制作镜像前建议以管理员身份分段执行如下代码净化镜像

黑石或其他物理机除外，仅限普通云服务器，简单点的话，就是能访问公网的≥2016的高版本系统，以管理员身份打开powershell命令行执行这2句命令即可

wget http://windowscq-1251783334.cos.ap-chongqing.myzijiebao.com/xuanwoimg.ps1 -outfile c:youhuaimg.ps1

c:youhuaimg.ps1

后面的可以不用看了，是我给自己写的笔记。

下面命令有用到cleanmgr.exe，≥2016的系统默认有，2012和2012R2默认没有，需要管理员身份powershell执行：

Install-WindowsFeature Desktop-Experience

安装完角色后重启机器后就有cleanmgr.exe命令了。关于cleanmgr，参考

https://support.appliedi.net/kb/how-to-enable-the-disk-cleanup-tool-on-windows-server-2008-r2/

https://www.partition-magic-server.com/windows-server-2012/enable-install-disk-cleanup.html

接下来就是分段执行命令

【第1段】

首先，管理员身份cmd命令行执行这几句命令卸载TAT

sc stop tatsvc

sc delete tatsvc

wmic process where name='tat_agent.exe' call terminate

rd /s /q "C:Program Filesqcloudtat_agent"

#【第2段】

powershell

cmd.exe /c del /F /Q C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecentAutomaticDestinations*.automaticDestinations-ms 2>$null

或者下面几句命令

cd "C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecentAutomaticDestinations"

del *.automaticDestinations-ms

cmd.exe /c del /F /Q C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecent* 2>$null

cd c:

#【第3段干掉洋葱组件】

powershell

sc.exe stop winagent 2>$null 1>$null

sc.exe config winagent start= disabled 2>$null 1>$null

sc.exe delete winagent 2>$null 1>$null

schtasks.exe /delete /tn "WinAgentKeepAlive" /F 2>$null 1>$null

#【第4段关闭云监控、云安全服务】

powershell

stop-service BaradAgentSvc 2>$null 1>$null

stop-service StargateSvc 2>$null 1>$null

stop-service YDLive 2>$null 1>$null

stop-service YDService 2>$null 1>$null

#【第5段清理老的日志】

powershell

del "C:Program FilesCloudbase SolutionsCloudbase-Initlogcloudbase-init.log" 2>$null 1>$null

del "C:Program FilesQCloudLogs*" 2>$null 1>$null

del "C:Program FilesQCloudMonitorBaradlogs*" 2>$null 1>$null

del "C:Program FilesQCloudStargatelogs*" 2>$null 1>$null

del "C:Program FilesQCloudYunJinglog*" 2>$null 1>$null

#【第6段处理部分注册表】

powershell

reg delete "HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v "DontDisplayLastUserName" /f 2>&1 > $null

reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkListProfiles" /f 2>&1 > $null

#reg delete "HKEY_LOCAL_MACHINESOFTWARECloudbase Solutions" /f 2>&1 > $null

#reg add "HKLMSYSTEMControlSet001Servicescloudbase-init" /v "start" /d 4 /t REG_DWORD /f

reg add "HKLMSYSTEMCurrentControlSetControlNetworkNewNetworkWindowOff" /f 2>&1 > $null

#【第7段调用cleanmgr自动清理】

powershell

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDelivery Optimization Files" /v StateFlags6550 /t REG_DWORD /d 2 /f

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDownloadsFolder" /v StateFlags6550 /t REG_DWORD /d 2 /f

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesInternet Cache Files" /v StateFlags6550 /t REG_DWORD /d 2 /f

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesRecycle Bin" /v StateFlags6550 /t REG_DWORD /d 2 /f

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesTemporary Files" /v StateFlags6550 /t REG_DWORD /d 2 /f

reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesUpdate Cleanup" /v StateFlags6550 /t REG_DWORD /d 2 /f

cleanmgr /sagerun:6550

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDelivery Optimization Files" /v StateFlags6550 /f

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesDownloadsFolder" /v StateFlags6550 /f

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesInternet Cache Files" /v StateFlags6550 /f

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesRecycle Bin" /v StateFlags6550 /f

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesTemporary Files" /v StateFlags6550 /f

reg delete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCachesUpdate Cleanup" /v StateFlags6550 /f

#【第8段调用cleanmgr自动清理】

cmd

rd /s /q %SYSTEMDRIVE%WindowsTemp 2>nul 1>nul

rd /s /q "%SYSTEMDRIVE%WindowsDownloaded Program Files" 2>nul 1>nul

rd /s /q %SYSTEMDRIVE%$Recycle.bin 2>nul 1>nul

%SYSTEMDRIVE%WindowsSystem32cleanmgr.exe /d C /verylowdisk 2>nul 1>nul

%SYSTEMDRIVE%WindowsSystem32cleanmgr.exe /d C /autoclean 2>nul 1>nul

#【第9段检查是否有组件损坏】

powershell

dism /online /cleanup-image /scanhealth

#【第10段清理日志】

powershell

#reg delete "HKEY_LOCAL_MACHINESOFTWARECloudbase Solutions" /f 2>&1 > $null

reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkListProfiles" /f 2>&1 > $null

reg delete "HKLMSYSTEMCurrentControlSetControlTimeZoneInformation" /v "RealTimeIsUniversal" /f 2>&1 > $null

reg add "HKLMSYSTEMCurrentControlSetControlNetworkNewNetworkWindowOff" /f 2>&1 > $null

wevtutil el | Foreach-Object {wevtutil cl "$_" 2>$null}

wevtutil cl security 2>$null

wevtutil cl system 2>$null

手动关机做镜像

注意，如果是制作sysprep镜像，建议在执行sysprep命令前，执行这句命令，即在执行sysrep关机之前, 要把cloudbase服务设置为手动或禁用状态.

reg add "HKLMSYSTEMControlSet001Servicescloudbase-init" /v "start" /d 4 /t REG_DWORD /f