trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Chris Long
2017-12-11 08:49:25 -08:00
commit 1577341ce9
157 changed files with 5271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Executable file
View File

@@ -0,0 +1,4 @@
Vagrant/.vagrant/*
Packer/packer_cache/*
Boxes/*
.DS_Store

2
Boxes/.gitignore vendored Executable file
View File

@@ -0,0 +1,2 @@
*
!.gitignore

249
Packer/answer_files/10/Autounattend.xml Executable file
View File

@@ -0,0 +1,249 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing/>
<settings pass="windowsPE">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Extend>false</Extend>
<Format>NTFS</Format>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>Windows 10</Label>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
<!--
NOTE: If you are re-configuring this for use of a retail key
and using a retail ISO, you need to adjust the <ProductKey> block
below to look like this:
<ProductKey>
<Key>W269N-WFGWX-YVC9B-4J6C9-T83GX</Key>
<WillShowUI>Never</WillShowUI>
</ProductKey>
Notice the addition of the `<Key>` element.
-->
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>NPPR9-FWDCX-D2C8J-H872K-2YT43
<WillShowUI>Never</WillShowUI>
</ProductKey>
</UserData>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows 10 Enterprise Evaluation</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Description>Vagrant User</Description>
<DisplayName>vagrant</DisplayName>
<Group>administrators</Group>
<Name>vagrant</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Username>vagrant</Username>
<Enabled>true</Enabled>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c reg add "HKLM\System\CurrentControlSet\Control\Network\NewNetworkWindowOff"</CommandLine>
<Description>Network prompt</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\fixnetwork.ps1</CommandLine>
<Description>Fix public network</Description>
<Order>4</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine>
<Description>Disable WinRM</Description>
<Order>5</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>6</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>7</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>8</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>9</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>10</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>11</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>12</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "vagrant" /f</CommandLine>
<Order>13</Order>
<Description>Enable AutoLogon</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f</CommandLine>
<Order>14</Order>
<Description>Enable AutoLogon</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine>
<Description>Enable WinRM</Description>
<Order>99</Order>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-screensaver.ps1</CommandLine>
<Description>Disable Screensaver</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<!-- Rename computer here. -->
<ComputerName>vagrant-10</ComputerName>
<TimeZone>Pacific Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows 7 ENTERPRISE.clg"/>
</unattend>

292
Packer/answer_files/2012/Autounattend.xml Executable file
View File

@@ -0,0 +1,292 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing/>
<settings pass="windowsPE">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Extend>false</Extend>
<Format>NTFS</Format>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
<Label>Windows 2012</Label>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
<WillShowUI>OnError</WillShowUI>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant Administrator</FullName>
<Organization>Vagrant Inc.</Organization>
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>XC9B7-NBPP2-83J2H-RHMBY-92BT4</Key>-->
<WillShowUI>Never</WillShowUI>
</ProductKey>
</UserData>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows Server 2012 SERVERSTANDARD</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="oobeSystem">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Description>Vagrant User</Description>
<DisplayName>vagrant</DisplayName>
<Group>administrators</Group>
<Name>vagrant</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<SkipUserOOBE>true</SkipUserOOBE>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
</OOBE>
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Username>vagrant</Username>
<Enabled>true</Enabled>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine>
<Description>winrm quickconfig -q</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine>
<Description>winrm quickconfig -transport:http</Description>
<Order>4</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine>
<Description>Win RM MaxTimoutms</Description>
<Order>5</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine>
<Description>Win RM MaxMemoryPerShellMB</Description>
<Order>6</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine>
<Description>Win RM AllowUnencrypted</Description>
<Order>7</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine>
<Description>Win RM auth Basic</Description>
<Order>8</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine>
<Description>Win RM client auth Basic</Description>
<Order>9</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine>
<Description>Win RM listener Address/Port</Description>
<Order>10</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine>
<Description>Win RM adv firewall enable</Description>
<Order>11</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine>
<Description>Win RM port open</Description>
<Order>12</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net stop winrm </CommandLine>
<Description>Stop Win RM Service </Description>
<Order>13</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine>
<Description>Win RM Autostart</Description>
<Order>14</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net start winrm</CommandLine>
<Description>Start Win RM Service</Description>
<Order>15</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>16</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>17</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>18</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>19</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>20</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>21</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>22</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine>
<Description>Install OpenSSH</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
-->
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<!-- Rename computer here. -->
<ComputerName>vagrant-2012</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<!-- Disable IE ESC. -->
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows server 2008 r2 serverdatacenter.clg"/>
</unattend>

242
Packer/answer_files/2012_r2/Autounattend.xml Executable file
View File

@@ -0,0 +1,242 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2012 R2</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME </Key>
<Value>Windows Server 2012 R2 SERVERSTANDARD</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>-->
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<ComputerName>vagrant-2012-r2</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
<RegisteredOwner />
</component>
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Description>Set Execution Policy 64 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Set Execution Policy 32 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Description>Disable WinRM</Description>
<Path>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>vagrant</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine>
<Description>Disable WinRM</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>4</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>5</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>6</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>7</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>8</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>9</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>10</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine>
<Description>Enable WinRM</Description>
<Order>99</Order>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOwner />
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

242
Packer/answer_files/2012_r2_core/Autounattend.xml Executable file
View File

@@ -0,0 +1,242 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>de-DE</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2012 R2</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME </Key>
<Value>Windows Server 2012 R2 SERVERSTANDARDCORE</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>-->
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<ComputerName>vagrant-2012-r2</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Description>Set Execution Policy 64 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Set Execution Policy 32 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Description>Disable WinRM</Description>
<Path>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>vagrant</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine>
<Description>Disable WinRM</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>4</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>5</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>6</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>7</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>8</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>9</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>10</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine>
<Description>Enable WinRM</Description>
<Order>99</Order>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOwner />
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

296
Packer/answer_files/2012_r2_hyperv/Autounattend.xml Executable file
View File

@@ -0,0 +1,296 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2012 R2</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME </Key>
<Value>Windows Server 2012 R2 SERVERHYPERCORE</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>-->
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<ComputerName>vagrant-2012-r2</ComputerName>
<TimeZone>Pacific Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<settings pass="oobeSystem">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>vagrant</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine>
<Description>winrm quickconfig -q</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine>
<Description>winrm quickconfig -transport:http</Description>
<Order>4</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine>
<Description>Win RM MaxTimoutms</Description>
<Order>5</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine>
<Description>Win RM MaxMemoryPerShellMB</Description>
<Order>6</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine>
<Description>Win RM AllowUnencrypted</Description>
<Order>7</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine>
<Description>Win RM auth Basic</Description>
<Order>8</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine>
<Description>Win RM client auth Basic</Description>
<Order>9</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine>
<Description>Win RM listener Address/Port</Description>
<Order>10</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine>
<Description>Win RM adv firewall enable</Description>
<Order>11</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine>
<Description>Win RM port open</Description>
<Order>12</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net stop winrm </CommandLine>
<Description>Stop Win RM Service </Description>
<Order>13</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine>
<Description>Win RM Autostart</Description>
<Order>14</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net start winrm</CommandLine>
<Description>Start Win RM Service</Description>
<Order>15</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>16</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>17</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>18</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>19</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>20</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>21</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>22</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine>
<Description>Install OpenSSH</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOwner/>
</component>
</settings>
<settings pass="offlineServicing">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD"/>
</unattend>

248
Packer/answer_files/2016/Autounattend.xml Executable file
View File

@@ -0,0 +1,248 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2016</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME </Key>
<Value>Windows Server 2016 SERVERSTANDARD</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<!-- Product Key from https://www.microsoft.com/de-de/evalcenter/evaluate-windows-server-technical-preview?i=1 -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!-- <Key>6XBNX-4JQGW-QX6QG-74P76-72V67</Key> -->
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<ComputerName>vagrant-2016</ComputerName>
<TimeZone>Pacific Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Description>Set Execution Policy 64 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Set Execution Policy 32 Bit</Description>
<Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Description>Disable WinRM</Description>
<Path>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>vagrant</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine>
<Description>Disable WinRM</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>4</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>5</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>6</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>7</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>8</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>9</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>10</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine>
<Description>Enable WinRM</Description>
<Order>99</Order>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-screensaver.ps1</CommandLine>
<Description>Disable Screensaver</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOwner />
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

49
Packer/answer_files/2016/Autounattend_sysprep.xml Executable file
View File

@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>0</SkipRearm>
</component>
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
<DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<ProtectYourPC>1</ProtectYourPC>
<NetworkLocation>Home</NetworkLocation>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
</OOBE>
<TimeZone>UTC</TimeZone>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
</component>
</settings>
<settings pass="specialize">
</settings>
</unattend>

229
Packer/answer_files/2016_core/Autounattend.xml Executable file
View File

@@ -0,0 +1,229 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2016</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME </Key>
<Value>Windows Server 2016 SERVERSTANDARDCORE</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx -->
<ProductKey>
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>-->
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Vagrant</Organization>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OEMInformation>
<HelpCustomized>false</HelpCustomized>
</OEMInformation>
<ComputerName>vagrant-2016</ComputerName>
<TimeZone>Pacific Standard Time</TimeZone>
<RegisteredOwner/>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<settings pass="oobeSystem">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>vagrant</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine>
<Description>Disable WinRM</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine>
<Order>4</Order>
<Description>Show file extensions in Explorer</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine>
<Order>5</Order>
<Description>Enable QuickEdit mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine>
<Order>6</Order>
<Description>Show Run command in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine>
<Order>7</Order>
<Description>Show Administrative Tools in Start Menu</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine>
<Order>8</Order>
<Description>Zero Hibernation File</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine>
<Order>9</Order>
<Description>Disable Hibernation Mode</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>10</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<!--
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine>
<Description>Enable WinRM</Description>
<Order>99</Order>
</SynchronousCommand>
-->
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine>
<Order>98</Order>
<Description>Enable Microsoft Updates</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-screensaver.ps1</CommandLine>
<Description>Disable Screensaver</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
<Description>Install Windows Updates</Description>
<Order>100</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITH WINDOWS UPDATES -->
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Group>administrators</Group>
<DisplayName>Vagrant</DisplayName>
<Name>vagrant</Name>
<Description>Vagrant User</Description>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOwner/>
</component>
</settings>
<settings pass="offlineServicing">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim:c:/wim/install.wim#Windows Server 2016 SERVERSTANDARD"/>
</unattend>

BIN
Packer/floppy/PinTo10.exe Normal file
View File

Binary file not shown.

38
Packer/floppy/ReadMe.txt Executable file
View File

@@ -0,0 +1,38 @@
: Release v1.2 - Stuart Pearson 16th Nov 2015
:
: Command line tool to pin and unpin exe / lnk files to the Windows 10 taskbar and start menu.
:
: PinTo10 is a command line tool to pin and unpin .exe or .lnk files to or from the Windows 10 taskbar and start menu.
: With it you can pin or unpin up to 10 different shortcuts to either the taskbar or start menu in one run of the command.
: It replaces functionality that Microsoft have removed from their Windows 10 scripting interface.
:
: The exe needs to be run with at least one pair of switches specified for each function to Pin / Unpin to Taskbar / Start Menu...
:
: To pin an application or shortcut to the taskbar (replace XX with 01-10)...
: /PTFOLXX: Followed by the folder containing the file you want to pin.
: /PTFILEXX: Followed by the name of the file you want to pin.
:
: To unpin an application or shortcut to the taskbar (replace XX with 01-10)...
: /UTFOLXX: Followed by the folder containing the file you want to unpin.
: /UTFILEXX: Followed by the name of the file you want to unpin.
: To pin an application or shortcut to the start menu (replace XX with 01-10)...
: /PSFOLXX: Followed by the folder containing the file you want to pin.
: /PSFILEXX: Followed by the name of the file you want to pin.
: To unpin an application or shortcut to the start menu (replace XX with 01-10)...
: /USFOLXX: Followed by the folder containing the file you want to unpin.
: /USFILEXX: Followed by the name of the file you want to unpin.
: Example for pinning two shortcuts to the taskbar...
PinTo10.exe /PTFOL01:'%USERPROFILE:%\Desktop' /PTFILE01:'Word 2016.lnk' /PTFOL02:'%USERPROFILE:%\Desktop' /PTFILE02:'Excel 2016.lnk'
: Example for unpinning a file to the taskbar...
PinTo10.exe /UTFOL01:'C\Windows' /UTFILE01:'notepad.exe'
: Example for pinning a file to the start menu...
PinTo10.exe /PSFOL01:'C\Windows' /PSFILE01:'notepad.exe'
: Example for unpinning a file from the start menu...
PinTo10.exe /USFOL01:'%USERPROFILE:%\Desktop' /USFILE01:'Word 2016.lnk'

BIN
Packer/floppy/WindowsPowershell.lnk Normal file
View File

Binary file not shown.

