jochen
/
packer-templates
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

first commit working windows templates

master
Jochen Welzel 1 year ago
commit
bdb1bb6a5a
22 changed files with 1057 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      .gitignore
  2. 47
      Win10-base.json
  3. 54
      Win10-cleanup.json
  4. 84
      Win10-install.json
  5. 55
      Win10-updates.json
  6. 174
      answer_files/Autounattend.xml
  7. 63
      answer_files/Autounattendx64.xml
  8. 3
      privatedata.json
  9. 6
      scripts/SetupComplete-qemu.ps1
  10. 15
      scripts/SetupComplete-vmw.ps1
  11. 44
      scripts/bootstrap-win.ps1
  12. 70
      scripts/cleanup-compact.ps1
  13. 35
      scripts/cleanup.ps1
  14. 17
      scripts/cloudbase-init.ps1
  15. 74
      scripts/configure-win.ps1
  16. 106
      scripts/configure-windows-local-policy.ps1
  17. 13
      scripts/install_chocolatey.ps1
  18. 15
      scripts/install_firefox.ps1
  19. 6
      scripts/install_virtio_guest.ps1
  20. 3
      scripts/sysprep-shutdown.ps1
  21. 9
      scripts/tools-winrm.ps1
  22. 160
      scripts/windows-update-winrm.ps1

4
.gitignore vendored
Unescape View File

@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
iso
VM
files
packer_cache

47
Win10-base.json
Unescape View File

@ -0,0 +1,47 @@ @@ -0,0 +1,47 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-base",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-base.qcow2",
"iso_url": "iso/windows_10_ent_eval.iso",
"iso_checksum": "sha256:32c7b0a51a48cc4f67c250be4fe2b384febb9cc864c5b77a052d4e2845394eac",
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"boot_wait": "9m",
"floppy_files": [
"answer_files/Autounattend.xml",
"files/virtio-win/Win10/",
"scripts/bootstrap-win.ps1"
],
"headless": true
}
],
"provisioners": [
]
}

54
Win10-cleanup.json
Unescape View File

@ -0,0 +1,54 @@ @@ -0,0 +1,54 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-cleanup",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-cleanup.qcow2",
"iso_url": "VM/win10-install/win10-install.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/cleanup.ps1",
"remote_path": "C:/tools/cleanup.ps1"
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

84
Win10-install.json
Unescape View File

@ -0,0 +1,84 @@ @@ -0,0 +1,84 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-install",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-install.qcow2",
"iso_url": "VM/win10-update/win10-update.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/install_virtio_guest.ps1",
"remote_path": "C:/tools/install_virtio_guest.ps1"
},
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"script": "scripts/install_chocolatey.ps1",
"remote_path": "C:/tools/install_chocolatey.ps1"
},
{
"type": "powershell",
"elevated_user": "Administrator",
"elevated_password": "Aqdcgt12",
"inline": [
"Set-ItemProperty 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\' -Name \"fDenyTSConnections\" -Value 0",
"Set-ItemProperty 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\\' -Name \"UserAuthentication\" -Value 1",
"Enable-NetFirewallRule -DisplayGroup \"Remote Desktop\"",
"Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0",
"Start-Service sshd",
"Set-Service -Name sshd -StartupType 'Automatic'",
"choco install notepadplusplus --yes --no-progress --failonstderr",
"choco install powershell-core --yes --no-progress --failonstderr",
"choco install vlc --yes --no-progress --failonstderr",
"choco install mpv --yes --no-progress --failonstderr",
"choco install brave --yes --no-progress --failonstderr",
"choco install Firefox --yes --no-progress --failonstderr",
"choco install warp --yes --no-progress --failonstderr",
"choco install microsoft-windows-terminal --yes --no-progress --failonstderr",
"choco install FoxitReader --yes --no-progress --failonstderr",
"New-ItemProperty -Path \"HKLM:\\SOFTWARE\\OpenSSH\" -Name DefaultShell -Value 'C:\\Program Files\\PowerShell\\7\\pwsh.exe' -PropertyType String -Force"
]
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

