logo
parallax-small

Base Image Script Framework (BIS-F) – Version 6.0.2

the perfect way to seal your Base Image

by Matthias Schlimm, April 2017

Every time you build you’re base Image from scratch or update it, you must seal it before deploying it to your cloned devices. No matter if you are using Citrix XenApp/XenDesktop with Machine Creation Services (MCS) or Provisioning Services (PVS), VMware View or Microsoft only, BIS-F supports it all. Optimize you’re base Image before deployment, deletes unique identifier to prevent duplicate/ghost entries on your management server (Anti-Virus, SCCM, SCOM, etc.…), delete junk files, defrag you’re disk etc. All these necessary steps and much more has to be run manually, but here is a better way. Here’s the right tool for the job.

Base Image Script Framework (BIS-F) is 100% PowerShell driven and addresses tons of optimizations plus it has a great logging feature.

Please read the Admin Guide in the Download package to get further information.

 

Microsoft Optimizations

  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Windows 7, 8, 8.1, 10
  • Delete WSUS Client-ID
  • Delete WSUS SoftwareDistribution folder
  • Reset Performance Counters
  • Delete temp files with CCleaner (3rd Party CCleaner must be installed first)
  • Delete Windows event logs
  • Reclaim storage space on PVS WriteCache Disk (3rd Party SDelete needed in C:\Windows\System32)
  • Rearm Operating System once
  • Rearm Microsoft Office (2010, 2013, 2016) once (x86 only)
  • Delete DHCP Client information in registry
  • Defrag system disk
  • Delete AllUsersStartMenu
  • Disable IPv6 (3rd Party nvpsbind needed in C:\Windows\System32)
  • Add delay between time sync and GPO processing
  • Disable unneeded scheduled tasks
  • Disable unneeded services

AntiVirus

  • Trend Micro
  • Symantec Endpoint Protection (3rd party vietool needed in C:\Windows\System32)
  • McAfee VirusScan Enterprise
  • Microsoft EndPoint Security Client
  • Kaspersky AntiVirus
  • Sophos AntiVirus

Electronic Software Deployment (ESD)

  • Microsoft SCCM Agent
  • Novell ZCM Agent
  • Altiris Deployment Agent
  • Matrix42 Agent  
  • Heat DSM (prev. NetInstall)  

System Monitoring

  • Microsoft System Center Operations Manager Agent
  • Splunk Universal Forwarder
  • uberAgent

Application Virtualization

  • FSLogix
  • Microsoft App-V Client
  • Ivanti AppSense
  • RES ONE Automation Agent
  • RES ONE Automation Console
  • RES ONE Automation
  • RES ONE Service Store Client Service

Citrix

  • Citrix XenApp 6.x (IMA)
  • Citrix XenApp/XenDesktop 7.x (FMA)
  • Citrix Machine Creation Service (MCS) 7.x
  • Citrix PVS Target Device Driver 5.6 – 7.x
  • Format automatically the Citrix WriteCache Disk once
  • XenDesktop Personal vDisk Inventory Update (Windows 7, 8.x, 10 Clients only)
  • Fix for MSMQ Service (required for Session Recording)
  • Reset Citrix Application Streaming offline database
  • Delete Citrix Streaming Cache (RadeCache)
  • Delete Citrix Profile Management cache
  • Delete Citrix EdgeSight client data
  • Citrix Environment Management Agent (WEM) configure Cache

VMware

  • VMware Horizon View detection
  • VMware OS Optimization Tool with default OS Template

It is simple

Install -> Configure > Run

Install

With BIS-F 6.0.0 we have created a simple installer, please first manually remove the old version of BIS-F 5.1.2 and earlier.

install

Configure

It is possible to fully automate the configuration of BIS-F with Group Policy. Simply copy the ADMX/ADML files from the installation folder to the central PolicyDefinitions store. The CLI parameters from earlier BIS-F Versions are no longer available.

configure 1

NOTE: In future BIS-F versions, all message and input boxes will be removed, so you won’t be able to run BIS-F without GPO configurations!

