From fb7ea82df80f677fdcfa3c2d3e25723e45895574 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Sat, 4 Aug 2018 20:28:33 +0100 Subject: [PATCH 01/23] upgrade to windows 2019 17723 --- windows-2019.json | 4 ++-- windows-2019/autounattend.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows-2019.json b/windows-2019.json index f6acbb4..cf9734a 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -1,7 +1,7 @@ { "variables": { "disk_size": "61440", - "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17677.iso", + "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17723.iso", "iso_checksum": "", "iso_checksum_type": "none" }, @@ -94,7 +94,7 @@ }, { "type": "powershell", - "inline": "Uninstall-WindowsFeature Windows-Defender-Features" + "inline": "Uninstall-WindowsFeature Windows-Defender" }, { "type": "powershell", diff --git a/windows-2019/autounattend.xml b/windows-2019/autounattend.xml index babe5fb..d3a1602 100644 --- a/windows-2019/autounattend.xml +++ b/windows-2019/autounattend.xml @@ -48,7 +48,7 @@ - + MFY9F-XBN2F-TYFMP-CCV49-RMYVH OnError @@ -133,5 +133,5 @@ false - + From 6d9155f62bea97a93f683b70a122bfcd478322de Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Sat, 4 Aug 2018 20:29:37 +0100 Subject: [PATCH 02/23] upgrade to Win32-OpenSSH 7.7.2.0p1-Beta --- provision-openssh.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provision-openssh.ps1 b/provision-openssh.ps1 index aca6f09..e046351 100644 --- a/provision-openssh.ps1 +++ b/provision-openssh.ps1 @@ -57,8 +57,8 @@ function Install-OpenSshBinaries { Install-ZippedApplication ` $openSshHome ` OpenSSH ` - https://github.com/PowerShell/Win32-OpenSSH/releases/download/v7.7.1.0p1-Beta/OpenSSH-Win64.zip ` - b0e2d2afd43c76d609611839d6163eeceda2e5af791e7d90c6b1a811fd502342 + https://github.com/PowerShell/Win32-OpenSSH/releases/download/v7.7.2.0p1-Beta/OpenSSH-Win64.zip ` + 87e0cd468fe36a74bea0e40cee3021f99b38e431b7c8668af4461fdab03031b7 Push-Location $openSshHome Move-Item OpenSSH-Win64\* . Remove-Item OpenSSH-Win64 From 305bd480fe411246079664e9f4c7aa0c1556199c Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Sat, 4 Aug 2018 20:30:40 +0100 Subject: [PATCH 03/23] add support for building windows 2019 under libvirt --- Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Makefile b/Makefile index 69b2f9a..0582358 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,8 @@ build-virtualbox: windows-2016-amd64-virtualbox.box build-windows-2019-virtualbox: windows-2019-amd64-virtualbox.box +build-windows-2019-libvirt: windows-2019-amd64-libvirt.box + build-windows-server-core-1709-libvirt: windows-server-core-1709-amd64-libvirt.box build-windows-server-core-1709-virtualbox: windows-server-core-1709-amd64-virtualbox.box @@ -33,6 +35,13 @@ windows-2016-amd64-virtualbox.box: windows-2016.json autounattend.xml Vagrantfil @echo to add to local vagrant install do: @echo vagrant box add -f windows-2016-amd64 $@ +windows-2019-amd64-libvirt.box: windows-2019.json autounattend.xml Vagrantfile.template *.ps1 drivers + rm -f $@ + CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-libvirt -on-error=abort windows-2019.json + @echo BOX successfully built! + @echo to add to local vagrant install do: + @echo vagrant box add -f windows-2019-amd64 $@ + windows-2019-amd64-virtualbox.box: windows-2019.json autounattend.xml Vagrantfile.template *.ps1 rm -f $@ CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-virtualbox -on-error=abort windows-2019.json From 7e2d87d936df384ef7397602ca6ce957350b1f96 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 15 Aug 2018 15:56:47 +0100 Subject: [PATCH 04/23] fix the Win32-OpenSSH installation (upstream republished the the same package version but with different content...) --- provision-openssh.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provision-openssh.ps1 b/provision-openssh.ps1 index e046351..3064ed6 100644 --- a/provision-openssh.ps1 +++ b/provision-openssh.ps1 @@ -58,7 +58,7 @@ function Install-OpenSshBinaries { $openSshHome ` OpenSSH ` https://github.com/PowerShell/Win32-OpenSSH/releases/download/v7.7.2.0p1-Beta/OpenSSH-Win64.zip ` - 87e0cd468fe36a74bea0e40cee3021f99b38e431b7c8668af4461fdab03031b7 + 8631f00013116388362cb06f3e6fd2c44c8e57d8f857033111f98feb34fa5bce Push-Location $openSshHome Move-Item OpenSSH-Win64\* . Remove-Item OpenSSH-Win64 From 6e125194d004b0b7b4e9b260b77ca5c89b91428b Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 15 Aug 2018 15:58:01 +0100 Subject: [PATCH 05/23] upgrade to windows 2019 17733 --- windows-2019.json | 2 +- windows-2019/autounattend.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-2019.json b/windows-2019.json index cf9734a..47f477f 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -1,7 +1,7 @@ { "variables": { "disk_size": "61440", - "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17723.iso", + "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17733.iso", "iso_checksum": "", "iso_checksum_type": "none" }, diff --git a/windows-2019/autounattend.xml b/windows-2019/autounattend.xml index d3a1602..9994a8a 100644 --- a/windows-2019/autounattend.xml +++ b/windows-2019/autounattend.xml @@ -48,7 +48,7 @@ - + MFY9F-XBN2F-TYFMP-CCV49-RMYVH OnError @@ -133,5 +133,5 @@ false - + From 028c5deabe683798682ff2ad2cc53633081ed594 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Sun, 2 Sep 2018 17:52:27 +0100 Subject: [PATCH 06/23] upgrade to windows 2019 17744 --- windows-2019.json | 2 +- windows-2019/autounattend.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-2019.json b/windows-2019.json index 47f477f..5405d6e 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -1,7 +1,7 @@ { "variables": { "disk_size": "61440", - "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17733.iso", + "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17744.iso", "iso_checksum": "", "iso_checksum_type": "none" }, diff --git a/windows-2019/autounattend.xml b/windows-2019/autounattend.xml index 9994a8a..83e79f2 100644 --- a/windows-2019/autounattend.xml +++ b/windows-2019/autounattend.xml @@ -48,7 +48,7 @@ - + MFY9F-XBN2F-TYFMP-CCV49-RMYVH OnError @@ -133,5 +133,5 @@ false - + From 3437f4d97b69a808c079d24b72f31a2b749ffaf5 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 19 Sep 2018 20:59:30 +0100 Subject: [PATCH 07/23] update the windows 2016 iso url --- windows-2016.