Configuring an ECS

Procedure

The operations vary depending on the OS. Follow the instructions on the GUI.

Installing a Windows OS and the VirtIO driver

1. Log in to the console.
2. Choose Service List > Computing > Elastic Cloud Server.
3. Locate the row that contains the ECS created in Creating an ECS, and click Remote Login to log in to the Windows VM.
4. For details, see Installing a Windows OS and VirtIO Drivers.

Activating the Administrator account for the VM

Skip this operation if Windows Server 2016 or Windows Server 2019 is used.

5. In the VM, right-click in the lower left corner and choose Run from the shortcut menu.
6. In the Run dialog box, enter compmgmt.msc and press Enter.

   The Computer Management page is displayed.

7. In the navigation pane on the left, choose Computer Management (Local) > System Tools > Local Users and Groups, and select Users.
8. In the right pane, right-click Administrator and choose Properties.

   The Administrator Properties window is displayed.

9. On the General tab page, deselect Account is disabled, and click OK.

   The Administrator account is activated, and its default password is empty.

10. Right-click Administrator and choose Set Password.
    

    • Set a password for the Administrator account and ensure that the password is not empty. Otherwise, the task fails.
    • Password requirements:
      • Contains at least one uppercase letter (A–Z), one lowercase letter (a–z), one digit (0–9), and one special character (~!@#$%^&*()-_=+\|{};:'",<.>/? or space).
      • Contains 8 to 32 characters.
      • Cannot be the same as the recent three passwords.
      • Cannot contain the username or the username in reversed order.

11. Click Proceed. The Set Password for Administrator dialog box is displayed.
12. Set a password for the Administrator account as required, confirm the password, and click OK.

    The password has been set.

13. Click OK.
14. Right-click in the lower left corner and choose Shut down or sign out > Sign out from the shortcut menu to log out of the OS and log in to the ECS again using the Administrator account.
15. On the Choose privacy settings for your device window, click Accept.

Manage Your Server page not displayed upon login

16. Click Start > Run.

    The Run dialog box is displayed.

17. Enter gpedit.msc in the Open text box and press Enter.

    The Local Group Policy Editor window is displayed.

18. In the navigation pane, choose Computer Configuration > Policy > Administrative Templates > System > Server Manager, as shown in Figure 1.
    Figure 1 Manage Your Server page not displayed upon login
    

19. In the right pane, double-click Do not display Server Manager automatically at logon.

    The Do not display Server Manager automatically at logon dialog box is displayed.

20. Select Enabled.
21. Click OK.

Disabling hybrid sleep

1. Click Start > Run.

   The Run dialog box is displayed.

2. Enter gpedit.msc in the Open text box and press Enter.

   The Local Group Policy Editor window is displayed.

3. In the navigation pane, choose Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings. Enable Specify the system sleep timeout (plugged in), Turn off hybrid sleep (plugged in), Specify the system sleep timeout (on battery), Turn off hybrid sleep (on battery), Specify the unattended sleep timeout (plugged in), and Specify the unattended sleep timeout (on battery), as shown in Figure 2.
   Figure 2 Sleep settings
   

4. Double-click Specify the system sleep timeout (plugged in). In the displayed dialog box, select Enabled and set System Sleep Timeout (seconds) to 0.
   Figure 3 Specifying the system sleep timeout (plugged in)
   

5. Click OK.
6. Double-click Turn off hybrid sleep (plugged in). In the displayed dialog box, select Enabled.
   Figure 4 Turning off hybrid sleep (plugged in)
   

7. Click OK.
8. Double-click Specify the system sleep timeout (on battery). In the displayed dialog box, select Enabled and set System Sleep Timeout (seconds) to 0.
   Figure 5 Specifying the system sleep timeout (on battery)
   

9. Click OK.
10. Double-click Turn off hybrid sleep (on battery). In the displayed dialog box, select Enabled.
    Figure 6 Turning off hybrid sleep (on battery)
    

11. Click OK.
12. Double-click Specify the unattended sleep timeout (plugged in). In the displayed dialog box, select Enabled and set Unattended Sleep Timeout (seconds) to 0.
    Figure 7 Specifying the unattended sleep timeout (plugged in)
    

13. Click OK.
14. Double-click Specify the unattended sleep timeout (on battery). In the displayed dialog box, select Enabled and set Unattended Sleep Timeout (seconds) to 0.
    Figure 8 Specifying the unattended sleep timeout (on battery)
    

15. Click OK.

Enabling the group policy that allows the standard user group to shut down Windows

Perform this operation for Windows Server 2016 and Windows Server 2019.

