How can I automate patching and deployment of desktop images?

Occasionally, you may manually install applications, or the app updates, on dynamic hosts. When the hosts are re-imaged, those applications are lost, or the apps are reverted to their previous versions installed on the hosts’ underlying desktop image.

Nerdio Manager provides a method to ensure consistency for the app installation and updates on your desktop image(s). Specifically, it provides out-of-the-box scripts that you can run on your golden desktop image to automatically install Microsoft patches and updates. Running these scripts ensures that the Windows OS and some common applications, installed on your desktop image, are up to date, and you don’t lose any apps or updates when re-imaging your hosts.

Below are the out-of-the-box Windows scrips you might want to run:

• Update Windows 11

• Install Microsoft 365 Office Apps

To automate your desktop image patching, complete the following steps:

• Step 1: Assign Windows scripts to customer accounts

• Step 2: Run Windows scripts on a desktop image

• Step 3: Configure notifications

• Step 4: Schedule automated re-imaging for host pool

Step 1: Assign Windows scripts to customer accounts

The out-of-the-box Windows scripts you need to run are stored at the global MSP level. To enable them for your customer accounts, you need to assign those scripts to all or individual accounts you manage.

To assign Windows scripts to accounts:

1. At the MSP level, navigate to Scripted actions > Windows scripts.

2. From the action menu next to the script you want to assign, select Assign accounts.

   Tip: Use the Search field to quickly find the script you need.

   

3. Select the accounts you need to assign the script to.

   • Select All to assign the script to all of your managed accounts.

4. Select OK.

Step 2: Run Windows scripts on a desktop image

Once you have assigned the Windows scripts to accounts, you can now run those scripts on the desktop image during the Set as image task.

To run Windows scripts on the desktop image:

1. At the account level, navigate to Desktop images.

2. Locate your desktop image, and from the action menu next to it, select Set as image.

3. In the Set as image dialog box, select the calendar  icon to configure a schedule for running the scripts during a selected time frame.

   Note: If the Schedule option is not configured, the scripts start running as soon as you select OK.

4. Provide the following information:

   • Schedule: Enter the name for a new schedule, and then select Add 'your schedule name' schedule.

   • Geographic distribution & Azure compute gallery: Enable this option to store the image in Azure Compute Gallery and automatically distribute to selected Azure regions. Provide the following details:

     • Azure Compute Gallery: From the drop-down list, select the available Azure Compute Gallery.

     • Azure regions: Leave the default option.

     • Store account type: Leave the default option.

       

     • Stage new image as inactive: Select this option to create a new image version without setting it as active. Any existing configurations will continue using the current version of the image.

       Tip: To activate the new image version, from the action menu next to it, select Activate staged image.

   • Run the following scripted actions before set as image: Enable this option, and then provide the following information:

     • Windows scripts: From the drop-down menu, select the scripts that you previously assigned to this account.

     • Target VM: Select Source. This option ensures that the changes made by the scripts are not overwritten during the future image maintenance or staging.

       

   • Application management: Leave this option Off.

   • Error Handling: Enable this option to configure the retry threshold and cleanup settings in case the process fails. Provide the following information:

     • Retry Threshold: Set this option to 2. This value defines the number of attempts to complete the Set as image task. If it fails, there will be two more attempts to complete it.

     • Cleanup after failure: Select this option, and then set Hours until cleanup on failure to 4.

       Important:

       • We recommend enabling this feature to preserve the previous image version in case any issues occur.

       • If an error occurs, wait until the image VM is cleaned up. Then, run Set as Image again. When it errors, you’ll be able to review the Sysprep error logs from there. For more details, see Troubleshoot desktop image Sysprep errors.

   • Retain current image object (Optional): Select this option if you want to retain the existing image as a standalone object, rather than overwriting it with the new one.

     • Versions to keep: Select the number of image versions you want to keep.

   • Install all AVD enabled certificates: Select this option to install all AVD enabled certificates on image VM, if any.

   • If you want to use the AI Vision Boot Diagnostic Insights:

     • Validate image: Select this option to apply the image to a VM, gather boot diagnostics, and verify that the VM successfully boots before creating a managed image or publishing it to Azure Compute Gallery.

     • Use Boot Diagnostic Insights: Select this option to enable the Boot Diagnostic Insights.

       Important: If you want to use the Validation option, ensure Azure AI Boot Diagnostic Insights are enabled for each individual account. You can enable this option at the Account level, by navigating to Settings > Integrations > Azure AI. For details, see Overview of Boot Diagnostic Insights.

   • Change log: Enter a brief description of what should change once the Set as image task is completed.

     

• Schedule:

  • Start date: Select the date to start.

  • Time zone: From the drop-down list, select the time zone for the Start/End times.

  • Start time: From the drop-down lists, select the time to start. Day hours are recommended.

  • Repeat: From the drop-down list, select the recurring schedule, for example, Monthly (recommended).