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-2016.json b/windows-2016.json index 9705daa..749dc4c 100644 --- a/windows-2016.json +++ b/windows-2016.json @@ -1,7 +1,7 @@ { "variables": { "disk_size": "61440", - "iso_url": "http://care.dlservice.microsoft.com/dl/download/1/4/9/149D5452-9B29-4274-B6B3-5361DBDA30BC/14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO", + "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO", "iso_checksum": "1ce702a578a3cb1ac3d14873980838590f06d5b7101c5daaccbac9d73f1fb50f", "iso_checksum_type": "sha256" }, From 8d1ebb5787f1ca61eb6b61cb29961ba75a55fb29 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:36:28 +0100 Subject: [PATCH 08/23] upgrade to virtio-win-0.1.160-1 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0582358..4f10aeb 100644 --- a/Makefile +++ b/Makefile @@ -95,6 +95,6 @@ drivers: rm -rf drivers.tmp mkdir -p drivers.tmp @# see https://fedoraproject.org/wiki/Windows_Virtio_Drivers - wget -P drivers.tmp https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.149-2/virtio-win-0.1.149.iso + wget -P drivers.tmp https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.160-1/virtio-win-0.1.160.iso 7z x -odrivers.tmp drivers.tmp/virtio-win-*.iso mv drivers.tmp drivers From f1c219051cd1e3d3593dddc1415c8b84f1b3fc1e Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:44:42 +0100 Subject: [PATCH 09/23] install the virtio Balloon driver and service --- Makefile | 3 +++ provision.ps1 | 40 ++++++++++++++++++++++++++++++++++++++-- windows-10.json | 13 +++++++++---- windows-2016.json | 13 +++++++++---- windows-2019.json | 13 +++++++++---- 5 files changed, 68 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 4f10aeb..6cd04e3 100644 --- a/Makefile +++ b/Makefile @@ -97,4 +97,7 @@ drivers: @# see https://fedoraproject.org/wiki/Windows_Virtio_Drivers wget -P drivers.tmp https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.160-1/virtio-win-0.1.160.iso 7z x -odrivers.tmp drivers.tmp/virtio-win-*.iso + 7z a drivers.tmp/virtio-10.zip drivers.tmp/Balloon/w10/amd64 + 7z a drivers.tmp/virtio-2016.zip drivers.tmp/Balloon/2k16/amd64 + 7z a drivers.tmp/virtio-2019.zip drivers.tmp/Balloon/2k16/amd64 mv drivers.tmp drivers diff --git a/provision.ps1 b/provision.ps1 index a9d1d0a..4a7f3a3 100644 --- a/provision.ps1 +++ b/provision.ps1 @@ -33,9 +33,47 @@ if (!(New-Object System.Security.Principal.WindowsPrincipal( throw 'this must run with Administrator privileges (e.g. in a elevated shell session)' } +Add-Type -A System.IO.Compression.FileSystem + # install Guest Additions. $systemVendor = (Get-WmiObject Win32_ComputerSystemProduct Vendor).Vendor if ($systemVendor -eq 'QEMU') { + # install drivers. + if (Test-Path 'C:\Windows\Temp\virtio\virtio.zip') { + function Install-Driver($path) { + # trust the driver certificate. + $catPath = $path.Replace('.inf', '.cat') + $cerPath = $path.Replace('.inf', '.cer') + $certificate = (Get-AuthenticodeSignature $catPath).SignerCertificate + [System.IO.File]::WriteAllBytes($cerPath, $certificate.Export('Cert')) + Import-Certificate -CertStoreLocation Cert:\LocalMachine\TrustedPublisher $cerPath | Out-Null + + # install the driver. + pnputil -i -a $path + if ($LASTEXITCODE) { + throw "Failed with exit code $LASTEXITCODE" + } + } + + [IO.Compression.ZipFile]::ExtractToDirectory('C:\Windows\Temp\virtio\virtio.zip', 'C:\Windows\Temp\virtio') + $virtioDestinationDirectory = "$env:ProgramFiles\virtio" + Get-ChildItem -Recurse -File C:\Windows\Temp\virtio\drivers.tmp | ForEach-Object { + $driverName = $_.Directory.Parent.Parent.Name + $driverSourceDirectory = $_.Directory + $driverDestinationDirectory = "$virtioDestinationDirectory\$driverName" + if (Test-Path $driverDestinationDirectory) { + return + } + Write-Host "Installing the $driverName driver..." + mkdir -Force $driverDestinationDirectory | Out-Null + Copy-Item "$driverSourceDirectory\*" $driverDestinationDirectory + Install-Driver (Resolve-Path "$driverDestinationDirectory\*.inf").Path + } + + Write-Host 'Installing the Balloon service...' + &"$virtioDestinationDirectory\Balloon\blnsvr.exe" -i + } + # install qemu-qa. $qemuAgentSetupUrl = "http://$env:PACKER_HTTP_ADDR/drivers/guest-agent/qemu-ga-x64.msi" $qemuAgentSetup = "$env:TEMP\qemu-ga-x64.msi" @@ -51,7 +89,6 @@ if ($systemVendor -eq 'QEMU') { Write-Host "Downloading the spice-vdagent from $spiceAgentZipUrl..." Invoke-WebRequest $spiceAgentZipUrl -OutFile $spiceAgentZip Write-Host 'Installing the spice-vdagent...' - Add-Type -A System.IO.Compression.FileSystem [IO.Compression.ZipFile]::ExtractToDirectory($spiceAgentZip, $spiceAgentDestination) Move-Item "$spiceAgentDestination\vdagent-win-*\*" $spiceAgentDestination Get-ChildItem "$spiceAgentDestination\vdagent-win-*" -Recurse | Remove-Item -Force -Recurse @@ -64,7 +101,6 @@ if ($systemVendor -eq 'QEMU') { if ($LASTEXITCODE) { throw "failed to import certificate with exit code $LASTEXITCODE" } - #Get-ChildItem Cert:\LocalMachine\TrustedPublisher Write-Host 'Installing the VirtualBox Guest Additions...' $p = Start-Process -Wait -NoNewWindow -PassThru -FilePath E:\VBoxWindowsAdditions-amd64.exe -ArgumentList '/S' diff --git a/windows-10.json b/windows-10.json index a05ca95..79e3a91 100644 --- a/windows-10.json +++ b/windows-10.json @@ -107,6 +107,15 @@ { "type": "windows-restart" }, + { + "type": "file", + "source": "drivers/virtio-10.zip", + "destination": "C:/Windows/Temp/virtio/virtio.zip" + }, + { + "type": "powershell", + "script": "provision.ps1" + }, { "type": "windows-update", "filters": [ @@ -115,10 +124,6 @@ "include:$_.AutoSelectOnWebSites" ] }, - { - "type": "powershell", - "script": "provision.ps1" - }, { "type": "powershell", "script": "provision-openssh.ps1" diff --git a/windows-2016.json b/windows-2016.json index 749dc4c..9a5176d 100644 --- a/windows-2016.json +++ b/windows-2016.json @@ -107,6 +107,15 @@ { "type": "windows-restart" }, + { + "type": "file", + "source": "drivers/virtio-2016.zip", + "destination": "C:/Windows/Temp/virtio/virtio.zip" + }, + { + "type": "powershell", + "script": "provision.ps1" + }, { "type": "windows-update", "filters": [ @@ -115,10 +124,6 @@ "include:$_.AutoSelectOnWebSites" ] }, - { - "type": "powershell", - "script": "provision.ps1" - }, { "type": "powershell", "script": "provision-openssh.ps1" diff --git a/windows-2019.json b/windows-2019.json index 5405d6e..5e3b2b7 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -107,6 +107,15 @@ { "type": "windows-restart" }, + { + "type": "file", + "source": "drivers/virtio-2019.zip", + "destination": "C:/Windows/Temp/virtio/virtio.zip" + }, + { + "type": "powershell", + "script": "provision.ps1" + }, { "type": "windows-update", "filters": [ @@ -115,10 +124,6 @@ "include:$_.AutoSelectOnWebSites" ] }, - { - "type": "powershell", - "script": "provision.ps1" - }, { "type": "powershell", "script": "provision-openssh.ps1" From 99129132bdebac4362f537bbd9b3134102995213 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:46:07 +0100 Subject: [PATCH 10/23] execute external commands without using the Start-Process cmdlet --- provision.ps1 | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/provision.ps1 b/provision.ps1 index 4a7f3a3..4445091 100644 --- a/provision.ps1 +++ b/provision.ps1 @@ -80,7 +80,7 @@ if ($systemVendor -eq 'QEMU') { Write-Host "Downloading the qemu-kvm Guest Agent from $qemuAgentSetupUrl..." Invoke-WebRequest $qemuAgentSetupUrl -OutFile $qemuAgentSetup Write-Host 'Installing the qemu-kvm Guest Agent...' - Start-Process $qemuAgentSetup /qn -Wait + msiexec.exe /i $qemuAgentSetup /qn | Out-String -Stream # install spice-vdagent. $spiceAgentZipUrl = 'https://www.spice-space.org/download/windows/vdagent/vdagent-win-0.9.0/vdagent-win-0.9.0-x64.zip' @@ -93,7 +93,7 @@ if ($systemVendor -eq 'QEMU') { Move-Item "$spiceAgentDestination\vdagent-win-*\*" $spiceAgentDestination Get-ChildItem "$spiceAgentDestination\vdagent-win-*" -Recurse | Remove-Item -Force -Recurse Remove-Item -Force "$spiceAgentDestination\vdagent-win-*" - Start-Process "$spiceAgentDestination\vdservice.exe" install -Wait # NB the logs are inside C:\Windows\Temp + &"$spiceAgentDestination\vdservice.exe" install | Out-String -Stream # NB the logs are inside C:\Windows\Temp Start-Service vdservice } elseif ($systemVendor -eq 'innotek GmbH') { Write-Host 'Importing the Oracle (for VirtualBox) certificate as a Trusted Publisher...' @@ -103,10 +103,9 @@ if ($systemVendor -eq 'QEMU') { } Write-Host 'Installing the VirtualBox Guest Additions...' - $p = Start-Process -Wait -NoNewWindow -PassThru -FilePath E:\VBoxWindowsAdditions-amd64.exe -ArgumentList '/S' - $p.WaitForExit() - if ($p.ExitCode) { - throw "failed to install with exit code $($p.ExitCode). Check the logs at C:\Program Files\Oracle\VirtualBox Guest Additions\install.log." + E:\VBoxWindowsAdditions-amd64.exe /S | Out-String -Stream + if ($LASTEXITCODE) { + throw "failed to install with exit code $LASTEXITCODE. Check the logs at C:\Program Files\Oracle\VirtualBox Guest Additions\install.log." } } else { throw "Cannot install Guest Additions: Unsupported system ($systemVendor)." From 8e83a6c9ee585b76c27a23c24d4618700086560a Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:46:46 +0100 Subject: [PATCH 11/23] better clean the auto logon registry keys --- provision.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/provision.ps1 b/provision.ps1 index 4445091..37a4023 100644 --- a/provision.ps1 +++ b/provision.ps1 @@ -127,7 +127,11 @@ $account.Userflags = $AdsNormalAccount -bor $AdsDontExpirePassword -bor $AdsAcco $account.SetInfo() Write-Host 'Disabling auto logon...' -Set-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value 0 +$autoLogonKeyPath = 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' +Set-ItemProperty -Path $autoLogonKeyPath -Name AutoAdminLogon -Value 0 +@('DefaultDomainName', 'DefaultUserName', 'DefaultPassword') | ForEach-Object { + Remove-ItemProperty -Path $autoLogonKeyPath -Name $_ -ErrorAction SilentlyContinue +} Write-Host 'Disabling hibernation...' powercfg /hibernate off From 3701c17ad8269a43451dbf7eca4810aa92ca69eb Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:47:44 +0100 Subject: [PATCH 12/23] clean the WinSxS folder --- optimize.ps1 | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/optimize.ps1 b/optimize.ps1 index fceddff..8a9f855 100644 --- a/optimize.ps1 +++ b/optimize.ps1 @@ -90,6 +90,29 @@ Write-Host 'Running Automatic Maintenance...' MSchedExe.exe Start Wait-Condition {@(Get-ScheduledTasks | Where-Object {($_.State -ge 4) -and (Test-IsMaintenanceTask $_.XML)}).Count -eq 0} -DebounceSeconds 60 +# NB even thou the automatic maintenance includes a component cleanup task, +# it will not clean everything, as such, dism will clean the rest. +# NB to analyse the used space use: dism.exe /Online /Cleanup-Image /AnalyzeComponentStore +# see https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder +Write-Host 'Cleaning up the WinSxS folder...' +dism.exe /Online /Quiet /Cleanup-Image /StartComponentCleanup /ResetBase +if ($LASTEXITCODE) { + throw "Failed with Exit Code $LASTEXITCODE" +} + +# NB even after cleaning up the WinSxS folder the "Backups and Disabled Features" +# field of the analysis report will display a non-zero number because the +# disabled features packages are still on disk. you can remove them with: +# Get-WindowsOptionalFeature -Online ` +# | Where-Object {$_.State -eq 'Disabled'} ` +# | ForEach-Object { +# Write-Host "Removing feature $($_.FeatureName)..." +# dism.exe /Online /Quiet /Disable-Feature "/FeatureName:$($_.FeatureName)" /Remove +# } +# NB a removed feature can still be installed from other sources (e.g. windows update). +Write-Host 'Analyzing the WinSxS folder...' +dism.exe /Online /Cleanup-Image /AnalyzeComponentStore + # # reclaim the free disk space. From 1e326016fbb90693a46e7fd7e27810bdc0d2c887 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Wed, 3 Oct 2018 22:53:25 +0100 Subject: [PATCH 13/23] upgrade to windows 2019 GA --- Makefile | 4 ++-- windows-2019.json | 10 +++------- windows-2019/autounattend.xml | 3 +-- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 6cd04e3..c08d070 100644 --- a/Makefile +++ b/Makefile @@ -35,14 +35,14 @@ windows-2016-amd64-virtualbox.box: windows-2016.json autounattend.xml Vagrantfil @echo to add to local vagrant install do: @echo vagrant box add -f windows-2016-amd64 $@ -windows-2019-amd64-libvirt.box: windows-2019.json autounattend.xml Vagrantfile.template *.ps1 drivers +windows-2019-amd64-libvirt.box: windows-2019.json windows-2019/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-libvirt -on-error=abort windows-2019.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-2019-amd64 $@ -windows-2019-amd64-virtualbox.box: windows-2019.json autounattend.xml Vagrantfile.template *.ps1 +windows-2019-amd64-virtualbox.box: windows-2019.json windows-2019/autounattend.xml Vagrantfile.template *.ps1 rm -f $@ CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-virtualbox -on-error=abort windows-2019.json @echo BOX successfully built! diff --git a/windows-2019.json b/windows-2019.json index 5e3b2b7..9f153d2 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -1,9 +1,9 @@ { "variables": { "disk_size": "61440", - "iso_url": "file://./isos/Windows_InsiderPreview_Server_vNext_en-us_17744.iso", - "iso_checksum": "", - "iso_checksum_type": "none" + "iso_url": "https://software-download.microsoft.com/download/pr/17763.1.180914-1434.rs5_release_SERVER_EVAL_x64FRE_en-us.iso", + "iso_checksum": "dbb0ffbab5d114ce7370784c4e24740191fefdb3349917c77a53ff953dd10f72", + "iso_checksum_type": "sha256" }, "builders": [ { @@ -96,10 +96,6 @@ "type": "powershell", "inline": "Uninstall-WindowsFeature Windows-Defender" }, - { - "type": "powershell", - "inline": "Uninstall-WindowsFeature FS-SMB1" - }, { "type": "powershell", "script": "virtualbox-prevent-vboxsrv-resolution-delay.ps1" diff --git a/windows-2019/autounattend.xml b/windows-2019/autounattend.xml index 83e79f2..fcc13c7 100644 --- a/windows-2019/autounattend.xml +++ b/windows-2019/autounattend.xml @@ -48,8 +48,7 @@ - - MFY9F-XBN2F-TYFMP-CCV49-RMYVH + OnError true From 7900e38a25ee72b98a92d146aff74322b50c735d Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Thu, 18 Oct 2018 21:07:39 +0100 Subject: [PATCH 14/23] mention and explicitly disable the UAC remote restrictions --- README.md | 20 ++++++++++++++++---- winrm.ps1 | 9 +++++++++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e07c21c..387515d 100644 --- a/README.md +++ b/README.md @@ -95,13 +95,25 @@ winrs -r:localhost:55985 -u:vagrant -p:vagrant "whoami /all" # WinRM and UAC (aka LUA) This base image uses WinRM. WinRM [poses several limitations on remote