If you’re concerned about Windows 7 security now that it’s no longer receiving patches or updates, but aren’t ready, or can’t abandon Win7 just yet, running win7 in a VM can help. A Virtual Machine is software that lets you run an OS in a sort of fake PC that’s isolated from whatever main OS you’re running. Windows 7 as a VM is just as susceptible to hacks & exploits as Windows 7 running on hardware, so you won’t for example lessen your risks if you use a Win7 VM rather than a normal install for banking, but if that VM does get compromised, it won’t spread nearly as easily to other parts of your PC, though it will still have access to your network, and could potentially do some damage that way. And if something bad happens, or if you just suspect it might have, restoring that VM is just a matter of replacing the file it’s stored on with a copy saved elsewhere. If the copy of Windows running on your PC or laptop gets infected on the other hand, malware might grow roots elsewhere on the hard disk(s), or even in the BIOS, so restoring a backup might have little effect.
Installing Win7 in a VM works – migrating the copy you’ve been using may or may not, and if it does, it will not work as well as a newly installed copy of Windows. Creating a new Win7 VM in VirtualBox isn’t hard at all – the hardest part might be getting your hands on a Win7 setup disk or ISO if you don’t have your original handy. Note that if your setup disk doesn’t have Win7 SP1, Google on adding it [include the keyword Slipstream] to create a new ISO. You start by installing VirtualBox, then adding the extension pack to it, then click the New button. Fill in the blanks, attach the Win7 setup ISO, make sure it’s above the hard disk in the boot order box, and click the Start button. It works just the same as if you were installing Win7 normally on a PC.
Getting a copy of Windows that you’ve been using on your PC or laptop to work as a VM requires a bit of work, and success is far from guaranteed. Up until recently every attempt I’ve made [with XP, Win7, 8, & 10] has failed – the VM’s performance was just not acceptable. And in every case, installing the same version of Windows, then adding the same software in a VM, worked just fine. But I just completed a conversion or migration of Win7 to a VM that works – performance isn’t quite as good as if I had installed Win7 fresh, but it’s acceptable. So I now know it can work – maybe not that often – but it can possibly provide a solution if there’s little or no way to get the same software &/or games installed in a new copy of Windows. And so I wrote the following guide, which is a bit long since I’ve included potential solutions &/or workarounds if something doesn’t work. Good Luck.
* * *
The main advantage of Virtual Machines is that they can be easier to manage – a biz might have multiple server VMs, with only some of them running when there’s low demand – which is something that today might be better accomplished using containers etc. in the cloud, so biz use of VMs may be declining. The main disadvantage is that you’re using an extra layer of software, which robs resources – in biz use VMs are likely running on a special server OS, so there’s less resource drain than running a complete version of Windows or Linux as the host. On a single PC, workstation, or laptop, using VMs can make sense when you want the OS running in a VM isolated for better security, and they can provide a bit of safety for testing, since you’re not going to break the PC itself. VMs can also be used to emulate different hardware, and if there’s software that you need to use that only runs on another OS or version of Windows, you might use it in a VM window on your desktop alongside your other software.
If you’re interested in the extra security a VM might provide, the first step is to see if you’ll get enough performance out of a VM using your PC or laptop. To use a VM [Virtual Machine] you have to run Host software, which takes some resources, and you have to continue running Windows, which itself takes some system resources, and that means you have less available for the VM. Running Linux instead of Windows for a host can help with that. Whatever performance you’re used to when running Windows 7 normally, cut that at least in half. If you think you might give it a try, you can download a trial VM from Microsoft – it works for 90 days – and see how that works for you. It’s quicker & easier than installing Windows to a new VM, and much quicker & easier than migrating an existing copy. You can download a trial VM here:
developer.microsoft[.]com/en-us/microsoft-edge/tools/vms/
Note: a copy of Windows installed fresh to a VM will perform better than the copy you were already using and making that existing copy into a VM might or might not work. Also note that not all software will run well, or at all in a VM; many games will require access to a hardware rather than a graphics processor [GPU] emulated in software. And when migrating a copy of Windows does work, you’ll spend time uninstalling old, leftover drivers, along with any software that doesn’t work. That said, if you expect problems re-installing software, migrating your existing copy of Windows may be a solution. One last note, the Windows 7 key that you’re using now may not work to activate Windows once it’s in a VM. Activation could be iffy even before Windows 8 was released, with very many people having to call in to get Windows activated, and nowadays Microsoft is much less likely to want to be helpful. On the other hand, with Windows 7 at EOL they’re less likely to be as strict or pay as much attention. Assuming your Windows 7 key does work in the VM, you can *probably* still upgrade the copy on your hard drive to Windows 10 for free – as I’ve found a few times now, using the key to upgrade doesn’t render it useless. [There are many reports, all anecdotal, that the free upgrade from Win 7 or 8 to 10 still works, but other than the in-place upgrade, e.g. installing fresh and using the old key, may or may not.]