3
Packer/scripts/.gitignore vendored Executable file
View File

@@ -0,0 +1,3 @@
*.exe
*.msi
*.msu

21
Packer/scripts/MakeWindows10GreatAgain.ps1 Normal file
View File

@@ -0,0 +1,21 @@
# Import the registry keys
Write-Host "Making Windows 10 Great again"
Write-Host "Importing registry keys..."
regedit /s a:\MakeWindows10GreatAgain.reg
# Install Powershell Help items
Write-Host "Updating Powershell Help Library..."
Update-Help
# Remove OneDrive from the System
Write-Host "Removing OneDrive..."
$onedrive = Get-Process onedrive -ErrorAction SilentlyContinue
if ($onedrive) {
taskkill /f /im OneDrive.exe
}
c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
# Disable SMBv1
Write-Host "Disabling SMBv1"
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false

45
Packer/scripts/MakeWindows10GreatAgain.reg Normal file
View File

@@ -0,0 +1,45 @@
Windows Registry Editor Version 5.00
# Disable Cortana (Windows search still remains)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
"AllowCortana"=dword:00000000
# Disable Notification Center
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer]
"DisableNotificationCenter"=dword:00000001
# Don't reboot when users are logged in for Windows updates
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
# Disable Microsoft.com accounts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"NoConnectedUser"=dword:00000003
# Show all file extensions
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000
# Set explorer to open to "This PC" for new windows
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"LaunchTo"=dword:00000001
# Show hidden files (not including OS files)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
# Show "This PC" on Desktop
# Created by: Shawn Brink
# http://www.tenforums.com
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
# Enable Developer Mode (prerequisite for Linux subsystem)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock]
"AllowDevelopmentWithoutDevLicense"=dword:00000001

6
Packer/scripts/chef.bat Executable file
View File

@@ -0,0 +1,6 @@
if not exist "C:\Windows\Temp\chef.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.getchef.com/chef/install.msi', 'C:\Windows\Temp\chef.msi')" <NUL
)
msiexec /qb /i C:\Windows\Temp\chef.msi
powershell -Command "Start-Sleep 1" <NUL

1
Packer/scripts/chocolatey.bat Executable file
View File

@@ -0,0 +1 @@
powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" <NUL

6
Packer/scripts/chocopacks.bat Executable file
View File

@@ -0,0 +1,6 @@
:: Ensure C:\Chocolatey\bin is on the path
set /p PATH=<C:\Windows\Temp\PATH
:: Install all the things; for example:
cmd /c choco install 7zip
cmd /c choco install notepadplusplus

39
Packer/scripts/compact.bat Executable file
View File

@@ -0,0 +1,39 @@
if "%PACKER_BUILDER_TYPE:~0,6%"=="hyperv" (
echo "Skip compact steps in Hyper-V build."
goto :eof
)
if not exist "C:\Windows\Temp\7z920-x64.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
)
msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
if not exist "C:\Windows\Temp\ultradefrag.zip" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://downloads.sourceforge.net/project/ultradefrag/stable-release/6.1.0/ultradefrag-portable-6.1.0.bin.amd64.zip', 'C:\Windows\Temp\ultradefrag.zip')" <NUL
)
if not exist "C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe" (
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\ultradefrag.zip -oC:\Windows\Temp"
)
if not exist "C:\Windows\Temp\SDelete.zip" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.sysinternals.com/files/SDelete.zip', 'C:\Windows\Temp\SDelete.zip')" <NUL
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://vagrantboxes.blob.core.windows.net/box/sdelete/v1.6.1/sdelete.exe', 'C:\Windows\Temp\sdelete.exe')" <NUL
)
if not exist "C:\Windows\Temp\sdelete.exe" (
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\SDelete.zip -oC:\Windows\Temp"
)
msiexec /qb /x C:\Windows\Temp\7z920-x64.msi
net stop wuauserv
rmdir /S /Q C:\Windows\SoftwareDistribution\Download
mkdir C:\Windows\SoftwareDistribution\Download
net start wuauserv
if "%PACKER_BUILDER_TYPE%" neq "hyperv-iso" (
cmd /c C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe --optimize --repeat C:
cmd /c %SystemRoot%\System32\reg.exe ADD HKCU\Software\Sysinternals\SDelete /v EulaAccepted /t REG_DWORD /d 1 /f
cmd /c C:\Windows\Temp\sdelete.exe -q -z C:
)

15
Packer/scripts/compile-dotnet-assemblies.bat Executable file
View File

@@ -0,0 +1,15 @@
::http://support.microsoft.com/kb/2570538
::http://robrelyea.wordpress.com/2007/07/13/may-be-helpful-ngen-exe-executequeueditems/
if "%PROCESSOR_ARCHITECTURE%"=="AMD64" goto 64BIT
%windir%\microsoft.net\framework\v4.0.30319\ngen.exe update /force /queue
%windir%\microsoft.net\framework\v4.0.30319\ngen.exe executequeueditems
exit /b
:64BIT
%windir%\microsoft.net\framework\v4.0.30319\ngen.exe update /force /queue
%windir%\microsoft.net\framework64\v4.0.30319\ngen.exe update /force /queue
%windir%\microsoft.net\framework\v4.0.30319\ngen.exe executequeueditems
%windir%\microsoft.net\framework64\v4.0.30319\ngen.exe executequeueditems

39
Packer/scripts/create-domain.ps1 Executable file
View File

@@ -0,0 +1,39 @@
if ((gwmi win32_computersystem).partofdomain -eq $false) {
Write-Host 'Creating domain controller'
# Disable password complexity policy
secedit /export /cfg C:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
rm -force C:\secpol.cfg -confirm:$false
# Set administrator password
$computerName = $env:COMPUTERNAME
$adminPassword = "vagrant"
$adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
$adminUser.SetPassword($adminPassword)
$PlainPassword = "vagrant" # "P@ssw0rd"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
# Windows Server 2012 R2
Install-WindowsFeature AD-domain-services
Import-Module ADDSDeployment
Install-ADDSForest `
-SafeModeAdministratorPassword $SecurePassword `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012" `
-DomainName "windomain.local" `
-DomainNetbiosName "WINDOMAIN" `
-ForestMode "Win2012" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$true `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
$newDNSServers = "8.8.8.8", "4.4.4.4"
$adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -eq "10.0.2.15"}
$adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
}

27
Packer/scripts/debloat-windows.ps1 Executable file
View File

@@ -0,0 +1,27 @@
if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv")) {
Write-Host Skip debloat steps in Hyper-V build.
} else {
Write-Host Downloading debloat zip
$url="https://github.com/StefanScherer/Debloat-Windows-10/archive/master.zip"
(New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip")
Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force
#Write-Host Disable scheduled tasks
#. $env:TEMP\Debloat-Windows-10-master\utils\disable-scheduled-tasks.ps1
#Write-Host Block telemetry
#. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1
#Write-Host Disable services
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1
Write-host Disable Windows Defender
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1
Uninstall-WindowsFeature Windows-Defender-Features
Write-host Optimize Windows Update
. $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1
#Write-host Disable Windows Update
#Set-Service wuauserv -StartupType Disabled
#Write-Host Remove OneDrive
#. $env:TEMP\Debloat-Windows-10-master\scripts\remove-onedrive.ps1
rm $env:TEMP\debloat.zip
rm -recurse $env:TEMP\Debloat-Windows-10-master
}

19
Packer/scripts/dis-updates.bat Executable file
View File

@@ -0,0 +1,19 @@
rem http://www.windows-commandline.com/disable-automatic-updates-command-line/
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
rem remove optional WSUS server settings
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f
rem even harder, disable windows update service
rem sc config wuauserv start= disabled
rem net stop wuauserv
if exist C:\Windows\Temp\win-updates.log (
echo Show Windows Updates log file C:\Windows\Temp\win-updates.log
dir C:\Windows\Temp\win-updates.log
type C:\Windows\Temp\win-updates.log
rem output of type command is not fully shown in packer/ssh session, so try PowerShell
rem but it will hang if log file is about 22 KByte
rem powershell -command "Get-Content C:\Windows\Temp\win-updates.log"
echo End of Windows Updates log file C:\Windows\Temp\win-updates.log
)

30
Packer/scripts/dis-updates.ps1 Executable file
View File

@@ -0,0 +1,30 @@
<#
.SYNOPSIS
Disables automatic windows updates
.DESCRIPTION
Disables checking for and applying Windows Updates (does not prevent updates from being applied manually or being pushed down)
Run on the machine that updates need disabling on.
.PARAMETER <paramName>
None
.EXAMPLE
./Disable-WindowsUpdates.ps1
#>
$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if ($RunningAsAdmin)
{
$Updates = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings
if ($Updates.ReadOnly -eq $True) { Write-Error "Cannot update Windows Update settings due to GPO restrictions." }
else {
$Updates.NotificationLevel = 1 #Disabled
$Updates.Save()
$Updates.Refresh()
Write-Output "Automatic Windows Updates disabled."
}
}
else
{ Write-Warning "Must be executed in Administrator level shell."
Write-Warning "Script Cancelled!" }

1
Packer/scripts/disable-auto-logon.bat Executable file
View File

@@ -0,0 +1 @@
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 0 /f

4
Packer/scripts/disable-screensaver.ps1 Executable file
View File

@@ -0,0 +1,4 @@
Write-Host "Disabling Screensaver"
Set-ItemProperty "HKCU:\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -Type DWord
& powercfg -x -monitor-timeout-ac 0
& powercfg -x -monitor-timeout-dc 0

2
Packer/scripts/disable-tasks.bat Executable file
View File

@@ -0,0 +1,2 @@
schtasks /End /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE

8
Packer/scripts/disable-winrm.ps1 Executable file
View File

@@ -0,0 +1,8 @@
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
$winrmService = Get-Service -Name WinRM
if ($winrmService.Status -eq "Running"){
Disable-PSRemoting -Force
}
Stop-Service winrm
Set-Service -Name winrm -StartupType Disabled

6
Packer/scripts/docker/10/install-containers-feature.ps1 Executable file
View File

@@ -0,0 +1,6 @@
# https://msdn.microsoft.com/de-de/virtualization/windowscontainers/quick_start/quick_start_windows_10
Write-Host "Install Containers feature"
Enable-WindowsOptionalFeature -Online -FeatureName containers -All -NoRestart
Write-Host "Install Hyper-V feature"
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart
sc.exe config winrm start= delayed-auto

13
Packer/scripts/docker/10/install-docker.ps1 Executable file
View File

@@ -0,0 +1,13 @@
Set-ExecutionPolicy Bypass -scope Process
New-Item -Type Directory -Path "$($env:ProgramFiles)\docker"
# wget -outfile $env:TEMP\docker-17.03.0-ce.zip "https://dockermsft.blob.core.windows.net/dockercontainer/docker-1-13-1.zip"
Write-Host "Downloading docker ..."
wget -outfile $env:TEMP\docker-17.03.0-ce.zip "https://get.docker.com/builds/Windows/x86_64/docker-17.03.0-ce.zip"
Expand-Archive -Path $env:TEMP\docker-17.03.0-ce.zip -DestinationPath $env:TEMP -Force
copy $env:TEMP\docker\*.exe $env:ProgramFiles\docker
Remove-Item $env:TEMP\docker-17.03.0-ce.zip
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\docker", [EnvironmentVariableTarget]::Machine)
$env:Path = $env:Path + ";$($env:ProgramFiles)\docker"
Write-Host "Registering docker service ..."
. dockerd --register-service -H npipe:// -H 0.0.0.0:2375 -G docker
Start-Service Docker

9
Packer/scripts/docker/2016/install-containers-feature.ps1 Executable file
View File

@@ -0,0 +1,9 @@
Write-Host "Install Containers feature"
Install-WindowsFeature -Name Containers
if ((GWMI Win32_Processor).VirtualizationFirmwareEnabled[0] -and (GWMI Win32_Processor).SecondLevelAddressTranslationExtensions[0]) {
Write-Host "Install Hyper-V feature"
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
} else {
Write-Host "Skipping installation of Hyper-V feature"
}

12
Packer/scripts/docker/2016/install-docker.ps1 Executable file
View File

@@ -0,0 +1,12 @@
$ProgressPreference = 'SilentlyContinue'
Set-ExecutionPolicy Bypass -scope Process
New-Item -Type Directory -Path "$($env:ProgramFiles)\docker"
wget -outfile $env:TEMP\docker-17-03-0-ee.zip "https://dockermsft.blob.core.windows.net/dockercontainer/docker-17-03-0-ee.zip"
Expand-Archive -Path $env:TEMP\docker-17-03-0-ee.zip -DestinationPath $env:TEMP -Force
copy $env:TEMP\docker\*.exe $env:ProgramFiles\docker
Remove-Item $env:TEMP\docker-17-03-0-ee.zip
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\docker", [EnvironmentVariableTarget]::Machine)
$env:Path = $env:Path + ";$($env:ProgramFiles)\docker"
. dockerd --register-service -H npipe:// -H 0.0.0.0:2375 -G docker
Start-Service docker

