• User Oobe Create Elevated Object Server とは
• What Is User Oobe Create Elevated Object Server
• User Oobe Create Elevated Object Server Fix
• User Oobe Create Elevated Object Server
• User Oobe Create Elevated Object Server Autopilot
• User Oobe Created Elevated Object Server

Create a template¶ Templates allow you to control what files become part of the package, and you should exclude unnecessary files. You may wish to create the template after sequencing as described below. To create a template, start with the provided template, OR perform the following steps: Launch the Microsoft App-V Sequencer. When I try to add a new user a User Account Control (UAC) popup asks if I want to allow 'User OOBE Create Elevated Object Server' app to make changes to my computer. The UAC box also says 'Verified Publisher: Microsoft Windows' I haven't yet made any other users on this Windows 10 Pro installation.

This guide describes how to deploy Acrobat DC via App-V so that the application is delivered on demand but runs as if installed locally. For a deployment overview, refer to the App-V deployment video.

Downloads:

DC/Continuous track:

• App-V Kit (updated May, 2020): Adds support for Office versions O2016, O2019, and O365 as well as the PDFMaker Add-Ins for MS Word/Excel/PPT for Create PDF and Share PDF.

Classic track:

Unsupported scenarios¶

• User-publish

• Roaming profiles.

• App-V is not tested in Citrix environments.

System requirements¶

• Microsoft Application Virtualization Sequencer Version 5.0 SP3 or 5.1.

• Acrobat (either track)

• Products sequenced on a 32-bit machine must be deployed on 32-bit clients and products sequenced on a 64-bit machine must be deployed on 64-bit clients.

Tuning¶

Tune the installer prior to imaging and deployment.

Tuning helps mitigate performance issues, simplifies the end user experience, and allows you to disable features and behaviors that should not be accessible to end users in an IT-managed environment.

• Accept the EULA on behalf of all users by using the PRTK tool.

• If the product language should be different than the OS language, set the language.

• Suppress registration (there are multiple ways: Wizard, cmd line property, PRTK tool).

• Disable push notifications: Set HKLMSOFTWAREWOW6432NodePoliciesAdobe(productname)(version)FeatureLockdowncServicesbToggleNotifications to 0.

• Disable the Help > Repair Acrobat Installation menu by setting the following to 1 (DWORD):

  • 32 bit machines: [HKLMSOFTWAREAdobe(productname)(version)Installer]'DisableMaintainence'

  • 64 bit machines: [HKLMSOFTWAREWow6432NodeAdobe(productname)(version)Installer]'DisableMaintainence'

Other settings

There are over 500 other registry preferences documented in the Preference Reference. Use the Wizard or manual/scripted methods to customer the product.

Preparing the environment¶

Prepare the sequencing machine following Microsoft’s guidelines.

• Create the following registry DWORD entry with a value of 1 to see the option of selecting PVAD while sequencing: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftAppVSequencerCompatibility]EnablePVADControl=1

• Processes that normally run on your computer can slow down the sequencing process and cause irrelevant data to be gathered during sequencing. Because the Sequencer scans for these (and similar) processes before creating a Virtual Application Package, the following programs should be stopped:

  • Windows Defender

  • Antivirus software

  • Disk Defragmentation Software

  • Windows Search

  • Microsoft Update

  • Any open Windows Explorer session

• Optional: Use the Customization Wizard to further customize the installer.

Creating an App-V Package¶

Create a template¶

Templates allow you to control what files become part of the package, and you should exclude unnecessary files. You may wish to create the template after sequencing as described below.

To create a template, start with the provided template, OR perform the following steps:

1. Launch the Microsoft App-V Sequencer.

2. Go to Tools > Options.

3. In the pop-up, go to Exclusion Items tab.

4. Choose New.

5. Add the following folders to the Exclusion Items List:

   • [{Profile}]

   • [{AppData}]

   • [{LocalAppDataLow}]

   • [{CommonAppData}]AdobeSLStore

   • [{ProgramFilesCommonX86}]AdobePCF

   • [{ProgramFilesCommonX86}]AdobeSLCache

   • [{ProgramFilesCommonX86}]AdobeAdobePCD

   • [{AppVPackageRoot}]AcrobatBrowsernppdf32

6. Close the options window.

7. Choose File > Save As Template…

8. Choose OK when the dialog appears.

9. Save as an .appvt file.

10. Exit.

Sequence Adobe Acrobat¶

There are two ways to approach sequencing:

• Use the Microsoft Sequencer UI, and create a template file after you create the package as described below. This method incorporates all the changes included the exclusion list as well as the configuration in the package editor’s advanced tab window.