One of the first steps you’ll take is deciding what VM host software to use. Like very many, I prefer VirtualBox for a home PC – you can download the free, open source app at virtualbox[.]org, with a version also available for Linux. Once you install VirtualBox you want to go to the File menu -> Preferences dialog to add the Extension Pack you should have also downloaded. Microsoft offers a version of its Hyper-V that can be added to Windows 10 Pro -- if you Google you’ll find a few articles on how to [allegedly] get it working on Windows 10 Home. You can also Google on VirtualBox vs Hyper-V for all sorts of opinions and comparisons. For me it’s just a simple matter of my VMs run better faster on VirtualBox than Hyper-V. There’s also the benefit that VirtualBox is available for Windows 7, so you could make sure your copy of win7 worked as a VM before upgrading to win10 or switching to Linux.
A VM is just a copy of an OS, in this case Windows 7, installed to a VHD [Virtual Hard Disk] rather than a physical hard disk, with whatever drivers are needed for the VM’s host software, rather than the drivers you’d normally use that are tailored for your PC’s or laptop’s hardware. So, to move a copy of Windows 7 to a VM, you start out cloning the hard disk, same as if you were moving that copy of Windows to a new PC or laptop, only you use a VHD instead of a real drive. To install a fresh or new copy, you install Win7 normally to an empty VHD. If you’re installing a new copy you can create that VHD as part of the process of creating your new VM, or you can create it in Windows. If you’re migrating your existing copy of Win7, you start by creating the VHD, going to Control Panel -> Administrative Tools -> Computer Management, clicking Disk Management in the Computer Management window, then right clicking Disk Management in the left column, selecting Create VHD. In the window that pops up you browse to the location where you want the new VHD & give it a name. Then you specify a size for the VHD, leave the format as VHD, then select either Fixed Size or Dynamically Expanding. Here’s what that’s about…
A 100 GB fixed size VHD takes up 100 GB of space on the hard disk. A dynamically expanding VHD starts out real small, then grows as needed when files are added. It takes time to create a fixed size VHD, as the complete full-size file is written. It’s much faster to create a dynamically expanding VHD, but when you’re using it, writing to the VHD can take longer if/when it has to grow. Microsoft recommends fixed size VHDs because the initial performance is better – I prefer dynamically expanding VHDs because it’s faster easier to copy & move the smaller files. Your choice will probably help determine the size of your new VHD – I don’t feel bad at all creating a 150 GB expanding VHD, because at least initially [and hopefully forever] it’s not going to take up 150 GB. You can also have a smaller, dynamically expanding VHD for Windows, and an expanding or fixed size VHD for things like games. If in Windows Explorer you right click the drive where win7’s installed and select properties, you’ll see how much space it’s currently using. Windows does need some extra free space to run properly, so if you create a fixed-size VHD you’ll have to decide how much to give it, weighing things like how much disk space you can spare. While it will grow if you add software, an expanding VHD can also grow because of a temporary need, e.g. with Windows updates, though that won’t be a problem with Win7 any longer. I typically *Compact* my VMs after updates, trimming the extra 2-3 GB of growth.
Once you make your selections & click OK, Windows will create the VHD. Next you have to right click the header on the left of the new VHD in the lower center window and initialize the disk. This is where you select MBR or GPT disk types – MBR is safer if you have 4 or less partitions that you’re copying from the Windows 7 hard disk. Next you right click the VHD itself in that same lower window, and select New Simple Volume, which brings up the dialog where you select the format, e.g. NTFS, name the VHD, assign a drive letter that will show up in Windows Explorer, and format the disk. You just want the VHD to show up in Windows Explorer so that your backup software will see it.
Then you just restore an image backup of your Windows 7 drive to that VHD. Usually you’ll want to use a backup of the entire hard disk, so you get the partitions Windows needs to run [e.g. the boot partition], but leave off additional partitions for things like games, which you’re better off putting on a separate VHD. With the conversion I just completed the PC was running both Win7 & 10, so I just restored the backup for the Win7 partition – creating new boot files was/is easier than modifying the existing set if I had included those. Since Windows sees the VHD as just another hard disk most backup software won’t have a problem restoring a backup there, but there are exceptions, e.g. Macrium Reflect Free will not work – it showed warnings that there wasn’t enough space on both expanding & fixed-size VHDs. If you use Paragon like I did, make sure to turn off modifying the BCD [boot files], and even then, you might have to delete a new entry in your PC/laptop boot menu – I recommend the free EasyBCD. [Windows installed on a VHD will start and run on your PC or laptop, so Paragon isn’t entirely unjustified in adding it to the boot menu.]
