[New Feature]: Disable VM Time Synchronization

AutomatedLab / AutomatedLab

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.

MIT License

2.01k stars 358 forks source link

[New Feature]: Disable VM Time Synchronization #1615

Open MichaelGrafnetter opened 6 months ago

MichaelGrafnetter commented 6 months ago

Description

Hello, I would like to disable VM time sync for Active Directory domain controllers. The New-LWHypervVM.ps1 script already contains the following code:

if ($DisableIntegrationServices)
{
    Disable-VMIntegrationService -VMName $Machine.ResourceName -Name 'Time Synchronization'
}

But I have not found any other reference to the $DisableIntegrationServices variable in the AutomatedLab code base. Is there please a way to set this value in the Add-LabMachineDefinition cmdlet, or is that feature not yet implemented? Thanks.

raandree commented 6 months ago

This code is very old, git says, at least 8 years.

To support this, we either need to add a property to the C# machine class or use the machine's hashtable HypervProperties for this.

Is it worth making other VMIntegrationService configurable as well?

MichaelGrafnetter commented 6 months ago

@raandree Good question. Here is the list of integration services from WS 2022:

It would also make sense for lab environments to automatically enable the Guest Services component, which is disabled by default, but is required by the handy Copy-VMFile cmdlet.

While it is not an integration service, I sometimes need to additionally disable Credential Guard for specific VMs:

Set-VMSecurity -VMName CONTOSO-PC1 -VirtualizationBasedSecurityOptOut $true