 6.0.0: 18.04.2017 MS: Bugfix 02_PersBISF_CTX.ps1 – reset Performance Counters with installed Citrix VDA 13.04.2017 MS: BugFix – ADMX – PVSWriteCache Driveletter is now enabled to choose letter B: – Z: 11.04.2017 MS: Bugfix 97_PrepBISF_PRE_BaseImage.ps1 – Line 659 using $prepCommand insted of $PostCommand 03.04.2017 MS: BugFix – RES Workspace: wrong Path in Workspace Agent, change from DBCache to LocalCachePath 03.04.2017 MS: BugFix – RES Workspace: delete not all folders in the CachePath 28.03.2017 MS: Final Test passed with Server 2016 / XA 7.13 and Server 2008 R2 / XA 6.5 27.03.2017 MS: List of services not disabled, must be under extra control from the administrator $ServicesList = @(“AJRouter”,”ALG”,”BthHFSrv”,”Eaphost”,”DiagTrack”,”PeerDistSvc”,”PeerDistSvc”,”EFS”,”msiscsi”,”WSearch”,”ALG”,”BDESVC”,”fhsvc”,”lfsvc”,”MSiSCSI”,”smphost”,”SharedAccess”,”wlidsvc”,”wbengine”,”bthserv”,”Browser”,”DeviceAssociationService”,”DsmSvc”,”DPS”,”WdiServiceHost”,”WdiSystemHost”,”QWAVE”,”SensorDataService”,”RetailDemo”,”PcaSvc”,”TrkWks”,”WPCSvc”,”Fax”,”FDResPub”,”svsvc”,”HomeGroupListener”,”ShellHWDetection”,”SensorService”,”HomeGroupProvider”,”TabletInputService”,”WiaRpc”,”CscService”,”SstpSvc”,”wscsvc”,”icssvc”,”stisvc”,”SensrSvc”,”XblAuthManager”,”XblGameSave”,”XboxNetApiSvc”,”WlanSvc”,”ShellHWDetection”,”SNMPTRAP”,”SSDPSRV”,”SysMain”,”TapiSrv”,”upnphost”,”SDRSVC”,”WcsPlugInService”,”wcncsvc”,”WinDefend”,”WerSvc”,”WMPNetworkSvc”,”Wlansvc”,”WwanSvc”) 23.03.2017 MS: BugFix: get the right status of Pending Reboot with the configured ADMX 22.03.2017 MS: for P2PVS reconfigure Microsoft Software Shadow Copy Provider Service and VSS Service, needed them for P2PVS 22.03.2017 MS: Bugfix to read the right State from personality.ini if used VDA with PVS 21.03.2017 MS: Feature 146: add progressbar to defrag 20.03.2017 MS: do not disable defragsvc, VSS, swprv services 17.03.2017 MS: Bugfix: Start-BISFProcWithProgBar: remove -Wait from Start-Process 17.03.2017 MS: Bugfix: Start-BISFProcWithProgBar: using $ArgList instead og $Args at the Write-BISFLog commmand here 16.03.2017 FF: BugFix 164 for Image Prep (disable useless Services and Scheduled Tasks) 15.03.2017 MS: added Support for RES ONE Automation Agent Version 10 with new path in registry and filesystem 15.03.2017 MS: BugFix in Get-BISFDiskNameExtension to get vhd,avhd, vhdx or avhdx only 14.03.2017 MS: after update on 13.03.207 Bugfix WriteCacheDisk detection 14.03.2017 MS: defrag not run via ADMX 14.03.2017 MS: Failure if open ADMX 13.03.2017 MS: Updated graphical Design and Logo for BIS-F, thx to Marco Zimmermann 13.03.2017 MS: Extended unneeded services for Windows 10 and Server 2016 to disable 13.03.2017 MS: Extended unneeded scheduled tasks for Windows 10 and Server 2016 to disable 12.03.2017 MS: Added $Global:Wait1= “10” time in seconds in BISF.psm1 12.03.2017 MS: Bug fix; move $Pvd_LOGFile_search=”Update Inventory completed” from 99_PrepBISF_PostBaseImage.ps1 to 98_PrepBISF_BuildBaseImage.ps1 thx to Mathias Kowalkowski 12.03.2017 MS: Bug fix 112; Kaspersky AntiVirus – wrong path to get from executable 12.03.2017 MS: ADMX: Configure Novell ZCM Agent webbases registration URL 12.03.2017 MS: Bug fix in ADMX – configure PVS WriteCacheDisk driveletter 12.03.2017 MS: Remove System Environment Variable PVSWriteCacheDisk, configured with ADMX and use new registry location to save and use informations 09.03.2017 MS: Change defrag arguments to support Windows 10 and Server 2016 09.03.2017 MS: Syntax error in 97_PrepBISF_PRE_BaseImage.ps1 06.03.2017 MS: Get file version of Service ImagePath 06.03.2017 MS: Get file verion of 3rd Party Apps 06.03.2017 MS: Bug fix; Read Variable $varCLI = … in all affected preparation scripts 06.03.2017 MS: Bug fi;: Detecting WSUS TargetGroup 04.03.2017 MS: Bug fix; Prepare Citrix PVS WriteCacheDisk – BugFix: DiskID is not language neutral, split string after “:” to read the right side only, thx to Marco Zimmermann 04.03.2017 MS: ADMX: configure PVS WriteCacheDisk driveletter, thx to Marco Zimmermann 21.02.2017 MS: Added check for admin privileges before script execution 21.02.2017 MS: Create BIS-F Adminshortcut on personal Desktop 20.02.2017 MS: Bug fix; Sophos Preparation – Fixed typos to get the right servicename -> $ServiceNames[0] 20.02.2017 MS: Bug fix; Get-BISFMacaddress – Fixed empty space given back from $mac, thx to Valentino 20.02.2017 MS: Removed WEMBrokerName configuration with BIS-F, must be configured with WEM ADMX or AMD from Citrix, not here !! 