5
Packer/scripts/docker/add-docker-group.ps1 Executable file
View File

@@ -0,0 +1,5 @@
Write-Host Creating group docker
net localgroup docker /add
$username = $env:USERNAME
Write-Host Adding user $username to group docker
net localgroup docker $username /add

1
Packer/scripts/docker/disable-windows-defender.ps1 Executable file
View File

@@ -0,0 +1 @@
Set-MpPreference -DisableRealtimeMonitoring $true

16
Packer/scripts/docker/docker-pull-async.ps1 Executable file
View File

@@ -0,0 +1,16 @@
function DockerPull {
Param ([string]$image)
Write-Host Installing $image ...
$j = Start-Job -ScriptBlock { docker pull $args[0] } -ArgumentList $image
while ( $j.JobStateInfo.state -ne "Completed" -And $j.JobStateInfo.state -ne "Failed" ) {
Write-Host $j.JobStateInfo.state
Start-Sleep 10
}
$results = Receive-Job -Job $j
$results
}
DockerPull microsoft/windowsservercore
DockerPull microsoft/nanoserver

21
Packer/scripts/docker/enable-winrm.ps1 Executable file
View File

@@ -0,0 +1,21 @@
Enable-PSRemoting -Force
winrm quickconfig -q
winrm quickconfig -transport:http
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
if (Test-Path A:\install-containers-feature.ps1) {
. A:\install-containers-feature.ps1
}
Stop-Service winrm
. sc.exe config winrm start= delayed-auto
netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
Restart-Computer

6
Packer/scripts/docker/open-docker-insecure-port.ps1 Executable file
View File

@@ -0,0 +1,6 @@
Write-Host "WARNING: DO NOT USE DOCKER IN PRODUCTION WITHOUT TLS"
Write-Host "Opening Docker insecure port 2375"
if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerinsecure2375"})) {
New-NetFirewallRule -Name "Dockerinsecure2375" -DisplayName "Docker insecure on TCP/2375" -Protocol tcp -LocalPort 2375 -Action Allow -Enabled True
}

9
Packer/scripts/docker/remove-docker-key-json.ps1 Executable file
View File

@@ -0,0 +1,9 @@
# Do not restart Docker as it creates the key.json with an unique ID
# This should not exist in the Vagrant basebox so you can spin up
# multiple Vagrant boxes for a Docker swarm etc.
Write-Host "Stopping Docker"
Stop-Service docker
Write-Host "Removing key.json to recreate key.json on first vagrant up"
rm C:\ProgramData\docker\config\key.json

2
Packer/scripts/enable-rdp.bat Executable file
View File

@@ -0,0 +1,2 @@
netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

14
Packer/scripts/enable-remote-desktop.bat Executable file
View File

@@ -0,0 +1,14 @@
rem from http://networkerslog.blogspot.de/2013/09/how-to-enable-remote-desktop-remotely.html
rem 1) Enable Remote Desktop
rem set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0 /f
rem 2) Allow incoming RDP on firewall
rem Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
rem 3) Enable secure RDP authentication
rem set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "UserAuthentication" /t REG_DWORD /d 0 /f

1
Packer/scripts/enable-uac.bat Executable file
View File

@@ -0,0 +1 @@
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f

2
Packer/scripts/enable-winrm.bat Executable file
View File

@@ -0,0 +1,2 @@
rem Enable-NetFirewallRule for WinRM
netsh advfirewall firewall add rule name="Port 5985" dir=in action=allow protocol=TCP localport=5985

13
Packer/scripts/enable-winrm.ps1 Executable file
View File

@@ -0,0 +1,13 @@
Enable-PSRemoting -Force
winrm quickconfig -q
winrm quickconfig -transport:http
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
Set-Service winrm -startuptype "auto"
Restart-Service winrm

23
Packer/scripts/fixnetwork.ps1 Executable file
View File

@@ -0,0 +1,23 @@
# You cannot enable Windows PowerShell Remoting on network connections that are set to Public
# Spin through all the network locations and if they are set to Public, set them to Private
# using the INetwork interface:
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa370750(v=vs.85).aspx
# For more info, see:
# http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx
# Network location feature was only introduced in Windows Vista - no need to bother with this
# if the operating system is older than Vista
if([environment]::OSVersion.version.Major -lt 6) { return }
# You cannot change the network location if you are joined to a domain, so abort
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
# Get network connections
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$connections = $networkListManager.GetNetworkConnections()
$connections |foreach {
Write-Host $_.GetNetwork().GetName()"category was previously set to"$_.GetNetwork().GetCategory()
$_.GetNetwork().SetCategory(1)
Write-Host $_.GetNetwork().GetName()"changed to category"$_.GetNetwork().GetCategory()
}

23
Packer/scripts/hotfix-KB2552055.bat Executable file
View File

@@ -0,0 +1,23 @@
@echo off
:: Windows 7 / Windows 2008 R2 require KB2552055 hotfix
:: This fixes a problem with wrong exitcode 0 instead of custom exitcode in PowerShell 2.0
setlocal
if defined ProgramFiles(x86) (
set link=http://hotfixv4.microsoft.com/Windows%%207/Windows%%20Server2008%%20R2%%20SP1/sp2/Fix373932/7600/free/438167_intl_x64_zip.exe
set msufilename=%TEMP%\Windows6.1-KB2552055-x64.msu
) else (
set link=http://hotfixv4.microsoft.com/Windows%%207/Windows%%20Server2008%%20R2%%20SP1/sp2/Fix373932/7600/free/438164_intl_i386_zip.exe
set msufilename=%TEMP%\Windows6.1-KB2552055-x86.msu
)
set zipfilename=%TEMP%\KB2552055.zip
echo Downloading Hotfix 2552055
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('%link%', '%zipfilename%')" <NUL
echo Extracting Hotfix 2552055
powershell -Command "(New-Object -com Shell.Application).NameSpace('%TEMP%').CopyHere((New-Object -Com Shell.Application).NameSpace('%zipfilename%').items())" <NUL
echo Installing Hotfix 2552055
wusa %msufilename% /quiet /norestart
echo Cleanup Hotfix temp files
del /Q %msufilename%
del /Q %zipfilename%

20
Packer/scripts/hotfix-KB2842230.bat Executable file
View File

@@ -0,0 +1,20 @@
:: Windows 8 / Windows 2012 require KB2842230 hotfix
:: The Windows Remote Management (WinRM) service does not use the customized value of the MaxMemoryPerShellMB quota.
:: Instead, the WinRM service uses the default value, which is 150 MB.
:: http://hotfixv4.microsoft.com/Windows%208%20RTM/nosp/Fix452763/9200/free/463941_intl_x64_zip.exe
@echo off
set hotfix="C:\Windows\Temp\Windows8-RT-KB2842230-x64.msu"
if not exist %hotfix% goto :eof
:: get windows version
for /f "tokens=2 delims=[]" %%G in ('ver') do (set _version=%%G)
for /f "tokens=2,3,4 delims=. " %%G in ('echo %_version%') do (set _major=%%G& set _minor=%%H& set _build=%%I)
:: 6.2 or 6.3
if %_major% neq 6 goto :eof
if %_minor% lss 2 goto :eof
if %_minor% gtr 3 goto :eof
@echo on
start /wait wusa "%hotfix%" /quiet /norestart

2
Packer/scripts/installnet4.bat Executable file
View File

@@ -0,0 +1,2 @@
powershell -NoProfile -ExecutionPolicy unrestricted -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/5/6/2/562A10F9-C9F4-4313-A044-9C94E0A8FAC8/dotNetFx40_Client_x86_x64.exe', 'C:\Windows\Temp\dotNetFx40.exe')" <NUL
C:\Windows\Temp\dotNetFx40.exe /q /norestart /repair

12
Packer/scripts/microsoft-updates.bat Executable file
View File

@@ -0,0 +1,12 @@
net stop wuauserv
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f
echo Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager") > A:\temp.vbs
echo Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"") >> A:\temp.vbs
cscript A:\temp.vbs
net start wuauserv

88
Packer/scripts/openssh.ps1 Executable file
View File

@@ -0,0 +1,88 @@
param (
[switch]$AutoStart = $false
)
Write-Output "AutoStart: $AutoStart"
$is_64bit = [IntPtr]::size -eq 8
# setup openssh
$ssh_download_url = "http://www.mls-software.com/files/setupssh-7.1p1-1.exe"
if (!(Test-Path "C:\Program Files\OpenSSH\bin\ssh.exe")) {
Write-Output "Downloading $ssh_download_url"
(New-Object System.Net.WebClient).DownloadFile($ssh_download_url, "C:\Windows\Temp\openssh.exe")
# initially set the port to 2222 so that there is not a race
# condition in which packer connects to SSH before we can disable the service
Start-Process "C:\Windows\Temp\openssh.exe" "/S /port=2222 /privsep=1 /password=D@rj33l1ng" -NoNewWindow -Wait
}
Stop-Service "OpenSSHd" -Force
# ensure vagrant can log in
Write-Output "Setting vagrant user file permissions"
New-Item -ItemType Directory -Force -Path "C:\Users\vagrant\.ssh"
C:\Windows\System32\icacls.exe "C:\Users\vagrant" /grant "vagrant:(OI)(CI)F"
C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\bin" /grant "vagrant:(OI)RX"
C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\usr\sbin" /grant "vagrant:(OI)RX"
Write-Output "Setting SSH home directories"
(Get-Content "C:\Program Files\OpenSSH\etc\passwd") |
Foreach-Object { $_ -replace '/home/(\w+)', '/cygdrive/c/Users/$1' } |
Set-Content 'C:\Program Files\OpenSSH\etc\passwd'
# disabled for vcloud to make vagrant-serverspec work
# Set shell to /bin/sh to return exit status
# $passwd_file = Get-Content 'C:\Program Files\OpenSSH\etc\passwd'
# $passwd_file = $passwd_file -replace '/bin/bash', '/bin/sh'
# Set-Content 'C:\Program Files\OpenSSH\etc\passwd' $passwd_file
# fix opensshd to not be strict
Write-Output "Setting OpenSSH to be non-strict"
$sshd_config = Get-Content "C:\Program Files\OpenSSH\etc\sshd_config"
$sshd_config = $sshd_config -replace 'StrictModes yes', 'StrictModes no'
$sshd_config = $sshd_config -replace '#PubkeyAuthentication yes', 'PubkeyAuthentication yes'
$sshd_config = $sshd_config -replace '#PermitUserEnvironment no', 'PermitUserEnvironment yes'
# disable the use of DNS to speed up the time it takes to establish a connection
$sshd_config = $sshd_config -replace '#UseDNS yes', 'UseDNS no'
# disable the login banner
$sshd_config = $sshd_config -replace 'Banner /etc/banner.txt', '#Banner /etc/banner.txt'
# next time OpenSSH starts have it listen on th eproper port
$sshd_config = $sshd_config -replace 'Port 2222', "Port 22"
Set-Content "C:\Program Files\OpenSSH\etc\sshd_config" $sshd_config
Write-Output "Removing ed25519 key as Vagrant net-ssh 2.9.1 does not support it"
Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key"
Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key.pub"
# use c:\Windows\Temp as /tmp location
Write-Output "Setting temp directory location"
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\tmp"
C:\Program` Files\OpenSSH\bin\junction.exe /accepteula "C:\Program Files\OpenSSH\tmp" "C:\Windows\Temp"
C:\Windows\System32\icacls.exe "C:\Windows\Temp" /grant "vagrant:(OI)(CI)F"
# add 64 bit environment variables missing from SSH
Write-Output "Setting SSH environment"
$sshenv = "TEMP=C:\Windows\Temp"
if ($is_64bit) {
$env_vars = "ProgramFiles(x86)=C:\Program Files (x86)", `
"ProgramW6432=C:\Program Files", `
"CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files", `
"CommonProgramW6432=C:\Program Files\Common Files"
$sshenv = $sshenv + "`r`n" + ($env_vars -join "`r`n")
}
Set-Content C:\Users\vagrant\.ssh\environment $sshenv
# record the path for provisioners (without the newline)
Write-Output "Recording PATH for provisioners"
Set-Content C:\Windows\Temp\PATH ([byte[]][char[]] $env:PATH) -Encoding Byte
# configure firewall
Write-Output "Configuring firewall"
netsh advfirewall firewall add rule name="SSHD" dir=in action=allow service=OpenSSHd enable=yes
netsh advfirewall firewall add rule name="SSHD" dir=in action=allow program="C:\Program Files\OpenSSH\usr\sbin\sshd.exe" enable=yes
netsh advfirewall firewall add rule name="ssh" dir=in action=allow protocol=TCP localport=22
if ($AutoStart -eq $true) {
Start-Service "OpenSSHd"
}

BIN
Packer/scripts/oracle-cert.cer Executable file
View File

Binary file not shown.

