Windows Server 2025 VM
Windows Server 2025 VM creation on a Linux host using KVM
This process gives us a fairly minimal UEFI based Windows Server 2025 VM running under KVM. This process has only been tested on Fedora Linux.
Define the VM name and location
# Define the new VM name:
export VMNAME="win2025-01"
mkdir -p ~/VMs/"${VMNAME}"
cd ~/VMs/"${VMNAME}"
# Set a custom folder icon with GNOME:
gio set -t string ${HOME}/VMs/${VMNAME} metadata::custom-icon file://${HOME}/Pictures/icons/folder-windows-server-2025.png
Creating the VM
Note that the Windows Server 2025 VM requires UEFI boot!
# Copy the base image to the VM specific directory:
rsync --progress ~/VMs/base_images/win-serv-2025-c-base.qcow2 ~/VMs/${VMNAME}/${VMNAME}-c.qcow2
# Create the VM:
virt-install \
--connect qemu:///session \
--hvm \
--name "${VMNAME}" \
--memory "8192" \
--vcpus "2" \
--disk path="${HOME}/VMs/${VMNAME}/${VMNAME}-c.qcow2",bus=sata \
--cdrom "${HOME}/VMs/ISOs/Windows/VirtIO-Win/latest/virtio-win-0.1.285.iso" \
--os-variant "win2k22" \
--graphics spice \
--network=bridge:virbr0 \
--boot uefi \
--noautoconsole \
--import
Installing VirtIO drivers
After the OS has been initialized the system will automatically shut down. Start the system back up, set the default Administrator password (See Password Manager) and login. Run the following application from the DVD and accept all the defaults:
virtio-win-guest-tools
Eject the ISO from the VM when the install has completed. Do not reboot yet! Set the desktop resolution to: 2560 x 1600 at 150% scale. Run the PowerShell script at: Set background colors for Windows desktops to set the intended desktop color.
Set the hostname
Set the hostname via an administrative level PowerShell instance:
Rename-Computer -NewName "win2025-01"
A system restart will be required for this to take effect, but do not reboot yet!
Set the time zone
Run the tzutil CLI utility in an administrative level PowerShell instance:
tzutil /s "UTC"
Ensure the system clock matches wall time after setting this.
Windows Update
Run the sconfig CLI utility in an administrative level PowerShell instance:
sconfig
# Option 5 - Enable Automatic updates
# Option 6 - Install updates
# Choose 1 to search for All updates
# then A again to install All updates
# Restart when requested
Install all available updates and reboot. This step may have to be run 3 times to get all of the updates installed. Continue until no more updates are available.
Installing PowerShell 7
Install the latest available version of PowerShell on Windows Server 2025, this installs to: C:\Program Files\PowerShell\7
Invoke-Expression "& { $(Invoke-RestMethod 'https://aka.ms/install-powershell.ps1') } -useMSI -Quiet -EnablePSRemoting"
There will be a new PowerShell 7 (x64) item on the Start Menu. In the Windows Terminal app, open Settings → Startup → Default Profile → PowerShell → Save → Close to set PowerShell 7 as the default terminal.
Do NOT install PowerShell from the Windows Store as if you do the install will end up in the users %LOCALAPPDATA%\Microsoft\WindowsApps\ folder and is only usable by the user that installed it.
Install POSH
See: Installing OhMyPosh / Powerline on your local Windows 11 system
Enable SSH Server
An SSH server is already installed on Windows Server 2025, but it needs to be enabled and configured to operate correctly.
# Enable the sshd service to start automatically:
Set-Service -Name sshd -StartupType 'Automatic'
# Start the sshd service:
Start-Service sshd
# Confirm the firewall rule for port 22 exists:
Get-NetFirewallRule -Name *ssh*
# Set PowerShell 7 as the default login shell:
New-ItemProperty `
-Path "HKLM:\SOFTWARE\OpenSSH" `
-Name "DefaultShell" `
-Value "C:\Program Files\PowerShell\7\pwsh.exe" `
-PropertyType String `
-Force
# Edit C:\ProgramData\ssh\sshd_config
# Uncomment PubkeyAuthentication yes.
# Set PasswordAuthentication to no to disable password login.
# Provision the public keys of the SSH key(s) we will use for login:
New-Item -Path "C:\ProgramData\ssh\administrators_authorized_keys" -Type File
Add-Content -Path "C:\ProgramData\ssh\administrators_authorized_keys" -Value "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGbdZXGee0zdBqQaDsUXOgp/1DuD3b3YlHREEtne8OV patrick.slattery@asuresoftware.com"
# Set the correct ACL on the configuration file:
$acl = Get-Acl "C:\ProgramData\ssh\administrators_authorized_keys"
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
# Restart the sshd service for our changes to take effect:
Restart-Service sshd
Install Git etc.
Here we’ll install a few basic utilities to make our life easier:
# Install Git
winget install -e --source winget --id Microsoft.Git
# Install Notepad++
winget install -e --source winget --id Notepad++.Notepad++
# Install Zed (Advanced text editor)
winget install -e --source winget --id ZedIndustries.Zed
# Install Nano for Windows (CLI text editor)
winget install -e --source winget --id okibcn.nano
# Install 7-Zip
winget install -e --source winget --id 7zip.7zip
# Install the Sysinternals Suite
winget install -e --source winget --id Microsoft.Sysinternals.Suite
Install marcosnils/bin for managing random binaries
bin is a lightweight, cross-platform binary manager that simplifies downloading, installing, and managing binaries without requiring root privileges. See the doc at: bin - Effortless binary manager
Uninstall PowerShell ISE
This tool does not support PowerShell 7 therefore it should be removed from the system and its usage discouraged.
DISM /Online /Remove-Capability /CapabilityName:Microsoft.Windows.PowerShell.ISE~~~~0.0.1.0
Expected response:
Deployment Image Servicing and Management tool
Version: 10.0.26100.5074
Image Version: 10.0.26100.32690
[==========================100.0%==========================]
The operation completed successfully.
Optional Installs
Installing IIS
Install-WindowsFeature -name Web-Server -IncludeManagementTools
Expected response:
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Common HTTP Features, Default Document, Dir…
Verify what features are installed:
Get-WindowsFeature | Where-Object {$_.Installed -eq $true} | Format-Table Name, InstallState
Expected result:
Name InstallState
---- ------------
FileAndStorage-Services Installed
Storage-Services Installed
Web-Server Installed
Web-WebServer Installed
Web-Common-Http Installed
Web-Default-Doc Installed
Web-Dir-Browsing Installed
Web-Http-Errors Installed
Web-Static-Content Installed
Web-Health Installed
Web-Http-Logging Installed
Web-Performance Installed
Web-Stat-Compression Installed
Web-Security Installed
Web-Filtering Installed
Web-Mgmt-Tools Installed
Web-Mgmt-Console Installed
NET-Framework-45-Features Installed
NET-Framework-45-Core Installed
NET-WCF-Services45 Installed
NET-WCF-TCP-PortSharing45 Installed
Windows-Defender Installed
System-DataArchiver Installed
WindowsAdminCenterSetup Installed
PowerShellRoot Installed
PowerShell Installed
Wireless-Networking Installed
WoW64-Support Installed
XPS-Viewer Installed