UPDATE! – Added Teams 2 deployment and update to the updates and sealing scripts.
Updating the zero image is the main administrative task you will be handling in your Virtual Desktop environment. The following steps are the main overview.
- Boot the zero machine. (This machine should be off 99.9% of the time to prevent it from being modified by updates until you want them, and to protect it from viruses and malware.
- Enable update engines and process updates.
- Modify the image as needed to update it for users.
- Seal the image and shut it down for deployment. (Virus scan, disable update engines, set/clear registry keys, remove scheduled tasks, etc)
- Capture and deploy the now shutdown image to your various non-persistent environments.
Maintenance Machines for non-persistent environments often require repetitive tasks to guarantee they are patched and ready to go. And I feel you should never do a repetitive task if instead you can script it. That way you are guaranteed things are done when you want them to be done.
This Machine Update Script should be run on the maintenance machine when it is in read/write mode. After this script runs you can do whatever you need in the image, such as installing software, changing registry, or modifying the disk image.
This script will look for Choco on the system, if it is installed it will initiate an update. If Choco is not utilized, then it will launch various system update engines, like Chrome and Firefox. Disable any of these if you don’t want them updated.
On some 2016/2019 machines we have seen instances when the system seems to hang on a blank PowerShell window. This usually is due to the UsoClient.exe update process. Just end task on this process under PowerShell in task manager then the rest of the script will complete. After all windows updates are up to date on the image this hang should not be seen again.
This Machine Sealing Script should be run after you are finished with the image, and have completed any necessary reboots. This will clean up the machine, update AV, and shut the machine down so it can be deployed. Be wary of the scheduled task disable section. This disables any processes under the generic run section to keep non-persistent machines from initiating updates and other tasks that could reduce system performance.