4
Packer/scripts/pin-powershell.bat Executable file
View File

@@ -0,0 +1,4 @@
rem https://connect.microsoft.com/PowerShell/feedback/details/1609288/pin-to-taskbar-no-longer-working-in-windows-10
copy "A:\WindowsPowerShell.lnk" "%TEMP%\Windows PowerShell.lnk"
A:\PinTo10.exe /PTFOL01:'%TEMP%' /PTFILE01:'Windows PowerShell.lnk'
exit /b 0

10
Packer/scripts/puppet-enterprise.bat Executable file
View File

@@ -0,0 +1,10 @@
if not exist "C:\Windows\Temp\puppet.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://pm.puppetlabs.com/puppet-enterprise/3.0.1/puppet-enterprise-3.0.1.msi', 'C:\Windows\Temp\puppet.msi')" <NUL
)
:: http://docs.puppetlabs.com/pe/latest/install_windows.html
msiexec /qn /i C:\Windows\Temp\puppet.msi /log C:\Windows\Temp\puppet.log
<nul set /p ".=;C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\bin" >> C:\Windows\Temp\PATH
set /p PATH=<C:\Windows\Temp\PATH
setx PATH "%PATH%" /m

10
Packer/scripts/puppet.bat Executable file
View File

@@ -0,0 +1,10 @@
if not exist "C:\Windows\Temp\puppet.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://downloads.puppetlabs.com/windows/puppet-3.6.2.msi', 'C:\Windows\Temp\puppet.msi')" <NUL
)
:: http://docs.puppetlabs.com/pe/latest/install_windows.html
msiexec /qn /i C:\Windows\Temp\puppet.msi /log C:\Windows\Temp\puppet.log
<nul set /p ".=;C:\Program Files (x86)\Puppet Labs\Puppet\bin" >> C:\Windows\Temp\PATH
set /p PATH=<C:\Windows\Temp\PATH
setx PATH "%PATH%" /m

8
Packer/scripts/rearm-windows.ps1 Normal file
View File

@@ -0,0 +1,8 @@
# Replaces "slmgr.vbs /rearm"
# https://powershell.org/forums/topic/run-command-quietly-start-process/
# https://msdn.microsoft.com/en-us/library/ee957713(v=vs.85).aspx
Write-Host "Resetting the Windows evaluation timer"
$x = Get-WmiObject SoftwarelicensingService
$x.ReArmWindows()

19
Packer/scripts/rsync.bat Executable file
View File

@@ -0,0 +1,19 @@
rem install rsync
if not exist "C:\Windows\Temp\7z920-x64.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
)
msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
pushd C:\Windows\Temp
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://mirrors.kernel.org/sourceware/cygwin/x86_64/release/rsync/rsync-3.1.0-1.tar.xz', 'C:\Windows\Temp\rsync-3.1.0-1.tar.xz')" <NUL
cmd /c ""C:\Program Files\7-Zip\7z.exe" x rsync-3.1.0-1.tar.xz"
cmd /c ""C:\Program Files\7-Zip\7z.exe" x rsync-3.1.0-1.tar"
copy /Y usr\bin\rsync.exe "C:\Program Files\OpenSSH\bin\rsync.exe"
rmdir /s /q usr
del rsync-3.1.0-1.tar
popd
msiexec /qb /x C:\Windows\Temp\7z920-x64.msi
rem make symlink for c:/vagrant share
mklink /D "C:\Program Files\OpenSSH\vagrant" "C:\vagrant"

11
Packer/scripts/salt.bat Executable file
View File

@@ -0,0 +1,11 @@
if not exist "C:\Windows\Temp\salt64.exe" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://docs.saltstack.com/downloads/Salt-Minion-2014.1.3-1-AMD64-Setup.exe', 'C:\Windows\Temp\salt64.exe')" <NUL
)
:: http://docs.saltstack.com/en/latest/topics/installation/windows.html
c:\windows\temp\salt64.exe /S
:: /master=<yoursaltmaster> /minion-name=<thisminionname>
<nul set /p ".=;C:\salt" >> C:\Windows\Temp\PATH
set /p PATH=<C:\Windows\Temp\PATH
setx PATH "%PATH%" /m

7
Packer/scripts/set-powerplan.ps1 Executable file
View File

@@ -0,0 +1,7 @@
Try {
$HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}
$CurrPlan = $(powercfg -getactivescheme).split()[3]
if ($CurrPlan -ne $HighPerf) {powercfg -setactive $HighPerf}
} Catch {
Write-Warning -Message "Unable to set power plan to high performance"
}

2
Packer/scripts/set-winrm-automatic.bat Executable file
View File

@@ -0,0 +1,2 @@
echo Set WinRM start type to auto
sc config winrm start= auto

2
Packer/scripts/sysprep.bat Normal file
View File

@@ -0,0 +1,2 @@
net stop tiledatamodelsvc
c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml

1
Packer/scripts/uac-enable.bat Executable file
View File

@@ -0,0 +1 @@
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v EnableLUA /t REG_DWORD /d 1

41
Packer/scripts/unattend.xml Executable file
View File

@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>0</SkipRearm>
</component>
<!--
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
<DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
</component>
-->
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<ProtectYourPC>3</ProtectYourPC>
<NetworkLocation>Work</NetworkLocation>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
</OOBE>
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>vagrant</Username>
</AutoLogon>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>vagrant-2012</ComputerName>
<CopyProfile>false</CopyProfile>
</component>
</settings>
</unattend>

6
Packer/scripts/vagrant-ssh.bat Executable file
View File

@@ -0,0 +1,6 @@
:: vagrant public key
if exist a:\vagrant.pub (
copy a:\vagrant.pub C:\Users\vagrant\.ssh\authorized_keys
) else (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')" <NUL
)

63
Packer/scripts/vm-guest-tools.bat Executable file
View File

@@ -0,0 +1,63 @@
if not exist "C:\Windows\Temp\7z920-x64.msi" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
)
msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware
if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox
if "%PACKER_BUILDER_TYPE%" equ "parallels-iso" goto :parallels
goto :done
:vmware
if exist "C:\Users\vagrant\windows.iso" (
move /Y C:\Users\vagrant\windows.iso C:\Windows\Temp
)
if not exist "C:\Windows\Temp\windows.iso" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://softwareupdate.vmware.com/cds/vmw-desktop/ws/12.5.7/5813279/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp"
FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso"
rd /S /Q "C:\Program Files (x86)\VMWare"
)
cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare"
cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\"
rd /Q "C:\Windows\Temp\vmware-tools.tar"
rd /Q "C:\Windows\Temp\windows.iso"
rd /S /Q "C:\Windows\Temp\VMware"
goto :done
:virtualbox
:: There needs to be Oracle CA (Certificate Authority) certificates installed in order
:: to prevent user intervention popups which will undermine a silent installation.
cmd /c certutil -addstore -f "TrustedPublisher" A:\oracle-cert.cer
if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" (
move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp
)
if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.virtualbox.org/virtualbox/5.1.28/VBoxGuestAdditions_5.1.28.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
)
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox"
certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha256-r3.cer
certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer
certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer
cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S
rd /S /Q "C:\Windows\Temp\virtualbox"
goto :done
:parallels
if exist "C:\Users\vagrant\prl-tools-win.iso" (
move /Y C:\Users\vagrant\prl-tools-win.iso C:\Windows\Temp
cmd /C "C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\prl-tools-win.iso -oC:\Windows\Temp\parallels
cmd /C C:\Windows\Temp\parallels\PTAgent.exe /install_silent
rd /S /Q "C:\Windows\Temp\parallels"
)
:done
msiexec /qb /x C:\Windows\Temp\7z920-x64.msi

15
Packer/scripts/wait-for-desktop-file.ps1 Executable file
View File

@@ -0,0 +1,15 @@
# for debugging
# wait until a file has been removed from desktop
$file = "C:\users\vagrant\Desktop\delete-to-continue.txt"
if (-Not (Test-Path $file)) {
Write-Host "Remove me" | Out-File $file
}
Write-Host "Wait until someone removes $file"
while (Test-Path $file) {
Sleep 1
}
Write-Host "Done waiting!"

238
Packer/scripts/win-updates.ps1 Executable file
View File

@@ -0,0 +1,238 @@
param($global:RestartRequired=0,
$global:MoreUpdates=0,
$global:MaxCycles=5,
$MaxUpdatesPerCycle=500,
$BeginWithRestart=0)
$Logfile = "C:\Windows\Temp\win-updates.log"
function LogWrite {
Param ([string]$logstring)
$now = Get-Date -format s
Add-Content $Logfile -value "$now $logstring"
Write-Host $logstring
}
function Check-ContinueRestartOrEnd() {
$RegistryKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
$RegistryEntry = "InstallWindowsUpdates"
switch ($global:RestartRequired) {
0 {
$prop = (Get-ItemProperty $RegistryKey).$RegistryEntry
if ($prop) {
LogWrite "Restart Registry Entry Exists - Removing It"
Remove-ItemProperty -Path $RegistryKey -Name $RegistryEntry -ErrorAction SilentlyContinue
}
LogWrite "No Restart Required"
Check-WindowsUpdates
if (($global:MoreUpdates -eq 1) -and ($script:Cycles -le $global:MaxCycles)) {
Install-WindowsUpdates
} elseif ($script:Cycles -gt $global:MaxCycles) {
LogWrite "Exceeded Cycle Count - Stopping"
Invoke-Expression "a:\enable-winrm.ps1"
} else {
LogWrite "Done Installing Windows Updates"
Invoke-Expression "a:\enable-winrm.ps1"
}
}
1 {
$prop = (Get-ItemProperty $RegistryKey).$RegistryEntry
if (-not $prop) {
LogWrite "Restart Registry Entry Does Not Exist - Creating It"
Set-ItemProperty -Path $RegistryKey -Name $RegistryEntry -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File $($script:ScriptPath) -MaxUpdatesPerCycle $($MaxUpdatesPerCycle)"
} else {
LogWrite "Restart Registry Entry Exists Already"
}
LogWrite "Restart Required - Restarting..."
Restart-Computer
}
default {
LogWrite "Unsure If A Restart Is Required"
break
}
}
}
function Install-WindowsUpdates() {
$script:Cycles++
LogWrite "Evaluating Available Updates with limit of $($MaxUpdatesPerCycle):"
$UpdatesToDownload = New-Object -ComObject 'Microsoft.Update.UpdateColl'
$script:i = 0;
$CurrentUpdates = $SearchResult.Updates
while($script:i -lt $CurrentUpdates.Count -and $script:CycleUpdateCount -lt $MaxUpdatesPerCycle) {
$Update = $CurrentUpdates.Item($script:i)
if (($Update -ne $null) -and (!$Update.IsDownloaded)) {
[bool]$addThisUpdate = $false
if ($Update.InstallationBehavior.CanRequestUserInput) {
LogWrite "> Skipping: $($Update.Title) because it requires user input"
} else {
if (!($Update.EulaAccepted)) {
LogWrite "> Note: $($Update.Title) has a license agreement that must be accepted. Accepting the license."
$Update.AcceptEula()
[bool]$addThisUpdate = $true
$script:CycleUpdateCount++
} else {
[bool]$addThisUpdate = $true
$script:CycleUpdateCount++
}
}
if ([bool]$addThisUpdate) {
LogWrite "Adding: $($Update.Title)"
$UpdatesToDownload.Add($Update) |Out-Null
}
}
$script:i++
}
if ($UpdatesToDownload.Count -eq 0) {
LogWrite "No Updates To Download..."
} else {
LogWrite 'Downloading Updates...'
$ok = 0;
while (! $ok) {
try {
$Downloader = $UpdateSession.CreateUpdateDownloader()
$Downloader.Updates = $UpdatesToDownload
$Downloader.Download()
$ok = 1;
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Error downloading updates. Retrying in 30s."
$script:attempts = $script:attempts + 1
Start-Sleep -s 30
}
}
}
$UpdatesToInstall = New-Object -ComObject 'Microsoft.Update.UpdateColl'
[bool]$rebootMayBeRequired = $false
LogWrite 'The following updates are downloaded and ready to be installed:'
foreach ($Update in $SearchResult.Updates) {
if (($Update.IsDownloaded)) {
LogWrite "> $($Update.Title)"
$UpdatesToInstall.Add($Update) |Out-Null
if ($Update.InstallationBehavior.RebootBehavior -gt 0){
[bool]$rebootMayBeRequired = $true
}
}
}
if ($UpdatesToInstall.Count -eq 0) {
LogWrite 'No updates available to install...'
$global:MoreUpdates=0
$global:RestartRequired=0
Invoke-Expression "a:\enable-winrm.ps1"
break
}
if ($rebootMayBeRequired) {
LogWrite 'These updates may require a reboot'
$global:RestartRequired=1
}
LogWrite 'Installing updates...'
$Installer = $script:UpdateSession.CreateUpdateInstaller()
$Installer.Updates = $UpdatesToInstall
$InstallationResult = $Installer.Install()
LogWrite "Installation Result: $($InstallationResult.ResultCode)"
LogWrite "Reboot Required: $($InstallationResult.RebootRequired)"
LogWrite 'Listing of updates installed and individual installation results:'
if ($InstallationResult.RebootRequired) {
$global:RestartRequired=1
} else {
$global:RestartRequired=0
}
for($i=0; $i -lt $UpdatesToInstall.Count; $i++) {
New-Object -TypeName PSObject -Property @{
Title = $UpdatesToInstall.Item($i).Title
Result = $InstallationResult.GetUpdateResult($i).ResultCode
}
LogWrite "Item: " $UpdatesToInstall.Item($i).Title
LogWrite "Result: " $InstallationResult.GetUpdateResult($i).ResultCode;
}
Check-ContinueRestartOrEnd
}
function Check-WindowsUpdates() {
LogWrite "Checking For Windows Updates"
$Username = $env:USERDOMAIN + "\" + $env:USERNAME
New-EventLog -Source $ScriptName -LogName 'Windows Powershell' -ErrorAction SilentlyContinue
$Message = "Script: " + $ScriptPath + "`nScript User: " + $Username + "`nStarted: " + (Get-Date).toString()
Write-EventLog -LogName 'Windows Powershell' -Source $ScriptName -EventID "104" -EntryType "Information" -Message $Message
LogWrite $Message
$script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher()
$script:successful = $FALSE
$script:attempts = 0
$script:maxAttempts = 12
while(-not $script:successful -and $script:attempts -lt $script:maxAttempts) {
try {
$script:SearchResult = $script:UpdateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")
$script:successful = $TRUE
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Search call to UpdateSearcher was unsuccessful. Retrying in 10s."
$script:attempts = $script:attempts + 1
Start-Sleep -s 10
}
}
if ($SearchResult.Updates.Count -ne 0) {
$Message = "There are " + $SearchResult.Updates.Count + " more updates."
LogWrite $Message
try {
for($i=0; $i -lt $script:SearchResult.Updates.Count; $i++) {
LogWrite $script:SearchResult.Updates.Item($i).Title
LogWrite $script:SearchResult.Updates.Item($i).Description
LogWrite $script:SearchResult.Updates.Item($i).RebootRequired
LogWrite $script:SearchResult.Updates.Item($i).EulaAccepted
}
$global:MoreUpdates=1
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Showing SearchResult was unsuccessful. Rebooting."
$global:RestartRequired=1
$global:MoreUpdates=0
Check-ContinueRestartOrEnd
LogWrite "Show never happen to see this text!"
Restart-Computer
}
} else {
LogWrite 'There are no applicable updates'
$global:RestartRequired=0
$global:MoreUpdates=0
}
}
$script:ScriptName = $MyInvocation.MyCommand.ToString()
$script:ScriptPath = $MyInvocation.MyCommand.Path
$script:UpdateSession = New-Object -ComObject 'Microsoft.Update.Session'
$script:UpdateSession.ClientApplicationID = 'Packer Windows Update Installer'
$script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher()
$script:SearchResult = New-Object -ComObject 'Microsoft.Update.UpdateColl'
$script:Cycles = 0
$script:CycleUpdateCount = 0
if ($BeginWithRestart) {
$global:RestartRequired = 1
Check-ContinueRestartOrEnd
}
Check-WindowsUpdates
if ($global:MoreUpdates -eq 1) {
Install-WindowsUpdates
} else {
Check-ContinueRestartOrEnd
}