  • Day(s) of week: Specify the day of the week when the scripts should run.

    Note:

    • For Start date, be sure to select the first occurrence of the chosen weekday within the month. For example, if you select the first Monday, the start date should be the first Monday of that month.

    • Having the scripts run on Mondays on a weekly basis is recommended to prevent potential issues with faulty patches.

    • Running the scripts during the day, and having the notifications set up, helps you quickly take action if anything unexpected happens.

  

5. Select Save.

Step 3: Configure notifications

Once you have configured the Set as image task options, and defined the schedule to run Windows scripts, you now need to

define the condition and its corresponding action for Nerdio Manager to notify you if anything unexpected happens during the task.

To create a condition:

1. At the MSP level, navigate to Notifications > Conditions.

2. On the Conditions tab, select Add Condition.

3. Enter the following details:

   • Name: Type the name of the condition, such as Automated patching of desktop images.

     Note: You need to specify this name when creating the corresponding notification action.

   • Accounts: By default, the Any option is defined. If you want to associate this condition with individual accounts, from the drop-down list, select the needed account(s).

   • Tasks: From the drop-down list, select the Power off & set as image and Schedule Power Off and Set as Image tasks.

   • Failure Statuses: From the drop-down list, select the Error status that this condition should match.

   • Success Statuses: From the drop-down list, select the Completed.

     Note: Other fields that are not listed can remain as set by default.

4. Select Apply.

   

Once you have created the condition, you now need to create its corresponding action (sending out notifications) that should be triggered if the condition is met.

To create an action for the Error condition:

1. At the MSP level, navigate to Notifications > Actions.

2. On the Actions tab, select Add Action.

3. Enter the following details:

   • Conditions: From the drop-down list, select the name of the condition you previously created.

   • Subject: Provide the subject text for the notification email.

   • Body: Enter the body text for the notification email.

   • Email Notification: Select Send an Email Notification to send email notifications, and then provide the following details:

     • Send From: From the drop-down list, select a linked email address that is used to send the notification.

       Note: Only linked mailboxes are displayed. To link mailboxes, navigate to Settings > Environment > Notifications.

     • Send To: Type the email address(es) to send the notifications to.

       Note: Multiple emails can be specified separated by commas.

     

4. Select OK.

Step 4: Schedule automated re-imaging for host pool

Once automated patching is configured on the desktop image, you can set a schedule on the host pool to re-image the hosts with the patched image.

To configure a schedule to re-image host pools:

1. At the account level, navigate to AVD > Host Pools.

2. Locate your host pool, and from the action menu next to it, select Manage Hosts > Hosts > Resize/Re-image.

3. In the Resize or Re-image hosts dialog box, select the calendar  icon to configure a schedule for the re-imaging task.

4. Provide the following information:

   • Schedule: From the drop-down list, select the existing schedule. Alternatively, enter the name for a new schedule, and then select Add 'your schedule name' schedule.

   • Desktop image: From the drop-down menu, select the desktop image where you configured automated patching.

     Note: The image version may show an earlier date or version—that’s expected. When the re-image schedule runs, the latest image version will be applied automatically. You do not need to manually update the image here.

   • Messaging: Enable this option, and then define the following:

     • Delay: Specify the delay for the re-imaging task.

     • Message: Adjust the message to notify active users about their sessions termination.

       

   • Process hosts in groups of: Specify the total number of AVD hosts in your host pool. This option lets you re-image all hosts at once, rather than individually.

   • Number of Failures before aborting: Leave the default selection of 1. This setting stops the process after a single failure. This helps prevent making all session hosts unavailable to users.

   • After first group is done, set remaining hosts to drain mode: Optionally, select this option. It sets all hosts that haven't been resized/re-imaged yet, to drain mode as soon as the first group of hosts completes the resize/re-image process.

     Note: This setting performs the following:

     • Sets all hosts that haven't been resized or re-imaged yet, to drain mode as soon as the first group of hosts completes the resize/re-image process.

     • Ensures that users who connect to their desktops are redirected only to an already resized/re-imaged host VM.

   • Schedule: Provide the following information:

     • Start date: Select the date to start.

     • Time zone: From the drop-down list, select the time zone for the Start/End times.

     • Start time: From the drop-down lists, select the time to start. Day hours are recommended.

       Tip: Allow buffer time for the desktop image to complete the patching process before re-imaging the host pool with the latest image version. For example, if the desktop image patching is scheduled for 4:00 AM, allow a couple of hours for the patching job to complete. Then, set the host pool re-image time to 10:00 AM.

     • Repeat: From the drop-down list, select the recurring schedule, for example, Monthly (recommended).

     • Day(s) of week: From the drop-down list, select a specific day when the scheduled task should run.

       Note: For Start date, be sure to select the first occurrence of the chosen weekday within the month.

       For example, if you select the first Sunday, the start date should be the first Sunday of that month.

     

5. Select Save & close.