-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2015-08-26 11:08, Marek Marczykowski-Górecki wrote:
> On Wed, Aug 26, 2015 at 09:12:10AM +0200, Alex wrote:
>> On 08/26/2015 04:50 AM, Marek Marczykowski-Górecki wrote:
>>> On Mon, Aug 10, 2015 at 02:40:18PM -0700, Vít Šesták wrote:
>>>> [...] if not exists d:\Users ( rmdir /s d:\Users.working
>>>> copy c:\Users d:\Users.working ren d:\Users.working Users
>>>> rmdir /s c:\Users ) if not exists c:\Users ( symlink d:\Users
>>>> c:\Users )
>>>
>>> I'm not sure about removing original c:\Users - AFAIR it should
>>> be left there for initializing d: of additional VMs. But the
>>> idea about intermediate directory looks good. Rafał, what do
>>> you think?
The current algorithm is roughly this:
1) If c:\Users is a directory junction, abort.
2) If d:\Users exists, abort.
3) Copy c:\Users to d:\Users. If anything fails along the way, abort
(the incomplete target directory is left as-is, it should probably be
deleted).
4) Delete everything in c:\Users because a reparse point source must
be an empty directory. At this point we're sure that d:\Users is a
complete mirror of the original directory. If anything fails during
the deletion, try to copy d:\Users back to c:\Users ignoring all errors.
5) Make c:\Users a reparse point pointing to d:\Users.
Note that this process runs in the early boot phase as SYSTEM, before
the OS opens any other files (same stage as the filesystem checker).
Permissions or locked files are not a problem.
We could probably replace 4) and 5) by updating the registry
(ProfileList key).
>> Sorry if I hijack your question to Rafał, but I think symlinking
>> the users directory is not probably the best way to proceed.
>
>> And if you wanted to keep the logical overlay structure from the
>> linux AppVMs to windows ones, you'll have to move also
>> C:\ProgramData, which is something like /usr/local in Fedora.
>
>> You may consider checking
>> HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS
>> NT\CurrentVersion\ProfileList which is the actual "recommended"
>> way of changing the location of the Users directory and
>> ProgramData; a sample article can be found at
>>
http://www.nextofwindows.com/how-to-change-user-profile-default-locat
ion
>>
>>
- -in-windows-7/
>> but AFAIK (direct experience) the procedure goes something like
>> this: - create a throwaway administrator user - log in as that
>> user (needed because logged users have locked files in their
>> home) - copy everything from C:\Users into D:\Users, skipping
>> files from the throwaway user folder - copy everything from
>> C:\ProgramData into D:\ProgramData, signaling locked files to the
>> users -> they must be taken care of manually, e.g. skipping
>> windows files (they'll be likely re-created) or program files
>> (they could just be plain lock files) - set the registry keys
>> accordingly (all four of them, ProfileDirectory=D:\Users,
>> ProgramData=D:\ProgramData, Public=D:\Users\Public,
>> Default=D:\Users\Default) - reboot - log in as one of the
>> existing administrator accounts (not the throwawa y) - remove the
>> throwaway profile
>
>> This way you'll have a situation similar to that of the others
>> AppVMs, but please note it takes a great amount of work and I
>> don't know if it can be automated after the setup.
>
> I think there was some problems with this approach, but don't
> remember what. Especially about having ProgramData on per-VM drive
> - which means that changes made there in the template would not be
> propagated to the VMs. Rafał?
>
Right. ProgramData contains *global* application settings that are not
user-specific. By default c:\Users\All Users is a link to c:\ProgramData
.
> Anyway the current implementation doesn't use symlinks, but rather
> reparse points (IIUC something similar to "mount --bind").
>
>> During the setup phase of windows one may pass an Unattended
>> Answers file, which - as far as I remember, at least with Windows
>> 2000 it could - can set a different location for ProgramData and
>> user profiles directory. Doing this at the setup phase is the
>> easiest way to proceed, everything will be set up by the Windows
>> setup itself, and any location in the user home or ProgramData
>> that may have been written somewhere else will just be correct,
>> because there will never have been directories in the wrong
>> place.
>
>> My memories of unattended installations are faint; you may want
>> to start checking from
>>
https://technet.microsoft.com/en-us/library/cc786944%28v=ws.10%29.asp
x
>>
>>
or
https://technet.microsoft.com/en-us/library/cc732280%28v=ws.10%29.asp
>> x
This could be a nice solution *if* the unattended installation can
initialize and format the private disk by itself. Still, probably not
all users can go with a fresh installation so a solution that works
for an already installed OS is preferable.
There are some other issues in general. For example, all child VMs
based on a template will have the same Windows host name because it's
stored in the system registry hive which is located in
Windows\system32\config. Of course this hive contains a lot of other
global settings that *should* be inherited from the template. I
imagine this could be solved by creating an explicit list of such
non-inheritable settings. They could be copied from the template by
default but we should provide some way to permanently override them
(maybe a special executable that the user will run once all the
"private" settings are changed, that executable will read those
settings and store them, then our agent will re-apply them on each VM
start).
iQEcBAEBAgAGBQJV3bJhAAoJEIWi9rB2GrW7G4sH/1VuFzf36n96OKgRwLhsxmAm
lndJFzPkp8JPZlYlvZCtzGifuljV//lY2wVmFQIvvuaQZqpW24Ot7dhByOHblV0m
OzJh2KClu7s6TZJeCeBSLzrQgtP22NSKvBKmnnTVf7j2LrNVaSEBVZzMHBaRcrt/
XsGM7JfVtVIsx1vunZbQ2blQkofREg8AMFnpM9sKI5Oq4uyzoknQWG8KD/UGF+vt
ZshKKKD6nRB42ct+uabiTgEPkhMm2DVlcQBR1RxweKBSN56UFKcCoSnCc1fApAid
kgVUDOuMREtWjllymCA0joFL0bnGdVtTxxuj4YjsARXXnE3PdvWaMPMycJ8gL7o=
=aKdM
-----END PGP SIGNATURE-----