58
Packer/vagrantfile-windows_10.template Executable file
View File

@@ -0,0 +1,58 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.require_version ">= 1.6.2"
Vagrant.configure("2") do |config|
config.vm.define "vagrant-windows-10-preview"
config.vm.box = "windows_10_preview"
config.vm.communicator = "winrm"
# Admin user name and password
config.winrm.username = "vagrant"
config.winrm.password = "vagrant"
config.vm.guest = :windows
config.windows.halt_timeout = 15
config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true
config.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh", auto_correct: true
config.vm.provider :virtualbox do |v, override|
#v.gui = true
v.customize ["modifyvm", :id, "--memory", 2048]
v.customize ["modifyvm", :id, "--cpus", 2]
v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
config.vm.provider :vmware_fusion do |v, override|
v.gui = true
v.vmx["memsize"] = "2048"
v.vmx["numvcpus"] = "2"
v.vmx["ethernet0.virtualDev"] = "vmxnet3"
v.vmx["RemoteDisplay.vnc.enabled"] = "false"
v.vmx["RemoteDisplay.vnc.port"] = "5900"
v.vmx["scsi0.virtualDev"] = "lsisas1068"
v.vmx["gui.fitguestusingnativedisplayresolution"] = "TRUE"
v.vmx["mks.enable3d"] = "TRUE"
v.vmx["mks.forceDiscreteGPU"] = "TRUE"
v.vmx["gui.fullscreenatpoweron"] = "TRUE"
v.vmx["gui.viewmodeatpoweron"] = "fullscreen"
v.vmx["gui.lastPoweredViewMode"] = "fullscreen"
v.vmx["sound.startconnected"] = "FALSE"
v.vmx["sound.present"] = "FALSE"
v.vmx["sound.autodetect"] = "TRUE"
v.enable_vmrun_ip_lookup = false
end
config.vm.provider :vmware_workstation do |v, override|
v.gui = true
v.vmx["memsize"] = "2048"
v.vmx["numvcpus"] = "2"
v.vmx["ethernet0.virtualDev"] = "vmxnet3"
v.vmx["RemoteDisplay.vnc.enabled"] = "false"
v.vmx["RemoteDisplay.vnc.port"] = "5900"
v.vmx["scsi0.virtualDev"] = "lsisas1068"
v.enable_vmrun_ip_lookup = false
end
end

49
Packer/vagrantfile-windows_2016.template Executable file
View File

@@ -0,0 +1,49 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.require_version ">= 1.6.2"
Vagrant.configure("2") do |config|
config.vm.define "vagrant-windows-2016"
config.vm.box = "windows_2016"
config.vm.communicator = "winrm"
# Admin user name and password
config.winrm.username = "vagrant"
config.winrm.password = "vagrant"
config.vm.guest = :windows
config.windows.halt_timeout = 15
config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true
config.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh", auto_correct: true
config.vm.provider :virtualbox do |v, override|
#v.gui = true
v.customize ["modifyvm", :id, "--memory", 2048]
v.customize ["modifyvm", :id, "--cpus", 2]
v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
config.vm.provider :vmware_fusion do |v, override|
#v.gui = true
v.vmx["memsize"] = "2048"
v.vmx["numvcpus"] = "2"
v.vmx["ethernet0.virtualDev"] = "vmxnet3"
v.vmx["RemoteDisplay.vnc.enabled"] = "false"
v.vmx["RemoteDisplay.vnc.port"] = "5900"
v.vmx["scsi0.virtualDev"] = "lsisas1068"
v.enable_vmrun_ip_lookup = false
end
config.vm.provider :vmware_workstation do |v, override|
#v.gui = true
v.vmx["memsize"] = "2048"
v.vmx["numvcpus"] = "2"
v.vmx["ethernet0.virtualDev"] = "vmxnet3"
v.vmx["RemoteDisplay.vnc.enabled"] = "false"
v.vmx["RemoteDisplay.vnc.port"] = "5900"
v.vmx["scsi0.virtualDev"] = "lsisas1068"
v.enable_vmrun_ip_lookup = false
end
end

179
Packer/windows_10.json Normal file
View File

@@ -0,0 +1,179 @@
{
"builders": [
{
"type": "hyperv-iso",
"vm_name":"windows_10",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"boot_wait": "6m",
"communicator":"winrm",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout" : "4h",
"ram_size": "2048",
"cpu": "2",
"switch_name": "{{user `switch_name`}}",
"guest_additions_mode": "none",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"disk_size": "{{user `disk_size`}}",
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/fixnetwork.ps1",
"./scripts/MakeWindows10GreatAgain.ps1",
"./scripts/MakeWindows10GreatAgain.reg",
"./scripts/rearm-windows.ps1",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1"
]
},
{
"type": "vmware-iso",
"vm_name":"windows_10",
"communicator": "winrm",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": false,
"boot_wait": "6m",
"boot_command": "",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"guest_os_type": "windows9-64",
"disk_size": "{{user `disk_size`}}",
"vnc_port_min": 5900,
"vnc_port_max": 5980,
"version": 11,
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/fixnetwork.ps1",
"./scripts/MakeWindows10GreatAgain.ps1",
"./scripts/MakeWindows10GreatAgain.reg",
"./scripts/rearm-windows.ps1",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1"
],
"vmx_data": {
"RemoteDisplay.vnc.enabled": "false",
"RemoteDisplay.vnc.port": "5900",
"memsize": "2048",
"numvcpus": "2",
"scsi0.virtualDev": "lsisas1068"
}
},
{
"type": "virtualbox-iso",
"vm_name":"windows_10",
"communicator": "winrm",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": false,
"boot_wait": "6m",
"boot_command": "",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"guest_os_type": "Windows81_64",
"guest_additions_mode": "disable",
"disk_size": "{{user `disk_size`}}",
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/fixnetwork.ps1",
"./scripts/MakeWindows10GreatAgain.ps1",
"./scripts/MakeWindows10GreatAgain.reg",
"./scripts/rearm-windows.ps1",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1",
"./scripts/oracle-cert.cer"
],
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--memory",
"2048"
],
[
"modifyvm",
"{{.Name}}",
"--cpus",
"2"
]
]
}
],
"provisioners": [
{
"type": "windows-shell",
"remote_path": "/tmp/script.bat",
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/vm-guest-tools.bat",
"./scripts/enable-rdp.bat"
]
},
{
"type": "powershell",
"scripts": [
"./scripts/debloat-windows.ps1",
"./scripts/MakeWindows10GreatAgain.ps1",
"./scripts/rearm-windows.ps1"
]
},
{
"type": "windows-restart"
},
{
"type": "powershell",
"scripts": [
"./scripts/set-powerplan.ps1",
"./scripts/docker/disable-windows-defender.ps1"
]
},
{
"type": "windows-shell",
"remote_path": "/tmp/script.bat",
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/pin-powershell.bat",
"./scripts/compile-dotnet-assemblies.bat",
"./scripts/set-winrm-automatic.bat",
"./scripts/compact.bat"
]
}
],
"post-processors": [
{
"type": "vagrant",
"keep_input_artifact": false,
"output": "windows_10_{{.Provider}}.box",
"vagrantfile_template": "vagrantfile-windows_10.template"
}
],
"variables": {
"iso_url": "http://care.dlservice.microsoft.com/dl/download/B/8/B/B8B452EC-DD2D-4A8F-A88C-D2180C177624/15063.0.170317-1834.RS2_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO",
"iso_checksum_type": "sha1",
"iso_checksum": "6c60f91bf0ad7b20f469ab8f80863035c517f34f",
"autounattend": "./answer_files/10/Autounattend.xml",
"disk_size": "61440"
}
}

166
Packer/windows_2016.json Normal file
View File

@@ -0,0 +1,166 @@
{
"builders": [
{
"vm_name":"WindowsServer2016",
"type": "hyperv-iso",
"disk_size": 41440,
"boot_wait": "0s",
"guest_additions_mode":"disable",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/unattend.xml",
"./scripts/sysprep.bat",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1"
],
"communicator":"winrm",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout" : "2h",
"shutdown_command": "a:/sysprep.bat",
"ram_size": 2048,
"cpu": 2,
"switch_name":"{{user `hyperv_switchname`}}",
"enable_secure_boot":true
},
{
"type": "vmware-iso",
"communicator": "winrm",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": false,
"boot_wait": "2m",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout": "2h",
"shutdown_timeout": "2h",
"shutdown_command": "a:/sysprep.bat",
"guest_os_type": "windows8srv-64",
"disk_size": 61440,
"vnc_port_min": 5900,
"vnc_port_max": 5980,
"version": 11,
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/unattend.xml",
"./scripts/sysprep.bat",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1"
],
"vmx_data": {
"RemoteDisplay.vnc.enabled": "false",
"RemoteDisplay.vnc.port": "5900",
"memsize": "2048",
"numvcpus": "2",
"scsi0.virtualDev": "lsisas1068"
}
},
{
"type": "virtualbox-iso",
"communicator": "winrm",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": false,
"boot_wait": "2m",
"winrm_username": "vagrant",
"winrm_password": "vagrant",
"winrm_timeout": "2h",
"shutdown_command": "a:/sysprep.bat",
"guest_os_type": "Windows2012_64",
"guest_additions_mode": "disable",
"disk_size": 61440,
"floppy_files": [
"{{user `autounattend`}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/unattend.xml",
"./scripts/sysprep.bat",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1",
"./scripts/oracle-cert.cer"
],
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--memory",
"2048"
],
[
"modifyvm",
"{{.Name}}",
"--cpus",
"2"
]
]
}
],
"provisioners": [
{
"type": "windows-shell",
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/vm-guest-tools.bat",
"./scripts/enable-rdp.bat"
]
},
{
"type": "powershell",
"scripts": [
"./scripts/debloat-windows.ps1"
]
},
{
"type": "windows-restart"
},
{
"type": "windows-shell",
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/pin-powershell.bat",
"./scripts/set-winrm-automatic.bat",
"./scripts/compile-dotnet-assemblies.bat",
"./scripts/uac-enable.bat",
"./scripts/compact.bat"
]
},
{
"type": "file",
"source": "./answer_files/2016/Autounattend_sysprep.xml",
"destination": "c:/Windows/Temp/Autounattend_sysprep.xml"
}
],
"post-processors": [
{
"type": "vagrant",
"keep_input_artifact": false,
"output": "windows_2016_{{.Provider}}.box",
"vagrantfile_template": "vagrantfile-windows_2016.template"
}
],
"variables": {
"iso_url": "http://care.dlservice.microsoft.com/dl/download/1/4/9/149D5452-9B29-4274-B6B3-5361DBDA30BC/14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO",
"iso_checksum_type": "md5",
"iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F",
"autounattend": "./answer_files/2016/Autounattend.xml",
"hyperv_switchname": "{{env `hyperv_switchname`}}"
}
}