There are other tools that you can use, e.g. Sysinternals Disk2vhd, or if you still have or can find a copy of Paragon’s older VM migration tools [a few have been on GOTD] that can work, but if you’ve got backup software you’re already using, I think it’s easier to use what you know with the backup you’ve already got. If you’re installing Windows 7 fresh, or when you’re done restoring your backup, right click the header to the left of the VHD in Computer Management -> Disk Management to detach the VHD.
As above, if you’re installing Windows 7 fresh you can also create a new VHD as part of the process of creating a new VirtualBox VM, but with fewer options. I do suggest using a Microsoft VHD format .vhd file, rather than the VirtualBox native .vdi, because mounting [attaching] that VHD in Windows can sometimes come in handy [you can’t access the files on a .vdi when you’re not running VirtualBox]. You can easily convert that .vhd to .vdi later when you’re sure everything’s cool. You can Google for info re: Hyper-V, e.g. howtogeek[.]com/196158/how-to-create-and-run-virtual-machines-with-hyper-v/ , while with VirtualBox, running the VM VirtualBox Manager app, it’s just a simple dialog when you click New – just be sure to point it to the VHD you already created. Next, you finish configuring your new VM.
With VM VirtualBox Manager running, click the File menu, then Virtual Media Manager. Here you need to add the VBoxGuestAdditions.iso, which is in the VirtualBox program folder. If you’re installing Windows fresh you need to add the Windows 7 setup ISO too. In the settings for your new VM, under Storage, click the optical drive, then click the blue disk icon on the right to select which ISO is attached or active. If you’re installing Win7 you want to use the setup ISO, then go up to System in the settings dialog to make sure that Optical is checked and above Hard Disk in the Boot Order window -- otherwise you should use the additions ISO. Whether you’re installing Win7 or migrating an existing copy you want to install the Guest Additions as soon as your VM is running, because they include many of the drivers Win7 will need. Most of the other settings are self-explanatory or common sense, e.g. you don’t want to give the VM all the memory your PC has available, or there will be nothing left for the Windows [or Linux] host -- start small & increase if/as needed. Under display you want to make sure VBoxSVGA is selected, under Network you usually want it set to NAT, under USB for Windows 7 start out at 2.0 – we’ll add 3.0 later. When you’re done, click OK to close settings, and with your VM selected, click Start.
If you’re installing Windows, when you 1st run your VM it should boot or start from the setup ISO, the same as if you were booting your PC from the DVD. Everything should work the same as installing Windows normally on your PC. If you’re using an existing copy of Windows it should start just like it did when run on your hardware, though it will probably take [sometimes much] longer to start. There are two likely problems if it doesn’t – either there’s a problem with the boot files, or there’s a problem with the drivers previously installed in Windows. You’ll usually see a message if the boot files are the problem, e.g. it can’t find Windows\ System32\ winload.exe, while if it’s the old drivers Windows will try to start but fail.
Fixing or adding BCD boot files
There are 2 ways for Windows to boot – Legacy & EFI. If Windows is set up for Legacy booting, you’ll see a boot folder & a bootmgr file, while EFI uses an EFI folder, and they may be on the same partition as Windows, or on a [usually small, e.g. 100 MB] separate partition that may be hidden. Usually Windows has one set, but it is possible to have both Legacy & EFI boot files present. Windows itself is no different whether it uses Legacy or EFI boot files – it’s just a matter of what the BIOS looks for. In VirtualBox there’s a checkbox under the VM’s Settings -> System to turn on EFI booting. Easiest and safest is to use Legacy boot with files on the same MBR VHD as Windows. The first step to replacing the existing boot files is to shut down VirtualBox & mount [attach] the VHD in Windows Computer Management -> Disk Management. If there is a separate boot partition it needs to have a drive letter. If it doesn’t have one and the partition is hidden, I think the easiest way is to unhide it and assign a drive letter using AOMEI Partition Assistant, and the free version will work -- right click the partition, select Advanced & then Unhide or Change Drive Letter. Windows Computer Management -> Disk Management will let you easily add a drive letter, but Only if the partition is not hidden.
