Browse Source

first commit working windows templates

master
Jochen Welzel 1 year ago
commit
bdb1bb6a5a
  1. 4
      .gitignore
  2. 47
      Win10-base.json
  3. 54
      Win10-cleanup.json
  4. 84
      Win10-install.json
  5. 55
      Win10-updates.json
  6. 174
      answer_files/Autounattend.xml
  7. 63
      answer_files/Autounattendx64.xml
  8. 3
      privatedata.json
  9. 6
      scripts/SetupComplete-qemu.ps1
  10. 15
      scripts/SetupComplete-vmw.ps1
  11. 44
      scripts/bootstrap-win.ps1
  12. 70
      scripts/cleanup-compact.ps1
  13. 35
      scripts/cleanup.ps1
  14. 17
      scripts/cloudbase-init.ps1
  15. 74
      scripts/configure-win.ps1
  16. 106
      scripts/configure-windows-local-policy.ps1
  17. 13
      scripts/install_chocolatey.ps1
  18. 15
      scripts/install_firefox.ps1
  19. 6
      scripts/install_virtio_guest.ps1
  20. 3
      scripts/sysprep-shutdown.ps1
  21. 9
      scripts/tools-winrm.ps1
  22. 160
      scripts/windows-update-winrm.ps1

4
.gitignore vendored

@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
iso
VM
files
packer_cache

47
Win10-base.json

@ -0,0 +1,47 @@ @@ -0,0 +1,47 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-base",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-base.qcow2",
"iso_url": "iso/windows_10_ent_eval.iso",
"iso_checksum": "sha256:32c7b0a51a48cc4f67c250be4fe2b384febb9cc864c5b77a052d4e2845394eac",
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"boot_wait": "9m",
"floppy_files": [
"answer_files/Autounattend.xml",
"files/virtio-win/Win10/",
"scripts/bootstrap-win.ps1"
],
"headless": true
}
],
"provisioners": [
]
}

54
Win10-cleanup.json

@ -0,0 +1,54 @@ @@ -0,0 +1,54 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-cleanup",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-cleanup.qcow2",
"iso_url": "VM/win10-install/win10-install.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/cleanup.ps1",
"remote_path": "C:/tools/cleanup.ps1"
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

84
Win10-install.json

@ -0,0 +1,84 @@ @@ -0,0 +1,84 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-install",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-install.qcow2",
"iso_url": "VM/win10-update/win10-update.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/install_virtio_guest.ps1",
"remote_path": "C:/tools/install_virtio_guest.ps1"
},
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/install_chocolatey.ps1",
"remote_path": "C:/tools/install_chocolatey.ps1"
},
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"inline": [
"Set-ItemProperty 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\' -Name \"fDenyTSConnections\" -Value 0",
"Set-ItemProperty 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\\' -Name \"UserAuthentication\" -Value 1",
"Enable-NetFirewallRule -DisplayGroup \"Remote Desktop\"",
"Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0",
"Start-Service sshd",
"Set-Service -Name sshd -StartupType 'Automatic'",
"choco install notepadplusplus --yes --no-progress --failonstderr",
"choco install powershell-core --yes --no-progress --failonstderr",
"choco install vlc --yes --no-progress --failonstderr",
"choco install mpv --yes --no-progress --failonstderr",
"choco install brave --yes --no-progress --failonstderr",
"choco install Firefox --yes --no-progress --failonstderr",
"choco install warp --yes --no-progress --failonstderr",
"choco install microsoft-windows-terminal --yes --no-progress --failonstderr",
"choco install FoxitReader --yes --no-progress --failonstderr",
"New-ItemProperty -Path \"HKLM:\\SOFTWARE\\OpenSSH\" -Name DefaultShell -Value 'C:\\Program Files\\PowerShell\\7\\pwsh.exe' -PropertyType String -Force"
]
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

55
Win10-updates.json

@ -0,0 +1,55 @@ @@ -0,0 +1,55 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-update",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-update.qcow2",
"iso_url": "VM/win10-base/win10-base.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "windows-update",
"search_criteria": "IsInstalled=0",
"filters": [
"exclude:$_.Title -like '*Preview*'",
"include:$true"
]
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