206
README.md Normal file
View File

@@ -0,0 +1,206 @@
# Detection Lab
## Purpose
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.
Read more about Detection Lab on Medium here:
NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.
## Primary Lab Features:
* Splunk forwarders are pre-installed and all indexes are pre-created. Technology add-ons for Windows are also preconfigured.
* A custom Windows auditing configuration is set via GPO to include command line process auditing and additional OS-level logging
* [Palantir's Windows Event Forwarding](http://github.com/palantir/windows-event-forwarding) subscriptions and custom channels are implemented
* Powershell transcript logging is enabled. All logs are saved to `\\wef\pslogs`
* osquery comes installed on each host and is pre-configured to connect to a [Fleet](https://kolide.co/fleet) server via TLS. Fleet is preconfigured with the configuration from [Palantir's osquery Configuration](https://github.com/palantir/osquery-configuration)
* Sysmon is installed and configured using SwiftOnSecuritys open-sourced configuration
* All autostart items are logged to Windows Event Logs via [AutorunsToWinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog)
* SMBv1 Auditing is enabled
## Requirements
* 55GB+ of free disk space
* Packer 1.0.0 or newer
* Vagrant 1.9.2 or newer
* Virtualbox or VMWare Fusion/Workstation
This lab has been successfully tested on:
OS | Vagrant | Packer | Provider
---|---------|--------|-----------
OSX 10.12.4 | 1.9.3 | 1.0.0 | Virtualbox (5.1.14)
OSX 10.12.6 | 2.0.1 | 1.1.2 | Virtualbox (5.1.30)
OSX 10.12.4 | 1.9.2 | 1.0.0 | VMWare Fusion (8.5.6)
OSX 10.12.5 | 1.9.3 | 1.0.0 | VMWare Fusion (8.5.8)
OSX 10.12.6 | 2.0.1 | 1.1.3 | VMWare Fusion (8.5.9)
**Known Bad Versions:**
* Packer 1.1.2 will fail to build VMWare-ISOs correctly due to [this issue](https://github.com/hashicorp/packer/issues/5622).
---
## Quickstart
1. Determine which Vagrant provider you want to use.
* Note: Virtualbox is free, the [VMWare vagrant plugin](https://www.vagrantup.com/vmware/#buy-now) is $80.
2. `cd` to the Packer directory and build the Windows 10 and Windows Server 2016 boxes using the commands below. Each build will take about 1 hour. As far as I know, you can only build one box at a time.
```
$ cd detectionlab/Packer
$ packer build --only=[vmware|virtualbox]-iso windows_10.json
$ packer build --only=[vmware|virtualbox]-iso windows_2016.json
```
3. Once both boxes have built successfully, move the resulting boxes (.box files) in the Packer folder to the Boxes folder:
`mv *.box ../Boxes`
4. cd into the Vagrant directory: `cd ../Vagrant`
5. Install the Vagrant-Reload plugin: `vagrant plugin install vagrant-reload`
6. Ensure you are in the Vagrant folrder and run `vagrant up`. This command will do the following:
* Provision the logger host. This host will run the [Fleet](https://kolide.co/fleet) osquery manager and a fully featured pre-configured Splunk instance.
* Provision the DC host and configure it as a Domain Controller
* Provision the WEF host and configure it as a Windows Event Collector in the Servers OU
* Provision the Win10 host and configure it as a computer in the Workstations OU
7. Navigate to https://192.168.38.5:8000 in a browser to access the Splunk instance on logger. Default credentials are admin:changeme (you will have the option to change them on the next screen)
8. Navigate to https://192.168.38.5:8412 in a browser to access the Fleet server on logger. Default credentials are admin:admin123#. Query packs are pre-configured with queries from [palantir/osquery-configuration](https://github.com/palantir/osquery-configuration).
## Basic Vagrant Usage
Vagrant commands must be run from the "Vagrant" folder.
* Bring up all Detection Lab hosts: `vagrant up` (optional `--provider=[virtualbox|vmware_fusion|vmware_workstation]`)
* Bring up a specific host: `vagrant up <hostname>`
* Restart a specific host: `vagrant reload <hostname>`
* Restart a specific host and re-run the provision process: `vagrant reload <hostname> --provision`
* Destroy a specific host `vagrant destroy <hostname>`
* Destroy the entire Detection Lab environment: `vagrant destroy` (Adding `-f` forces it without a prompt)
* SSH into a host (only works with Logger): `vagrant ssh logger`
* Check the status of each host: `vagrant status`
* Suspend the lab environment: `vagrant suspend`
* Resume the lab environment: `vagrant resume`
---
## Lab Information
* Domain Name: windomain.local
* Admininstrator login: vagrant:vagrant
* Fleet login: admin:admin123#
* Splunk login: admin:changeme
## Lab Hosts
* DC - Windows 2016 Domain Controller
* WEF Server Configuration GPO
* Powershell logging GPO
* Enhanced Windows Auditing policy GPO
* Sysmon
* osquery
* Splunk Universal Forwarder (Forwards Sysmon & osquery)
* Sysinternals Tools
* WEF - Windows 2016 Server
* Windows Event Collector
* Windows Event Subscription Creation
* Powershell transcription logging share
* Sysmon
* osquery
* Splunk Universal Forwarder (Forwards WinEventLog & Powershell & Sysmon & osquery)
* Sysinternals tools
* Win10 - Windows 10 Workstation
* Simulates employee workstation
* Sysmon
* osquery
* Splunk Universal Forwarder (Forwards Sysmon & osquery)
* Sysinternals Tools
* Logger - Ubuntu 16.04
* Splunk Enterprise
* Fleet osquery Manager
## Splunk Indexes
Index Name | Description
-----------|------------
osquery | osquery/Fleet result logs
osquery-status | osquery/fleet INFO/WARN/ERROR logs
powershell | Powershell transcription logs
sysmon | Logs from the Sysmon service
wineventlog | Windows Event Logs
## Installed Tools on Windows
* Sysmon
* osquery
* AutorunsToWinEventLog
* Process Monitor
* Process Explorer
* PsExec
* TCPView
* Google Chrome
* Atom editor
* WinRar
* Mimikatz
## Applied GPOs
* [Custom Event Channel Permissions](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Custom Event Channel Permissions.htm)
* [Default Domain Controllers Policy](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Default Domain Controllers Policy.htm)
* [Default Domain Policy](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Default Domain Policy.htm)
* [Domain Controllers Enhanced Auditing Policy](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Domain Controllers Enhanced Auditing Policy.htm)
* [Powershell Logging](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Powershell Logging.htm)
* [Servers Enhanced Auditing Policy](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Servers Enhanced Auditing Policy.htm)
* [Windows Event Forwarding Server](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Windows Event Forwarding Server.htm)
* [Workstations Enhanced Auditing Policy](http://htmlpreview.github.io/?https://github.com/clong/detectionlab/blob/master/Vagrant/resources/GPO/reports/Workstations Enhanced Auditing Policy.htm)
## Known Issues and Workarounds
Vagrant has been particularly flaky with VMWare and I encountered many issues while testing. However, most of the issues are easily resolved.
---
**Issue:** Vagrant reports: `Message: HTTPClient::KeepAliveDisconnected:` while provisioning.
**Workaround:** Run `$ vagrant reload <hostname> --provision`
---
**Issue:** `Vagrant timed out while attempting to connect via WinRM` after Win10 host joins the domain.
**Workaround** Documented in [#21](https://github.com/clong/detectionlab/issues/21). Just run `$ vagrant reload win10 --provision`
---
**Issue:** Vagrant is unable to forward a port for you
**Workaround:** Documented in [#11](https://github.com/clong/detectionlab/issues/11). There are a few possibilities:
1. Try a `vagrant reload <hostname> --provision`. For whatever reason `vagrant up` doesn't fix conflicts but reload does.
2. Check if something is legitimately occupying the port via `sudo lsof -n -iTCP:<port_number>`
3. Follow the instructions from this comment: https://github.com/hashicorp/vagrant/issues/8130#issuecomment-272963103
---
**Issue:** Fleet server becomes unreachable after VM is suspended and resumed
**Workaround:** Documented in [#22](https://github.com/clong/detectionlab/issues/22). The following commands should make it reachable without deleting data:
```
$ docker stop $(docker ps -aq)
$ service docker restart
$ cd /home/vagrant/kolide-quickstart
$ docker-compose up -d
```
---
## Contributing
Please do all of your development in a feature branch on your own fork of detectionlab.
Requests for tools and features will be reviewed on a case by case basis, but I will always accept fixes and improvements.
## Credits/Resources
A sizable percentage of this code was borrowed and adapted from [Stefan Scherer](https://twitter.com/stefscherer)'s [packer-windows](https://github.com/StefanScherer/packer-windows) and [adfs2](https://github.com/StefanScherer/adfs2) Github repos. A huge thanks to him for building the foundation that allowed me to design this lab environment.
# Acknowledgements
* [Splunk](https://www.splunk.com)
* [osquery](https://osquery.io)
* [Fleet](https://kolide.co/fleet)
* [Windows Event Forwarding for Network Defense](https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f)
* [palantir/windows-event-forwarding](http://github.com/palantir/windows-event-forwarding)
* [osquery Across the Enterprise](https://medium.com/@palantir/osquery-across-the-enterprise-3c3c9d13ec55)
* [palantir/osquery-configuration](https://github.com/palantir/osquery-configuration)
* [Configure Event Log Forwarding in Windows Server 2012 R2](https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2)
* [Monitoring what mattersWindows Event Forwarding for everyone](https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/)
* [Use Windows Event Forwarding to help with intrusion detection](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection)
* [The Windows Event Forwarding Survival Guide](https://hackernoon.com/the-windows-event-forwarding-survival-guide-2010db7a68c4)
* [PowerShell ♥ the Blue Team](https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team/)
* [Autoruns](https://www.microsoftpressstore.com/articles/article.aspx?p=2762082)
* [TA-microsoft-sysmon](https://github.com/splunk/TA-microsoft-sysmon)
* [SwiftOnSecurity - Sysmon Config](https://github.com/SwiftOnSecurity/sysmon-config)