The tool you use to add the boot files is BCDBoot, and it’s included in Windows. It’s not hard to use, though you do run it using the Command Prompt running as admin – this linked page has a list of commands, or you can type bcdboot /? & press Enter. The command you’re after likely looks something like this: bcdboot X:\Windows /s Y: , where X is the drive letter for the VHD partition with Windows on it, & Y is the drive letter where you want the boot files to go.
docs.microsoft[.]com/en-us/windows-hardware/manufacture/desktop/bcdboot-command-line-options-techref-di
But there’s a catch… BCDBoot has been updated with every version of Windows, and the latest in Windows 10 1909 wouldn’t work to boot the Win7 VM I just converted. I used an older copy of Win10’s WinPE that I frankly forgot about or I would have deleted it. I attached the WinPE ISO to the Win7 VM, set the boot order so the optical drive was on top of the hard disk, and ran BCDBoot from WinPE. Using BCDBoot while running Win7 should be OK, and if you’re in Win10, I think you can copy BCDBoot.exe from Win7 [C:\ Windows\ System32\] to a folder, and running the Command Prompt as admin, as long as you navigate to that folder first, that’s the app that’ll run when you type BCDBoot & press Enter. The odds of getting an older copy of a Win10 WinPE are slim, but you can still get the Win7 AIK & create a Win7 WinPE. You can also try is the Win7 Recovery Environment running off the Windows setup ISO, which might be able to repair the boot files for you. As when installing Win7 to a VM, you’d attached the ISO to the VM, making sure Optical was checked and above the hard drive in the boot order box.
microsoft[.]com/en-US/Download/confirmation.aspx?id=5753
winreflection[.]com/windows-pe-create-iso-image-with-windows-7-aik/
bleepingcomputer[.]com/tutorials/start-the-windows-7-recovery-environment/
If your copy of Win7 won’t start as a VM because of mismatched drivers
You can try the Win7 recovery environment. There are also Windows migration tools in some backup apps that might work, and there are the older Paragon Physical to Virtual apps I mentioned earlier. In VirtualBox, to use a backup app’s tools you’ll need that app’s Rescue disk as an ISO, attaching it to the VM & above the hard disk in the Boot Order box. It my experience all the above are hit or miss, and in my opinion why Paragon no longer sells VM migration tools. You can try to boot into Safe Mode, and if you can, uninstall any old drivers that you don’t think will be needed – if you make a mistake, Win7 will just re-add a needed driver when the VM starts. In safe Mode you can also run msconfig using the Start Menu Run box, limiting the drivers and services that will run when you start Windows. There is however a Gotcha – you must do a little work first to get to Safe Mode…
Booting your VM to Safe Mode
When Win7’s just starting on your PC you can press the F8 key to get a boot menu that includes Safe Mode. With VirtualBox that will not work – you need to add a Boot Menu delay first, and then when that boot menu’s on-screen, you can press F8 and then get to Safe Mode. The easiest way to do that is to mount [attach] the VHD in Windows [as described earlier], and run the free EasyBCD [Google for download links – if you download from the developer you need to provide an email address]. Under the File menu click Select BCD Store, then navigate to the BCD file used by Win7 on that VHD. If Win7’s set for Legacy boot, the BCD file will be in a folder named Boot – for EFI it’s in EFI\ Microsoft\ Boot\ . The Boot &/or EFI folders may be on the same partition as Win7, or in a separate partition that may not have a drive letter, so that you can’t open those folders. If that’s the case, follow my earlier directions using AOMEI Partition Assistant to add a drive letter to that boot partition.
One the BCD is opened, click BCD Backup/Repair on the left, under Backup and Restore Bootloader Settings browse to where you want to save the backup, and click Backup Settings – this allows you to put things back if you want afterward, or in case something goes wrong. Then click Edit Boot Menu and make sure that Count down from [30] is marked and click Save Settings. [If this doesn’t work – I’ve had it fail once – click Add New Entry and add a bogus or duplicate entry.] Now when you detach the VHD & start the VM you should see a boot menu when the VM’s starting, and thus get to Safe Mode.