174
answer_files/Autounattend.xml

@ -0,0 +1,174 @@ @@ -0,0 +1,174 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing/>
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<PathAndCredentials wcm:keyValue="1" wcm:action="add">
<Path>a:\</Path>
</PathAndCredentials>
</DriverPaths>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 10</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>jochen</FullName>
<Organization>zelnet</Organization>
<!-- Product Key from http://technet.microsoft.com/en-us/library/ff793406.aspx -->
</UserData>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows 10 Enterprise Evaluation</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>true</EnableLUA>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<AdministratorPassword>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Description>localuser User</Description>
<DisplayName>jochen</DisplayName>
<Group>administrators</Group>
<Name>jochen</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<AutoLogon>
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Username>jochen</Username>
<Enabled>true</Enabled>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -File a:\bootstrap-win.ps1</CommandLine>
<Description>Bootstrap Windows</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\netkvm.inf</CommandLine>
<Order>96</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\vioscsi.inf</CommandLine>
<Order>97</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\viostor.inf</CommandLine>
<Order>98</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
</FirstLogonCommands>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<!-- Rename computer here. -->
<ComputerName>winimage-qemu</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows 7 ENTERPRISE.clg"/>
</unattend>

63
answer_files/Autounattendx64.xml

@ -0,0 +1,63 @@ @@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>ZelVM</FullName>
<Organization>zelnet</Organization>
</UserData>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Description>jochen</Description>
<DisplayName>jochen</DisplayName>
<Name>jochen</Name>
<Group>Administrators</Group>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -ExecutionPolicy Bypass -File c:\tools\customize.ps1</CommandLine>
<Description>Customization</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:d:/images/wim/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

3
privatedata.json

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
{
"localuser_win_pass": "Aqdcgt12"
}

6
scripts/SetupComplete-qemu.ps1

@ -0,0 +1,6 @@ @@ -0,0 +1,6 @@
# start cloudbase-init service and set to auto-start
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cloudbase-init start= auto" -wait
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "start cloudbase-init" -wait
exit 0

15
scripts/SetupComplete-vmw.ps1

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
# if you create custom ovfEnv properties in your template you can easily turn them into Environment variables for fun automation possibiliites.
# read properties from vmware tools and store as xml
& "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.ovfEnv" 2>&1 | tee-object -variable vmtoolsxml | out-null
[xml]$vmtoolsxml = $vmtoolsxml
# turn all properties into ps Environment variables
foreach( $property in $vmtoolsxml.Environment.PropertySection.SelectNodes("*")){
$ps_varname = ($property.key | %{$_ -replace "vm.",""} | %{$_ -replace "\.","_"} )
new-variable -name $ps_varname -value $property.value
}
exit 0

44
scripts/bootstrap-win.ps1

@ -0,0 +1,44 @@ @@ -0,0 +1,44 @@
# windows powershell bootstrap script
$host.ui.RawUI.WindowTitle = "Bootstrapping Windows"
New-Item -Path "c:\" -Name "logs" -ItemType "directory"
New-Item -Path "c:\" -Name "tools" -ItemType "directory"
# supress network location Prompt
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force
# set network to private
# Make administrator user active for desktop OS
net user administrator /active:yes
# disable windows defender If you install your own AV later
#if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
# Set-MpPreference -DisableRealtimeMonitoring $true -DisableArchiveScanning $true -DisableIOAVProtection $true
#}
$netprofile = Get-NetConnectionProfile
Set-NetConnectionProfile -Name $netprofile.Name -NetworkCategory Private
# enable winrm on http
winrm quickconfig -quiet
# config winrm settings to work with packer
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
# configure powersaving and screen saver
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -change -monitor-timeout-ac 0
powercfg -hibernate OFF
New-Itemproperty -Path "registry::HKCU\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKCU\Control Panel\Desktop" -Name ScreenSaveTimeOut -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKU\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKU\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveTimeOut -Value 0 -PropertyType "DWord" -Force
#Stop windows updtes from starting immediatly
$WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
$WUSettings.NotificationLevel=1
$WUSettings.save()

