1

Help!!!

I am trying to create a windows ami that when launched (need multiple [20] live servers to be launched for short durations at short notice) auto logon and run an .exe application (unfortunately I can not get the app to run as a service). Also machine names must be unique.

Problem works fine pre sysprep, but when I launch instance from the ami it fails to logon as the machine name has obviously changed from the original machine image.

The only way I have managed it is to not sysprep, take an ami, then log onto the new machine when launched and manually change the machine name, and set the autologon sysinternal tool. THis is not ideal as the end user is not technical and time constraints do not allow for this action to be performed efficiently.

I am at my wits end! Your help is very much appreciated.

JonLovett
  • 92
  • 1
  • 5

2 Answers2

10

I am aware this is a very old question. Google, nonetheless, led me to this question when I faced a similar issue. I did the following to solve my issue.

  • Customize an instance to your liking. The AMI will be created using this instance.

    • Create a new user account with admin privileges. This is needed as Sysprep\Ec2ConfigService will reset the Administrator password. Add this user to the group Remote Desktop Users, so you can RDP using this user account.

  • Edit EC2's Sysprep answer file to enable auto-logon.

    • Append the following to component node named Microsoft-Windows-Shell-Setup in the file C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml

.

<AutoLogon>
  <Password>
    <Value>NewUser'sPassword</Value>
    <PlainText>true</PlainText>
  </Password>
  <Username>NewUser'sName</Username>
  <Enabled>true</Enabled>
  <LogonCount>999</LogonCount>
</AutoLogon>

The resulting file should look like the snippet below. I have removed the parts not necessary for this answer.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
  <settings pass="oobeSystem">
    <!-- snip -->
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <!-- snip -->    
        <AutoLogon>
          <Password>
            <Value>NewUser'sPassword</Value>
            <PlainText>true</PlainText>
          </Password>
          <Username>NewUser'sName</Username>
          <Enabled>true</Enabled>
          <LogonCount>999</LogonCount>
        </AutoLogon>
    </component>
  </settings>
  <!-- snip -->
</unattend>

  • Next we edit the EC2ConfigService settings.

    • In the file "C:\Program Files\Amazon\Ec2ConfigService\Settings\BundleConfig.xml", ensure the value for SetPasswordAfterSysprep is Yes.
    • In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the state node has the value Enabled for the plugin Ec2SetPassword.
    • In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the value for RemoveCredentialsfromSysprepOnStartup is false.

  • You are already launching an exe on logon. Using the same mechanism, also launch a script that will delete the AutoLogonCount setting from the registry. This step is important, else after 999 (as per the example mentioned above) logins, the autologon will stop.

.

powershell.exe  -command { Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\winlogon"  -Name AutoLogonCount -Force -ErrorAction 0 }
  • Now we can start Sysprep. Either use the UI or the following command.

.

%ProgramFiles%\Amazon\Ec2ConfigService\ec2config.exe -sysprep

Any instance launched using an AMI created from the above instance, retains the auto-logon behaviour indefinitely.

Amith George
  • 5,806
  • 2
  • 35
  • 53
0

Don't know if this software can help, look at LogonExpert and its satilite articles:

1) Deployment 2) Commmand line/vbscript control 3) Scheduling

Taho Cannan
  • 1