55
Win10-updates.json
Unescape View File

@ -0,0 +1,55 @@ @@ -0,0 +1,55 @@
{
"builders": [
{
"type": "qemu",
"communicator": "winrm",
"skip_compaction": "false",
"output_directory": "VM/win10-update",
"format": "qcow2",
"accelerator": "kvm",
"qemuargs": [
[
"-m",
"8192"
],
[
"-usbdevice",
"tablet"
],
[
"-smp",
"4"
]
],
"net_device": "virtio-net",
"disk_interface": "virtio-scsi",
"vm_name": "win10-update.qcow2",
"iso_url": "VM/win10-base/win10-base.qcow2",
"iso_checksum": "none",
"disk_image": true,
"winrm_username": "Administrator",
"winrm_password": "Aqdcgt12",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "30m",
"cpus": 4,
"disk_size": "51200",
"skip_resize_disk": true,
"headless": true
}
],
"provisioners": [
{
"type": "windows-update",
"search_criteria": "IsInstalled=0",
"filters": [
"exclude:$_.Title -like '*Preview*'",
"include:$true"
]
},
{
"type": "windows-restart",
"restart_timeout": "1h"
}
]
}

174
answer_files/Autounattend.xml
Unescape View File

@ -0,0 +1,174 @@ @@ -0,0 +1,174 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing/>
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<PathAndCredentials wcm:keyValue="1" wcm:action="add">
<Path>a:\</Path>
</PathAndCredentials>
</DriverPaths>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 10</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>jochen</FullName>
<Organization>zelnet</Organization>
<!-- Product Key from http://technet.microsoft.com/en-us/library/ff793406.aspx -->
</UserData>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows 10 Enterprise Evaluation</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>true</EnableLUA>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<AdministratorPassword>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Description>localuser User</Description>
<DisplayName>jochen</DisplayName>
<Group>administrators</Group>
<Name>jochen</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<AutoLogon>
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Username>jochen</Username>
<Enabled>true</Enabled>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -File a:\bootstrap-win.ps1</CommandLine>
<Description>Bootstrap Windows</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\netkvm.inf</CommandLine>
<Order>96</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\vioscsi.inf</CommandLine>
<Order>97</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c pnputil -i -a a:\viostor.inf</CommandLine>
<Order>98</Order>
<Description>Install netkvm</Description>
</SynchronousCommand>
</FirstLogonCommands>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<!-- Rename computer here. -->
<ComputerName>winimage-qemu</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows 7 ENTERPRISE.clg"/>
</unattend>

63
answer_files/Autounattendx64.xml
Unescape View File

@ -0,0 +1,63 @@ @@ -0,0 +1,63 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>ZelVM</FullName>
<Organization>zelnet</Organization>
</UserData>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<SystemLocale>de-de</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>Aqdcgt12</Value>
<PlainText>true</PlainText>
</Password>
<Description>jochen</Description>
<DisplayName>jochen</DisplayName>
<Name>jochen</Name>
<Group>Administrators</Group>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -ExecutionPolicy Bypass -File c:\tools\customize.ps1</CommandLine>
<Description>Customization</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:d:/images/wim/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

3
privatedata.json
Unescape View File

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
{
"localuser_win_pass": "Aqdcgt12"
}

6
scripts/SetupComplete-qemu.ps1
Unescape View File

@ -0,0 +1,6 @@ @@ -0,0 +1,6 @@
# start cloudbase-init service and set to auto-start
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cloudbase-init start= auto" -wait
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "start cloudbase-init" -wait
exit 0

15
scripts/SetupComplete-vmw.ps1
Unescape View File

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
# if you create custom ovfEnv properties in your template you can easily turn them into Environment variables for fun automation possibiliites.
# read properties from vmware tools and store as xml
& "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.ovfEnv" 2>&1 | tee-object -variable vmtoolsxml | out-null
[xml]$vmtoolsxml = $vmtoolsxml
# turn all properties into ps Environment variables
foreach( $property in $vmtoolsxml.Environment.PropertySection.SelectNodes("*")){
$ps_varname = ($property.key | %{$_ -replace "vm.",""} | %{$_ -replace "\.","_"} )
new-variable -name $ps_varname -value $property.value
}
exit 0