70
scripts/cleanup-compact.ps1

@ -0,0 +1,70 @@ @@ -0,0 +1,70 @@
#Powershell version of install cleanup_compact
# get the windows kernel version
$KERNELVERSION = [Environment]::OSVersion.Version
get-packageprovider -name chocolatey -ForceBootstrap
install-package sdelete -force
#install-package ultradefrag -force
# unzip function
function punzip( $zipfile, $outdir ) {
If(-not(Test-Path -path $zipfile)){return "zipfile " + $zipfile + " not found!"}
If(-not(Test-Path -path $outdir)){return "output dir " + $outdir + " not found!"}
$shell = new-object -com shell.application
$zip = $shell.NameSpace($zipfile)
foreach($item in $zip.items())
{
$shell.Namespace($outdir).copyhere($item)
}
}
## Download the FILES
$client = new-object System.Net.WebClient
$client.DownloadFile("http://downloads.sourceforge.net/project/ultradefrag/stable-release/7.0.1/ultradefrag-portable-7.0.1.bin.amd64.zip", "C:\windows\temp\ultradefrag-portable-7.0.1.bin.amd64.zip" )
# Stops the windows update service.
Stop-Service -Name wuauserv -Force -EA 0
Get-Service -Name wuauserv
# Delete the contents of windows software distribution.
write-output "Delete the contents of windows software distribution"
Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Delete the contents of localuser apps.
write-output "Delete the contents of localuser apps"
Get-ChildItem "C:\users\localuser\AppData\Local\Packages\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Delete the contents of user template desktop.
write-output "Delete the contents of user template desktop"
Get-ChildItem "C:\Users\Public\Desktop\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Starts the Windows Update Service
Start-Service -Name wuauserv -EA 0
# use dism to cleanup windows sxs. This only works on 2012r2 and 8.1 and above.
# bumped up to windows 10 only as was failing on 2012r2
if ([Environment]::OSVersion.Version -ge [Version]"10.0") {
write-output "Cleaning up winSXS with dism"
dism /online /cleanup-image /startcomponentcleanup /resetbase /quiet
}
# extract ultradefrag archive
write-output "extracting ultradefrag archive"
punzip ("C:\windows\temp\ultradefrag-portable-7.0.1.bin.amd64.zip") ("C:\Windows\temp")
# Defragment the virtual disk blocks
write-output "Starting to Defragment Disk"
start-process -FilePath 'C:\Windows\Temp\ultradefrag-portable-7.0.1.amd64\udefrag.exe' -ArgumentList '--optimize --repeat C:' -wait -verb RunAs
# Zero dirty blocks
write-output "Starting to Zero blocks"
#New-Item -Path "HKCU:\Software\Sysinternals\SDelete" -force -ErrorAction SilentlyContinue
#Set-ItemProperty -Path "HKCU:\Software\Sysinternals\SDelete" -Name EulaAccepted -Value "1" -Type DWORD -force
start-process -FilePath 'C:\Chocolatey\bin\sdelete64.bat' -ArgumentList '-q -z C:' -wait -EA 0
uninstall-package sdelete -force
exit 0

35
scripts/cleanup.ps1

@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
Write-Host "Cleaning updates.." -ForegroundColor 'Cyan'
Stop-Service -Name wuauserv -Force
Remove-Item c:\Windows\SoftwareDistribution\Download\* -Recurse -Force
Start-Service -Name wuauserv
Write-Host "Cleaning SxS..." -ForegroundColor 'Cyan'
Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
@(
"$env:localappdata\Nuget",
"$env:localappdata\temp\*",
"$env:windir\logs",
"$env:windir\panther",
"$env:windir\temp\*",
"$env:windir\winsxs\manifestcache"
) | ForEach-Object {
if (Test-Path $_) {
Write-Host "Removing $_"
try {
Takeown /d Y /R /f $_
Icacls $_ /GRANT:r administrators:F /T /c /q 2>&1 | Out-Null
Remove-Item $_ -Recurse -Force | Out-Null
}
catch { $global:error.RemoveAt(0) }
}
}
Write-Host "defragging..." -ForegroundColor 'Cyan'
if (Get-Command Optimize-Volume -ErrorAction SilentlyContinue) {
Optimize-Volume -DriveLetter C
}
else {
Defrag.exe c: /H
}
fsutil behavior set DisableDeleteNotify 0