• Create the Acrobat App-V package with powershell command below. Doing so replaces steps 1-25 but does not incorporate the settings in the last steps. For example, for the DC track:

Manual steps

1. Crack no dvd company of heroes opposing fronts iso. Start the Microsoft Sequencer.

2. Choose Go to File > Load Template… and select your saved template (.appvt).

3. Select Create a new Virtual Application Package > Create Package.

4. Choose Next.

5. If there are any warnings on the Prepare Computer screen, correct them.

6. Choose Next.

7. On the Type of Application screen, select Standard Application.

8. Choose Next.

9. On the Select Installer screen, enter the path to your product installation files (Setup.exe). For custom installs, check Perform Custom Installation.

10. Choose Next.

11. In the Package Name screen, enter an application name (such as Adobe Acrobat DC).

12. In the PVAD screen, enter the Acrobat installation path. Install Acrobat to this location only. For example, C:ProgramFilesx86)AdobeAcrobatDC for a DC install.

13. When the installer appears in the Sequencer Screen, select “Trial and subscription mode”. Note: Licensing options appear in subsequent sections.

14. Install to the location that has been entered as PVAD above using the “Customize” button in the Installer.

15. Follow the on-screen instructions.

16. Choose Close (do not choose Launch Now). If you have chosen Custom Installation Option, nothing will happen on the machine.

17. To install Acrobat via a command-line and suppress the EULA:

1. Open a command window in admin mode.

2. Go to the Acrobat installer location.

3. Verify Acrobat is installed in the PVAD location.

4. Run the following:

18. Create a new registry preference (Serialized installs only-all tracks):

18a. Named User Licensing installs only. Create the following two keys:

18b. Feature Restricted Licensing connected and offline packages. Create the following key:

19. After installation completes, select I am finished installing.

20. Choose Next.

21. Do not run any Application in the Configure Software screen. Choose Next.

22. After the Sequencer collects the system changes, review the Installation Report which detects common sequencing issues.

23. Choose Next.

24. Choose Stop Now.

25. Choose Next.

26. Select “Continue to modify package without Saving using the package editor”.

27. Choose Next.

28. In Package Editor window, open the Advanced Tab and check the following checkboxes:

    • Allow virtual applications full write access to virtual file system.

    • Allow COM Objects to interact with Local System.

    • Allow all named objects to interact with Local System.

29. Sap business one free full version with crack. Verify the files and folders excluded above do not appear in the package:

    • <Packageroot>AcrobatBrowser>nppdf32.* (any files starting with that string)

    • <Packageroot>VFSProfile

    • <Packageroot>VFSLocalAppDataLow

    • <Packageroot>VFSAppData

    • <Packageroot>VFSCommonAppdataAdobeSLStore

    • <Packageroot>VFSProgramFilesCommonX86AdobeSLCache

    • <Packageroot>VFSProgramFilesCommonX86AdobeAdobePCD

    • <Packageroot>VFSProgramFilesCommonX86AdobePCF

30. Select “Merge with local Directory” option for the following folders.

    • <Packageroot>VFSProgramFilesCommonX86Adobe

    • <Packageroot>VFSCommonAppdataAdobe

31. Add the necessary files to the Scripts folder.

    • C:ProgramFiles(x86)CommonFilesAdobeOOBEPDAppP7dispatchtable.xml (Available on the sequencer machine)

    • adobe_prtk.exe (Available as part of APTEE as a download from https://download.macromedia.com/pub/developer/prtk/Adobe_Provisioning_Toolkit_10_0_ALL.exe.

31a. Feature Restricted Licensing connected and offline packages only.

1. Go to https://adminconsole.adobe.com/

2. Create a license only package. (Do NOT include the Acrobat installer in the package).

3. Add adobe-licensing-toolkit.exe and json files from the FRL package created above to the scripts folder.

Embed scripts¶

1. Download and unzip required scripts.

2. Go to the Package Files Tab in the Editor.

3. Navigate to Package > Scripts.

4. Right-Click the Scripts folder and choose Add to embed a new script into the package so that they can be leveraged on the client machine.

• Publish.ps1: A PowerShell script to identify the location of App-V Acrobat on system, deploy Acrobat App-V in various Licensing modes, and suppress the updater on the client.

• Unpublish.ps1: An un-publish script which removes Adobe Acrobat activation as well as the updater and the location entry created by Publish.ps1.

