# ๐งช Offline Boot Testing & Generalization of VHDX OS Images
This guide follows the Disk2vhd imaging and Azure upload process. In networks where the .vhdx is synced to local hypervisor storage, the image must be tested offline to validate bootability before being generalized and cleaned.
1. ๐ Boot Test in Local Staging Hypervisor
Objective:
Ensure the .vhdx image boots in a virtual machine within a completely offline staging environment.
Steps:
- Import the
.vhdxinto your hypervisor (e.g., Hyper-V, Proxmox, VMware Workstation). - Create a test VM:
- Connect the disk as the primary boot volume.
- Ensure no internet/network adapters are connected.
- Power on the VM.
๐ข Special Case: Ridgebrook Client Deployment
For Ridgebrook:
- Images stored in the Azure file share:
- Storage account:
clientosimages01e2usdtc - File share:
client-os-images-01
- Storage account:
- The image should be synced to the local staging hypervisor:
- Hypervisor name:
ELDERBRAIN - Local path:
D:\Virtual Hard Disks\client-os-images-01
- Hypervisor name:
- Ridgebrook
.vhdximages should be placed into a subfolder matching their PSA company name (e.g.,ridgebrook-industrial).
Once synced, follow the standard boot validation and conversion process below.
2. ๐ Convert MBR to GPT (If Needed)
If the VM fails to boot, the .vhdx likely uses MBR instead of GPT.
โ Option 1: MBR2GPT (Recommended)
Steps:
-
Boot into Windows Recovery Environment or ISO shell.
-
Run:
mbr2gpt /validate /disk:0 /allowFullOS mbr2gpt /convert /disk:0 /allowFullOS
Make sure the OS volume is the last volume and delete any non-essential partitions (see below).
3. ๐งผ Cleaning Up Partitions With DiskPart
Target Partition Layout (Post-Conversion):
| Partition | Purpose | Size |
|---|---|---|
| 1 | EFI System | 10 GB |
| 2 | Recovery | 10 GB |
| 3 | OS Volume | Remainder |
Why fixed sizes?
Microsoft has misaligned these in the past โ we standardize to 10 GB for EFI and Recovery to avoid risk.
DiskPart Steps:
diskpart
list disk
select disk 0
list partition
- Delete unwanted partitions (OEM, redundant recovery, etc).
- Create EFI:
create partition efi size=10240
format quick fs=fat32 label="System"
assign letter=S
- Create Recovery (optional):
create partition primary size=10240
format quick fs=ntfs label="Recovery"
assign letter=R
4. ๐ฅพ Rebuild BCD Bootloader
bcdboot C:\Windows /s S: /f UEFI
C:= OS pathS:= EFI partition/f UEFI= Force GPT boot
5. ๐งฝ Generalize the OS Image (Post-Boot Cleanup)
Once the VHDX boots successfully in offline staging, clear agent registration info and then run Sysprep.
๐ Clear Agent Identity & Token Data
Do not uninstall the agents โ only remove identity/config/token files to force a fresh enrollment after Sysprep.
| Tool | Remove Registration From |
|---|---|
| NinjaRMM | Delete contents of: |
C:\ProgramData\NinjaRMMAgent\ (excluding binaries if needed) |
|
| Blackpoint | Delete: |
C:\ProgramData\Blackpoint\- Any
.jsonor.dbtoken/cache files | | Veeam Agent | Clear config from: C:\ProgramData\Veeam\- Delete any persistent task or repo references | | MSP360 | Remove:
C:\ProgramData\CloudBerryLab\- Clear backup plans and identity info |
๐งน Windows Log Cleanup
del /s /q C:\Windows\System32\winevt\Logs\*.*
del /f /q %SystemRoot%\Panther\*.*
6. ๐งพ Optional: Skip OOBE with unattend.xml
To bypass Out-of-Box Experience (OOBE) and skip all prompts (including user account creation), use an unattend.xml file with Sysprep.
๐ Note: This method will not create new user accounts, and will not alter existing ones.
Key Capabilities:
- Skips first-time setup UI
- Does not create or modify user accounts
- Disables telemetry and feedback services
Sample unattend.xml Snippet
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<TimeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Feedback" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<DisableFeedback>true</DisableFeedback>
</component>
<component name="Microsoft-Windows-CEIPEnable" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<CEIPEnable>false</CEIPEnable>
</component>
<component name="Microsoft-Windows-ApplicationExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<AITEnable>false</AITEnable>
</component>
<component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<DisableWerReporting>true</DisableWerReporting>
</component>
</settings>
</unattend>
How to Use:
-
Save as
unattend.xml. -
Copy to:
C:\Windows\System32\Sysprep\ -
Run Sysprep:
sysprep /generalize /oobe /shutdown /unattend:C:\Windows\System32\Sysprep\unattend.xml
โ Final Checklist
- Image booted offline on hypervisor
- Converted to GPT, EFI+Recovery+OS partitions validated
- Agent registration/token data cleared
- Existing users left untouched
-
unattend.xmldisables OOBE and telemetry - Sysprep completed and image shut down cleanly