44
scripts/bootstrap-win.ps1
Unescape View File

@ -0,0 +1,44 @@ @@ -0,0 +1,44 @@
# windows powershell bootstrap script
$host.ui.RawUI.WindowTitle = "Bootstrapping Windows"
New-Item -Path "c:\" -Name "logs" -ItemType "directory"
New-Item -Path "c:\" -Name "tools" -ItemType "directory"
# supress network location Prompt
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force
# set network to private
# Make administrator user active for desktop OS
net user administrator /active:yes
# disable windows defender If you install your own AV later
#if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
# Set-MpPreference -DisableRealtimeMonitoring $true -DisableArchiveScanning $true -DisableIOAVProtection $true
#}
$netprofile = Get-NetConnectionProfile
Set-NetConnectionProfile -Name $netprofile.Name -NetworkCategory Private
# enable winrm on http
winrm quickconfig -quiet
# config winrm settings to work with packer
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
# configure powersaving and screen saver
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -change -monitor-timeout-ac 0
powercfg -hibernate OFF
New-Itemproperty -Path "registry::HKCU\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKCU\Control Panel\Desktop" -Name ScreenSaveTimeOut -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKU\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -PropertyType "DWord" -Force
New-Itemproperty -Path "registry::HKU\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveTimeOut -Value 0 -PropertyType "DWord" -Force
#Stop windows updtes from starting immediatly
$WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
$WUSettings.NotificationLevel=1
$WUSettings.save()

70
scripts/cleanup-compact.ps1
Unescape View File

@ -0,0 +1,70 @@ @@ -0,0 +1,70 @@
#Powershell version of install cleanup_compact
# get the windows kernel version
$KERNELVERSION = [Environment]::OSVersion.Version
get-packageprovider -name chocolatey -ForceBootstrap
install-package sdelete -force
#install-package ultradefrag -force
# unzip function
function punzip( $zipfile, $outdir ) {
If(-not(Test-Path -path $zipfile)){return "zipfile " + $zipfile + " not found!"}
If(-not(Test-Path -path $outdir)){return "output dir " + $outdir + " not found!"}
$shell = new-object -com shell.application
$zip = $shell.NameSpace($zipfile)
foreach($item in $zip.items())
{
$shell.Namespace($outdir).copyhere($item)
}
}
## Download the FILES
$client = new-object System.Net.WebClient
$client.DownloadFile("http://downloads.sourceforge.net/project/ultradefrag/stable-release/7.0.1/ultradefrag-portable-7.0.1.bin.amd64.zip", "C:\windows\temp\ultradefrag-portable-7.0.1.bin.amd64.zip" )
# Stops the windows update service.
Stop-Service -Name wuauserv -Force -EA 0
Get-Service -Name wuauserv
# Delete the contents of windows software distribution.
write-output "Delete the contents of windows software distribution"
Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Delete the contents of localuser apps.
write-output "Delete the contents of localuser apps"
Get-ChildItem "C:\users\localuser\AppData\Local\Packages\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Delete the contents of user template desktop.
write-output "Delete the contents of user template desktop"
Get-ChildItem "C:\Users\Public\Desktop\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# Starts the Windows Update Service
Start-Service -Name wuauserv -EA 0
# use dism to cleanup windows sxs. This only works on 2012r2 and 8.1 and above.
# bumped up to windows 10 only as was failing on 2012r2
if ([Environment]::OSVersion.Version -ge [Version]"10.0") {
write-output "Cleaning up winSXS with dism"
dism /online /cleanup-image /startcomponentcleanup /resetbase /quiet
}
# extract ultradefrag archive
write-output "extracting ultradefrag archive"
punzip ("C:\windows\temp\ultradefrag-portable-7.0.1.bin.amd64.zip") ("C:\Windows\temp")
# Defragment the virtual disk blocks
write-output "Starting to Defragment Disk"
start-process -FilePath 'C:\Windows\Temp\ultradefrag-portable-7.0.1.amd64\udefrag.exe' -ArgumentList '--optimize --repeat C:' -wait -verb RunAs
# Zero dirty blocks
write-output "Starting to Zero blocks"
#New-Item -Path "HKCU:\Software\Sysinternals\SDelete" -force -ErrorAction SilentlyContinue
#Set-ItemProperty -Path "HKCU:\Software\Sysinternals\SDelete" -Name EulaAccepted -Value "1" -Type DWORD -force
start-process -FilePath 'C:\Chocolatey\bin\sdelete64.bat' -ArgumentList '-q -z C:' -wait -EA 0
uninstall-package sdelete -force
exit 0