• To volume serialize Acrobat on the client machine, include prov.xml in the package scripts. Generate this XML File on the sequencer machine using adobe_prtk.exe, and then run the APTEE Command from an elevated command prompt as shown below.

• Runtime.bat: This run-time script is only required when Acrobat should run in sandbox mode. The script creates the parent registry of the pass-through entries in App-V. This script only works for the domain users and will throw error 534 if a local user tries to open the Virtual DC App. Use the above script only when the package is published to the domain users.

Note

NUL (named user) installs don’t require using prov.xml.

5. Save the package.

6. Close the editor.

Post sequencing steps¶

The DeploymentConfig.xml file resides in the same folder as the .appv file. Modify it as described below.

1. Create script extension points by adding the script calls inside the <MachineScripts> tag. The Publish and Unpublish scripts require arguments as follows:

   • Channel name: Either 2020|2017|2015|DC.

   • The Package ID: Copy it from the <DeploymentConfiguration line. For example, PackageId='dcc25ced-6e2e-4a44-8ef3-4afe3e3fbde8'

   • Product path: Copy it from the <ApplicationId line in the <Applications> tag. For example, <ApplicationId='[{AppVPackageRoot}]AcrobatAcrobat.exe'Enabled='true'>

Note

NUL installs should remove [-Serialize]</Arguments> from the example below.

Note

the Publish script takes -Serialize as an optional argument to volume serialize the product. Otherwise, Acrobat is deployed in trial mode on the client machine.

2. Set the COM integration mode:

3. Set named object interaction. Change all <Objects> tags to false:

4. Configure <UserScripts> to add Runtime.bat so that it is triggered on the creation of the virtual environment for the package.

5. Disable virtual fonts subsystem. The required fonts would be locally registered on the client machine by our supplementary App-V installer.

6. (OPTIONAL) Hide unnecessary extension points. Configure <Applications> to hide “AcrobatInfo” application from being seen in the list of recommended programs when users try to change the default PDF viewer. This application also has the name “Adobe Acrobat”; however, as a default application for .pdf files, it does not perform anything and so should not appear.

7. Feature Restricted Licensing connected or offline package.

   1. Go to https://adminconsole.adobe.com/

   2. Create a license only package. (Do NOT include the Acrobat installer in the package).

   3. Add adobe-licensing-toolkit.exe and json files from the FRL package created above to the scripts folder.

   4. Add the -Frl option to the machine scripts tag:

Deploying a client package¶

Prerequisites¶

• Enable scripting on client machines. The Acrobat Package contains scripts which are executed on the client machine in order to provide a feature rich experience to the end user. The scripts can be enabled via:

• Publish the package globally: Extension points for the Acrobat App-V Package require machine-level installation. With App-V 5.0 SP2, publishing globally automatically creates these extensions and Acrobat behaves like an installed application.

Note

User-publish is not supported.

• Apply the hotfix to the App-V 5.0 SP3 Client See https://support.microsoft.com/kb/3039022. This hot-fix fixes the problems of the application crashing while performing an OCR, editing a PDF file and opening a shared review PDF file.

• Optional: Enable FeatureLockdown on Clients. To suppress or lock certain features on the client, do one of the following:

  1. Manually create the FeatureLockDown keys on the client machine either by pushing policies from the server.

  2. Add the keys inside the package itself from the package editor window using the Registry tab. This requires removing the HKEY_LOCAL_MACHINESOFTWAREPolicies registry entry from the list of pass-through registry keys (at HKEY_LOCAL_MACHINESOFTWAREMicrosoftAppVSubsystemVirtualRegistry on the client machine. Since, the change is machine specific this will impact other virtual applications as well, hence, care must be taken while choosing this step.

Publishing¶

1. To publish the package globally, run the following Power-Shell command:

2. To leverage all of Acrobat’s features, install the supplementary App-V Kit downloads (at the top of this page) on the user’s machine. The kit does the following:

• MS Office Integration - Context Menu and In-App Acrobat Ribbons.

• Mail Integration - MS Outlook and Lotus Notes will start showing Acrobat Features.

• Adobe PDF Printer - Allows the user to print any file to Adobe PDF.

• Web Capture - Allows the user to be able to convert a webpage to Adobe PDF inside the Browser.

• Registers necessary fonts on the client which will be used by the virtual application.

Unpublishing¶

If you have installed the MSI at the time of publishing the package, then it is recommended to uninstall it before unpublishing or removing the package from your system. Since the Acrobat Package creates extension points on system, it is necessary to stop the package before unpublishing and removing it from the client machine. The package should be unpublished globally as follows:

1. Stop the package.

2. Verify adobe_prtk.exe is in the same directory as the package.

3. Run the following:

Tip

If you unpublish the App-V package from the machine instance on user logout, then users won’t need to manually sign out in order to avoid over activation messages on subsequent log-ins.