administration](http://www.hurryupandwait.io/blog/safely-running-windows-automation-operations-that-typically-fail-over-winrm-or-powershell-remoting), -those were worked around by disabling User Account Control (UAC) (aka Limited User Account (LUA)) in `autounattend.xml`. +those were worked around by disabling User Account Control (UAC) (aka [Limited User Account (LUA)](https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-lua-settings-enablelua)) in `autounattend.xml` +and [UAC remote restrictions](https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows) + in `winrm.ps1`. -If needed, you can later enable it with: +If needed, you can later enable them with: ```powershell -Set-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 1 -Set-ItemProperty -Path 'HKLM:SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 1 +Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 1 +Set-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 1 +Remove-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name LocalAccountTokenFilterPolicy +Restart-Computer +``` + +Or disable them with: + +```powershell +Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 0 +Set-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System' -Name EnableLUA -Value 0 +New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name LocalAccountTokenFilterPolicy -Value 1 -Force Restart-Computer ``` diff --git a/winrm.ps1 b/winrm.ps1 index c6db04f..ec82cc8 100644 --- a/winrm.ps1 +++ b/winrm.ps1 @@ -44,6 +44,15 @@ winrm set winrm/config/service/auth '@{Basic="true"}' #winrm get winrm/config #winrm id +# disable UAC remote restrictions. +# see https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows +# see https://docs.microsoft.com/en-us/windows/desktop/wmisdk/user-account-control-and-wmi#handling-remote-connections-under-uac +New-ItemProperty ` + -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ` + -Name LocalAccountTokenFilterPolicy ` + -Value 1 ` + -Force + # make sure winrm can be accessed from any network profile. $winRmFirewallRuleNames = @( 'WINRM-HTTP-In-TCP', # Windows Remote Management (HTTP-In) From 572107afb64a56178ddfb72bfd0fb92206aceebc Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Thu, 18 Oct 2018 21:10:29 +0100 Subject: [PATCH 15/23] always create the packer logs --- .gitignore | 3 ++- Makefile | 54 ++++++++++++++++++++++++++++++++---------------------- README.md | 14 ++++---------- 3 files changed, 38 insertions(+), 33 deletions(-) diff --git a/.gitignore b/.gitignore index 25efdbf..9540a7e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,5 @@ output*/ packer_cache/ drivers/ isos/ -packer.log +*.log +*.old diff --git a/Makefile b/Makefile index c08d070..143a886 100644 --- a/Makefile +++ b/Makefile @@ -1,92 +1,102 @@ help: - @echo type make build-libvirt or make build-virtualbox + @echo for Windows 2016 type make build-windows-2016-libvirt or make build-windows-2016-virtualbox + @echo for Windows 2019 type make build-windows-2019-libvirt or make build-windows-2019-virtualbox + @echo for Windows 10 type make build-windows-10-libvirt or make build-windows-10-virtualbox -build-libvirt: windows-2016-amd64-libvirt.box +build-windows-2012-r2-virtualbox: windows-2012-r2-amd64-virtualbox.box +build-windows-2012-r2-libvirt: windows-2012-r2-amd64-libvirt.box -build-virtualbox: windows-2016-amd64-virtualbox.box +build-windows-2016-libvirt: windows-2016-amd64-libvirt.box +build-windows-2016-virtualbox: windows-2016-amd64-virtualbox.box build-windows-2019-virtualbox: windows-2019-amd64-virtualbox.box - build-windows-2019-libvirt: windows-2019-amd64-libvirt.box build-windows-server-core-1709-libvirt: windows-server-core-1709-amd64-libvirt.box - build-windows-server-core-1709-virtualbox: windows-server-core-1709-amd64-virtualbox.box build-core-insider-libvirt: windows-core-insider-2016-amd64-libvirt.box - build-core-insider-virtualbox: windows-core-insider-2016-amd64-virtualbox.box build-windows-10-libvirt: windows-10-amd64-libvirt.box - build-windows-10-virtualbox: windows-10-amd64-virtualbox.box windows-2016-amd64-libvirt.box: windows-2016.json autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-2016-amd64-libvirt -on-error=abort windows-2016.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2016-amd64-libvirt-packer.log \ + packer build -only=windows-2016-amd64-libvirt -on-error=abort windows-2016.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-2016-amd64 $@ -windows-2016-amd64-virtualbox.box: windows-2016.json autounattend.xml Vagrantfile.template *.ps1 +windows-2016-amd64-virtualbox.box: windows-2016.json autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-2016-amd64-virtualbox -on-error=abort windows-2016.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2016-amd64-virtualbox-packer.log \ + packer build -only=windows-2016-amd64-virtualbox -on-error=abort windows-2016.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-2016-amd64 $@ windows-2019-amd64-libvirt.box: windows-2019.json windows-2019/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-libvirt -on-error=abort windows-2019.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2019-amd64-libvirt-packer.log \ + packer build -only=windows-2019-amd64-libvirt -on-error=abort windows-2019.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-2019-amd64 $@ -windows-2019-amd64-virtualbox.box: windows-2019.json windows-2019/autounattend.xml Vagrantfile.template *.ps1 +windows-2019-amd64-virtualbox.box: windows-2019.json windows-2019/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-2019-amd64-virtualbox -on-error=abort windows-2019.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2019-amd64-virtualbox-packer.log \ + packer build -only=windows-2019-amd64-virtualbox -on-error=abort windows-2019.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-2019-amd64 $@ windows-server-core-1709-amd64-libvirt.box: windows-server-core-1709.json windows-server-core-1709/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-server-core-1709-amd64-libvirt -on-error=abort windows-server-core-1709.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-server-core-1709-amd64-libvirt-packer.log \ + packer build -only=windows-server-core-1709-amd64-libvirt -on-error=abort windows-server-core-1709.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-server-core-1709-amd64 $@ -windows-server-core-1709-amd64-virtualbox.box: windows-server-core-1709.json windows-server-core-1709/autounattend.xml Vagrantfile.template *.ps1 +windows-server-core-1709-amd64-virtualbox.box: windows-server-core-1709.json windows-server-core-1709/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-server-core-1709-amd64-virtualbox -on-error=abort windows-server-core-1709.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-server-core-1709-amd64-virtualbox-packer.log \ + packer build -only=windows-server-core-1709-amd64-virtualbox -on-error=abort windows-server-core-1709.