16. In the Local Group Policy Editor navigation pane, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, as shown in Figure 9.
    Figure 9 User rights assignment
    

17. In the right pane, double-click Shut down the system.

    The Shut down the system properties dialog box is displayed.

18. Click Add User or Group. The Select Users or Groups dialog box is displayed.
19. Click Object Types, select Groups, and click OK.
20. In the Enter the object names to select area, enter Users to query and add the Users group to the policy.
21. Click OK.
22. Click OK.

Disabling the firewall

23. In the navigation pane of the Local Group Policy Editor, choose Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
    The Domain Profile page is displayed, as shown in Figure 10.

    Figure 10 Domain profiles
    

24. In the right pane, double-click Windows Firewall: Protect all network connections.

    The Windows Firewall: Protect all network connections dialog box is displayed.

25. Select Disabled.
26. Click OK.
27. In the navigation pane, choose Standard Profile.

    The Standard Profile page is displayed, as shown in Figure 11.

    Figure 11 Standard profiles
    

28. In the right pane, double-click Windows Firewall: Protect all network connections.

    The Windows Firewall: Protect all network connections dialog box is displayed.

29. Select Disabled.
30. Click OK.
31. Close the Local Group Policy Editor window.
32. Click Start > Run.

    The Run dialog box is displayed.

33. Enter services.msc in the Open text box and press Enter.

    The Services window is displayed.

34. In the right pane, double-click Application Layer Gateway Service.

    The Application Layer Gateway Service Properties (Local Computer) page is displayed.

35. On the General tab, set Startup Type to Disabled, as shown in Figure 12.
    Figure 12 Configuring the startup type
    

36. Click OK.
37. Set the Startup Type of Internet Connection Sharing (ICS) and Windows Firewall to Disabled by referring to 34 to 36.
    

    You do not need to configure Windows Defender Firewall for Windows Server 2019.

38. Close the Services window.

Disabling Windows update

39. Click Start > Run.

    The Run dialog box is displayed.

40. Enter gpedit.msc in the Open text box and press Enter.

    The Local Group Policy Editor window is displayed.

41. Choose Computer Configuration > Administrative Templates > Windows Components > Windows Update, and double-click Configure Automatic Updates. The Configure Automatic Updates dialog box is displayed.
42. Select Disabled and click OK, as shown in Figure 13.
    Figure 13 Configuring automatic updates
    

43. In the Local Group Policy Editor window, choose Computer Configuration > Administrative Templates > Windows Components > Windows Update, and double-click Remove access to all Windows Update features. The Remove access to all Windows Update features dialog box is displayed.
44. Select Enabled and click OK, as shown in Figure 14.
    Figure 14 Removing access to all Windows Update features
    

Creating a temporary local user admin

• After Cloudbase-Init is installed, it will randomize the password of the Administrator account if application software that takes effect only after a restart is installed. To prevent login failure after randomization, create a temporary account and reset the password of Administrator.
• If your login using the default password of Administrator fails after the restart, log in as the admin user and reset the password of Administrator. Then use the Administrator account to log in again.

45. On the ECS, click , enter compmgmt.msc, and press Enter.

    The Computer Management window is displayed.

46. In the navigation pane, choose Local Users and Groups > Users.
47. Right-click and choose New User from the shortcut menu.
48. In the New User dialog box, enter the username and password, confirm the password, and click Create.
49. In the navigation pane, choose Local Users and Groups > Groups.
50. Right-click Administrators and choose Add to Group from the shortcut menu.
    

    If you need to add administrators to other groups, select an option as required.

51. In the Administrators Properties dialog box, click Add to add the user to the group.
52. Click OK and close the Administrators Properties dialog box.
53. Close the Server Manager window.

Configuring a private DNS

You can configure a private DNS server address for OBS so that Windows ECSs on Huawei Cloud can directly access OBS through the private network.

54. On the ECS, right-click in the lower left corner, enter cmd, and press Enter.
55. Run the ipconfig /all command to check whether the DNS server is at the private DNS address in the region where the ECS resides.
    

    Huawei Cloud provides different private DNS server addresses for different regions. For details, see What Are Huawei Cloud Private DNS Server Addresses?

56. Change the DNS server address of the VPC subnet.

    Locate the VPC where the ECS resides and change the DNS server address of the VPC subnet to the private DNS address. In this manner, ECSs in the VPC can use the private DNS for resolution and thereby you can access OBS on Huawei Cloud intranet. For details, see Modifying a Subnet.