Patching Acrobat¶

Note

Due to a number of significant changes, it is not possible to update existing installs with the August, 2020 update. When migrating to a post-August, 2020 release, create a new package with a full installer.

Prerequisites¶

• An existing Acrobat App-V Package

• The installer from which the actual Acrobat Package was created.

• The latest Acrobat patch or update of the same channel from which the original package was created.

• The template that was created in the “Create a template” section above.

• Close the same processes that were closed when publishing the initial package.

• Registry settings are not migrated during a patch. If required, copy existing registries to the new install.

Pre-sequencing steps¶

The pre-sequencing steps are identical to those for creating an App-V Package.

Sequencing a patch¶

1. Start the Microsoft Sequencer.

2. Choose File > Load Template… and select your saved template (.appvt).

3. Choose Modify Existing Virtual Application Package. A dialog appears.

4. Choose Update Application in existing package.

5. Choose Next.

6. Browse to the .appv file of the virtual application package that needs to be patched.

7. Choose Next.

8. After the sequencer is done loading the package, it will display the issues if anything is wrong with the machine. If there are no serious issues, choose Next. If there are issues, address those issues and repeat the previous steps.

9. Choose Select the installer for the application.

10. Browse to the .msp patch file.

11. Choose Next. The patch is invoked automatically.

12. If the Windows installer asks for the location of the MSI file, point to the location where the application installer was copied.

13. Choose OK.

14. After the patch completes, close the patch installer.

15. Create a new registry preference (for products released after December, 2018):

16. After installation, select I am finished installing.

17. Choose Next.

18. After the application collects the system changes, choose Next.

19. Review the Installation Report which detects common sequencing issues during sequencing.

20. Click Next.

21. Do not go to Configure Screen. Instead, select Stop Now.

22. Choose Next.

23. Select Continue to modify package without Saving using the package editor.

24. Choose Next.

25. Choose Close. The Package Editor will open.

26. Move to Advanced Tab and check the following:

    • Allow virtual applications full write access to virtual file system.

    • Allow COM Objects to interact with Local System.

    • Allow all named objects to interact with Local System.

22. Verify the files excluded from the package (above) are not present inside the package.

23. Select “Merge with local Directory” option for the following folders.

    • <Packageroot>VFSProgramFilesCommonX86Adobe

    • <Packageroot>VFSCommonAppdataAdobe

24. The scripts and other files added while creating the package from scratch are lost during patching. Re-add them as described in “Sequence Adobe Acrobat” above.

25. Save the package and move on to Post Sequencing Steps in the following section.

Post Sequencing Steps¶

Modify DeploymentConfig.xml as described above.

Known issues¶

• Automatic updates or manual end user updates are not supported. App-V updates are pushed by enterprise IT.

• On-the-fly switching of the default PDF handler (viewer) from within the application is not supported. Handler selection can occur at install time or prior to deployment.

• PDF previews are not visible in Windows Explorer.

• Opening a PDF inside Internet Explorer does not work on Win 8.1 and Win 10 when IE’s Enhanced Protected Mode is turned on.

• Conversion of .vsl files does not work with App-V Acrobat via Context Menu Handlers. For details and a workaround, see https://helpx.adobe.com/acrobat/kb/pdf-conversion-of-visio-files-through-context-menu-in-app-v-envi.html

• App-V Acrobat may crash when invoking Send for Signature if App-V Reader is present on the same machine and not previously launched by the user. For details, see https://helpx.adobe.com/acrobat/kb/send-for-signature-crashes.html.

Known issues added June, 2020¶

• NUL-license is not deactivated from the machine on AppV package unpublish.

• Thumbnails for non-PDF files are missing while creating and combinig portfolios. There is no current workaround.

• The Office PDFMaker Add-In is not enabled on installation. The add-in must be enabled manually from MS Word/PPT/Excel. To do so:

1. Launch MS Word/Excel/PPT

2. Click on Options from the bottom left corner

3. Click on “Add-Ins” from the Options menu

4. Select “COM Add-ins” and Click “Go” from bottom of the menu

5. Enable checkbox for “Acrobat PDFMaker Office COM Addin”.

6. Click OK.

The Acrobat tab will now appear on the MS Office app so that users can create and share PDFs.

