Friday, March 21, 2008

Create VM in ESX 3.0

I have trouble deploying VM from from templates with customization option. I have talked to VM support, and they suggest to run all the updates first. However, it is not a consideration at this time because of the VLAN project. The workaround

1. First step is the same "Deploy VM from this template"

2. Complete all the necessary steps and choose "Do not Customize" for guest customization

3. Once VM created, start VM

4. Login to the Windows 2003 Server, download the sysprep tools "http://www.petri.co.il/download_windows_2003_sp1_sysprep.htm"

5. Unzip the sysprep tool. You will find several files including setupmgr (edit existing sysprep.inf such as computer name...to suit the settings of the VM). In case you have not created sysprep.inf, run setupmgr.

6. Copy the sysprep.inf and all the unzip files in the sysprep tool to the VM "C:\sysprep\"

7. Edit sysprep.inf. Make sure “ExtendOemPartition=1” (it will extend the partition to all the available space)

8. Then run sysprep.

9. Power down VM.

10. Now, modify the size of VM (sorry, you can only increase after version 3.0). Login to ESX server through console.

11. Run “vmkfstools –X 12G /vmfs/volumes/VMName/vmname.vmdk”
(In this case, the VM VMName will be extended to 12G. Now powerup the VM. You should see the size of C drive increasing to 12G. For existing VM, if you want to increase the size of C, do not use sysprep because this will re-generate the SIDs.)

Add domain user to local admin group through Group Policy

Using Security group
1. In Active Directory, created a Global Group with Security group type called LocalAdmin.
2. Included the users as members of the LocalAdmin.
3. Created a GPO.
4. Edited the GPO by clicking Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups. Add GroupName "Administrators".
5. Then Add domain admins and DOMAIN\LocalAdmin as member of this group
6. It will take some time for the group policy to take effect. One draw back of this method: If a Restricted Groups policy is defined and Group Policy is refreshed, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. For example, if you had added DOMAIN\user1 to local admin in the past, DOMAIN\user1 will be removed from the local admin group of the machine.

If you do not prefer central management, then create a group policy. (from http://www.tutorials-win.com can't find the posting any more)
1. Create a startup script in the policy with this command. NET localgroup Administrators /add "Domain\Domain Group" (if you just want to add specific user, change "Domain\Domain Group" to Domain\user)
2. make sure the workstations placed in the correct OU
3. Domain Group has to be less than 30 chars. You cannot add more than one domain group to the same local group. This is a limitation.