35
scripts/cleanup.ps1
Unescape View File

@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
Write-Host "Cleaning updates.." -ForegroundColor 'Cyan'
Stop-Service -Name wuauserv -Force
Remove-Item c:\Windows\SoftwareDistribution\Download\* -Recurse -Force
Start-Service -Name wuauserv
Write-Host "Cleaning SxS..." -ForegroundColor 'Cyan'
Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
@(
"$env:localappdata\Nuget",
"$env:localappdata\temp\*",
"$env:windir\logs",
"$env:windir\panther",
"$env:windir\temp\*",
"$env:windir\winsxs\manifestcache"
) | ForEach-Object {
if (Test-Path $_) {
Write-Host "Removing $_"
try {
Takeown /d Y /R /f $_
Icacls $_ /GRANT:r administrators:F /T /c /q 2>&1 | Out-Null
Remove-Item $_ -Recurse -Force | Out-Null
}
catch { $global:error.RemoveAt(0) }
}
}
Write-Host "defragging..." -ForegroundColor 'Cyan'
if (Get-Command Optimize-Volume -ErrorAction SilentlyContinue) {
Optimize-Volume -DriveLetter C
}
else {
Defrag.exe c: /H
}
fsutil behavior set DisableDeleteNotify 0

17
scripts/cloudbase-init.ps1
Unescape View File

@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
#download installer
$client = new-object System.Net.WebClient
$client.DownloadFile("https://cloudbase.it/downloads/CloudbaseInitSetup_Stable_x64.msi", "C:\windows\temp\CloudbaseInitSetup_Stable_x64.msi" )
# install the payload
start-process -FilePath 'c:\Windows\temp\CloudbaseInitSetup_Stable_x64.msi' -ArgumentList '/qn /l*v C:\windows\temp\cloud-init.log LOGGINGSERIALPORTNAME=COM1 USERNAME=admin' -passthru | wait-process
# verify that cloudbase-init tools exists
if (-not(test-path -path "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts")){
Write-output "cloudbase-init not installed exiting..."
exit 1
}
move-item C:\Windows\Temp\cloudbase-init-unattend.conf "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" -force
move-item C:\Windows\Temp\cloudbase-init.conf "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" -force
move-item C:\Windows\Temp\cloudbase-init-firstboot.ps1 "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\cloudbase-init-firstboot.ps1" -force
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cloudbase-init start= demand" -wait