• A registry entry is not added/updated/removed during the install and uninstall of Acrobat and context menu therefore fail to function. To enable the Create and Combine menu items in the context menu, do the following:

1. Create a new key: HKLMSOFTWAREWOW6432NodeAdobeAcrobatElements{Track–DC/2015/2017}InstallPath

2. Set the value to: Default|C:ProgramDataMicrosoftAppVClientIntegration{PackageID}RootAcrobatElements Arti walimatul ursy.

Azure Image Builder uses a .json file to pass information into the Image Builder service. In this article we will go over the sections of the json file, so you can build your own. To see examples of full .json files, see the Azure Image Builder GitHub.

This is the basic template format:

Type and API version

The type is the resource type, which must be 'Microsoft.VirtualMachineImages/imageTemplates'. The apiVersion will change over time as the API changes, but should be '2020-02-14' for preview.

Location

The location is the region where the custom image will be created. For the Image Builder preview, the following regions are supported:

• East US
• East US 2
• West Central US
• West US
• West US 2
• South Central US
• North Europe
• West Europe
• South East Asia
• Australia Southeast
• Australia East
• UK South
• UK West

Data Residency

The Azure VM Image Builder service doesn't store/process customer data outside regions that have strict single region data residency requirements when a customer requests a build in that region. In the event of a service outage for regions that have data residency requirements, you will need to create templates in a different region and geography.

Zone Redundancy

Distribution supports zone redundancy, VHDs are distributed to a Zone Redundant Storage account by default and the Shared Image Gallery version will support a ZRS storage type if specified.

vmProfile

buildVM

By default Image Builder will use a 'Standard_D1_v2' build VM, this is built from the image you specify in the source. You can override this and may wish to do this for these reasons:

1. Performing customizations that require increased memory, CPU and handling large files (GBs).
2. Running Windows builds, you should use 'Standard_D2_v2' or equivalent VM size.
3. Require VM isolation.
4. Customize an Image that require specific hardware, e.g. for a GPU VM, you need a GPU VM size.
5. Require end to end encryption at rest of the build VM, you need to specify the support build VM size that don't use local temporary disks.

This is optional.

Proxy VM Size

The proxy VM is used to send commands between the Azure Image Builder Service and the build VM, this is only deployed when specifying an existing VNET, for more details review the networking options documentation.

This is optional.

osDiskSizeGB

By default, Image Builder will not change the size of the image, it will use the size from the source image. You can only increase the size of the OS Disk (Win and Linux), this is optional, and a value of 0 means leave the same size as the source image. You cannot reduce the OS Disk size to smaller than the size from the source image.

vnetConfig

If you do not specify any VNET properties, then Image Builder will create its own VNET, Public IP, and NSG. The Public IP is used for the service to communicate with the build VM, however if you do not want a Public IP or want Image Builder to have access to your existing VNET resources, such as configuration servers (DSC, Chef, Puppet, Ansible), file shares etc., then you can specify a VNET. For more information, review the networking documentation, this is optional.

Tags

These are key/value pairs you can specify for the image that's generated.

Depends on (optional)

This optional section can be used to ensure that dependencies are completed before proceeding.

For more information, see Define resource dependencies.

Identity

Required - For Image Builder to have permissions to read/write images, read in scripts from Azure Storage you must create an Azure User-Assigned Identity, that has permissions to the individual resources. For details on how Image Builder permissions work, and relevant steps, please review the documentation.

Image Builder support for a User-Assigned Identity:

• Supports a single identity only
• Does not support custom domain names

To learn more, see What is managed identities for Azure resources?.For more information on deploying this feature, see Configure managed identities for Azure resources on an Azure VM using Azure CLI.

Properties: source

The source section contains information about the source image that will be used by Image Builder. Image Builder currently only natively supports creating Hyper-V generation (Gen1) 1 images to the Azure Shared Image Gallery (SIG) or Managed Image. If you want to create Gen2 images, then you need to use a source Gen2 image, and distribute to VHD. After, you will then need to create a Managed Image from the VHD, and inject it into the SIG as a Gen2 image.

The API requires a 'SourceType' that defines the source for the image build, currently there are three types:

• PlatformImage - indicated the source image is a Marketplace image.
• ManagedImage - use this when starting from a regular managed image.
• SharedImageVersion - this is used when you are using an image version in a Shared Image Gallery as the source.

Note

When using existing Windows custom images, you can run the Sysprep command up to 3 times on a single Windows 7 or Windows Server 2008 R2 image, or 1001 times on a single Windows image for later versions; for more information, see the sysprep documentation.

PlatformImage source

Azure Image Builder supports Windows Server and client, and Linux Azure Marketplace images, see here for the full list.