02.02.2017 MS: Removed CLI parameters, this can be configured with the ADMX File. Exclude -DebugMode and -Verbose CLI Switches are available only 01.02.2017 MS: Bug fix wrong syntax for RES ONE Automation Console 31.01.2017 MS: RES Workspace Manager; Changde Remove-Item -Path “$InstallDir_REG\Data\DBCache\Resources\custom_resources\*” -recurse 31.01.2017 MS: RES ONE Automation Console; Added stop service command 30.01.2017 MS: RES Workspace Manager; Added IF (Test-Path “$HKLM_WIN_CVN\WUID”) {Remove-Item -Path “$HKLM_WIN_CVN\WUID”} 28.01.2017 MS: Fixed typo in 10_PrepBISF_uberAgent.ps1 – $PSScriptName = [System.IO.Path]::GetFileName($PSScriptFullName) 27.01.2017 MS: Bug fix 149; Added $Global:LIC_BISF_CLI_LSb=”” to define the variable, required for the ADMX templates 26.01.2017 MS: Added ADMX templates to configure all silent commands with Group Policies, it’s easier for BIS-F Updates and central configuration. CLI Commands are currently included but will be removed in a future release 25.01.2017 MS: Excluded cleanmgr.exe for now – currently buggy, restart needed to delete superseded updates 24.01.2017 MS: VMware OS Optimization Tool limit search folders to “C:\Program Files”,”C:\Program Files (x86)”,”C:\Windows\system32″ and their subfolders 24.01.2017 MS: RES Workspace Manager and AutomationManager; In Citrix PVS if an alternate DBCache Path is already configured, BIS-F will use it 18.01.2017 JP: Bug 127; Removed /PrepMsmq:False for XenApp 65, a random QMId would be set during system startup with BIS-F 18.01.2017 MS: Bugfix 127; MSMQ QMId not unique, fixed with new script from Citrix – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new/known-issues.html 12.01.2017 MS: If the Citrix PVS Target Device Driver is detected and no vDisk is assigned (DiskMode = Unmanaged), BIS-F exit script on start-up with an error message 11.01.2017 MS: Feature Request 133; Creating Installer for Base Image Script Framework, you can use /silent command to easily install from command line 11.01.2017 MS: Feature Request 134; Prepare RES One Workspace Management, RES ONE Automation and RES ONE Service Store Software for Image Management Software, Thanks to Company RES Germany: Oliver Lomberg & Nina Metz for additional enhancements informations to create this script 10.01.2017 MS: Feature Request 121; Added CLI command ‘AppVPckRemoval YES | NO ‘or message box to delete PreCached App-V Packages 10.01.2017 MS: Bug fix 134; PrepareWriteCacheDisk: Add space on either side of the Driveletter variable $searvol, thx to Jeremy Saunders 10.01.2017 MS: Bug fix 134; PrepareWriteCacheDisk: MBR disk with 8 characters to get the right uniqueID from Diskpart only, PVS does not support GPT disk, see https://support.citrix.com/article/CTX139478 thx to Jeremy Saunders 10.01.2017 MS: Review 140; Added CLI command ‘XAImagePrepRemoval YES | NO’ or MessageBox during Prepare XenApp for Provisioning/Image Management you can choose RemoveCurrentServer and ClearLocalDatabaseInformation, this would be set with this Parameter or prompted to administrator 10.01.2017 JP/MS: Feature 139; Added McAfee 5.X Agent Support 09.01.2017 MS: Feature 137; Added Sophos preparation and personalization for Image Management, thx to Marco Zimmermann, Tim Franken and Mark Bos 09.01.2017 MS: Feature 137; Added UberAgent preparation, thx to Marco Zimmermann 09.01.2017 MS: Review 126; MCS only: IF Diskmode is set to “MCSPrivate” no personalization is running 09.01.2017 MS: Bug fix 135; IF PVS Target Device Driver is installed, spool and EventLogs like Application, System, Security and