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-server-core-1709-amd64 $@ windows-core-insider-2016-amd64-libvirt.box: windows-core-insider-2016.json windows-core-insider-2016/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-core-insider-2016-amd64-libvirt -on-error=abort windows-core-insider-2016.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-core-insider-2016-amd64-libvirt-packer.log \ + packer build -only=windows-core-insider-2016-amd64-libvirt -on-error=abort windows-core-insider-2016.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-core-insider-2016-amd64 $@ -windows-core-insider-2016-amd64-virtualbox.box: windows-core-insider-2016.json windows-core-insider-2016/autounattend.xml Vagrantfile.template *.ps1 +windows-core-insider-2016-amd64-virtualbox.box: windows-core-insider-2016.json windows-core-insider-2016/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-core-insider-2016-amd64-virtualbox -on-error=abort windows-core-insider-2016.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-core-insider-2016-amd64-virtualbox-packer.log \ + packer build -only=windows-core-insider-2016-amd64-virtualbox -on-error=abort windows-core-insider-2016.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-core-insider-2016-amd64 $@ windows-10-amd64-libvirt.box: windows-10.json windows-10/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-10-amd64-libvirt -on-error=abort windows-10.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-10-amd64-libvirt-packer.log \ + packer build -only=windows-10-amd64-libvirt -on-error=abort windows-10.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-10-amd64 $@ -windows-10-amd64-virtualbox.box: windows-10.json windows-10/autounattend.xml Vagrantfile.template *.ps1 +windows-10-amd64-virtualbox.box: windows-10.json windows-10/autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ - CHECKPOINT_DISABLE=1 packer build -only=windows-10-amd64-virtualbox -on-error=abort windows-10.json + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-10-amd64-virtualbox-packer.log \ + packer build -only=windows-10-amd64-virtualbox -on-error=abort windows-10.json @echo BOX successfully built! @echo to add to local vagrant install do: @echo vagrant box add -f windows-10-amd64 $@ diff --git a/README.md b/README.md index 387515d..b3ba6f0 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,10 @@ choco install -y virtualbox packer packer-provisioner-windows-update vagrant To build the base box based on the [Windows Server 2016 Evaluation](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016) ISO run: ```bash -packer build -only=windows-2016-amd64-virtualbox windows-2016.json # or make build-libvirt +make build-windows-2016-libvirt # or make build-windows-2016-virtualbox ``` -If you want to use your own ISO, run the following instead: +If you want to use your own ISO, you need to manually run the `packer` command, e.g.: ```bash packer build -var iso_url= -var iso_checksum= -only=windows-2016-amd64-virtualbox windows-2016.json @@ -27,13 +27,7 @@ packer build -var iso_url= -var iso_checksum= -onl **NB** if you are having trouble building the base box due to floppy drive removal errors try adding, as a workaround, `"post_shutdown_delay": "30s",` to the `windows-2016.json` file. -**NB** To troubleshoot, before launching `packer`, you can set the following environment variables: - -```bash -export CHECKPOINT_DISABLE=1 -export PACKER_LOG=1 -export PACKER_LOG_PATH=packer.log -``` +**NB** the packer logs are saved inside a `*-packer.log` file (e.g. `windows-2016-amd64-libvirt-packer.log`). You can then add the base box to your local vagrant installation with: @@ -64,7 +58,7 @@ vagrant up --provider=virtualbox # or --provider=libvirt Build the base box for the [vagrant-libvirt provider](https://github.com/vagrant-libvirt/vagrant-libvirt) with: ```bash -make build-libvirt +make build-windows-2016-libvirt ``` If you want to access the UI run: From 64774252ae95d4f9a8252b409cb69825a9070f29 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Thu, 18 Oct 2018 21:12:54 +0100 Subject: [PATCH 16/23] add support for windows 2012-r2 --- Makefile | 18 ++++ README.md | 2 +- provision-powershell.ps1 | 49 +++++++++++ windows-2012-r2.json | 142 +++++++++++++++++++++++++++++++ windows-2012-r2/autounattend.xml | 135 +++++++++++++++++++++++++++++ 5 files changed, 345 insertions(+), 1 deletion(-) create mode 100644 provision-powershell.ps1 create mode 100644 windows-2012-r2.json create mode 100644 windows-2012-r2/autounattend.xml diff --git a/Makefile b/Makefile index 143a886..ee08480 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ help: + @echo for Windows 2012 R2 type make build-windows-2012-r2-libvirt or make build-windows-2012-r2-virtualbox @echo for Windows 2016 type make build-windows-2016-libvirt or make build-windows-2016-virtualbox @echo for Windows 2019 type make build-windows-2019-libvirt or make build-windows-2019-virtualbox @echo for Windows 10 type make build-windows-10-libvirt or make build-windows-10-virtualbox @@ -21,6 +22,22 @@ build-core-insider-virtualbox: windows-core-insider-2016-amd64-virtualbox.box build-windows-10-libvirt: windows-10-amd64-libvirt.box build-windows-10-virtualbox: windows-10-amd64-virtualbox.box +windows-2012-r2-amd64-libvirt.box: windows-2012-r2.json windows-2012-r2/autounattend.xml Vagrantfile.template *.ps1 drivers + rm -f $@ + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2012-r2-amd64-libvirt-packer.log \ + packer build -only=windows-2012-r2-amd64-libvirt -on-error=abort windows-2012-r2.json + @echo BOX successfully built! + @echo to add to local vagrant install do: + @echo vagrant box add -f windows-2012-r2-amd64 $@ + +windows-2012-r2-amd64-virtualbox.box: windows-2012-r2.json windows-2012-r2/autounattend.xml Vagrantfile.template *.ps1 drivers + rm -f $@ + CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2012-r2-amd64-virtualbox-packer.log \ + packer build -only=windows-2012-r2-amd64-virtualbox -on-error=abort windows-2012-r2.json + @echo BOX successfully built! + @echo to add to local vagrant install do: + @echo vagrant box add -f windows-2012-r2-amd64 $@ + windows-2016-amd64-libvirt.box: windows-2016.json autounattend.xml Vagrantfile.template *.ps1 drivers rm -f $@ CHECKPOINT_DISABLE=1 PACKER_LOG=1 PACKER_LOG_PATH=windows-2016-amd64-libvirt-packer.log \ @@ -107,6 +124,7 @@ drivers: @# see https://fedoraproject.org/wiki/Windows_Virtio_Drivers wget -P drivers.tmp https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.160-1/virtio-win-0.1.160.iso 7z x -odrivers.tmp drivers.tmp/virtio-win-*.iso + 7z a drivers.tmp/virtio-2012-r2.zip drivers.tmp/Balloon/2k12R2/amd64 drivers.tmp/vioserial/2k12R2/amd64 7z a drivers.tmp/virtio-10.zip drivers.tmp/Balloon/w10/amd64 7z a drivers.tmp/virtio-2016.zip drivers.tmp/Balloon/2k16/amd64 7z a drivers.tmp/virtio-2019.zip drivers.tmp/Balloon/2k16/amd64 diff --git a/README.md b/README.md index b3ba6f0..9501b8d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -This builds a Windows Server 2016 base Vagrant box using [Packer](https://www.packer.io/). +This builds Windows 2012R2/10/2016/2019 base Vagrant boxes using [Packer](https://www.packer.io/). # Usage diff --git a/provision-powershell.ps1 b/provision-powershell.ps1 new file mode 100644 index 0000000..fb564b8 --- /dev/null +++ b/provision-powershell.ps1 @@ -0,0 +1,49 @@ +Set-StrictMode -Version Latest +$ProgressPreference = 'SilentlyContinue' +$ErrorActionPreference = 'Stop' +trap { + Write-Host + Write-Host "ERROR: $_" + Write-Host (($_.ScriptStackTrace -split '\r?