If you using Citrix Provisioning Services, from the PVS Console, attach a vDisk in private mode on the Base Image and boot from Hard Disk, all the rest will be taken care by BIS-F.

configure 2

Run

On your Base Image or your updated Image run BIS-F.

PrepareBaseImage.cmd > Run as administrator

run 1

When the script runs for the first time, it creates a shortcut on your Desktop. You can start BIS-F from this shortcut.

run 2

run 3

run 4

If the Citrix Target Device Driver is detected and the Image is booting up from Hard Disk, BIS-F automatically convert the local Disk to the previous attached vDisk. If you are booting up from a vDisk in Maintenance Mode, BIS-F does not run P2PVS.

run 5

After this step and the Base Image would shut down, you can deploy it to your cloned device based on your System Management Software.

Stay in touch

To get the latest news, tips and update from the BIS-F team you can follow us on Twitter @BISF2017

The Authors

  • Matthias Schlimm | IT-Architect | Login Consultants Germany GmbH  
  • Benjamin Ruoff | Senior Networking Consultant | Citrix Systems
  • Mike Bijl | Senior Consultant | Login Consultants Nederland B.V
  • Florian Frank | Junior Consultant | Login Consultants Germany GmbH
  • Jonathan Pitre | Technology Specialist | Oriso Solutions

Donate

Many thanks to the following people who helped us to make this tool better and better

Release Notes

Version 6.0.2:

01.05.2017 MS: Removing BIS-F Version from ADMX, no longer showing the version in the GPO editor
01.05.2017 MS: Bugfix 178: defrag arguments are different between client and server os, thx to Jeremy Saunders
01.05.2017 MS: Bugfix: after sucessfull syprep, running PostCommand now for defrag and shutdown

Version 6.0.1:

20.04.2017 MS: Issue 175: - After Patchday in April 2017 powershell command stop-computer does not work as expected (privilege not held), using shutdown /s now - tested on Windows 2008 R2 and Server 2016