17
scripts/cloudbase-init.ps1

@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
#download installer
$client = new-object System.Net.WebClient
$client.DownloadFile("https://cloudbase.it/downloads/CloudbaseInitSetup_Stable_x64.msi", "C:\windows\temp\CloudbaseInitSetup_Stable_x64.msi" )
# install the payload
start-process -FilePath 'c:\Windows\temp\CloudbaseInitSetup_Stable_x64.msi' -ArgumentList '/qn /l*v C:\windows\temp\cloud-init.log LOGGINGSERIALPORTNAME=COM1 USERNAME=admin' -passthru | wait-process
# verify that cloudbase-init tools exists
if (-not(test-path -path "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts")){
Write-output "cloudbase-init not installed exiting..."
exit 1
}
move-item C:\Windows\Temp\cloudbase-init-unattend.conf "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" -force
move-item C:\Windows\Temp\cloudbase-init.conf "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" -force
move-item C:\Windows\Temp\cloudbase-init-firstboot.ps1 "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\cloudbase-init-firstboot.ps1" -force
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cloudbase-init start= demand" -wait

74
scripts/configure-win.ps1

@ -0,0 +1,74 @@ @@ -0,0 +1,74 @@
# windows server cleanup
# test to see if this is a desktop version of windows
$windesktop = (gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])"
if ($windesktop)
{
write-output "This is a desktop version of windows"
}
write-output "Disable Hybernation"
powercfg -hibernate OFF
write-output "configure screen saver"
Set-ItemProperty -Path "registry::HKEY_USERS\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveActive -Value 0
write-output "change administrator user pass next login"
# this gets reset by sysprep/guest customization. need to set it again in the guest customization script.
net user localuser /logonpasswordchg:no
write-output "Enable administrator account"
net user administrator /active:yes
write-output "Disable firewall"
netsh advfirewall set allprofiles state off
write-output "supress network location Prompt"
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force
# remove troublesome 3rd party app store apps that cause sysprep to fail
if ($windesktop)
{
if ([Environment]::OSVersion.Version -ge (new-object 'Version' 10,0))
{
Get-AppxPackage -user localuser PackageFullName | Remove-AppxPackage -ErrorAction SilentlyContinue
}
}
## Optimize IPv6 settings
write-output "disable privacy IPv6 addresses"
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
write-output "enable EUI-64 addressing"
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
write-output "Enable Remote Desktop"
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null
write-output "Clear windows autologon"
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultDomainName -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserPassword -EA 0
# not the most secure option here..
write-output "Enable remote command policy"
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1 -Type DWord
# sysprep with wmf 5 fix
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\StreamProvider -Name LastFullPayloadTime -Value 0 -Type DWord
# set ntp to sync time before domain join
Write-Output "Setting System Time Zone to UTC `r"
tzutil.exe /s "UTC"
write-output "setup guest customization shim"
if(!(Test-Path -Path "C:\Windows\Setup\Scripts" )){
New-Item -ItemType directory -Path "C:\Windows\Setup\Scripts"
}
Set-Content -path C:\windows\setup\scripts\SetupComplete.cmd -value 'powershell -executionpolicy bypass -file C:\windows\setup\scripts\SetupComplete.ps1'
move-item c:\windows\temp\SetupComplete.ps1 c:\windows\setup\scripts\