The properties here are the same that are used to create VM's, using AZ CLI, run the below to get the properties:

You can use 'latest' in the version, the version is evaluated when the image build takes place, not when the template is submitted. If you use this functionality with the Shared Image Gallery destination, you can avoid resubmitting the template, and rerun the image build at intervals, so your images are recreated from the most recent images.

Support for Market Place Plan Information

You can also specify plan information, for example:

ManagedImage source

Sets the source image as an existing managed image of a generalized VHD or VM.

Note

The source managed image must be of a supported OS and the image must same region as your Azure Image Builder template.

The imageId should be the ResourceId of the managed image. Use az image list to list available images.

SharedImageVersion source

Sets the source image an existing image version in a Shared Image Gallery.

Note

The source managed image must be of a supported OS and the image must same region as your Azure Image Builder template, if not, please replicate the image version to the Image Builder Template region.

The imageVersionId should be the ResourceId of the image version. Use az sig image-version list to list image versions.

Properties: buildTimeoutInMinutes

By default, the Image Builder will run for 240 minutes. After that, it will timeout and stop, whether or not the image build is complete. If the timeout is hit, you will see an error similar to this:

If you do not specify a buildTimeoutInMinutes value, or set it to 0, this will use the default value. You can increase or decrease the value, up to the maximum of 960mins (16hrs). For Windows, we do not recommend setting this below 60 minutes. If you find you are hitting the timeout, review the logs, to see if the customization step is waiting on something like user input.

If you find you need more time for customizations to complete, set this to what you think you need, with a little overhead. But, do not set it too high because you might have to wait for it to timeout before seeing an error.

Properties: customize

Image Builder supports multiple ‘customizers’. Customizers are functions that are used to customize your image, such as running scripts, or rebooting servers.

When using customize:

• You can use multiple customizers, but they must have a unique name.
• Customizers execute in the order specified in the template.
• If one customizer fails, then the whole customization component will fail and report back an error.
• It is strongly advised you test the script thoroughly before using it in a template. Debugging the script on your own VM will be easier.
• Do not put sensitive data in the scripts.
• The script locations need to be publicly accessible, unless you are using MSI.

The customize section is an array. Azure Image Builder will run through the customizers in sequential order. Any failure in any customizer will fail the build process.

Note

Inline commands can be viewed in the image template definition and by Microsoft Support when helping with a support case. If you have sensitive information, it should be moved into scripts in Azure Storage, where access requires authentication.

Shell customizer

The shell customizer supports running shell scripts. The shell scripts must be publicly accessible or you must have configured an MSI for Image Builder to access them.

OS Support: Linux

Customize properties:

• type – Shell
• name - name for tracking the customization
• scriptUri - URI to the location of the file
• inline - array of shell commands, separated by commas.
• sha256Checksum - Value of sha256 checksum of the file, you generate this locally, and then Image Builder will checksum and validate.
  • To generate the sha256Checksum, using a terminal on Mac/Linux run: sha256sum <fileName>

Note

Inline commands are stored as part of the image template definition, you can see these when you dump out the image definition, and these are also visible to Microsoft Support in the event of a support case for troubleshooting purposes. If you have sensitive commands or values, it is strongly recommended these are moved into scripts, and use a user identity to authenticate to Azure Storage.

Super user privileges

For commands to run with super user privileges, they must be prefixed with sudo, you can add these into scripts or use it inline commands, for example:

Example of a script using sudo that you can reference using scriptUri:

Windows restart customizer

The Restart customizer allows you to restart a Windows VM and wait for it come back online, this allows you to install software that requires a reboot.

OS Support: Windows

Customize properties:

• Type: WindowsRestart
• restartCommand - Command to execute the restart (optional). The default is 'shutdown /r /f /t 0 /c 'packer restart'.
• restartCheckCommand – Command to check if restart succeeded (optional).
• restartTimeout - Restart timeout specified as a string of magnitude and unit. For example, 5m (5 minutes) or 2h (2 hours). The default is: '5m'

Linux restart

There is no Linux Restart customizer, however, if you are installing drivers, or components that require a restart, you can install them and invoke a restart using the Shell customizer, there is a 20min SSH timeout to the build VM.

PowerShell customizer

The shell customizer supports running PowerShell scripts and inline command, the scripts must be publicly accessible for the IB to access them.