\n') -replace '^(.*)$','ERROR: $1') + Write-Host (($_.Exception.ToString() -split '\r?\n') -replace '^(.*)$','ERROR EXCEPTION: $1') + Write-Host + Write-Host 'Sleeping for 60m to give you time to look around the virtual machine before self-destruction...' + Start-Sleep -Seconds (60*60) + Exit 1 +} + + +# +# enable TLS 1.1 and 1.2. + +[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol ` + -bor [Net.SecurityProtocolType]::Tls11 ` + -bor [Net.SecurityProtocolType]::Tls12 + + +# +# download PowerShell / Windows Management Framework 5.1. + +$artifactUrl = 'https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1AndW2K12R2-KB3191564-x64.msu' +$artifactChecksum = 'a8d788fa31b02a999cc676fb546fc782e86c2a0acd837976122a1891ceee42c0' +$artifactPath = "$env:TEMP\$(Split-Path -Leaf $artifactUrl)" +(New-Object System.Net.WebClient).DownloadFile($artifactUrl, $artifactPath) +$actualChecksum = (Get-FileHash $artifactPath -Algorithm SHA256).Hash +if ($actualChecksum -ne $artifactChecksum) { + throw "$(Split-Path -Leaf $artifactUrl) downloaded from $artifactUrl to $artifactPath has $actualChecksum checksum that does not match the expected $artifactChecksum" +} + + +# +# install PowerShell. +# NB we must extract the package and manually install it because wusa.exe +# returns 5 (access denied) when its run from WinRM. +# see https://support.microsoft.com/en-us/kb/2773898 + +wusa.exe $artifactPath "/extract:$artifactPath-tmp" | Out-String -Stream +dism.exe /Online /Quiet /NoRestart /Add-Package "/PackagePath:$(Resolve-Path "$artifactPath-tmp\*KB*.cab")" +if ($LASTEXITCODE -ne 3010) { + throw "Failed to install PowerShell with Exit Code $LASTEXITCODE" +} +cmd.exe /c 'exit 0' # indirectly set $LASTEXITCODE 0 to prevent packer from aborting with $LASTEXITCODE 3010. +Remove-Item -Recurse -Force @($artifactPath, "$artifactPath-tmp") diff --git a/windows-2012-r2.json b/windows-2012-r2.json new file mode 100644 index 0000000..125dff2 --- /dev/null +++ b/windows-2012-r2.json @@ -0,0 +1,142 @@ +{ + "variables": { + "disk_size": "61440", + "iso_url": "http://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO", + "iso_checksum": "6612b5b1f53e845aacdf96e974bb119a3d9b4dcb5b82e65804ab7e534dc7b4d5", + "iso_checksum_type": "sha256" + }, + "builders": [ + { + "name": "windows-2012-r2-amd64-libvirt", + "type": "qemu", + "accelerator": "kvm", + "qemuargs": [ + ["-m", "2048"], + ["-cpu", "host"], + ["-smp", "2"], + ["-soundhw", "hda"], + ["-usbdevice", "tablet"], + ["-device", "virtio-net,netdev=user.0"], + ["-vga", "qxl"], + ["-device", "virtio-serial-pci"], + ["-chardev", "socket,path=/tmp/{{.Name}}-qga.sock,server,nowait,id=qga0"], + ["-device", "virtserialport,chardev=qga0,name=org.qemu.guest_agent.0"], + ["-chardev", "spicevmc,id=spicechannel0,name=vdagent"], + ["-device", "virtserialport,chardev=spicechannel0,name=com.redhat.spice.0"], + ["-spice", "unix,addr=/tmp/{{.Name}}-spice.socket,disable-ticketing"] + ], + "headless": true, + "format": "qcow2", + "disk_size": "{{user `disk_size`}}", + "disk_interface": "virtio", + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + "communicator": "winrm", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "4h", + "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", + "http_directory": ".", + "floppy_files": [ + "windows-2012-r2/autounattend.xml", + "winrm.ps1", + "drivers/viostor/2k12R2/amd64/*.cat", + "drivers/viostor/2k12R2/amd64/*.inf", + "drivers/viostor/2k12R2/amd64/*.sys", + "drivers/NetKVM/2k12R2/amd64/*.cat", + "drivers/NetKVM/2k12R2/amd64/*.inf", + "drivers/NetKVM/2k12R2/amd64/*.sys", + "drivers/qxldod/2k12R2/amd64/*.cat", + "drivers/qxldod/2k12R2/amd64/*.inf", + "drivers/qxldod/2k12R2/amd64/*.sys" + ] + }, + { + "name": "windows-2012-r2-amd64-virtualbox", + "type": "virtualbox-iso", + "guest_os_type": "Windows81_64", + "guest_additions_mode": "attach", + "headless": true, + "vboxmanage": [ + ["modifyvm", "{{.Name}}", "--memory", "2048"], + ["modifyvm", "{{.Name}}", "--cpus", "2"], + ["modifyvm", "{{.Name}}", "--vram", "64"], + ["modifyvm", "{{.Name}}", "--audio", "none"], + ["modifyvm", "{{.Name}}", "--nictype1", "82540EM"], + ["modifyvm", "{{.Name}}", "--nictype2", "82540EM"], + ["modifyvm", "{{.Name}}", "--nictype3", "82540EM"], + ["modifyvm", "{{.Name}}", "--nictype4", "82540EM"] + ], + "disk_size": "{{user `disk_size`}}", + "hard_drive_interface": "sata", + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + "communicator": "winrm", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "4h", + "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", + "floppy_files": [ + "windows-2012-r2/autounattend.xml", + "winrm.ps1" + ] + } + ], + "provisioners": [ + { + "type": "powershell", + "script": "disable-windows-updates.ps1" + }, + { + "type": "powershell", + "inline": "Uninstall-WindowsFeature FS-SMB1" + }, + { + "type": "powershell", + "script": "virtualbox-prevent-vboxsrv-resolution-delay.ps1" + }, + { + "type": "powershell", + "script": "provision-powershell.ps1" + }, + { + "type": "windows-restart" + }, + { + "type": "file", + "source": "drivers/virtio-2012-r2.zip", + "destination": "C:/Windows/Temp/virtio/virtio.zip" + }, + { + "type": "powershell", + "script": "provision.ps1" + }, + { + "type": "windows-update" + }, + { + "type": "powershell", + "script": "provision-openssh.ps1" + }, + { + "type": "windows-restart" + }, + { + "type": "powershell", + "script": "eject-media.ps1" + }, + { + "type": "powershell", + "script": "optimize.ps1" + } + ], + "post-processors": [ + { + "type": "vagrant", + "output": "{{.BuildName}}.box", + "vagrantfile_template": "Vagrantfile.template" + } + ] +} diff --git a/windows-2012-r2/autounattend.xml b/windows-2012-r2/autounattend.xml new file mode 100644 index 0000000..6264a45 --- /dev/null +++ b/windows-2012-r2/autounattend.xml @@ -0,0 +1,135 @@ + + + + + + + A:\ + + + + + + + + + 1 + Primary + true + + + + + 1 + true + NTFS + + C + 1 + + + 0 + true + + + + + + 0 + 1 + + + + /IMAGE/NAME + Windows Server 2012 R2 SERVERSTANDARD + + + + + + + OnError + + true + Vagrant + Vagrant + + + + + en-US + + en-US + en-US + en-US + en-US + en-US + + + + + + true + true + true + true + true + 1 + + UTC + + + dgBhAGcAcgBhAG4AdABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAFAAYQBzAHMAdwBvAHIAZAA= + false</PlainText> + </AdministratorPassword> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Password> + <Value>dgBhAGcAcgBhAG4AdABQAGEAcwBzAHcAbwByAGQA</Value> + <PlainText>false</PlainText> + </Password> + <Description>Vagrant</Description> + <DisplayName>Vagrant</DisplayName> + <Group>Administrators</Group> + <Name>vagrant</Name> + </LocalAccount> + </LocalAccounts> + </UserAccounts> + <AutoLogon> + <Password> + <Value>dgBhAGcAcgBhAG4AdABQAGEAcwBzAHcAbwByAGQA</Value> + <PlainText>false</PlainText> + </Password> + <Enabled>true</Enabled> + <Username>vagrant</Username> + </AutoLogon> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>PowerShell "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Change the default PowerShell Execution Policy from Restricted to RemoteSigned</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>C:\Windows\SysWOW64\cmd /c PowerShell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Change the default PowerShell (32-bit) Execution Policy from Restricted to RemoteSigned</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>PowerShell -File a:\winrm.ps1</CommandLine> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <cpi:offlineImage cpi:source="wim:c:/wim/windows-2012-r2/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> +</unattend> From e3351251f3d24cf76239b95dbd1f56fe1e81d016 Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Thu, 18 Oct 2018 21:16:46 +0100 Subject: [PATCH 17/23] fix the qemu cpu driver --- libvirt-fix-cpu-driver.ps1 | 135 +++++++++++++++++++++++++++++++++++++ windows-10.json | 4 ++ windows-2016.json | 4 ++ 3 files changed, 143 insertions(+) create mode 100644 libvirt-fix-cpu-driver.ps1 diff --git a/libvirt-fix-cpu-driver.ps1 b/libvirt-fix-cpu-driver.ps1 new file mode 100644 index 0000000..97d1cd5 --- /dev/null +++ b/libvirt-fix-cpu-driver.ps1 @@ -0,0 +1,135 @@ +param( + [switch]$RunningAsScheduledTask = $false +) + +# this is a fix for https://bugzilla.redhat.com/show_bug.cgi?id=1377155#c12 + +Set-StrictMode -Version Latest +$ProgressPreference = 'SilentlyContinue' +$ErrorActionPreference = 'Stop' +trap { + Write-Host + Write-Host "ERROR: $_" + Write-Host (($_.ScriptStackTrace -split '\r?\n') -replace '^(.*)$','ERROR: $1') + Write-Host (($_.Exception.ToString() -split '\r?\n') -replace '^(.*)$','ERROR EXCEPTION: $1') + Exit 1 +} + +# NB this fix only applies to qemu. +if ('SeaBIOS' -ne (Get-WmiObject WIN32_BIOS -Property Manufacturer).Manufacturer) { + Exit 0 +} + + +# +# enable TLS 1.1 and 1.2. + +[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol ` + -bor [Net.SecurityProtocolType]::Tls11 ` + -bor [Net.SecurityProtocolType]::Tls12 + +$taskName = 'libvirt-fix-cpu-driver' +$transcriptPath = "C:\tmp\$taskName.log" +$devConPath = 'C:\tmp\devcon.exe' + +function Get-Devices($filter='*') { + # example devcon output: + # + # SWD\PRINTENUM\{385C45DF-7B30-4EB4-886E-7EFDD3817A40} + # Name: Microsoft Print to PDF + # Driver is running. + # {6FDE7547-1B65-48AE-B628-80BE62016026}\VIOSERIALPORT\4&176259CF&0&01 + # Name: vport0p1 + # Driver is running. + # 55 matching device(s) found. + $devices = @() + &$devConPath status $filter | ForEach-Object {$device=$null} { + # detect the start of a new device block. + if ($_ -match '^[^\d][^\\]+\\.+') { + $device = New-Object PSObject -Property @{ + Id = $_ + Name = '' + State = '' + } + $devices += $device + return + } + # detect the driver name field. + if ($_ -match '^\s+Name: (.+)') { + $device.Name = $matches[1].Trim() + return + } + # detect the driver state field. + if ($_ -match '^\s+.+') { + $device.State = $_.Trim() + return + } + } + return $devices +} + +function Get-HidButtonDevice { + Get-Devices 'ACPI\ACPI0010*' | Where-Object {$_.Name -eq 'HID Button over Interrupt Driver'} +} + +if ($RunningAsScheduledTask) { + Start-Transcript $transcriptPath + $device = Get-HidButtonDevice + if ($device) { + Write-Output "Removing the $($device.Name) ($($device.Id)) device..." + &$devConPath remove "@$($device.Id)" + # NB touching these registry keys requires us to be running as SYSTEM. + Remove-Item (Resolve-Path HKLM:\SYSTEM\DriverDataBase\DriverPackages\hidinterrupt.inf_amd64_*\Descriptors\ACPI\ACPI0010) + Remove-ItemProperty -Path HKLM:\SYSTEM\DriverDatabase\DeviceIds\ACPI\ACPI0010 -Name hidinterrupt.inf + Write-Output 'Rescanning the devices...' + &$devConPath rescan + } +} else { + if (!(Test-Path $devConPath)) { + $archiveUrl = 'https://github.com/rgl/devcon/releases/download/20181014/devcon.zip' + $archiveHash = '64b3380743722c7e72efbd63d35dd5fe4427ee852462299aa334437f244d7ea3' + $archiveName = Split-Path -Leaf $archiveUrl + $archivePath = "$env:TEMP\$archiveName" + Write-Host "Downloading $archiveName..." + (New-Object Net.WebClient).DownloadFile($archiveUrl, $archivePath) + $archiveActualHash = (Get-FileHash $archivePath -Algorithm SHA256).Hash + if ($archiveHash -ne $archiveActualHash) { + throw "$archiveName downloaded from $archiveUrl to $archivePath has $archiveActualHash hash witch does not match the expected $archiveHash" + } + Write-Host "Extracting $archiveName..." + Expand-Archive $archivePath (Split-Path -Parent $devConPath) + } + + if (Get-HidButtonDevice) { + Write-Output 'Registering Scheduled Task...' + $action = New-ScheduledTaskAction ` + -Execute 'PowerShell.exe' ` + -Argument "-NoProfile -ExecutionPolicy Bypass $PSCommandPath -RunningAsScheduledTask" + Register-ScheduledTask ` + -TaskName $taskName ` + -Action $action ` + -User 'SYSTEM' ` + | Out-Null + Start-ScheduledTask ` + -TaskName $taskName + + Write-Output 'Waiting for the Scheduled Task to complete...' + while ((Get-ScheduledTask -TaskName $taskName).State -ne 'Ready') { + Start-Sleep -Seconds 1 + } + $taskInfo = Get-ScheduledTaskInfo -TaskName $taskName + $taskResult = $taskInfo.LastTaskResult + + Write-Output 'Unregistering Scheduled Task...' + Unregister-ScheduledTask ` + -TaskName $taskName ` + -Confirm:$false + + Write-Output 'Scheduled Task output:' + Get-Content -ErrorAction SilentlyContinue $transcriptPath + Write-Output "Scheduled Task result: $taskResult" + Remove-Item $transcriptPath + } + + Remove-Item $devConPath +} diff --git a/windows-10.json b/windows-10.json index 79e3a91..2ffa173 100644 --- a/windows-10.json +++ b/windows-10.json @@ -107,6 +107,10 @@ { "type": "windows-restart" }, + { + "type": "powershell", + "script": "libvirt-fix-cpu-driver.ps1" + }, { "type": "file", "source": "drivers/virtio-10.zip", diff --git a/windows-2016.json b/windows-2016.json index 9a5176d..b924e98 100644 --- a/windows-2016.json +++ b/windows-2016.json @@ -107,6 +107,10 @@ { "type": "windows-restart" }, + { + "type": "powershell", + "script": "libvirt-fix-cpu-driver.ps1" + }, { "type": "file", "source": "drivers/virtio-2016.zip", From 29ad3107354fcea980b53edcb6b3d96dcb5a398b Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Thu, 18 Oct 2018 21:17:15 +0100 Subject: [PATCH 18/23] increase the windows 10 memory --- windows-10.