106
scripts/configure-windows-local-policy.ps1

@ -0,0 +1,106 @@ @@ -0,0 +1,106 @@
$ProgressPreference="SilentlyContinue"
# test to see if this is a desktop version of windows
$windesktop = (gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])"
if ($windesktop)
{
write-output "This is a desktop version of windows"
}
# get the windows kernel version
$KERNELVERSION = [Environment]::OSVersion.Version
# example test for reference.
# 6.1 = Windows 7 & 2008 R2
# 6.2 = Windows 8 & Server 2012
# 6.3 = Windows 8.1 & Server 2012 R2
# 10.0 = Windows 10 & Server 2016
#if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
# write-output "Windows 10 kernel version"
#}
# install PolicyFileEditor
Install-Module -Name PolicyFileEditor -Confirm:$false
# disable windows defender
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Data 1 -Type DWord
# reg unload
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\System" -ValueName DisableForceUnload -Data 1 -Type DWord
# ProcessCreationIncludeCmdLine_Enabled
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit" -ValueName ProcessCreationIncludeCmdLine_Enabled -Data 1 -Type DWord
# set RDP Min encryption level
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName MinEncryptionLevel -Data 3 -Type DWord
# set RPC encryption
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName fEncryptRPCTraffic -Data 1 -Type DWord
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName fPromptForPassword -Data 1 -Type DWord
# limit log size
limit-eventlog -logname Security -MaximumSize 1048576kb
# Windows 81 & 2012r2 or newer
if ($KERNELVERSION -ge (new-object 'Version' 6,3)) {
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -ValueName EnableModuleLogging -Data 1 -Type DWord
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -ValueName **delvals. -Data 1 -Type String
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -ValueName Microsoft.Powershell.* -Data Microsoft.Powershell.* -Type String
}
# Windows 10 specific policy
if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
write-output "Setting Windows Kernel Version 10 Policy"
# disable web results search bar
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Data 0 -Type DWord
# disable Cortana
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Data 0 -Type DWord
}
# show results
write-output "Listing configured local windows policies"
Get-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -All
write-output "Configure local security policy"
secedit /export /cfg c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('PasswordComplexity = 0', 'PasswordComplexity = 1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MaximumPasswordAge = 42', 'MaximumPasswordAge = 90') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MaximumPasswordAge = 0', 'MaximumPasswordAge = 90') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('PasswordHistorySize = 0', 'PasswordHistorySize = 10') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('DontDisplayLastUserName=4,0', 'DontDisplayLastUserName=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('CachedLogonsCount=1,"10"', 'CachedLogonsCount=1,"4"') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('RestrictAnonymous=4,0', 'RestrictAnonymous=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('FilterAdministratorToken=4,0', 'FilterAdministratorToken=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('LockoutBadCount = 0', "LockoutBadCount = 5`nResetLockoutCount = 15`nLockoutDuration = 15`n") | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MinimumPasswordLength = 8', 'MinimumPasswordLength = 12') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MinimumPasswordLength = 0', 'MinimumPasswordLength = 12') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('FilterAdministratorToken=4,0', 'FilterAdministratorToken=4,1') | Out-File c:\windows\temp\secpol.cfg
get-content c:\windows\temp\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\windows\temp\secpol.cfg /areas SECURITYPOLICY
#audit policy
write-output "Configure local audit policy"
auditpol /set /subcategory:"Credential Validation" /failure:enable /success:enable
auditpol /set /subcategory:"Application Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"Computer Account Management" /failure:enable /success:enable
auditpol /set /subcategory:"Distribution Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"Other Account Management Events" /failure:enable /success:enable
auditpol /set /subcategory:"Security Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"User Account Management" /failure:enable /success:enable
auditpol /set /subcategory:"Process Creation" /success:enable
auditpol /set /subcategory:"Account Lockout" /failure:enable /success:enable
auditpol /set /subcategory:"File Share" /failure:enable
auditpol /set /subcategory:"Registry" /failure:enable
auditpol /set /subcategory:"Removable Storage" /failure:enable /success:enable
auditpol /set /subcategory:"SAM" /failure:enable /success:enable
auditpol /set /subcategory:"Audit Policy Change" /failure:enable /success:enable
auditpol /set /subcategory:"Authentication Policy Change" /failure:enable /success:enable
auditpol /set /subcategory:"Sensitive Privilege Use" /success:enable
auditpol /set /subcategory:"Security State Change" /failure:enable /success:enable
auditpol /set /subcategory:"Security System Extension" /failure:enable /success:enable
auditpol /set /subcategory:"Process Termination" /failure:enable /success:enable
# report audit policy
auditpol.exe /get /category:*

13
scripts/install_chocolatey.ps1

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
(new-object net.webclient).DownloadFile('https://chocolatey.org/install.ps1', 'C:\Windows\Temp\install.ps1')
$env:chocolateyUseWindowsCompression = 'false'
for($try = 0; $try -lt 5; $try++)
{
& C:/Windows/Temp/install.ps1
if ($?) { exit 0 }
if (Test-Path C:\ProgramData\chocolatey) { exit 0 }
Write-Host "Failed to install chocolatey (Try #${try})"
Start-Sleep 2
}
Write-Error "Chocolatey failed to install, please re-build your machine again"
exit 2