OS support: Windows and Linux

Customize properties:

• type – PowerShell.
• scriptUri - URI to the location of the PowerShell script file.
• inline – Inline commands to be run, separated by commas.
• validExitCodes – Optional, valid codes that can be returned from the script/inline command, this will avoid reported failure of the script/inline command.
• runElevated – Optional, boolean, support for running commands and scripts with elevated permissions.
• sha256Checksum - Value of sha256 checksum of the file, you generate this locally, and then Image Builder will checksum and validate.
  • To generate the sha256Checksum, using a PowerShell on Windows Get-Hash

File customizer

The File customizer lets Image Builder download a file from a GitHub repo or Azure storage. If you have an image build pipeline that relies on build artifacts, you can set the file customizer to download from the build share, and move the artifacts into the image.

OS support: Linux and Windows

File customizer properties:

• sourceUri - an accessible storage endpoint, this can be GitHub or Azure storage. You can only download one file, not an entire directory. If you need to download a directory, use a compressed file, then uncompress it using the Shell or PowerShell customizers.

Note

If the sourceUri is an Azure Storage Account, irrespective if the blob is marked public, you will to grant the Managed User Identity permissions to read access on the blob. Please see this example to set the storage permissions.

• destination – this is the full destination path and file name. Any referenced path and subdirectories must exist, use the Shell or PowerShell customizers to set these up beforehand. You can use the script customizers to create the path.

This is supported by Windows directories and Linux paths, but there are some differences:

• Linux OS’s – the only path Image builder can write to is /tmp.
• Windows – No path restriction, but the path must exist.

If there is an error trying to download the file, or put it in a specified directory, then customize step will fail, and this will be in the customization.log.

Note

The file customizer is only suitable for small file downloads, < 20MB. For larger file downloads, use a script or inline command, then use code to download files, such as, Linux wget or curl, Windows, Invoke-WebRequest.

Windows Update Customizer

This customizer is built on the community Windows Update Provisioner for Packer, which is an open source project maintained by the Packer community. Microsoft tests and validate the provisioner with the Image Builder service, and will support investigating issues with it, and work to resolve issues, however the open source project is not officially supported by Microsoft. For detailed documentation on and help with the Windows Update Provisioner, please see the project repository.

OS support: Windows

Customizer properties:

• type – WindowsUpdate.
• searchCriteria - Optional, defines which type of updates are installed (Recommended, Important etc.), BrowseOnly=0 and IsInstalled=0 (Recommended) is the default.
• filters – Optional, allows you to specify a filter to include or exclude updates.
• updateLimit – Optional, defines how many updates can be installed, default 1000.

Note

The Windows Update customizer can fail if there are any outstanding Windows restarts, or application installations still running, typically you may see this error in the customization.log, System.Runtime.InteropServices.COMException (0x80240016): Exception from HRESULT: 0x80240016. We strongly advise you consider adding in a Windows Restart, and/or allowing applications enough time to complete their installations using sleep or wait commands in the inline commands or scripts before running Windows Update.

Generalize

By default, Azure Image Builder will also run ‘deprovision’ code at the end of each image customization phase, to ‘generalize’ the image. Generalizing is a process where the image is set up so it can be reused to create multiple VMs. For Windows VMs, Azure Image Builder uses Sysprep. For Linux, Azure Image Builder runs ‘waagent -deprovision’.

The commands Image Builder users to generalize may not be suitable for every situation, so Azure Image Builder will allow you to customize this command, if needed.

If you are migrating existing customization, and you are using different Sysprep/waagent commands, you can use the Image Builder generic commands, and if the VM creation fails, use your own Sysprep or waagent commands.

If Azure Image Builder creates a Windows custom image successfully, and you create a VM from it, then find that the VM creation fails or does not complete successfully, you will need to review the Windows Server Sysprep documentation or raise a support request with the Windows Server Sysprep Customer Services Support team, who can troubleshoot and advise on the correct Sysprep usage.

Default Sysprep command

Default Linux deprovision command

Overriding the Commands

To override the commands, use the PowerShell or Shell script provisioners to create the command files with the exact file name, and put them in the correct directories:

User Oobe Create Elevated Object Server とは

• Windows: c:DeprovisioningScript.ps1
• Linux: /tmp/DeprovisioningScript.sh

Image Builder will read these commands, these are written out to the AIB logs, ‘customization.log’. See troubleshooting on how to collect logs.

Properties: distribute

Azure Image Builder supports three distribution targets:

• managedImage - managed image.
• sharedImage - Shared Image Gallery.
• VHD - VHD in a storage account.

You can distribute an image to both of the target types in the same configuration.

Note

The default AIB sysprep command does not include '/mode:vm', however this maybe required when create images that will have the HyperV role installed. If you need to add this command argument, you must override the sysprep command.

