Windows Instances Clean-up to Create OMIs

This topic lists the elements of a Windows instance you can clean up before creating an OMI, especially if you mean to share it with other users or to make it public.

An OMI created from an instance or a snapshot has the same characteristics as this instance or the instance the snapshot is created from. Moreover, an instance can contain sensitive information that you do not want to share.

We therefore strongly recommend cleaning up these elements from your instance, or the instance the snapshot is created from, before creating the OMI.

Creating multiple VM from an OMI that has not been clean up previously will make those VM instable in a Windows environment because they will share the same UUID that is suppose to be unique.

You need to clean up your instance before executing the OMI Creating Launcher script or a sysprep.

The table below gathers the elements you can clean up before creating an OMI:

Elements Action Method

Accounts configuration

Guest account

Disable the guest account

Go to Computer Management > System Tools > Local Users and Group > Users and click Disable guest.

Profile usage information

Delete previous sysprep log files and clean AppData folder, history of registry and history of PowerShell ISE

In a PowerShell prompt, run the following commands:

Remove-Item -Path "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-Item -Path "C:\Users\Administrator\AppData\Local\Temp\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-Item -path "C:\Windows\System32\sysprep\Panther\setupact.log" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-Item -path "C:\Windows\System32\sysprep\Panther\setuperr.log" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-Item -Path "C:\Windows\System32\sysprep\Panther\IE\setupact.log" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  remove-item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" -Name * -Confirm:$false -ErrorAction SilentlyContinue
  remove-item -Path "C:\Documents and Settings\Administrator\Recent\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  remove-item -Path "C:\Documents and Settings\Administrator\Local Settings\Temp\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  remove-item -Path "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue
  Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\" -Name "LastKey" -ErrorAction SilentlyContinue
  Remove-Item -Path "C:\Users\Administrator\AppData\Local\microsoft_corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\user.config" -Force -Confirm:$false -ErrorAction SilentlyContinue

Start menu run history

Clean the execute/run dialog box

In a PowerShell prompt, run the following commands:

  foreach ($item in (Get-ChildItem -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist)){Clear-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\$($item.PSChildName)\Count}

Explorer run history

Clean the Windows Explorer history

In a PowerShell prompt, run the following commands:

  Clear-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU  -Force -Confirm:$false -ErrorAction SilentlyContinue

Internet Explorer history

Clean the Internet Explorer history

In a PowerShell prompt, run the following commands:

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
  RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32

File shares

Disable file share points that are accessible by unauthenticated users

We recommend disabling file shares completely.

Go to Computer Management > System Tools > Shared Folders > Shares and disable file shares.

Windows domain

Windows domain

Ensure that your instance is not connected to any Windows domain

Go to Control Panel > System and Security > System and check that your instance is on a workgroup and not on a domain.

Instance configuration on OUTSCALE Cloud

3DS OUTSCALE logs

Clean OUTSCALE logs in C:\Windows\Outscale\logs\*

In a PowerShell prompt, run the following command:

  remove-item -Path "C:\Windows\Outscale\logs\*" -Force -Confirm:$false -ErrorAction SilentlyContinue

3DS OUTSCALE temporary files

Clean OUTSCALE temporary files in C:\Windows\Outscale\tmp\*

In a PowerShell prompt, run the following command:

  Remove-Item -Path "C:\Windows\Outscale\tmp\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue

User data script

Clean the user data you specified for the instance, in C:\Windows\Outscale\userdata\*

In a PowerShell prompt, run the following command:

  Remove-Item -Path "C:\Windows\Outscale\userdata\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue

Logs

Temporary files

Clean the temporary files on your instance

In a PowerShell prompt, run the following command:

  remove-item -Path "C:\Windows\Temp\*" -Force -Recurse -Confirm:$false -ErrorAction SilentlyContinue

Windows event logs

Clear the Windows event logs

These logs must be the last element you clean.

In a PowerShell prompt, run the following command:

 Clear-EventLog Application
  Clear-EventLog System
  Clear-EventLog Security

Related Pages