logo
parallax-small

Base Image Script Framework (BIS-F) – Version 5.1.1

Montag, 14 März 2016

the perfect way to seal your Base Image

by Matthias Schlimm

The Base Image Script Framework (BIS-F) is fully developed in Powershell and helps you to seal your Base Image for Citrix XenApp, XenDesktop, VMware Horizon View, Microsoft RDS / VDI environments with complete automated steps from vendor best practices guides. BIS-F detect the installation of your AntiVirus, System Management Software and some others (see the list below), optimize and prepare/seal the Base Image and delete the unique Identifier of the listed Applications to prevent duplicate/ghost entries in the management servers. Everytime you updated your Base Image or install them newly from scratch run BIS-F manually or with your prefered software deployment solution to seal the Image. BIS-F installed an scheduled task, that runs on computer startup to personalize the cloned device unique with the needed identfier or format the Citrix PVS WriteCacheDisk once.

BIS-F runs the following actions:

Microsoft Optimizations
•    Windows Server 2008 – 2012 R2
•    Windows 7 – 8.x (32 and 64 Bit)
•    delete WSUS Client-ID
•    delete WSUS SoftwareDistribution
•    reset Performance Counters
•    CCleaner to delete temp. files
•    delete Windows Event Logs
•    reclaim storage space
•    Rearm Operating System once
•    Rearm Microsoft Office (2010, 2013, 2016) once (x86 only)
•    Delete DHCP Client informations in registry
•    Defrag System
•    Delete AllUsersStartmenu
•    Disable IPv6
•    add delay between Timesync and GPO apply, to successfull apply GPO's after DST
•    Disable not useful scheduled task
•    Disable not useful services

Anti-Virus
•    Trend Micro
•    Symantec Endpoint Protection
•    McAfee VirusScan Enterprise
•    Microsoft EndPoint Security Client
•    Kaspersky AntiVirus

Softwaredeploying
•    Microsoft SCCM Agent
•    Novell ZCM Agent
•    Altiris Deployment Agent
•    Matrix42 Agent   
•    Heat DSM (prev. NetInstall)   

System Monitoring
•    Microsoft System Center Operations Manager Agent
•    Splunk Universal Forwarder

Applicationvirtualization
•    FsLogix
•    Microsoft AppV Client

Citrix
•    Citrix XenApp 6.x
•    Citrix XenDesktop VDA 5.6 – 7.x
•    Citrix PVS Target Device Driver 5.6 – 7.x
•    Automatic format the Citrix WriteCache Disk
•    XenDesktop Personal vDisk Inventory Update (Windows 7, 8.x Clients only)
•    Fix for MSMQ Service XenDesktop FP1
•    reset Citrix Application Streaming Offline Database
•    delete Citrix Streaming Cache (RadeCache)
•    delete Citrix User Profile Manager Cache
•    delete Citrix EdgeSight Client Data

VMware
•    VMware Horizon View detection

Installation

The Script framework is very simple to install, download the scripts and copy them to the System Drive of your base-Image (C:\SCRIPTS)

 

BIS F 1 2015.08

PVS Environment only

If the Citrix Provisioning Software is installed to run the Script you must only create one system variable on your base-image.

BIS F 2 2015.08

Run the Script

PrepareBaseImage.cmd > Run as administrator

BIS F 3 2015.08

BISF 5.1.0 1

BISF 5.1.0 2

If the Citrix PVS Target Device driver is installed and a vDisk in private mode is attached the BIS-F convert your Base-Image to the vDisk and shutdown your Base-Image after successful convert.

BISF 5.1.0 3

If XenConvert is installed, BIS-F detect automatically the installation and use XenConvert instead of P2PVS.
Note: We do not longer distribute XenConvert with this Version, you must download and install XenConvert on your BaseImage.

Link: http://www.citrix.de/downloads/xenserver/tools/conversion.html

To suppress any message boxes from the script you can run the BIS-F in silent mode. You must edit the File PrepareBaseImage.cmd to complete this action.