Because you can have more than one target to distribute to, Image Builder maintains a state for every distribution target that can be accessed by querying the runOutputName. The runOutputName is an object you can query post distribution for information about that distribution. For example, you can query the location of the VHD, or regions where the image version was replicated to, or SIG Image version created. This is a property of every distribution target. The runOutputName must be unique to each distribution target. Here is an example, this is querying a Shared Image Gallery distribution:

What Is User Oobe Create Elevated Object Server

Output:

Distribute: managedImage

The image output will be a managed image resource.

Distribute properties:

• type – managedImage
• imageId – Resource ID of the destination image, expected format: /subscriptions/<subscriptionId>/resourceGroups/<destinationResourceGroupName>/providers/Microsoft.Compute/images/<imageName>
• location - location of the managed image.
• runOutputName – unique name for identifying the distribution.
• artifactTags - Optional user specified key value pair tags.

Note

The destination resource group must exist.If you want the image distributed to a different region, it will increase the deployment time .

Distribute: sharedImage

The Azure Shared Image Gallery is a new Image Management service that allows managing of image region replication, versioning and sharing custom images. Azure Image Builder supports distributing with this service, so you can distribute images to regions supported by Shared Image Galleries.

A Shared Image Gallery is made up of:

• Gallery - Container for multiple shared images. A gallery is deployed in one region.
• Image definitions - a conceptual grouping for images.
• Image versions - this is an image type used for deploying a VM or scale set. Image versions can be replicated to other regions where VMs need to be deployed.

Before you can distribute to the Image Gallery, you must create a gallery and an image definition, see Shared images.

Distribute properties for shared image galleries:

• type - sharedImage

• galleryImageId – ID of the shared image gallery, this can specified in two formats:

  • Automatic versioning - Image Builder will generate a monotonic version number for you, this is useful for when you want to keep rebuilding images from the same template: The format is: /subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/galleries/<sharedImageGalleryName>/images/<imageGalleryName>.
  • Explicit versioning - You can pass in the version number you want image builder to use. The format is:/subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/galleries/<sharedImageGalName>/images/<imageDefName>/versions/<version e.g. 1.1.1>

• runOutputName – unique name for identifying the distribution.

• artifactTags - Optional user specified key value pair tags.

• replicationRegions - Array of regions for replication. One of the regions must be the region where the Gallery is deployed. Adding regions will mean an increase of build time, as the build does not complete until the replication has completed.

• excludeFromLatest (optional) This allows you to mark the image version you create not be used as the latest version in the SIG definition, the default is 'false'.

• storageAccountType (optional) AIB supports specifying these types of storage for the image version that is to be created:

  • 'Standard_LRS'
  • 'Standard_ZRS'

User Oobe Create Elevated Object Server Fix

Note

If the image template and referenced image definition are not in the same location, you will see additional time to create images. Image Builder currently does not have a location parameter for the image version resource, we take it from its parent image definition. For example, if an image definition is in westus and you want the image version replicated to eastus, a blob is copied to to westus, from this, an image version resource in westus is created, and then replicate to eastus. To avoid the additional replication time, ensure the image definition and image template are in the same location.

Distribute: VHD

You can output to a VHD. You can then copy the VHD, and use it to publish to Azure MarketPlace, or use with Azure Stack.

OS Support: Windows and Linux

Distribute VHD parameters:

• type - VHD.
• runOutputName – unique name for identifying the distribution.
• tags - Optional user specified key value pair tags.

Azure Image Builder does not allow the user to specify a storage account location, but you can query the status of the runOutputs to get the location.

Note

User Oobe Create Elevated Object Server

Once the VHD has been created, copy it to a different location, as soon as possible. The VHD is stored in a storage account in the temporary resource group created when the image template is submitted to the Azure Image Builder service. If you delete the image template, then you will lose the VHD.

Image Template Operations

Starting an Image Build

To start a build, you need to invoke 'Run' on the Image Template resource, examples of run commands:

User Oobe Create Elevated Object Server Autopilot

Cancelling an Image Build

If you are running an image build that you believe is incorrect, waiting for user input, or you feel will never complete successfully, then you can cancel the build.

The build can be canceled any time. If the distribution phase has started you can still cancel, but you will need to clean up any images that may not be completed. The cancel command does not wait for cancel to complete, please monitor lastrunstatus.runstate for canceling progress, using these status commands.

User Oobe Created Elevated Object Server

Examples of cancel commands:

Next steps

There are sample .json files for different scenarios in the Azure Image Builder GitHub.