15
scripts/install_firefox.ps1

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date Start Run" | Out-File 'C:\logs\customize.log' -Append
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date create install dir" | Out-File 'C:\logs\customize.log' -Append
New-Item -Path "c:\" -Name "install" -ItemType "directory"
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date download firefox" | Out-File 'C:\logs\customize.log' -Append
Invoke-WebRequest -Uri "https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=de" -OutFile "c:\install\firefox.exe"
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date install firefox" | Out-File 'C:\logs\customize.log' -Append
c:\install\firefox -ms
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date Finish Run" | Out-File 'C:\logs\customize.log' -Append

6
scripts/install_virtio_guest.ps1

@ -0,0 +1,6 @@ @@ -0,0 +1,6 @@
Invoke-Webrequest -Uri "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso" -OutFile "C:\tools\virtio-win.iso"
$iso=Mount-DiskImage C:\tools\virtio-win.iso
$driveletter=(Get-Volume -DiskImage $iso).DriveLetter
msiexec /qb /x $driveletter":\virtio-win-gt-x64.msi"

3
scripts/sysprep-shutdown.ps1

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
# Kick off sysprep
start-process -FilePath 'C:/windows/System32/Sysprep/sysprep.exe' -ArgumentList '/oobe /generalize /shutdown "/unattend:C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml"'
exit 0

9
scripts/tools-winrm.ps1

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
# install vmware tools
write-output "Starting VMare Tools install"
## Download vmware tools
$client = new-object System.Net.WebClient
$client.DownloadFile("https://packages.vmware.com/tools/releases/latest/windows/x64/VMware-tools-10.0.9-3917699-x86_64.exe", "C:\windows\temp\setup64.exe" )
#Write-host "Installing VMware Tools..."
start-process -FilePath 'C:/Windows/Temp/setup64.exe' -ArgumentList '/S /v "/qn /l*v ""C:\windows\temp\vmwtoolsinstall.log"" ADDLOCAL=ALL REMOVE=Hgfs REBOOT=R"'