Version 6.0.0:
18.04.2017 MS: Bugfix 02_PersBISF_CTX.ps1 - reset Performance Counters with installed Citrix VDA
13.04.2017 MS: BugFix - ADMX - PVSWriteCache Driveletter is now enabled to choose letter B: - Z:
11.04.2017 MS: Bugfix 97_PrepBISF_PRE_BaseImage.ps1 - Line 659 using $prepCommand insted of $PostCommand
03.04.2017 MS: BugFix - RES Workspace: wrong Path in Workspace Agent, change from DBCache to LocalCachePath
03.04.2017 MS: BugFix - RES Workspace: delete not all folders in the CachePath
28.03.2017 MS: Final Test passed with Server 2016 / XA 7.13 and Server 2008 R2 / XA 6.5
27.03.2017 MS: List of services not disabled, must be under extra control from the administrator $ServicesList = @("AJRouter","ALG","BthHFSrv","Eaphost","DiagTrack","PeerDistSvc","PeerDistSvc","EFS","msiscsi","WSearch","ALG","BDESVC","fhsvc","lfsvc","MSiSCSI","smphost","SharedAccess","wlidsvc","wbengine","bthserv","Browser","DeviceAssociationService","DsmSvc","DPS","WdiServiceHost","WdiSystemHost","QWAVE","SensorDataService","RetailDemo","PcaSvc","TrkWks","WPCSvc","Fax","FDResPub","svsvc","HomeGroupListener","ShellHWDetection","SensorService","HomeGroupProvider","TabletInputService","WiaRpc","CscService","SstpSvc","wscsvc","icssvc","stisvc","SensrSvc","XblAuthManager","XblGameSave","XboxNetApiSvc","WlanSvc","ShellHWDetection","SNMPTRAP","SSDPSRV","SysMain","TapiSrv","upnphost","SDRSVC","WcsPlugInService","wcncsvc","WinDefend","WerSvc","WMPNetworkSvc","Wlansvc","WwanSvc")
23.03.2017 MS: BugFix: get the right status of Pending Reboot with the configured ADMX
22.03.2017 MS: for P2PVS reconfigure Microsoft Software Shadow Copy Provider Service and VSS Service, needed them for P2PVS 
22.03.2017 MS: Bugfix to read the right State from personality.ini if used VDA with PVS
21.03.2017 MS: Feature 146: add progressbar to defrag
20.03.2017 MS: do not disable defragsvc, VSS, swprv services 
17.03.2017 MS: Bugfix: Start-BISFProcWithProgBar: remove -Wait from Start-Process
17.03.2017 MS: Bugfix: Start-BISFProcWithProgBar: using $ArgList instead og $Args at the Write-BISFLog commmand here
16.03.2017 FF: BugFix 164 for Image Prep (disable useless Services and Scheduled Tasks)
15.03.2017 MS: added Support for RES ONE Automation Agent Version 10 with new path in registry and filesystem
15.03.2017 MS: BugFix in Get-BISFDiskNameExtension to get vhd,avhd, vhdx or avhdx only
14.03.2017 MS: after update on 13.03.207 Bugfix WriteCacheDisk detection
14.03.2017 MS: defrag not run via ADMX
14.03.2017 MS: Failure if open ADMX
13.03.2017 MS: Updated graphical Design and Logo for BIS-F, thx to Marco Zimmermann
13.03.2017 MS: Extended unneeded services for Windows 10 and Server 2016 to disable
13.03.2017 MS: Extended unneeded scheduled tasks for Windows 10 and Server 2016 to disable
12.03.2017 MS: Added $Global:Wait1= "10" time in seconds in BISF.psm1
12.03.2017 MS: Bug fix; move $Pvd_LOGFile_search="Update Inventory completed" from 99_PrepBISF_PostBaseImage.ps1 to 98_PrepBISF_BuildBaseImage.ps1 thx to Mathias Kowalkowski
12.03.2017 MS: Bug fix 112; Kaspersky AntiVirus - wrong path to get from executable
12.03.2017 MS: ADMX: Configure Novell ZCM Agent webbases registration URL
12.03.2017 MS: Bug fix in ADMX - configure PVS WriteCacheDisk driveletter
12.03.2017 MS: Remove System Environment Variable PVSWriteCacheDisk, configured with ADMX and use new registry location to save and use informations 
09.03.2017 MS: Change defrag arguments to support Windows 10 and Server 2016
09.03.2017 MS: Syntax error in 97_PrepBISF_PRE_BaseImage.ps1
06.03.2017 MS: Get file version of Service ImagePath
06.03.2017 MS: Get file verion of 3rd Party Apps
06.03.2017 MS: Bug fix; Read Variable $varCLI = ... in all affected preparation scripts
06.03.2017 MS: Bug fi;: Detecting WSUS TargetGroup
04.03.2017 MS: Bug fix; Prepare Citrix PVS WriteCacheDisk - BugFix: DiskID is not language neutral, split string after ":" to read the right side only, thx to Marco Zimmermann
04.03.2017 MS: ADMX: configure PVS WriteCacheDisk driveletter, thx to Marco Zimmermann