74
scripts/configure-win.ps1
Unescape View File

@ -0,0 +1,74 @@ @@ -0,0 +1,74 @@
# windows server cleanup
# test to see if this is a desktop version of windows
$windesktop = (gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])"
if ($windesktop)
{
write-output "This is a desktop version of windows"
}
write-output "Disable Hybernation"
powercfg -hibernate OFF
write-output "configure screen saver"
Set-ItemProperty -Path "registry::HKEY_USERS\.DEFAULT\Control Panel\Desktop" -Name ScreenSaveActive -Value 0
write-output "change administrator user pass next login"
# this gets reset by sysprep/guest customization. need to set it again in the guest customization script.
net user localuser /logonpasswordchg:no
write-output "Enable administrator account"
net user administrator /active:yes
write-output "Disable firewall"
netsh advfirewall set allprofiles state off
write-output "supress network location Prompt"
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force
# remove troublesome 3rd party app store apps that cause sysprep to fail
if ($windesktop)
{
if ([Environment]::OSVersion.Version -ge (new-object 'Version' 10,0))
{
Get-AppxPackage -user localuser PackageFullName | Remove-AppxPackage -ErrorAction SilentlyContinue
}
}
## Optimize IPv6 settings
write-output "disable privacy IPv6 addresses"
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
write-output "enable EUI-64 addressing"
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
write-output "Enable Remote Desktop"
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null
write-output "Clear windows autologon"
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultDomainName -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoAdminLogon -EA 0
Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserPassword -EA 0
# not the most secure option here..
write-output "Enable remote command policy"
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1 -Type DWord
# sysprep with wmf 5 fix
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\StreamProvider -Name LastFullPayloadTime -Value 0 -Type DWord
# set ntp to sync time before domain join
Write-Output "Setting System Time Zone to UTC `r"
tzutil.exe /s "UTC"
write-output "setup guest customization shim"
if(!(Test-Path -Path "C:\Windows\Setup\Scripts" )){
New-Item -ItemType directory -Path "C:\Windows\Setup\Scripts"
}
Set-Content -path C:\windows\setup\scripts\SetupComplete.cmd -value 'powershell -executionpolicy bypass -file C:\windows\setup\scripts\SetupComplete.ps1'
move-item c:\windows\temp\SetupComplete.ps1 c:\windows\setup\scripts\