    

    The private DNS server address must be selected based on the region where the ECS is. For details, see What Are Huawei Cloud Private DNS Server Addresses?

Enabling applications to access the microphone of the OS

57. Choose Start > Settings. The OS setting page is displayed.
58. Click Privacy. The privacy setting page is displayed.
59. In the list on the left, click Microphone. The page for setting microphone permissions is displayed.
60. Set Microphone access to On.

Obtaining required installation packages

61. Upload the packages obtained in Required Software, except the OS ISO file, to the OBS bucket used in Registering a Private Image Using an ISO File.
    

    Set the object permission to public-read.

62. Record the link of each package in the OBS bucket.
    

    On OBS Browser+, right-click the package, choose Share from the shortcut menu, and click Copy Link to obtain the download link of the package. You need to download the package within the sharing validity period.

63. In the root directory of drive C on the ECS, create a folder, for example, software, for storing the package to be installed.
64. Open the browser on the ECS, copy the package link recorded in 62 to the address box, and press Enter to download the package.
    

    • Switch the input mode of the ECS to English.
    • Download the required packages in sequence.

65. Copy the obtained packages to C:\software.

Installing the 7-Zip

66. Go to C:\software to find and decompress the 7-Zip installation package.

Installing the Visual Studio 2017 runtime library

67. Go to C:\software to find the vc_redist.x64.exe and vc_redist.x86.exe packages, and double-click to install the Visual Studio 2017 runtime library.
68. Restart the ECS.

(Optional) Deleting the Microsoft language package

69. Search for Windows PowerShell in the Start menu and click Run as administrator. The Windows PowerShell running page is displayed.
70. Run the following command to delete the Microsoft language package:

    Get-Appxpackage -allusers *Microsoft.LanguageExperiencePackzh-CN* | remove-appxpackage

    

    • To ensure that users can purchase Workspace desktops, you need to delete the Microsoft language package when creating a Windows 10 image.
    • If there are multiple users, you need to log in to the system using each user account to delete the language package.

(Optional) Installing the OS patch

71. Go to C:\software where the package is stored and install the OS patch.
    

    OS patches are updated by Microsoft on an irregular basis. Pay attention to Microsoft announcements and update the OS in a timely manner.

(Optional) Installing applications

72. Go to C:\software where the package is stored and install the application.
    

    Some security software (antivirus software, safeguards, and firewalls) may conflict with the Microsoft encapsulation tool. As a result, desktop creation may fail, and the blue screen of death (BSOD) or black screen may occur on the created desktop. Therefore, install security software only after desktops are provisioned.

(Optional) Installing peripheral drivers

73. Go to C:\software where the package is stored and install the peripheral driver.

Installing the Cloudbase-Init software

74. Go to C:\software where the package is stored, open the Cloudbase-Init installation package, and install Cloudbase-Init as prompted.
75. On the Configuration options page, configure parameters by referring to Figure 15.
    Figure 15 Configuration options
    
    

    The version number in the figure is for reference only. Use the actual version number.

76. After the configuration is complete, deselect the options shown in Figure 16.
    Figure 16 Finish
    

77. Click Finish.

Configuring Cloudbase-Init

78. Edit the configuration file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf in the Cloudbase-Init installation path.
    1. Add the netbios_host_name_compatibility=false configuration item to the last line of the configuration file so that the host name of the Windows OS can contain a maximum of 63 characters.
       

       NetBIOS supports up to 15 characters due to the constraint of Windows OS.

    2. Add the configuration item metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService to enable the agent to access the OpenStack data source.
    3. Add the following configuration item to disable Cloudbase-Init restart:

       plugins=cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin,cloudbaseinit.plugins.windows.createuser.CreateUserPlugin,cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin,cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin,cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin,cloudbaseinit.plugins.common.userdata.UserDataPlugin

79. In C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf, check whether cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin, exists.
    • If yes, delete it and perform subsequent operations.
    • If no, perform subsequent operations.
    • Add cloudbaseinit.plugins.common.userdata.UserDataPlugin at the end of plugins=. Add a comma (,) in front of the added configuration item.

80. If you use a Windows ECS to create an image, change the SAN policy of the ECS to OnlineAll. Otherwise, when you use the image to create ECSs, the disks may be offline.

    Windows has three types of SAN policies: OnlineAll, OfflineShared, and OfflineInternal.