21.02.2017 MS: Added check for admin privileges before script execution
21.02.2017 MS: Create BIS-F Adminshortcut on personal Desktop
20.02.2017 MS: Bug fix; Sophos Preparation - Fixed typos to get the right servicename -> $ServiceNames[0]
20.02.2017 MS: Bug fix; Get-BISFMacaddress - Fixed empty space given back from $mac, thx to Valentino 
20.02.2017 MS: Removed WEMBrokerName configuration with BIS-F, must be configured with WEM ADMX or AMD from Citrix, not here !!
02.02.2017 MS: Removed CLI parameters, this can be configured with the ADMX File. Exclude -DebugMode and -Verbose CLI Switches are available only
01.02.2017 MS: Bug fix wrong syntax for RES ONE Automation Console 
31.01.2017 MS: RES Workspace Manager; Changde Remove-Item -Path "$InstallDir_REG\Data\DBCache\Resources\custom_resources\*" -recurse
31.01.2017 MS: RES ONE Automation Console; Added stop service command
30.01.2017 MS: RES Workspace Manager; Added IF (Test-Path "$HKLM_WIN_CVN\WUID") {Remove-Item -Path "$HKLM_WIN_CVN\WUID"}
28.01.2017 MS: Fixed typo in 10_PrepBISF_uberAgent.ps1 - $PSScriptName = [System.IO.Path]::GetFileName($PSScriptFullName)
27.01.2017 MS: Bug fix 149; Added $Global:LIC_BISF_CLI_LSb="" to define the variable, required for the ADMX templates
26.01.2017 MS: Added ADMX templates to configure all silent commands with Group Policies, it's easier for BIS-F Updates and central configuration. CLI Commands are currently included but will be removed in a future release
25.01.2017 MS: Excluded cleanmgr.exe for now - currently buggy, restart needed to delete superseded updates
24.01.2017 MS: VMware OS Optimization Tool limit search folders to "C:\Program Files","C:\Program Files (x86)","C:\Windows\system32" and their subfolders
24.01.2017 MS: RES Workspace Manager and AutomationManager; In Citrix PVS if an alternate DBCache Path is already configured, BIS-F will use it
18.01.2017 JP: Bug 127; Removed /PrepMsmq:False for XenApp 65, a random QMId would be set during system startup with BIS-F
18.01.2017 MS: Bugfix 127; MSMQ QMId not unique, fixed with new script from Citrix - https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-12/whats-new/known-issues.html
12.01.2017 MS: If the Citrix PVS Target Device Driver is detected and no vDisk is assigned (DiskMode = Unmanaged), BIS-F exit script on start-up with an error message
11.01.2017 MS: Feature Request 133; Creating Installer for Base Image Script Framework, you can use /silent command to easily install from command line
11.01.2017 MS: Feature Request 134; Prepare RES One Workspace Management, RES ONE Automation and RES ONE Service Store Software for Image Management Software, Thanks to Company RES Germany: Oliver Lomberg & Nina Metz for additional enhancements informations  to create this script
10.01.2017 MS: Feature Request 121; Added CLI command 'AppVPckRemoval YES | NO 'or message box to delete PreCached App-V Packages
10.01.2017 MS: Bug fix 134; PrepareWriteCacheDisk: Add space on either side of the Driveletter variable $searvol, thx to Jeremy Saunders
10.01.2017 MS: Bug fix 134; PrepareWriteCacheDisk: MBR disk with 8 characters to get the right uniqueID from Diskpart only, PVS does not support GPT disk, see https://support.citrix.com/article/CTX139478 thx to Jeremy Saunders
10.01.2017 MS: Review 140; Added CLI command 'XAImagePrepRemoval YES | NO' or MessageBox during Prepare XenApp for Provisioning/Image Management you can choose RemoveCurrentServer and ClearLocalDatabaseInformation, this would be set with this Parameter or prompted to administrator 
10.01.2017 JP/MS: Feature 139; Added McAfee 5.X Agent Support
09.01.2017 MS: Feature 137; Added Sophos preparation and personalization for Image Management, thx to Marco Zimmermann, Tim Franken and Mark Bos
09.01.2017 MS: Feature 137; Added UberAgent preparation, thx to Marco Zimmermann
09.01.2017 MS: Review 126; MCS only: IF Diskmode is set to "MCSPrivate" no personalization is running
09.01.2017 MS: Bug fix 135; IF PVS Target Device Driver is installed, spool and EventLogs like Application, System, Security and XA LicenseFile would be redirected to WriteCacheDisk, otherwise leave it the original path