106
scripts/configure-windows-local-policy.ps1
Unescape View File

@ -0,0 +1,106 @@ @@ -0,0 +1,106 @@
$ProgressPreference="SilentlyContinue"
# test to see if this is a desktop version of windows
$windesktop = (gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])"
if ($windesktop)
{
write-output "This is a desktop version of windows"
}
# get the windows kernel version
$KERNELVERSION = [Environment]::OSVersion.Version
# example test for reference.
# 6.1 = Windows 7 & 2008 R2
# 6.2 = Windows 8 & Server 2012
# 6.3 = Windows 8.1 & Server 2012 R2
# 10.0 = Windows 10 & Server 2016
#if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
# write-output "Windows 10 kernel version"
#}
# install PolicyFileEditor
Install-Module -Name PolicyFileEditor -Confirm:$false
# disable windows defender
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows Defender" -ValueName DisableAntiSpyware -Data 1 -Type DWord
# reg unload
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\System" -ValueName DisableForceUnload -Data 1 -Type DWord
# ProcessCreationIncludeCmdLine_Enabled
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit" -ValueName ProcessCreationIncludeCmdLine_Enabled -Data 1 -Type DWord
# set RDP Min encryption level
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName MinEncryptionLevel -Data 3 -Type DWord
# set RPC encryption
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName fEncryptRPCTraffic -Data 1 -Type DWord
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows NT\Terminal Services" -ValueName fPromptForPassword -Data 1 -Type DWord
# limit log size
limit-eventlog -logname Security -MaximumSize 1048576kb
# Windows 81 & 2012r2 or newer
if ($KERNELVERSION -ge (new-object 'Version' 6,3)) {
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -ValueName EnableModuleLogging -Data 1 -Type DWord
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -ValueName **delvals. -Data 1 -Type String
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames" -ValueName Microsoft.Powershell.* -Data Microsoft.Powershell.* -Type String
}
# Windows 10 specific policy
if ($KERNELVERSION -ge (new-object 'Version' 10,0)) {
write-output "Setting Windows Kernel Version 10 Policy"
# disable web results search bar
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "Software\Policies\Microsoft\Windows\Windows Search" -ValueName ConnectedSearchUseWeb -Data 0 -Type DWord
# disable Cortana
Set-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -Key "SOFTWARE\Policies\Microsoft\Windows\Windows Search" -ValueName AllowCortana -Data 0 -Type DWord
}
# show results
write-output "Listing configured local windows policies"
Get-PolicyFileEntry -Path $env:systemroot\system32\GroupPolicy\Machine\registry.pol -All
write-output "Configure local security policy"
secedit /export /cfg c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('PasswordComplexity = 0', 'PasswordComplexity = 1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MaximumPasswordAge = 42', 'MaximumPasswordAge = 90') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MaximumPasswordAge = 0', 'MaximumPasswordAge = 90') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('PasswordHistorySize = 0', 'PasswordHistorySize = 10') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('DontDisplayLastUserName=4,0', 'DontDisplayLastUserName=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('CachedLogonsCount=1,"10"', 'CachedLogonsCount=1,"4"') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('RestrictAnonymous=4,0', 'RestrictAnonymous=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('FilterAdministratorToken=4,0', 'FilterAdministratorToken=4,1') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('LockoutBadCount = 0', "LockoutBadCount = 5`nResetLockoutCount = 15`nLockoutDuration = 15`n") | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MinimumPasswordLength = 8', 'MinimumPasswordLength = 12') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('MinimumPasswordLength = 0', 'MinimumPasswordLength = 12') | Out-File c:\windows\temp\secpol.cfg
(get-content c:\windows\temp\secpol.cfg).replace('FilterAdministratorToken=4,0', 'FilterAdministratorToken=4,1') | Out-File c:\windows\temp\secpol.cfg
get-content c:\windows\temp\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\windows\temp\secpol.cfg /areas SECURITYPOLICY
#audit policy
write-output "Configure local audit policy"
auditpol /set /subcategory:"Credential Validation" /failure:enable /success:enable
auditpol /set /subcategory:"Application Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"Computer Account Management" /failure:enable /success:enable
auditpol /set /subcategory:"Distribution Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"Other Account Management Events" /failure:enable /success:enable
auditpol /set /subcategory:"Security Group Management" /failure:enable /success:enable
auditpol /set /subcategory:"User Account Management" /failure:enable /success:enable
auditpol /set /subcategory:"Process Creation" /success:enable
auditpol /set /subcategory:"Account Lockout" /failure:enable /success:enable
auditpol /set /subcategory:"File Share" /failure:enable
auditpol /set /subcategory:"Registry" /failure:enable
auditpol /set /subcategory:"Removable Storage" /failure:enable /success:enable
auditpol /set /subcategory:"SAM" /failure:enable /success:enable
auditpol /set /subcategory:"Audit Policy Change" /failure:enable /success:enable
auditpol /set /subcategory:"Authentication Policy Change" /failure:enable /success:enable
auditpol /set /subcategory:"Sensitive Privilege Use" /success:enable
auditpol /set /subcategory:"Security State Change" /failure:enable /success:enable
auditpol /set /subcategory:"Security System Extension" /failure:enable /success:enable
auditpol /set /subcategory:"Process Termination" /failure:enable /success:enable
# report audit policy
auditpol.exe /get /category:*

13
scripts/install_chocolatey.ps1
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
(new-object net.webclient).DownloadFile('https://chocolatey.org/install.ps1', 'C:\Windows\Temp\install.ps1')
$env:chocolateyUseWindowsCompression = 'false'
for($try = 0; $try -lt 5; $try++)
{
& C:/Windows/Temp/install.ps1
if ($?) { exit 0 }
if (Test-Path C:\ProgramData\chocolatey) { exit 0 }
Write-Host "Failed to install chocolatey (Try #${try})"
Start-Sleep 2
}
Write-Error "Chocolatey failed to install, please re-build your machine again"
exit 2

15
scripts/install_firefox.ps1
Unescape View File

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date Start Run" | Out-File 'C:\logs\customize.log' -Append
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date create install dir" | Out-File 'C:\logs\customize.log' -Append
New-Item -Path "c:\" -Name "install" -ItemType "directory"
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date download firefox" | Out-File 'C:\logs\customize.log' -Append
Invoke-WebRequest -Uri "https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=de" -OutFile "c:\install\firefox.exe"
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date install firefox" | Out-File 'C:\logs\customize.log' -Append
c:\install\firefox -ms
$date = Get-Date -Format "yyyy-MM-dd HH:mm"
"$date Finish Run" | Out-File 'C:\logs\customize.log' -Append