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-10.json b/windows-10.json index 2ffa173..eb32f46 100644 --- a/windows-10.json +++ b/windows-10.json @@ -11,7 +11,7 @@ "type": "qemu", "accelerator": "kvm", "qemuargs": [ - ["-m", "2048"], + ["-m", "4096"], ["-cpu", "host"], ["-smp", "2"], ["-soundhw", "hda"], @@ -62,7 +62,7 @@ "guest_additions_mode": "attach", "headless": true, "vboxmanage": [ - ["modifyvm", "{{.Name}}", "--memory", "2048"], + ["modifyvm", "{{.Name}}", "--memory", "4096"], ["modifyvm", "{{.Name}}", "--cpus", "2"], ["modifyvm", "{{.Name}}", "--vram", "64"], ["modifyvm", "{{.Name}}", "--audio", "none"], From 11c6f243b076e9a45da74ee355d3b85b936909dd Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Thu, 18 Oct 2018 21:17:48 +0100 Subject: [PATCH 19/23] increase the packer winrm timeout --- windows-10.json | 4 ++-- windows-2016.json | 4 ++-- windows-2019.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows-10.json b/windows-10.json index eb32f46..8bf8955 100644 --- a/windows-10.json +++ b/windows-10.json @@ -35,7 +35,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "http_directory": ".", "floppy_files": [ @@ -79,7 +79,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "floppy_files": [ "windows-10/autounattend.xml", diff --git a/windows-2016.json b/windows-2016.json index b924e98..e2693d7 100644 --- a/windows-2016.json +++ b/windows-2016.json @@ -35,7 +35,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "http_directory": ".", "floppy_files": [ @@ -79,7 +79,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "floppy_files": [ "autounattend.xml", diff --git a/windows-2019.json b/windows-2019.json index 9f153d2..fd8ad06 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -35,7 +35,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "http_directory": ".", "floppy_files": [ @@ -79,7 +79,7 @@ "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", - "winrm_timeout": "2h", + "winrm_timeout": "4h", "shutdown_command": "shutdown /s /t 0 /f /d p:4:1 /c \"Packer Shutdown\"", "floppy_files": [ "windows-2019/autounattend.xml", From 3071329dec4ae3860edea0d6dbd310c9eed3e813 Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Thu, 18 Oct 2018 21:18:23 +0100 Subject: [PATCH 20/23] install the recommend windows updates --- windows-10.json | 7 +------ windows-2016.json | 7 +------ windows-2019.json | 7 +------ 3 files changed, 3 insertions(+), 18 deletions(-) diff --git a/windows-10.json b/windows-10.json index 8bf8955..97cce5e 100644 --- a/windows-10.json +++ b/windows-10.json @@ -121,12 +121,7 @@ "script": "provision.ps1" }, { - "type": "windows-update", - "filters": [ - "exclude:$_.Title -like '*Preview*'", - "include:$_.Title -like '*Cumulative Update for Windows*'", - "include:$_.AutoSelectOnWebSites" - ] + "type": "windows-update" }, { "type": "powershell", diff --git a/windows-2016.json b/windows-2016.json index e2693d7..782de59 100644 --- a/windows-2016.json +++ b/windows-2016.json @@ -121,12 +121,7 @@ "script": "provision.ps1" }, { - "type": "windows-update", - "filters": [ - "exclude:$_.Title -like '*Preview*'", - "include:$_.Title -like '*Cumulative Update for Windows*'", - "include:$_.AutoSelectOnWebSites" - ] + "type": "windows-update" }, { "type": "powershell", diff --git a/windows-2019.json b/windows-2019.json index fd8ad06..dd31ec1 100644 --- a/windows-2019.json +++ b/windows-2019.json @@ -113,12 +113,7 @@ "script": "provision.ps1" }, { - "type": "windows-update", - "filters": [ - "exclude:$_.Title -like '*Preview*'", - "include:$_.Title -like '*Cumulative Update for Windows*'", - "include:$_.AutoSelectOnWebSites" - ] + "type": "windows-update" }, { "type": "powershell", From e61725f6938cf040f2fbf143863f65ad288656d6 Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Thu, 18 Oct 2018 21:19:23 +0100 Subject: [PATCH 21/23] remove temporary files --- optimize.ps1 | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/optimize.ps1 b/optimize.ps1 index 8a9f855..e136501 100644 --- a/optimize.ps1 +++ b/optimize.ps1 @@ -83,13 +83,39 @@ function Test-IsMaintenanceTask([xml]$definition) { # see MaintenanceSettings (maintenanceSettingsType) Element at https://msdn.microsoft.com/en-us/library/windows/desktop/hh832151(v=vs.85).aspx $ns = New-Object System.Xml.XmlNamespaceManager($definition.NameTable) $ns.AddNamespace('t', $definition.DocumentElement.NamespaceURI) - $definition.SelectSingleNode("/t:Task/t:Settings/t:MaintenanceSettings", $ns) -ne $null + $null -ne $definition.SelectSingleNode("/t:Task/t:Settings/t:MaintenanceSettings", $ns) } Write-Host 'Running Automatic Maintenance...' MSchedExe.exe Start Wait-Condition {@(Get-ScheduledTasks | Where-Object {($_.State -ge 4) -and (Test-IsMaintenanceTask $_.XML)}).Count -eq 0} -DebounceSeconds 60 + +# +# remove temporary files. + +Write-Host 'Stopping services that might interfere with temporary file removal...' +Stop-Service TrustedInstaller # Windows Modules Installer +Stop-Service wuauserv # Windows Update +Stop-Service BITS # Background Intelligent Transfer Service +@( + "$env:LOCALAPPDATA\Temp\*" + "$env:windir\Temp\*" + "$env:windir\Logs\*" + "$env:windir\Panther\*" + "$env:windir\WinSxS\ManifestCache\*" + "$env:windir\SoftwareDistribution\Download" +) | Where-Object {Test-Path $_} | ForEach-Object { + Write-Host "Removing temporary files $_..." + takeown.exe /D Y /R /F $_ | Out-Null + icacls.exe $_ /grant:r Administrators:F /T /C /Q 2>&1 | Out-Null + Remove-Item $_ -Recurse -Force -ErrorAction SilentlyContinue | Out-Null +} + + +# +# cleanup the WinSxS folder. + # NB even thou the automatic maintenance includes a component cleanup task, # it will not clean everything, as such, dism will clean the rest. # NB to analyse the used space use: dism.exe /Online /Cleanup-Image /AnalyzeComponentStore From 3f4206512dae56e0e742d1b695d7753dcce1ae99 Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Sat, 20 Oct 2018 08:53:06 +0100 Subject: [PATCH 22/23] permanently disable Windows Defender --- windows-10.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-10.json b/windows-10.json index 97cce5e..11dec52 100644 --- a/windows-10.json +++ b/windows-10.json @@ -94,7 +94,7 @@ }, { "type": "powershell", - "inline": "Set-MpPreference -DisableRealtimeMonitoring $true" + "inline": "<# disable Windows Defender #> Set-MpPreference -DisableRealtimeMonitoring $true; Set-ItemProperty -Path 'HKLM:/SOFTWARE/Policies/Microsoft/Windows Defender' -Name DisableAntiSpyware -Value 1" }, { "type": "powershell", From 4f1b915f61612ac19fa0f7aacd6d657903a8508e Mon Sep 17 00:00:00 2001 From: Rui Lopes <rgl@ruilopes.com> Date: Sat, 20 Oct 2018 10:07:48 +0100 Subject: [PATCH 23/23] disable OneDrive --- windows-10.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows-10.json b/windows-10.json index 11dec52..e92987e 100644 --- a/windows-10.json +++ b/windows-10.json @@ -96,6 +96,10 @@ "type": "powershell", "inline": "<# disable Windows Defender #> Set-MpPreference -DisableRealtimeMonitoring $true; Set-ItemProperty -Path 'HKLM:/SOFTWARE/Policies/Microsoft/Windows Defender' -Name DisableAntiSpyware -Value 1" }, + { + "type": "powershell", + "inline": "<# disable OneDrive #> $k = 'HKLM:/SOFTWARE/Policies/Microsoft/Windows/OneDrive'; mkdir $k | Out-Null; Set-ItemProperty -Path $k -Name DisableFileSyncNGSC -Value 1" + }, { "type": "powershell", "inline": "Disable-WindowsOptionalFeature -FeatureName SMB1Protocol -Online -Remove -NoRestart"