    Table 1 SAN policies of Windows

    Type	Description
    OnlineAll	All newly found disks are online.
    OfflineShared	All newly found disks on sharable buses, such as iSCSI and FC, are left offline by default, while disks on non-sharable buses are online.
    OfflineInternal	All newly found disks are left offline.

    1. Execute cmd.exe and run the following command to query the current SAN policy of the ECS using DiskPart:

       diskpart

    2. Run the following command to view the SAN policy of the ECS:

       san

       • If the SAN policy is OnlineAll, run the exit command to exit DiskPart and close cmd.exe.
       • If no, go to 80.c.
    3. Run the following command to change the SAN policy to OnlineAll:

       san policy=onlineall

    4. Run the exit command to exit DiskPart and close cmd.exe.

Changing the power settings to high performance/ultimate performance

You need to modify the power settings of all Windows desktops.

81. Choose Control Panel > System and Security > Power Options, and select High performance for Preferred plans, or Ultimate Performance after showing additional plans.

    

82. Click Change plan settings on the right of High performance or Ultimate Performance. On the page displayed, select Never for Turn off the display:

    

Installing SysAgent and SysPrep

83. Double-click HW.SysAgent.Installer_64.msi and HW.SysPrep.Installer_64.msi in C:\software.

Installing AppCenterAgent and AppCenter

84. Double-click WKSAppCenterAgent.msi and WKSAppCenter.msi in C:\software.

Deleting a system recovery partition

This operation is required for Windows 10 or Windows 11 images.

1. Right-click Start and choose Disk Management from the shortcut menu. Check whether the system disk (generally drive C) has a recovery partition. Go to the next step only when there is a recovery partition.
2. Press Win + R, enter cmd, and enter

   diskpart.

   The diskpart window is displayed.

3. Run the following commands in sequence to delete the system recovery partition:
   1. Print the disk list and select the system disk.

      list disk 
      # The number 0 indicates that the selected disk 0 is the system disk. Select a disk as required.
      select disk 0

   2. Print the disk partition list and select the recovery partition to be deleted.

      list partition 
      # In this example, 3 indicates the number of the recovery partition. Select a value as required.
      select partition 3

   3. Delete the recovery partition.

      delete partition override

Enabling hibernation

4. Click Start > Run.

   The Run dialog box is displayed.

   Run the powercfg -h on command to enable hibernation.

   

   

   Configure this parameter only for Windows Server 2016 and 2019.

Encapsulating the image

• To create an encapsulated image, perform 5 to 8.
• To create an image that is not encapsulated, perform 5 to 7, and 9.
  

  1. If images are not encapsulated, problems may occur on some applications, such as Windows Server Update Services (WSUS).

  2. In Windows 8 or Windows Server 2012, you may encounter problems where push notifications do not work.

  3. Images that are not encapsulated can be provisioned more quickly.

5. On the ECS, find the Windows image creation tool in C:\software and decompress it to obtain the Workspace_HDP_WindowsDesktop_XXX folder.
6. Right-click in the lower left corner, enter cmd, and press Enter.
7. Run the following command to switch to the directory containing the template tool:

   cd C:\software\Workspace_HDP_WindowsDesktop_Installer_x.x.x

8. In the displayed CLI, run the following command to encapsulate the image:

   run_silent.bat --passive --environment_type 2 --nocheck --noshutdown

   

   During image encapsulation, the ECS automatically restarts. Do not exit or stop the ECS. After the ECS is restarted, enter the ECS password to proceed with image encapsulation.

9. (Optional) In the displayed CLI, run the following command to create an image not encapsulated:

   run_silent.bat --passive --environment_type 2 --nocheck --noshutdown --nosysprep

Deleting the temporary admin user

10. Click Start > Run.

    The Run dialog box is displayed.

11. Enter sysdm.cpl in the Open text box and press Enter.

    The System Properties window is displayed.

12. On the Advanced tab, click Settings under User Profiles.

    

13. On the User Profiles page, select the profiles of the user to be deleted and click Delete.
14. Click OK.
15. Close the System Properties window.
16. Click Start > Run.

    The Run dialog box is displayed.

17. Enter compmgmt.msc in the Open text box and press Enter.

    The Computer Management window is displayed.

18. In the navigation pane on the left, choose System Tools > Local Users and Groups > Users.
19. In the right pane, right-click the username to be deleted and choose Delete.
20. Click Yes.
21. Click OK.
22. Close the Computer Management window.

Stopping the ECS

23. On the ECS list page of the console, locate the row that contains the ECS created in Creating an ECS, and choose More > Stop to stop the ECS.