165
Vagrant/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,165 @@
Vagrant.configure("2") do |config|
config.vm.define "logger" do |cfg|
cfg.vm.box = "bento/ubuntu-16.04"
cfg.vm.hostname = "logger"
config.vm.provision :shell, path: "bootstrap.sh"
cfg.vm.network :private_network, ip: "192.168.38.5", gateway: "192.168.38.1", dns: "8.8.8.8"
config.vm.network :forwarded_port, guest: 8000, host: 8000
config.vm.network :forwarded_port, guest: 8412, host: 8412
cfg.vm.provider "vmware_fusion" do |v, override|
v.memory = 2048
v.cpus = 1
v.gui = true
end
cfg.vm.provider "virtualbox" do |vb, override|
vb.gui = true
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 1]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
config.vm.define "dc" do |cfg|
cfg.vm.box = "../Boxes/windows_2016_virtualbox.box"
cfg.vm.hostname = "dc"
# use the plaintext WinRM transport and force it to use basic authentication.
# NB this is needed because the default negotiate transport stops working
# after the domain controller is installed.
# see https://groups.google.com/forum/#!topic/vagrant-up/sZantuCM0q4
cfg.winrm.transport = :plaintext
cfg.winrm.basic_auth_only = true
cfg.vm.communicator = "winrm"
cfg.vm.network :forwarded_port, guest: 5985, host: 5985, id: "winrm", auto_correct: true
cfg.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh", auto_correct: true
cfg.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true
cfg.vm.network :private_network, ip: "192.168.38.2", gateway: "192.168.38.1"
cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "192.168.38.2"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "reload"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: true
cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: true
cfg.vm.provider "vmware_fusion" do |v, override|
override.vm.box = "../Boxes/windows_2016_vmware.box"
v.memory = 2048
v.cpus = 1
v.gui = true
end
cfg.vm.provider "virtualbox" do |vb, override|
vb.gui = true
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 1]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
config.vm.define "wef" do |cfg|
cfg.vm.box = "../Boxes/windows_2016_virtualbox.box"
cfg.vm.hostname = "wef"
cfg.vm.communicator = "winrm"
cfg.vm.network :forwarded_port, guest: 5985, host: 5986, id: "winrm", auto_correct: true
cfg.vm.network :forwarded_port, guest: 22, host: 2223, id: "ssh", auto_correct: true
cfg.vm.network :forwarded_port, guest: 3389, host: 3390, id: "rdp", auto_correct: true
cfg.vm.network :private_network, ip: "192.168.38.3", gateway: "192.168.38.1", dns: "192.168.38.2"
cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.3 -dns 192.168.38.2"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "reload"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-wefsubscriptions.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: true
cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: true
cfg.vm.provider "vmware_fusion" do |v, override|
override.vm.box = "../Boxes/windows_2016_vmware.box"
v.memory = 2048
v.cpus = 1
v.gui = true
end
cfg.vm.provider "virtualbox" do |vb, override|
vb.gui = true
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 1]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
config.vm.define "win10" do |cfg|
cfg.vm.box = "../Boxes/windows_10_virtualbox.box"
cfg.vm.hostname = "win10"
cfg.vm.communicator = "winrm"
cfg.vm.network :forwarded_port, guest: 5985, host: 5987, id: "winrm", auto_correct: true
cfg.vm.network :forwarded_port, guest: 22, host: 2224, id: "ssh", auto_correct: true
cfg.vm.network :forwarded_port, guest: 3389, host: 3391, id: "rdp", auto_correct: true
cfg.vm.network :private_network, ip: "192.168.38.4", gateway: "192.168.38.1", dns: "192.168.38.2"
cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.4 -dns 192.168.38.2"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "reload"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-inputsconf.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: true
cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: true
cfg.vm.provider "vmware_fusion" do |v, override|
override.vm.box = "../Boxes/windows_10_vmware.box"
v.vmx["gui.fullscreenatpoweron"] = "FALSE"
v.vmx["gui.viewModeAtPowerOn"] = "windowed"
v.vmx["gui.fitguestusingnativedisplayresolution"] = "FALSE"
v.memory = 2048
v.cpus = 1
v.gui = true
end
cfg.vm.provider "virtualbox" do |vb, override|
vb.gui = true
vb.customize ["modifyvm", :id, "--memory", 2048]
vb.customize ["modifyvm", :id, "--cpus", 1]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
end
end
end

111
Vagrant/bootstrap.sh Normal file
View File

@@ -0,0 +1,111 @@
#! /bin/bash
# Install prerequisites and useful tools
apt-get update
apt-get install -y jq whois build-essential git docker docker-compose unzip
# Install Golang v1.8
wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz
tar -xvf go1.8.linux-amd64.tar.gz
mv go /usr/local
mkdir /home/vagrant/.go
chown vagrant:vagrant /home/vagrant/.go
mkdir /root/.go
echo 'export GOPATH=$HOME/.go' >> /home/vagrant/.bashrc
echo 'export GOROOT=/usr/local/go' >> /home/vagrant/.bashrc
echo 'export GOPATH=$HOME/.go' >> /root/.bashrc
echo '/home/vagrant/.bashrc' >> /root/.bashrc
source ~/.bashrc
sudo update-alternatives --install "/usr/bin/go" "go" "/usr/local/go/bin/go" 0
sudo update-alternatives --set go /usr/local/go/bin/go
/usr/bin/go get -u github.com/howeyc/gopass
# Check if Splunk is already installed
if [ -f "/opt/splunk/bin/splunk" ]
then echo "Splunk is already installed"
else
# Get Splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below
dig @8.8.8.8 splunk.com
# Download Splunk
wget --progress=bar:force -O splunk-7.0.1-2b5b15c4ee89-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.0.1&product=splunk&filename=splunk-7.0.1-2b5b15c4ee89-linux-2.6-amd64.deb&wget=true'
dpkg -i splunk-7.0.1-2b5b15c4ee89-linux-2.6-amd64.deb
/opt/splunk/bin/splunk start --accept-license
/opt/splunk/bin/splunk add index wineventlog -auth 'admin:changeme'
/opt/splunk/bin/splunk add index osquery -auth 'admin:changeme'
/opt/splunk/bin/splunk add index osquery-status -auth 'admin:changeme'
/opt/splunk/bin/splunk add index sysmon -auth 'admin:changeme'
/opt/splunk/bin/splunk add index powershell -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_forwarder/splunk-add-on-for-microsoft-windows_483.tgz -auth 'admin:changeme'
/opt/splunk/bin/splunk install app /vagrant/resources/splunk_server/add-on-for-microsoft-sysmon_600.tgz -auth 'admin:changeme'
# Add a Splunk TCP input on port 9997
echo -e "[splunktcp://9997]\nconnection_host = ip" > /opt/splunk/etc/apps/search/local/inputs.conf
# Add props.conf and transforms.conf
cp /vagrant/resources/splunk_server/props.conf /opt/splunk/etc/apps/search/local/
cp /vagrant/resources/splunk_server/transforms.conf /opt/splunk/etc/apps/search/local/
# Skip Splunk Tour and Change Password Dialog
touch /opt/splunk/etc/.ui_login
# Enable SSL Login for Splunk
echo '[settings]
enableSplunkWebSSL = true' > /opt/splunk/etc/system/local/web.conf
# Reboot Splunk to make changes take effect
/opt/splunk/bin/splunk restart
/opt/splunk/bin/splunk enable boot-start
fi
# Install Fleet
echo -e "\n127.0.0.1 kolide" >> /etc/hosts
git clone https://github.com/kolide/kolide-quickstart.git
cd kolide-quickstart
cp /vagrant/resources/fleet/server.* .
sed -i 's/ -it//g' demo.sh
./demo.sh up simple
# Set the enrollment secret to match what we deploy to Windows hosts
docker run --rm --network=kolidequickstart_default mysql:5.7 mysql -h mysql -u kolide --password=kolide -e 'update app_configs set osquery_enroll_secret = "enrollmentsecret" where id=1;' --batch kolide
echo "Updated enrollment secret"
cd /home/vagrant
# Import Palantir osquery configs into Fleet
echo "Downloading Palantir configs"
git clone https://github.com/palantir/osquery-configuration.git
git clone https://github.com/kolide/configimporter.git
cd configimporter
go build
cd /home/vagrant
# Modify the config to work with config importer
cat /home/vagrant/osquery-configuration/Endpoints/Windows/osquery.conf | sed 's#packs/#../packs/#g' | grep -v unwanted-chrome-extensions | grep -v security-tooling-checks | grep -v performance-metrics > /home/vagrant/osquery-configuration/Endpoints/Windows/osquery_to_import.conf
# Install configimporter
echo "Installing configimporter"
echo "Sleeping for 5"
sleep 5
export CONFIGIMPORTER_PASSWORD='admin123#'
cd /home/vagrant/osquery-configuration/Endpoints/Windows/
# Fleet requires you to login before importing packs
# Login
curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure
sleep 1
curl 'https://192.168.38.5:8412/setup' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'authority: 192.168.38.5:8412' --compressed --insecure
sleep 1
# Setup organization name and email address
curl 'https://192.168.38.5:8412/api/v1/setup' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/setup' -H 'authority: 192.168.38.5:8412' --data-binary '{"kolide_server_url":"https://192.168.38.5:8412","org_info":{"org_name":"detectionlab"},"admin":{"admin":true,"email":"example@example.com","password":"admin123#","password_confirmation":"admin123#","username":"admin"}}' --compressed --insecure
sleep 3
# Import all Windows configs
/home/vagrant/configimporter/configimporter -host https://localhost:8412 -user 'admin' -config osquery_to_import.conf
# Get auth token
TOKEN=$(curl 'https://192.168.38.5:8412/api/v1/kolide/login' -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/login' -H 'authority: 192.168.38.5:8412' --data-binary '{"username":"admin","password":"admin123#"}' --compressed --insecure | grep token | cut -d '"' -f 4)
# Set all packs to be targeted to Windows hosts
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/1' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure
sleep 1
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/2' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure
sleep 1
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/3' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure
sleep 1
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/4' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure
sleep 1
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/3/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"label_ids":[10]}' --compressed --insecure
# Rename primary pack
curl 'https://192.168.38.5:8412/api/v1/kolide/packs/5' -X PATCH -H 'origin: https://192.168.38.5:8412' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H "authorization: Bearer $TOKEN" -H 'content-type: application/json' -H 'accept: application/json' -H 'referer: https://192.168.38.5:8412/packs/5/edit' -H 'authority: 192.168.38.5:8412' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36' --data-binary '{"name":"windows-pack"}' --compressed --insecure
# Add Splunk monitors for Fleet
/opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme'
/opt/splunk/bin/splunk add monitor "/home/vagrant/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'

1
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/manifest.xml Normal file
View File

@@ -0,0 +1 @@
<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{83A705FC-7072-4EC3-A9BA-4AA571570D31}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:39:58]]></BackupTime><ID><![CDATA[{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Domain Controllers Enhanced Auditing Policy]]></GPODisplayName></BackupInst></Backups>

20
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/Backup.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation. All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
<GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Event Log Readers]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[NETWORK SERVICE]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-2099590610-328841986-2664697228-11659]]></Sid><SamAccountName/><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{83A705FC-7072-4EC3-A9BA-4AA571570D31}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Domain Controllers Enhanced Auditing Policy]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[1703962]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{B05566AC-FE9C-4368-BE01-7A4CBB6CBA11}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings>
<GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
<FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Adm\*.*"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft\windows nt\Audit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit\audit.csv" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft\windows nt\Audit\audit.csv" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Preferences\Registry" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{83A705FC-7072-4EC3-A9BA-4AA571570D31}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
</GroupPolicyBackupScheme>

3
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="RestrictRemoteSamEventThrottlingWindow" status="RestrictRemoteSamEventThrottlingWindow" image="7" changed="2017-07-26 04:57:18" uid="{D232208A-0CBB-4FA1-BE41-D8A402116908}"><Properties action="U" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SYSTEM\CurrentControlSet\Control\Lsa" name="RestrictRemoteSamEventThrottlingWindow" type="REG_SZ" value="0"/></Registry>
</RegistrySettings>

12
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/DomainSysvol/GPO/Machine/comment.cmtx Normal file
View File

@@ -0,0 +1,12 @@
<?xml version='1.0' encoding='utf-8'?>
<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
<policyNamespaces>
<using prefix="ns0" namespace="Microsoft.Policies.WindowsRemoteManagement"></using>
</policyNamespaces>
<comments>
<admTemplate></admTemplate>
</comments>
<resources minRequiredRevision="1.0">
<stringTable></stringTable>
</resources>
</policyComments>