6
scripts/install_virtio_guest.ps1
Unescape View File

@ -0,0 +1,6 @@ @@ -0,0 +1,6 @@
Invoke-Webrequest -Uri "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso" -OutFile "C:\tools\virtio-win.iso"
$iso=Mount-DiskImage C:\tools\virtio-win.iso
$driveletter=(Get-Volume -DiskImage $iso).DriveLetter
msiexec /qb /x $driveletter":\virtio-win-gt-x64.msi"

3
scripts/sysprep-shutdown.ps1
Unescape View File

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
# Kick off sysprep
start-process -FilePath 'C:/windows/System32/Sysprep/sysprep.exe' -ArgumentList '/oobe /generalize /shutdown "/unattend:C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml"'
exit 0

9
scripts/tools-winrm.ps1
Unescape View File

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
# install vmware tools
write-output "Starting VMare Tools install"
## Download vmware tools
$client = new-object System.Net.WebClient
$client.DownloadFile("https://packages.vmware.com/tools/releases/latest/windows/x64/VMware-tools-10.0.9-3917699-x86_64.exe", "C:\windows\temp\setup64.exe" )
#Write-host "Installing VMware Tools..."
start-process -FilePath 'C:/Windows/Temp/setup64.exe' -ArgumentList '/S /v "/qn /l*v ""C:\windows\temp\vmwtoolsinstall.log"" ADDLOCAL=ALL REMOVE=Hgfs REBOOT=R"'