08.12.2016 MS: Test-PVS Driveletter running on preparation state only 
07.12.2016 MS: Migrated BISF Registry Items to a new location
07.12.2016 MS: Added Office 2016 KMS support
06.12.2016 MS: Feature 129: Added Citrix Workspace Environment Manager Agent (WEM) support
05.12.2016 MS: Added defrag support for Windows 10.X
05.12.2016 MS: Bug fix; Defrag does not identify the right driveletter of the vDisk after P2PVS if the drivelabel is empty
05.12.2016 MS: Issue  114; Variables must be cleared after each step, to not store the value in the variable and use them in the next $prepCommand or $PostCommand
05.12.2016 MS: Added VHDX support for Citrix PVS
11.11.2016 MS: Create-BISFTask running in its own function
10.11.2016 MS: Post-Sysprep: Added check for Windows 10 for running after sysprep actions
10.11.2016 MS: 3rd party tools like sdelete, ccleaner, nvpsbind, vietool would not longer be distributed by BIS-F, customer must have them in their environment installed
10.11.2016 MS: Added Pre-Commands for Windows Server 2016 and Windows 10 
10.11.2016 MS: Set-QMID would never be processed, wrong syntax in IF (($returnTestXDSoftware -eq "true") -or ($returnTestPVSSoftware -eq "true"))
10.11.2016 MS: Fixed typo in Line 76, thx to Mikhail Zuskov -> Write-BISFLog -Msg "Error changing access for NetworkService on the folder `"$LIC_BISF_CtxCache`". The output of the action is: $result" -Type W -SubMsg
09.11.2016 MS: Added preparation for Altiris Inventory Agent
29.10.2016 MS: After successful sysprep, computer shutdown would be performed only, if not supressed by CLI command
28.10.2016 MS: If NoVirtualDisk is detected, the Drive for Defrag if used would be set to SystemDrive
28.10.2016 MS: Bug fix Sysprep is not running in earlier BIS-F Version. Adding error handling, checking setuperr.log for errors and from postCommands
28.10.2016 MS: Enhanced the defrag to run on NoVirtualDisk, previous Version PVS BaseDisk only 
04.10.2016 MS: Global Re-Design of the folder structure, removed Custom folder and put them in the Personalization and Preparation folder, custom scripts are now placed in this folder only for future scripts only, they don't touch during updates of BIS-F
17.06.2016 BR: RDS TimeBob Added Filter for Operating System type, running on member server, not specified on W0212 only 
25.04.2016 BR: Updated SEP preparation Script
24.03.2016 MS: Modiy BIS-F scheduled task if it already exist, thx to Valentino Pemoni
23.03.2016 MS: Kaspersky AntiVirus Fix: Added -Recurse to search for files
23.03.2016 MS: Extended CLI command, you can now use -LogShare NO if you prefer not to use a central LogShare 
22.03.2016 MS: Changed SDelete to run on the WriteCacheDisk on PVS Target Devices only
22.03.2016 MS: Added AppSense Support 
17.03.2016 MS: Added Delprof support
17.03.2016 MS: Added turbo.net support
15.03.2016 BR: Added function Invoke_BISFLogRotate to Cleanup Logfiles and keep only a configured value of files
15.03.2016 MS: Issue; Get duplicate AdapterGUID back, instead unique of each adapter
15.03.2016 BR: Issue; Syntax error Invoke-BISFService: Set-Service -Name $svc.Name -StartupType $StartType | Out-Null
15.03.2016 MS: Issue; Give wrong variable back, switch RO and RW (function Invoke-BISFService)
10.03.2016 MS: Added CLI-commands to the BISF-Log
10.03.2016 MS: Added CLI Switch DisableConsoleCheck to disable the check of the console session
10.03.2016 MS: Issue 111 - Added nvspbind.exe to unbind IPV6 from AdapterGuid
04.03.2016 MS: Issue; Heavy bug in function Invoke-BISFService, services would not started if needed
04.03.2016 MS: Issue; Fixed issue SCOM service would be start on every Image Mode if installed
03.03.2016 MS: Issue 113; AppVClient Cache did not resolve to the correct service status, thx to @valentinop
03.03.2016 MS: Added DebugMode for developer
02.03.2016 MS: Check PVS DiskMode at Prerequisites, to get an Warning on startup if Disk is in ReadOnly Mode and exit script

Download the tool