Example: Powershell.exe -file "%Files.PT%\10_MAIN_PrepPVS.ps1" -sDelete NO -defrag YES -AVFullScan YES -OSrearm YES -OFrearm YES –CtxPvD NO –delAllUsersStartmenu NO –DisableIPv6 NO –Ccleaner YES –RstPerfCnt YES

 

CLI-switch Value Description
-sDelete  YES | NO  Run Fast Space Reclaimer on Systemdrive (previous sdelete)
-defrag  YES | NO  Running vDisk defragmentation after successful P2PVS/XenConvert
-AVFullScan  YES | NO  Running an antivirus FullScan. This Variable must be checked in the antivirus preparation script, like Symantec Endpoint Protection, Microsoft Security Client or your own Script to prepare your AntiVirus Solution
-VIEScan YES | NO Running Symantec VIE Tool, Read more about this Tool
-OSrearm YES | NO Running an Operating System rearm if needed
-OFrearm YES | NO Running an Office rearm if needed
-CtxPvD YES | NO Running Personal vDisk Inventory Update (Client-OS only)
-CCleaner YES | NO Running CCleaner to delete temp files
-P2PVS ---------- If XenConvert is installed you can use this switch to use P2PVS instead of XenConvert
-RstPerfCnt YES | NO Reset Performance Counters. See CTX129350 or CTX127151 for further informations
-verbose ---------- Show all messages on console
-SuppressRndReboot ---------- Skip a pending reboot
-Shutdown YES | NO After successful build a system shutdown can be performed, if the switch is not defined, the system would be shutdown, otherwise set it to NO.
Note: If the script detects it running from SCCM or MDT Tasksequence, the Shutdown would be suppressed
-VERYSILENT ---------- All Messageboxes would be supressed, for fully automation.
If a needed CLI command not defined, the script would be
exiting.
-FSXdelRules YES | NO If FSlogix is installed, you would ask to delete all local fsLogix
rules and assignment files
-FSXRulesShare  “\\Server\Share” If FSlogix is installed, enter a valid UNC-Path where you
stored the fsLogix rules and assignment files.
-delAllUsersStartmenu YES | NO delete all Objects in C:\ProgramData\Microsoft\Windows\Start Menu\*
-DisableIPv6 YES | NO Disable IPv6 completly

Please read the documentation inside the available download for further information.

Team of BIS-F:

•    Matthias Schlimm, www.loginconsultsants.com
•    Benjamin Ruoff, www.loginconsultsants.com
•    Mike Bijl, www.loginconsultsants.com

Donate:

Many thanks to the following people to help us this tool make better and better
•    Trond Eirik Haavarstein, www.xenappblog.com
•    Jeremy Saunders, www.jhouseconsulting.com
•    Ingmar Verheij, www.ingmarverheij.com
•    Thomas Krampe, www.loginconsultsants.com
•    Vincent Szabang, www.loginconsultsants.com
•    Bertram Wöhrmann, www.loginconsultsants.com
•    Frank Fette, www.loginconsultsants.com
•    David Rosenthal
•    Jonathan Pitre
•    Franco König

Fixes and News in this release:

Version 5.1.1:

03.03.2016 MS: Fix wrong syntax to check if Image Management Software like VDA, PVS Target Device Driver or VMware View Agent is installed
04.03.2016 MS: heavy bug in function invoke-service, services would not started if needed

Version 5.1.0:

21.01.2016 MS: add function Get-OSCSessionType to run BIS-F from console session only
21.01.2016 MS: Fix wrong syntax to check if Image Management Software like VDA, PVS Target Device Driver or VMware View Agent is installed
20.01.2016 MS: Fix for delAllUsersStartmenu, typos in variable
20.01.2016 MS: PrepareBaseImage.cmd: remove twice CLI command for -DisableIPv6 NO
20.01.2016 MS: BugFix in Feature 99: Wrong Dword to completly disable IPv6 - 0x000000FF, thanks to Jonathan Pitre
07.01.2016 MS: Feature 21 - If No Image Management-Software would be detected, the Service Startup type would not changed to manual
07.01.2016 MS: Feature 20 - add VMware Horizon View detection, thx to Bertram Wöhrmann
07.01.2016 MS: Feature 105 - add rearm support for office 2016 x86
07.01.2016 MS: change executionpolicy from unrestricted to bypass
07.01.2016 MS: Feature 79 - add Optimize-BISFWinSxs to cleanup and reduce WinSxs Folder (Win8, Win2012 R2 only), thx to Vincent Szabang
17.12.2015 MS: Bufix - mispelled CLI switch change from delAllUsersStartmenue to delAllUsersStartmenu
17.12.2015 MS: Bugfix - BISF.psm1 - $ImageSW would be set to false, wrong order
16.12.2015 MS: Bugfix - BISF.psm1 - coding error 1133 Write-Progress "Done" "Done" -completed
16.12.2015 MS: Feature 100 - add Disable Data Execution Prevention, Disable Startup Repair option, Disable New Network dialog, Set Power Saving Scheme to High Performance,  thx to Thomas Krampe
16.12.2015 MS: Feature 100 - disable Windows Services, thx to Thomas Krampe
16.12.2015 MS. Feature 100 - disable useless Scheduled tasks, thx to Thomas Krampe
16.12.2015 MS. Feature 100 - Win8 only, run disk cleanup, thx to Thomas Krampe
16.12 2015 MS: Feature 97 - add Hide PVS status icon, http://forums.citrix.com/thread.jspa?threadID=273278, , thx to Ingmar Verheij - http://www.ingmarverheij.com
16.12.2015 MS: Feature 101 - redirect spool directory to PVS WriteCacheDisk, if PVS Target Device Driver is installed only
16.12.2015 MS: Feature 102 - redirect eventlogs (Aplication, Security, System) to PVS WriteCacheDisk, if PVS Target Device Driver is installed only
16.12.2015 MS: Feature 99 - add Increases the UDP packet size to 1500 bytes for FastSend - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2040065, thx to Ingmar Verheij - http://www.ingmarverheij.com
16.12.2015 MS: Feature 99 - add Set multiplication factor to the default UDP scavenge value (MaxEndpointCountMult), http://support.microsoft.com/kb/2685007/en-us , thx to Ingmar Verheij - http://www.ingmarverheij.com
16.12.2015 MS: Feature 99 - add Disable Receive Side Scaling (RSS), http://support.microsoft.com/kb/951037/en-us , thx to Ingmar Verheij - http://www.ingmarverheij.com
16.12.2015 MS: Feature 99 - add Disable IPv6 completely , thx to Ingmar Verheij - http://www.ingmarverheij.com
16.12 2015 MS: Feature 97 - add Hide PVS status icon, http://forums.citrix.com/thread.jspa?threadID=273278, , thx to Ingmar Verheij - http://www.ingmarverheij.com
15.12.2015 MS: Feature 96: added vmware Tools optimizations, thx to Ingmar Verheij - http://www.ingmarverheij.com
15.12.2015 MS: Feature 94: add Script 10_PrepBISF_KAVS.ps1 - Prepare Kaspersky Antivirus for Image Management Software
10.12.2015 MS: Change Productname from "Frantrange DSM " to "Heat DSM"
25.11.2015 MS: reset Distributed Transaction Coordinator service if installed
25.11.2015 MS: add clear DHCP entries of Networkadapter, to prevent BlueScreen on some PVS Targetdevices https://www.citrix.com/blogs/2015/09/29/pvs-target-devices-the-blue-screen-of-death-rest-easy-we-can-fix-that/
25.11.2015 MS: Stop DHCP client Service, see https://www.citrix.com/blogs/2015/09/29/pvs-target-devices-the-blue-screen-of-death-rest-easy-we-can-fix-that/
04.11.2015 MS: add silent option 'delAllUsersStartmenue' to delete all Objects in C:\ProgramData\Microsoft\Windows\Start Menu\*
03.11.2015 MS: XenApp 6.x only: Personalization on each device -> Configure Citrix LicenseFile Cache Location and set NTFS Permissions for NetworkService with Fullaccess
03.11.2015 MS: remove function NimbleFastReclaim, would be replaced with Write-ZeroesToFreeSpace, see Bug 62
26.10.2015 BR: add delay between Timesync and GPO apply, to successfull apply GPO's after DST
26.10.2015 BR: 10_PrepBISF_IME.ps1 - add new script to delete Office 2010 IME Keyboards from Autorun
