This article walks you through preparing a Windows 11 virtual machine as a golden image for deployment on Oracle Cloud Infrastructure (OCI). The process is automated by three PowerShell scripts that run on a build VM: one shared configuration file and two step scripts that execute before and after a reboot. When the scripts finish, the VM is generalized with Sysprep and ready to be captured as a custom OCI image.
_Config.ps1, Step1_PreReboot.ps1, and Step2_PostReboot.ps1. Step 1 validates the environment, applies the required fixes, and reboots the VM. The table below summarizes every check and the action taken.
| Check | Action |
|---|---|
| Administrator privileges | Required to run the script. |
| Windows 11 | Verifies the OS version. |
| Disk space | Confirms at least 2 GB free. |
| Internet connectivity | Required for software downloads. |
| Sysprep | Verifies the executable is available. |
| BitLocker | Disables encryption and waits for full decryption. |
| Network (IP/DNS) | Switches static configuration to DHCP if needed. |
| Remote Desktop | Enables RDP and the firewall rule if disabled. |
| Remote Desktop Users | Displays the group members for review. |
| Time Zone | Prompts for the time zone. |
| Language Pack | Prompts for the locale and installs the language pack. |
| Pre-existing software | Removes Cloudbase-Init and VirtualBox Guest Additions if present. |
The VM reboots at the end of Step 1.
Step 2 installs the software required by OCI and Thinfinity, cleans up the image, and runs Sysprep.
| Phase | Action |
|---|---|
| Download software | Downloads the Thinfinity Workspace Agent and Cloudbase-Init installers. |
| Generate unattend.xml | Configures OOBE skip, Administrator password, and RDP. |
| Kill processes | Terminates and disables non-essential services, scheduled tasks, and startup entries. |
| Thinfinity Agent | Performs a silent install and configures the Network ID and Gateway URLs. Pauses for manual log verification. |
| Cloudbase-Init | Silent install with service user cb and metadata password disabled. |
| AppX cleanup | Removes conflicting AppX packages that block Sysprep. |
| Remove Teams | Removes Microsoft Teams. |
| Sysprep | Runs sysprep /generalize /oobe /shutdown. |
The VM shuts down automatically after Sysprep completes.
Copy _Config.ps1, Step1_PreReboot.ps1, and Step2_PostReboot.ps1 into the Downloads folder of the logged-in user on the target VM, then follow the steps below.
Open PowerShell as Administrator. If script execution is restricted on the VM, run the following command to allow scripts for the current session only:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy BypassThis change does not modify the system-wide policy.
cd ~\Downloads.\Step1_PreReboot.ps1cd ~\Downloads.\Step2_PostReboot.ps1Important: After the VM shuts down, wait 30 minutes before creating the image. Do not start the VM or modify its state during this window — doing so will invalidate the generalized state and you will have to repeat the preparation.
If PowerShell refuses to run the script, make sure you launched the session as Administrator and that you ran the Set-ExecutionPolicy command in the same session.
Sysprep typically fails because of AppX packages installed per user or leftover Cloudbase-Init or VirtualBox Guest Additions components. Re-run Step 1 to confirm the cleanup checks pass, then re-run Step 2. Review C:\Windows\System32\Sysprep\Panther\setupact.log and setuperr.log to identify the specific blocking package.
If the agent log does not show a successful connection during the Step 2 pause, verify the Network ID and Gateway URLs you provided, confirm outbound connectivity from the VM to the gateway, and re-run the agent configuration before pressing ENTER to continue.