XA LicenseFile would be redirected to WriteCacheDisk, otherwise leave it the original path 08.12.2016 MS: Test-PVS Driveletter running on preparation state only 07.12.2016 MS: Migrated BISF Registry Items to a new location 07.12.2016 MS: Added Office 2016 KMS support 06.12.2016 MS: Feature 129: Added Citrix Workspace Environment Manager Agent (WEM) support 05.12.2016 MS: Added defrag support for Windows 10.X 05.12.2016 MS: Bug fix; Defrag does not identify the right driveletter of the vDisk after P2PVS if the drivelabel is empty 05.12.2016 MS: Issue 114; Variables must be cleared after each step, to not store the value in the variable and use them in the next $prepCommand or $PostCommand 05.12.2016 MS: Added VHDX support for Citrix PVS 11.11.2016 MS: Create-BISFTask running in its own function 10.11.2016 MS: Post-Sysprep: Added check for Windows 10 for running after sysprep actions 10.11.2016 MS: 3rd party tools like sdelete, ccleaner, nvpsbind, vietool would not longer be distributed by BIS-F, customer must have them in their environment installed 10.11.2016 MS: Added Pre-Commands for Windows Server 2016 and Windows 10 10.11.2016 MS: Set-QMID would never be processed, wrong syntax in IF (($returnTestXDSoftware -eq “true”) -or ($returnTestPVSSoftware -eq “true”)) 10.11.2016 MS: Fixed typo in Line 76, thx to Mikhail Zuskov -> Write-BISFLog -Msg “Error changing access for NetworkService on the folder `”$LIC_BISF_CtxCache`”. The output of the action is: $result” -Type W -SubMsg 09.11.2016 MS: Added preparation for Altiris Inventory Agent 29.10.2016 MS: After successful sysprep, computer shutdown would be performed only, if not supressed by CLI command 28.10.2016 MS: If NoVirtualDisk is detected, the Drive for Defrag if used would be set to SystemDrive 28.10.2016 MS: Bug fix Sysprep is not running in earlier BIS-F Version. Adding error handling, checking setuperr.log for errors and from postCommands 28.10.2016 MS: Enhanced the defrag to run on NoVirtualDisk, previous Version PVS BaseDisk only 04.10.2016 MS: Global Re-Design of the folder structure, removed Custom folder and put them in the Personalization and Preparation folder, custom scripts are now placed in this folder only for future scripts only, they don’t touch during updates of BIS-F 17.06.2016 BR: RDS TimeBob Added Filter for Operating System type, running on member server, not specified on W0212 only 25.04.2016 BR: Updated SEP preparation Script 24.03.2016 MS: Modiy BIS-F scheduled task if it already exist, thx to Valentino Pemoni 23.03.2016 MS: Kaspersky AntiVirus Fix: Added -Recurse to search for files 23.03.2016 MS: Extended CLI command, you can now use -LogShare NO if you prefer not to use a central LogShare 22.03.2016 MS: Changed SDelete to run on the WriteCacheDisk on PVS Target Devices only 22.03.2016 MS: Added AppSense Support 17.03.2016 MS: Added Delprof support 17.03.2016 MS: Added turbo.net support 15.03.2016 BR: Added function Invoke_BISFLogRotate to Cleanup Logfiles and keep only a configured value of files 15.03.2016 MS: Issue; Get duplicate AdapterGUID back, instead unique of each adapter 15.03.2016 BR: Issue; Syntax error Invoke-BISFService: Set-Service -Name $svc.Name -StartupType $StartType | Out-Null 15.03.2016 MS: Issue; Give wrong variable back, switch RO and RW (function Invoke-BISFService) 10.03.2016 MS: Added CLI-commands to the BISF-Log 10.03.2016 MS: Added CLI Switch DisableConsoleCheck to disable the check of the console session 10.03.2016 MS: Issue 111 – Added nvspbind.exe to unbind IPV6 from AdapterGuid 04.03.2016 MS: Issue; Heavy bug in function Invoke-BISFService, services would not started if needed 04.03.2016 MS: Issue; Fixed issue SCOM service would be start on every Image Mode if installed 03.03.2016 MS: Issue 113; AppVClient Cache did not resolve to the correct service status, thx to @valentinop 03.03.2016 MS: Added DebugMode for developer 02.03.2016 MS: Check PVS DiskMode at Prerequisites, to get an Warning on startup if Disk is in ReadOnly Mode and exit script
Download the tool