Next step in our project to create the perfect Microsoft Windows 10 golden image for a VDI environment. I forgot to mention, in my previous article, that we will be using the LTSB version of Windows 10, the 1607 one that is. The reason for that is that my customer doesn’t really like the CB build that much and neither do I. For FAT clients the CB is perfect as it has all the features and you got loads of resources to handle all the “niceties” it brings. In a managed environment, however, you don’t want Microsoft Edge telling you what to use as your default application or giving suggestions over and over again, even after you tuned it to bits. So this article is about the tuning bits when installing Windows 10, there are some privacy settings you need to be aware of.
This series consists of a couple of articles
- Creating the virtual machine – Link,
- Microsoft Windows builds, versions and so on (coming soon.)
- Installing Windows 10 – you are reading it.
- Tuning Windows services and scheduled tasks – link
- Deploying the golden image (coming soon…. )
- Resource usage of Windows 10 in a VDI environment – link
So let’s get cracking, I fired up the virtual machine we created earlier. Got the ISO connected and after a short moment Microsoft Windows popped-up asking for languages and keyboard. There is nothing to tune here so pick your choice of language and go on.
After this process is complete you get the license question that you can agree with. After the license question, the partition selection is shown, if there is only one partition you can click continue and the installation starts. We will start tuning after it is finished. Get a coffee while we wait.
Tuning the installation
After Windows 10 comes back online, does a reboot and has to think about that for a while. Installing and preparing devices it will say near the bottom of the screen. The first question you get when you go on is the one you also see on your FAT client when you installed Windows 10. Most will have clicked “Express settings” to get on with it.
There is another option, there is also a button that says “Customize” in your version if you don’t use a Dutch version. With the customized setup you can control what you send to Microsoft and what not. The screenshots are in Dutch but the heading is the English versions so don’t worry I’m not sending you on a Dutch course right now.
Personalize your speech, handwriting and ink
First, you can send all your personalized speech, handwriting and ink settings to Microsoft so they get a load of data to learn what is popular. I don’t want to send anything, I want my VDI desktops to be working for the user, not for Microsoft.
Send typing and linking data to Microsoft
Again a setting that might be helpful to improve Windows in the future but that’s not my game and Microsoft never paid me any Dollar or Euro to work for them. so no sorry guys I’m switching this off.
Let Apps use your advertising ID for experiences across apps
Like before but even more strongly NO! When I see advertising my blood starts to boil almost, who is his right mind wants this build into a business solution.
Let Skype if installed connect you with friends
This is a tricky one, most companies have Skype installed these days. I switched this one off at a customer that is using Microsoft Skype for Business for chat and calling and didn’t see any downside from it. Still, I’m wondering if in the background when I install Skype this is switched on again.
Let Windows and apps request your location, including location history
This is a nasty one, this is why I think Microsoft and some other big companies should pay more fines… it says that they are allowed to send your location data to Microsoft and trusted partners. Funny though that in the Dutch version the trusted partners are left out… we don’t trust anyone it seems or everyone.
Anyway, my VDI will be residing in one of both datacenters, they don’t tend to travel so we can switch this off.
Automatically connect to suggested open hotspots
That would be the day, the day that my VDI would connect to an open hotspot. an interesting detail is that one of the datacenters is next to a bus station and all buses have Wi-Fi hotspots these days so there are plenty spots to connect to but I don’t think we need that here.
Automatically connect to hotspots to see if they offer paid services
Again no, don’t connect to any hotspot even if you can.
Send error and diagnostics information to Microsoft
I switch it off and I don’t know what it is sending and we do care about our customer’s privacy. It says they send information about the user so that sounds pretty bad. Even with this switched off they will send basic information. Guess we got nothing to say about what we do these days.
Use SmartScreen online services for better protection
In our environments, we use UEM solutions to manage what the user is allowed to do, so I’m switching this off and perhaps will switch it back on in a particular case if needed.
Use page prediction to improve reading, speed up browsing ….
Although this sounds like a good idea, the text ends with your browser information is sent to Microsoft. So sorry Microsoft but no.
Download and receive updates from other computers on the Internet
This seems like a very bad idea that you create a shadow network to download your files from, so switch it off.
With all these switched off you are almost done with the basic installation, next up is creating a local administrator account and set the password.
Now Windows is ready and it will set up everything for you. It says, preparing your PC, don’t switch off your PC. When it is done, we’ll be logged on to a brand new Windows 10 desktop.
The first thing to do now is installing the tools of the hypervisor to make sure you get network connectivity and so on. Without the VMware tools, my virtual machine is now at rest and using a whopping 8MHz. Its a pity we will be installing software to push that number up.
One last thing to remember is to disconnect the ISO file from the golden image. You don’t want to have a VDI pool that has all virtual machines connecting to that one ISO file, talk about performance issues.
Next up is installation tuning of the services and task scheduler. But that article is coming soon.