Extra steps you can try
You can also try uninstalling drivers while running Win7 on your PC/laptop, then close Windows [don’t allow it to restart], make a backup, and use that backup for your VM. If it’s a Must Work situation, running Win7 on your PC/laptop you can also try deleting some of the added drivers [not the ones that come with Windows – note the folder dates] in C:\ Windows\ System32\ DriverStore\ FileRepository\ . I think migration tools fail because while they delete registry entries for old drivers, Win7 just looks first at what drivers were installed in the past and reinstalls them. That File Repository is one source where Win7 will find the old drivers. If that doesn’t work you can attach or mount the VHD in Windows, delete the driver files you suspect are causing problems [Windows\ System32\ Drivers\], as possible find and remove corresponding .inf files [Windows\ INF\], and load the Local Machine System registry hive in Regedit, deleting keys that load those driver files you deleted. 4sysops[.]com/archives/regedit-as-offline-registry-editor/
VM First Start
When a Win7 VM starts for the first time Windows will likely add some drivers, ask you to restart etc. Once things calm down a bit type msconfig in the Start Menu Run box & click OK, and in the window that opens, go to the Boot tab, check the box for Safe Mode, click OK and when prompted restart. In Safe Mode open Windows Explorer, navigate to the Additions ISO in the CD/DVD drive, and run the setup app as admin. [Running setup in Safe Mode is the only way to add the needed D3D emulation.] When that’s done, again run msconfig using the Run box, uncheck the Safe boot box on the Boot tab, and select Normal Startup on the General tab, click OK and restart when prompted. When it (re)starts Windows will again start adding drivers. If you migrated a copy of Win7, now you need to try to increase the VM’s performance – it’ll most likely be somewhere between a real mess and sluggish.
Improving performance in a migrated copy of Windows 7
If you had a full anti-virus suite installed, I suggest you remove it using the regular uninstall in Windows, followed by the special uninstall app if the software company that made the suite has one. Later you can install something lighter weight, e.g. Security Essentials. You need to uninstall the old graphics drivers – DDU [guru3d[.]com/files-details/display-driver-uninstaller-download.html] is an option that may work wonderfully in this regard or may bring disaster [I’ve experienced both]. In Control Panel -> Device Mgr. right click any old drivers still being used, e.g. for network adapter &/or Realtek audio, and click uninstall – where there’s the option to remove the driver files, do so. Note that with my most recent Win7 conversion, I had to uninstall several of these components more than once before it finally took hold.
Sysinternals Autoruns [docs.microsoft[.]com/en-us/sysinternals/downloads/autoruns] can pinpoint old drivers & services that should not be running. In some cases services will show up in Control Panel -> Administrative Tools -> Services, where they can be easily disabled. Otherwise in Autoruns right click the offending driver or service & click Jump to entry. This will open Regedit with the related key selected. Copy the name of that key, optionally export it if you want to be able to put it back, delete the key, navigate in Regedit to Computer in the left pane, and search on that key’s name. You’ll normally find at least one duplicate to the key you just deleted and need to delete those as well. You can do the same for any apps that start with Windows, though you won’t normally need to search for duplicates.
Your Win7 VM will hopefully be running much better at this point – if not you may want to consider bailing out. You can usually further increase performance by uninstalling any software that you don’t think you’ll use, and if you’re using a dynamically expanding VHD, compact it to reduce the size of the VHD, which may also increase performance. To compact a VHD in VirtualBox you start by running a defrag to consolidate all files towards the beginning of the drive – I use the older MyDefrag because I can consolidate files without the complication of trying to optimize which files go to the very beginning. Then I run an app Microsoft released with Win7’s XP Mode & Virtual PC – Precompact – which you can find online. It’s run from the Command Prompt [run as admin] and zeros out everything that isn’t used by stored files. Then after closing the VM, I make a copy of the VHD using the free CloneVDI, checking the boxes for Keep old UUID & Compact drive while copying. This is also a great way to turn a .vhd format file to the VirtualBox native .vdi.
Finishing up
If you installed a new copy of Win7, and IF you’re running your VM on newer hardware, you will likely need to add wufuc [github[.]com/zeffy/wufuc] to get the complete series of Windows updates available. Whether your copy of Win7 is new or old you’ll want to add USB 3.0 capabilities -- us.informatiweb[.]net/tutorials/it/11-virtualization/262--virtualbox-6-0-5-2-enable-usb-3-0-support-in-a-windows-7-virtual-machine.html . And you can improve network performance -- petri[.]com/how-to-improve-network-performance-in-windows-virtualbox-guests . Because your VM is isolated you get files in and out by sharing folders over the network. You can create a permanent or temporary share in the VM’s settings, or with the VM running, at the top of the window click Devices -> Shared Folders.
A final note & piece of advice… I keep copies of the VHDs my VMs use, restoring VMs as needed by copying that safe copy over the one that’s used by VirtualBox. But *stuff* happens. Whenever I update one of my VMs, I rename the existing copy of the VHD to .vd_ [instead of .vdi], then copy the new version to the backup folder, so I have both the old & new version. Next time I’ll delete the .vd_ file,