160
scripts/windows-update-winrm.ps1
Unescape View File

@ -0,0 +1,160 @@ @@ -0,0 +1,160 @@
# Powershell version of install windows update via task scheduler
# This script creates a logon task to run windows updates.
# Depends on packer windows-restart to start the taks and stop winrm.
# After all updaets are instaled winrm is started and the login task is removed.
# setup window name and script name variable
$scriptname="windows-update-winrm.ps1"
$host.ui.RawUI.WindowTitle = "$scriptname"
# start logging
start-transcript -path c:\windows\temp\windows-update-winrm.log -append
# Report the IE version Installed
Write-output ("Installed IE Version currently is " + (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version)
# Report the powershell version installed
$powershellversion=$PSVersionTable.PSVersion
write-output "Powershell version $powershellversion installed"
if ($PSVersionTable.PSVersion.Major -lt 5) {
write-output "Powershell upgrade in previous step failed!!"
get-content "C:\Windows\wsusofflineupdate.log"
exit 1
}
# Report the version of windows update agent
$wu_agent=(get-command C:\windows\system32\wups2.dll).version
if ($wu_agent -ge [Version]"7.6.7601.19161") {
write-output "Windows Update agent is current! $wu_agent"
} else {
write-output "Windows Update agent out of date! $wu_agent"
}
# Check to see if scheduled task called $scriptname exists
if (schtasks /query /tn $scriptname 2>$null ) {
write-output "Checking for updates...."
Get-WUInstallerStatus
# hack to get buggy windows 7 to show updates
#if ([Environment]::OSVersion.Version -le [Version]"6.1.7601.65536") {
#if ((gwmi win32_operatingsystem).OperatingSystemSKU -notmatch "(\b[7-9]|10|1[2-5]|1[7-9]|2[0-5])") {
if ([Version](Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Internet Explorer').Version -le [Version]"9.11.9600.18231") {
write-output "Forcing Windows to search for updates until it finds some...."
while (-not(Get-WindowsUpdate -notCategory "Windows 7 Language Packs")) {
write-output "Still looking for updates...."
}
Write-output "Win Found some updates"
}
#}
#}
# Actually install the updates starts here..
if (Get-WindowsUpdate -notCategory "Windows 7 Language Packs" -NotTitle "Printer")
{
write-output "Starting Windows update installation..."
# run windows updates
Install-WindowsUpdate -IgnoreUserInput -AcceptALL -IgnoreReboot -verbose -notCategory "Windows 7 Language Packs"
# restart after every insstall of updates
stop-transcript
restart-computer
} else {
write-output "No updates found..."
# maybe check for systems that still show zero installed updates and reboot
#if (Get-WUList -IsInstalled) {write-output "updates have been installed"}
#remove scheduled task
schtasks /delete /tn $scriptname /f
# stop logging & dump to console so it gets recorded in packer log
#get-content c:\windows\temp\windows-update-winrm.log
# start winrm service and set to autostart
start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config WinRM start= delayed-auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "start WinRM" -wait
stop-transcript
restart-computer
}
} else {
# first run of script
# setup windows updater components
$ErrorActionPreference = 'Stop'
# install nuget
write-output "Installing NuGet"
[int]$attempts = 0
do {
try {
$attempts +=1
Get-PackageProvider -Name NuGet -ForceBootstrap
if (-not([string](Get-PackageProvider).name -match "NuGet")) { throw "Error installing NuGet" }
break
} catch {
write-host "Problem installing NuGet `tAttempt $attempts `
`n`tException: " $_.Exception.Message
start-sleep -s 20
}
}
while ($attempts -lt 10)
if ($attempts -ge 10) {
write-host "NuGet failed to install!!"
exit 1
}
# allow repo install
write-output "adding PSGallery repo"
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
# install PSWindowsUpdate
write-output "Installing PSWindowsUpdate"
Install-Module -Name PSWindowsUpdate -Confirm:$false | out-null
write-output "Installed PSWindowsUpdate"
# attempt install early for debugging
#Get-WUInstallerStatus
#Get-WindowsUpdate -notCategory "Windows 7 Language Packs"
write-output "Modern windows update tools installed..."
##### Debugging BS for windows 7 below..
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config bits start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config wuauserv start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config appidsvc start= auto" -wait
#start-process -nonewwindow -FilePath "C:/Windows/system32/sc.exe" -ArgumentList "config cryptsvc start= auto" -wait
#if ([Environment]::OSVersion.Version -le [Version]"6.2") {
# Write-output "Installing KB KB2966583"
# Install-WindowsUpdate -KBArticleID KB2966583 -acceptall
#}
# Stops the windows update service.
# Get-Service -Name wuauserv | Stop-Service -Force -Verbose -ErrorAction SilentlyContinue
# Delete the contents of windows software distribution.
#write-output "Delete the contents of windows software distribution"
#Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force -Verbose -ErrorAction SilentlyContinue | remove-item -force -recurse -ErrorAction SilentlyContinue
# setup windows update server from envrionment variables
#write-output "Windows Update Group $env:wsus_group"
#write-output "Windows Update Server $env:wsus_server"
# check if you can reach the wsus server
#If (test-connection -quiet $env:wsus_server) {
#$wsusserver="http://" + $env:wsus_server + ":8530"
#} elseif (test-connection -quiet 10.122.168.21) {
#$wsusserver="http://10.122.168.21:8530"
#} else {
#write-output "Unable to contact the wsus server. Using microsoft.com"
#}
# set windows updates to pull from local wsus server
#if ($wsusserver) {
#write-output "WSUS server contacted " $wsusserver
#New-Item -Path "HKLM:Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -force -ErrorAction SilentlyContinue
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUServer -Value $wsusserver -Type String -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name WUStatusServer -Value $wsusserver -Type String -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate\AU" -Name UseWUServer -Value "1" -Type DWORD -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroupEnabled -Value "1" -Type DWORD -force
#Set-ItemProperty -Path "HKLM:\software\policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroup -Value $env:wsus_group -Type String -force
#}
# set winrm to manual start to prevent packer from connecting on reboot
Set-Service -Name winrm -StartupType Manual
# if schedled task does not exist create it
Write-output "Creating scheduled task to start $scriptname with proper elevation"
# setup task scheduler login item to process this script next boot
schtasks /create /ru "BUILTIN\administrators" /sc ONLOGON /tn $scriptname /tr "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\windows\temp\$scriptname" /rl highest /f /np
}
stop-transcript
exit 0
Write Preview
Loading…
Cancel
Save