06.10.2015 MS: 10_PersBISF_Services.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_TimeAndGPO.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_OfficeKMS.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_CTX.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_WriteCacheDisk.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_ZCM.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_TM.ps1 - rewritten script with standard .SYNOPSIS
06.10.2015 MS: 10_PersBISF_SEP.ps1 - rewritten script with standard .SYNOPSIS, central BISF function couldn't used for services, SEP Service must being started with smc.exe
06.10.2015 MS: 10_PersBISF_SCOM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PersBISF_SCCM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PersBISF_FsLogix.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 99_PreBISF_Pre_BaseImage.ps1 - Last Change: 01.10.2015 MS: rewritten script to use central BISF function
01.10.2015 MS: 98_PreBISF_Pre_BaseImage.ps1 - Last Change: 01.10.2015 MS: rewritten script to use central BISF function
01.10.2015 MS: 97_PreBISF_Pre_BaseImage.ps1 - Last Change: 01.10.2015 MS: rewritten script to use central BISF function
01.10.2015 MS: 96_PreBISF_REARM.ps1 - Last Change: 01.10.2015 MS: rewritten script to use central BISF function
01.10.2015 MS: 90_PreBISF_CTX.ps1 - Last Change: 01.10.2015 MS: rewritten script to use central BISF function
01.10.2015 MS: 10_PrepBISF_WriteCacheDisk.ps1 - rewritten script to use central BISF function
01.10.2015 MS: 10_PrepBISF_SecureBISFfolder.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PrepBISF_TM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PrepBISF_ZCM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PrepBISF_VSE.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 10_PrepBISF_Splunk.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
10.10.2015 MS: 10_PrepBISF_SEP.ps1 - rewritten script with standard .SYNOPSIS, central BISF function couldn't used for services, SEP Service must being stopped with smc.exe
10.10.2015 MS: 10_PrepBISF_SCOM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.10.2015 MS: 90_PreBISF_CTX.ps1 - Change Line 103 to create Cache Directory to store the CTX License File: New-Item -path "$LIC_BISF_CtxCache" -ItemType Directory -Force
01.10.2015 MS: 90_PreBISF_CTX.ps1 - Change Line 236 to Set-ItemProperty -Path HKLM:Software\Microsoft\MSMQ\Parameters\MachineCache -Name "QMId" -Value ([byte[]]$new_QMID) -Force
30.09.2015 MS: 10_PrepBISF_SCCM.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_FsLogix.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_FrontRange.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_EPC.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_Empirum.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_CMTrace.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PrepBISF_AppVClient.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
30.09.2015 MS: 10_PersBISF_Altiris.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
29.09.2015 MS. Bugfix 93 - check if preperation phase is running to run $Global:returnTestPVSDriveLetter=Test-PVSDriveLetter -Verbose:$VerbosePreference (added in Bugfix 50 10.08.2015 - Version 5.0.2)
02.09.2015 MS: 10_PrepBISF_Altiris.ps1 - rewritten script with standard .SYNOPSIS, use central BISF function to configure service
01.09.2015 MS: add username to each logfile entry
01.09.2015 MS: Change Request 88 - Defrag runs on BaseDisk only
01.09.2015 MS: add function Get-DiskNameExtension, to get BaseDisk or ParentDisk, defrag would be performed on BaseDisk only
01.09.2015 MS: Bugfix 42 - SCCM: fixing deleteCCMCache, this must be running before service stops
31.08.2015 MS: add function Test-RegistryValue to test registryvalue if exists (needed for SEP Client, WOW6432Node or native 64 Bit client)
31.08.2015 MS: Bugfix 89 - SEP Preperation: symantec fixes the registry location for the SEP-Client to WOW6432Node, fix in line 48-50 and function deleteSEPData
31.08.2015 MS: Bugfix 89 - SEP Personalization: Symantec fixes the registry location for the SEP-Client to WOW6432Node, fix in line 31-32 and function SetHostID
21.08.2015 MS: Change Request 77 - remove PreFix XX,XA,XD from all files and Scripts
21.08.2015 MS: Bugfix 76 - FsLogix: Do not checked PVS or MCS DiskMode, Service is already running or would be start if stopped
21.08.2015 MS: Bugfix 76 - FsLogix: remove to set fsLogix service to manual, stopped service only.

 

Download the tool