160
scripts/windows-update-winrm.ps1

@ -0,0 +1,160 @@ @@ -0,0 +1,160 @@
# Powershell version of install windows update via task scheduler
# This script creates a logon task to run windows updates.
# Depends on packer windows-restart to start the taks and stop winrm.
# After all updaets are instaled winrm is started and the login task is removed.
# setup window name and script name variable
$scriptname="windows-update-winrm.ps1"
$host.ui.RawUI.WindowTitle = "$scriptname"
# start logging
start-transcript -path c:\windows\temp\windows-update-winrm.log -append
# Report the IE version Installed
Write-output ("Installed IE Version currently is " + (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version)
# Report the powershell version installed
$powershellversion=$PSVersionTable.PSVersion
write-output "Powershell version $powershellversion installed"
if ($PSVersionTable.PSVersion.Major -lt 5) {
write-output "Powershell upgrade in previous step failed!!"
get-content "C:\Windows\wsusofflineupdate.log"
exit 1
}
# Report the version of windows update agent
$wu_agent=(get-command C:\windows\system32\wups2.dll).version
if ($wu_agent -ge [Version]"7.6.7601.19161") {
write-output "Windows Update agent is current! $wu_agent"
} else {
write-output "Windows Update agent out of date! $wu_agent"
}
# Check to see if scheduled task called $scriptname exists
if (schtasks /query /tn $scriptname 2>$null ) {
write-output "Checking for updates...."
Get-WUInstallerStatus
# hack to get buggy windows 7 to show updates
#if ([Environment]::OSVersion.Version -le [Version]"6.1.7601.65536") {
#if ((gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])") {
if ([Version](Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version -le [Version]"9.11.9600.18231") {
write-output "Forcing Windows to search for updates until it finds some...."
while (-not(Get-WindowsUpdate -notCategory "Windows 7 Language Packs")) {
write-output "Still looking for updates...."
}
Write-output "Win Found some updates"
}
#}
#}
# Actually install the updates starts here..
if (Get-WindowsUpdate -notCategory "Windows 7 Language Packs" -NotTitle "Printer")
{
write-output "Starting Windows update installation..."
# run windows updates
Install-WindowsUpdate -IgnoreUserInput -AcceptALL -IgnoreReboot -verbose -notCategory "Windows 7 Language Packs"
# restart after every insstall of updates
stop-transcript
restart-computer
} else {
write-output "No updates found..."
# maybe check for systems that still show zero installed updates and reboot
#if (Get-WUList -IsInstalled) {write-output "updates have been installed"}
#remove scheduled task
schtasks /delete /tn $scriptname /f
# stop logging & dump to console so it gets recorded in packer log
#get-content c:\windows\temp\windows-update-winrm.log
# start winrm service and set to autostart
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config WinRM start= delayed-auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "start WinRM" -wait
stop-transcript
restart-computer
}
} else {
# first run of script
# setup windows updater components
$ErrorActionPreference = 'Stop'
# install nuget
write-output "Installing NuGet"
[int]$attempts = 0
do {
try {
$attempts +=1
Get-PackageProvider -Name NuGet -ForceBootstrap
if (-not([string](Get-PackageProvider).name -match "NuGet")) { throw "Error installing NuGet" }
break
} catch {
write-host "Problem installing NuGet `tAttempt $attempts `
`n`tException: " $_.Exception.Message
start-sleep -s 20
}
}
while ($attempts -lt 10)
if ($attempts -ge 10) {
write-host "NuGet failed to install!!"
exit 1
}
# allow repo install
write-output "adding PSGallery repo"
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
# install PSWindowsUpdate
write-output "Installing PSWindowsUpdate"
Install-Module -Name PSWindowsUpdate -Confirm:$false | out-null
write-output "Installed PSWindowsUpdate"
# attempt install early for debugging
#Get-WUInstallerStatus
#Get-WindowsUpdate -notCategory "Windows 7 Language Packs"
write-output "Modern windows update tools installed..."
##### Debugging BS for windows 7 below..
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config bits start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config wuauserv start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config appidsvc start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cryptsvc start= auto" -wait
#if ([Environment]::OSVersion.Version -le [Version]"6.2") {
# Write-output "Installing KB KB2966583"
# Install-WindowsUpdate -KBArticleID KB2966583 -acceptall
#}
# Stops the windows update service.
# Get-Service -Name wuauserv | Stop-Service -Force -Verbose -ErrorAction SilentlyContinue
# Delete the contents of windows software distribution.
#write-output "Delete the contents of windows software distribution"
#Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# setup windows update server from envrionment variables
#write-output "Windows Update Group $env:wsus_group"
#write-output "Windows Update Server $env:wsus_server"
# check if you can reach the wsus server
#If (test-connection -quiet $env:wsus_server) {
#$wsusserver="http://" + $env:wsus_server + ":8530"
#} elseif (test-connection -quiet 10.122.168.21) {
#$wsusserver="http://10.122.168.21:8530"
#} else {
#write-output "Unable to contact the wsus server. Using microsoft.com"
#}
# set windows updates to pull from local wsus server
#if ($wsusserver) {
#write-output "WSUS server contacted " $wsusserver
#New-Item -Path "HKLM:Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -force -ErrorAction SilentlyContinue
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUServer -Value $wsusserver -Type String -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUStatusServer -Value $wsusserver -Type String -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate\AU" -Name UseWUServer -Value "1" -Type DWORD -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroupEnabled -Value "1" -Type DWORD -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroup -Value $env:wsus_group -Type String -force
#}
# set winrm to manual start to prevent packer from connecting on reboot
Set-Service -Name winrm -StartupType Manual
# if schedled task does not exist create it
Write-output "Creating scheduled task to start $scriptname with proper elevation"
# setup task scheduler login item to process this script next boot
schtasks /create /ru "BUILTIN\administrators" /sc ONLOGON /tn $scriptname /tr "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\windows\temp\$scriptname" /rl highest /f /np
}
stop-transcript
exit 0
Loading…
Cancel
Save