38
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv Normal file
View File

@@ -0,0 +1,38 @@
Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Kerberos Authentication Service,{0cce9242-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Kerberos Service Ticket Operations,{0cce9240-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Computer Account Management,{0cce9236-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Distribution Group Management,{0cce9238-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Account Management Events,{0cce923a-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit PNP Activity,{0cce9248-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Detailed Directory Service Replication,{0cce923e-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Directory Service Access,{0cce923b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Directory Service Changes,{0cce923c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Directory Service Replication,{0cce923d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Group Membership,{0cce9249-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit Kernel Object,{0cce921f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success,,1
,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},Success,,1
,System,Audit IPsec Driver,{0cce9213-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
1 Machine Name Policy Target Subcategory Subcategory GUID Inclusion Setting Exclusion Setting Setting Value
2 System Audit Credential Validation {0cce923f-69ae-11d9-bed3-505054503030} Success and Failure 3
3 System Audit Kerberos Authentication Service {0cce9242-69ae-11d9-bed3-505054503030} Success and Failure 3
4 System Audit Kerberos Service Ticket Operations {0cce9240-69ae-11d9-bed3-505054503030} Success and Failure 3
5 System Audit Other Account Logon Events {0cce9241-69ae-11d9-bed3-505054503030} Success and Failure 3
6 System Audit Computer Account Management {0cce9236-69ae-11d9-bed3-505054503030} Success and Failure 3
7 System Audit Distribution Group Management {0cce9238-69ae-11d9-bed3-505054503030} Success and Failure 3
8 System Audit Other Account Management Events {0cce923a-69ae-11d9-bed3-505054503030} Success and Failure 3
9 System Audit Security Group Management {0cce9237-69ae-11d9-bed3-505054503030} Success and Failure 3
10 System Audit User Account Management {0cce9235-69ae-11d9-bed3-505054503030} Success and Failure 3
11 System Audit DPAPI Activity {0cce922d-69ae-11d9-bed3-505054503030} Success and Failure 3
12 System Audit PNP Activity {0cce9248-69ae-11d9-bed3-505054503030} Success and Failure 3
13 System Audit Process Creation {0cce922b-69ae-11d9-bed3-505054503030} Success and Failure 3
14 System Audit Process Termination {0cce922c-69ae-11d9-bed3-505054503030} Success and Failure 3
15 System Audit Detailed Directory Service Replication {0cce923e-69ae-11d9-bed3-505054503030} Success and Failure 3
16 System Audit Directory Service Access {0cce923b-69ae-11d9-bed3-505054503030} Success and Failure 3
17 System Audit Directory Service Changes {0cce923c-69ae-11d9-bed3-505054503030} Success and Failure 3
18 System Audit Directory Service Replication {0cce923d-69ae-11d9-bed3-505054503030} Success and Failure 3
19 System Audit Account Lockout {0cce9217-69ae-11d9-bed3-505054503030} Success and Failure 3
20 System Audit User / Device Claims {0cce9247-69ae-11d9-bed3-505054503030} Success and Failure 3
21 System Audit Group Membership {0cce9249-69ae-11d9-bed3-505054503030} Success and Failure 3
22 System Audit Logoff {0cce9216-69ae-11d9-bed3-505054503030} Success and Failure 3
23 System Audit Logon {0cce9215-69ae-11d9-bed3-505054503030} Success and Failure 3
24 System Audit Other Logon/Logoff Events {0cce921c-69ae-11d9-bed3-505054503030} Success and Failure 3
25 System Audit Special Logon {0cce921b-69ae-11d9-bed3-505054503030} Success and Failure 3
26 System Audit Detailed File Share {0cce9244-69ae-11d9-bed3-505054503030} Failure 2
27 System Audit File Share {0cce9224-69ae-11d9-bed3-505054503030} Success and Failure 3
28 System Audit File System {0cce921d-69ae-11d9-bed3-505054503030} Success and Failure 3
29 System Audit Filtering Platform Connection {0cce9226-69ae-11d9-bed3-505054503030} Failure 2
30 System Audit Kernel Object {0cce921f-69ae-11d9-bed3-505054503030} Success and Failure 3
31 System Audit Removable Storage {0cce9245-69ae-11d9-bed3-505054503030} Success 1
32 System Audit Audit Policy Change {0cce922f-69ae-11d9-bed3-505054503030} Success and Failure 3
33 System Audit Authentication Policy Change {0cce9230-69ae-11d9-bed3-505054503030} Success and Failure 3
34 System Audit MPSSVC Rule-Level Policy Change {0cce9232-69ae-11d9-bed3-505054503030} Success 1
35 System Audit IPsec Driver {0cce9213-69ae-11d9-bed3-505054503030} Success and Failure 3
36 System Audit Security State Change {0cce9210-69ae-11d9-bed3-505054503030} Success and Failure 3
37 System Audit Security System Extension {0cce9211-69ae-11d9-bed3-505054503030} Success and Failure 3
38 System Audit System Integrity {0cce9212-69ae-11d9-bed3-505054503030} Success and Failure 3

BIN
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf Normal file
View File

Binary file not shown.

BIN
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/DomainSysvol/GPO/Machine/registry.pol Normal file
View File

Binary file not shown.

1
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/bkupInfo.xml Normal file
View File

@@ -0,0 +1 @@
<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{83A705FC-7072-4EC3-A9BA-4AA571570D31}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:39:58]]></BackupTime><ID><![CDATA[{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Domain Controllers Enhanced Auditing Policy]]></GPODisplayName></BackupInst>

BIN
Vagrant/resources/GPO/Domain_Controllers_Enhanced_Auditing_Policy/{3F2B9314-2D8F-452F-91CE-F9F13B04BA2C}/gpreport.xml Normal file
View File

Binary file not shown.

1
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/manifest.xml Normal file
View File

@@ -0,0 +1 @@
<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{E1359F60-FACE-461A-9C5D-D1DF07E51A79}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:30:11]]></BackupTime><ID><![CDATA[{E471372E-9280-47FB-963A-7B2A75182ACC}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Servers Enhanced Auditing Policy]]></GPODisplayName></BackupInst></Backups>

20
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/Backup.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation. All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
<GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Event Log Readers]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[NETWORK SERVICE]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{E1359F60-FACE-461A-9C5D-D1DF07E51A79}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Servers Enhanced Auditing Policy]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[1376277]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{B05566AC-FE9C-4368-BE01-7A4CBB6CBA11}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings>
<GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
<FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Adm\*.*"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_FSPATH%\Cadm" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Cadm" bkp:Location="DomainSysvol\GPO\Cadm"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft\windows nt\Audit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit\audit.csv" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft\windows nt\Audit\audit.csv" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Preferences\Registry" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Services" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Preferences\Services" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Services"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{E1359F60-FACE-461A-9C5D-D1DF07E51A79}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
</GroupPolicyBackupScheme>

3
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="RestrictRemoteSamEventThrottlingWindow" status="RestrictRemoteSamEventThrottlingWindow" image="12" changed="2017-03-28 20:28:29" uid="{7E71B8A5-03A7-456C-9CC9-941C1045C0E1}"><Properties action="U" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SYSTEM\CurrentControlSet\Control\Lsa" name="RestrictRemoteSamEventThrottlingWindow" type="REG_DWORD" value="00000000"/></Registry>
</RegistrySettings>

12
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/DomainSysvol/GPO/Machine/comment.cmtx Normal file
View File

@@ -0,0 +1,12 @@
<?xml version='1.0' encoding='utf-8'?>
<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
<policyNamespaces>
<using prefix="ns0" namespace="Microsoft.Policies.WindowsRemoteManagement"></using>
</policyNamespaces>
<comments>
<admTemplate></admTemplate>
</comments>
<resources minRequiredRevision="1.0">
<stringTable></stringTable>
</resources>
</policyComments>

33
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv Normal file
View File

@@ -0,0 +1,33 @@
Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit PNP Activity,{0cce9248-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Group Membership,{0cce9249-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit Other Object Access Events,{0cce9227-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Registry,{0cce921e-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Policy Change Events,{0cce9234-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Non Sensitive Privilege Use,{0cce9229-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
1 Machine Name Policy Target Subcategory Subcategory GUID Inclusion Setting Exclusion Setting Setting Value
2 System Audit Credential Validation {0cce923f-69ae-11d9-bed3-505054503030} Success and Failure 3
3 System Audit Other Account Logon Events {0cce9241-69ae-11d9-bed3-505054503030} Success and Failure 3
4 System Audit Security Group Management {0cce9237-69ae-11d9-bed3-505054503030} Success and Failure 3
5 System Audit User Account Management {0cce9235-69ae-11d9-bed3-505054503030} Success and Failure 3
6 System Audit DPAPI Activity {0cce922d-69ae-11d9-bed3-505054503030} Success and Failure 3
7 System Audit PNP Activity {0cce9248-69ae-11d9-bed3-505054503030} Success and Failure 3
8 System Audit Process Creation {0cce922b-69ae-11d9-bed3-505054503030} Success and Failure 3
9 System Audit Process Termination {0cce922c-69ae-11d9-bed3-505054503030} Success and Failure 3
10 System Audit Account Lockout {0cce9217-69ae-11d9-bed3-505054503030} Success and Failure 3
11 System Audit User / Device Claims {0cce9247-69ae-11d9-bed3-505054503030} Success and Failure 3
12 System Audit Group Membership {0cce9249-69ae-11d9-bed3-505054503030} Success and Failure 3
13 System Audit Logoff {0cce9216-69ae-11d9-bed3-505054503030} Success and Failure 3
14 System Audit Logon {0cce9215-69ae-11d9-bed3-505054503030} Success and Failure 3
15 System Audit Other Logon/Logoff Events {0cce921c-69ae-11d9-bed3-505054503030} Success and Failure 3
16 System Audit Special Logon {0cce921b-69ae-11d9-bed3-505054503030} Success and Failure 3
17 System Audit Detailed File Share {0cce9244-69ae-11d9-bed3-505054503030} Success and Failure 3
18 System Audit File Share {0cce9224-69ae-11d9-bed3-505054503030} Success and Failure 3
19 System Audit File System {0cce921d-69ae-11d9-bed3-505054503030} Success and Failure 3
20 System Audit Filtering Platform Connection {0cce9226-69ae-11d9-bed3-505054503030} Failure 2
21 System Audit Other Object Access Events {0cce9227-69ae-11d9-bed3-505054503030} Success and Failure 3
22 System Audit Registry {0cce921e-69ae-11d9-bed3-505054503030} Success and Failure 3
23 System Audit Removable Storage {0cce9245-69ae-11d9-bed3-505054503030} Success and Failure 3
24 System Audit Audit Policy Change {0cce922f-69ae-11d9-bed3-505054503030} Success and Failure 3
25 System Audit Authentication Policy Change {0cce9230-69ae-11d9-bed3-505054503030} Success and Failure 3
26 System Audit MPSSVC Rule-Level Policy Change {0cce9232-69ae-11d9-bed3-505054503030} Success and Failure 3
27 System Audit Other Policy Change Events {0cce9234-69ae-11d9-bed3-505054503030} Success and Failure 3
28 System Audit Non Sensitive Privilege Use {0cce9229-69ae-11d9-bed3-505054503030} Failure 2
29 System Audit Sensitive Privilege Use {0cce9228-69ae-11d9-bed3-505054503030} Success and Failure 3
30 System Audit Other System Events {0cce9214-69ae-11d9-bed3-505054503030} Success and Failure 3
31 System Audit Security State Change {0cce9210-69ae-11d9-bed3-505054503030} Success and Failure 3
32 System Audit Security System Extension {0cce9211-69ae-11d9-bed3-505054503030} Success and Failure 3
33 System Audit System Integrity {0cce9212-69ae-11d9-bed3-505054503030} Success and Failure 3

BIN
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf Normal file
View File

Binary file not shown.

BIN
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/DomainSysvol/GPO/Machine/registry.pol Normal file
View File

Binary file not shown.

1
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/bkupInfo.xml Normal file
View File

@@ -0,0 +1 @@
<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{E1359F60-FACE-461A-9C5D-D1DF07E51A79}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:30:11]]></BackupTime><ID><![CDATA[{E471372E-9280-47FB-963A-7B2A75182ACC}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Servers Enhanced Auditing Policy]]></GPODisplayName></BackupInst>

BIN
Vagrant/resources/GPO/Servers_Enhanced_Auditing_Policy/{E471372E-9280-47FB-963A-7B2A75182ACC}/gpreport.xml Normal file
View File

Binary file not shown.

1
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/manifest.xml Normal file
View File

@@ -0,0 +1 @@
<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{EC31A138-BD53-40CE-A368-0ED65005F02E}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:35:10]]></BackupTime><ID><![CDATA[{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Workstations Enhanced Auditing Policy]]></GPODisplayName></BackupInst></Backups>

20
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/Backup.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation. All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
<GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3516590555-2060695796-1367554519-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{EC31A138-BD53-40CE-A368-0ED65005F02E}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 db e9 9a d1 f4 b8 d3 7a d7 39 83 51 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Workstations Enhanced Auditing Policy]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[1245203]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{B05566AC-FE9C-4368-BE01-7A4CBB6CBA11}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings>
<GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
<FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Adm\*.*"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
<FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
</GroupPolicyExtension>
<GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_FSPATH%\Cadm" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Cadm" bkp:Location="DomainSysvol\GPO\Cadm"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft\windows nt\Audit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\Audit\audit.csv" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft\windows nt\Audit\audit.csv" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Preferences\Registry" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{EC31A138-BD53-40CE-A368-0ED65005F02E}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
</GroupPolicyBackupScheme>

3
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/DomainSysvol/GPO/Machine/Preferences/Registry/Registry.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="RestrictRemoteSamEventThrottlingWindow" status="RestrictRemoteSamEventThrottlingWindow" image="12" bypassErrors="1" changed="2017-03-28 18:23:06" uid="{C6860994-A627-43A9-A8E9-433B483C697C}"><Properties action="U" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SYSTEM\CurrentControlSet\Control\Lsa" name="RestrictRemoteSamEventThrottlingWindow" type="REG_DWORD" value="00000000"/></Registry>
</RegistrySettings>

12
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/DomainSysvol/GPO/Machine/comment.cmtx Normal file
View File

@@ -0,0 +1,12 @@
<?xml version='1.0' encoding='utf-8'?>
<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
<policyNamespaces>
<using prefix="ns0" namespace="Microsoft.Policies.WindowsRemoteManagement"></using>
</policyNamespaces>
<comments>
<admTemplate></admTemplate>
</comments>
<resources minRequiredRevision="1.0">
<stringTable></stringTable>
</resources>
</policyComments>

33
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv Normal file
View File

@@ -0,0 +1,33 @@
Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
,System,Audit Credential Validation,{0cce923f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Account Logon Events,{0cce9241-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security Group Management,{0cce9237-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User Account Management,{0cce9235-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit DPAPI Activity,{0cce922d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit PNP Activity,{0cce9248-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Creation,{0cce922b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Process Termination,{0cce922c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Account Lockout,{0cce9217-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit User / Device Claims,{0cce9247-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Group Membership,{0cce9249-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logoff,{0cce9216-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Logon,{0cce9215-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Logon/Logoff Events,{0cce921c-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Special Logon,{0cce921b-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Detailed File Share,{0cce9244-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit File Share,{0cce9224-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit File System,{0cce921d-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Filtering Platform Connection,{0cce9226-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit Other Object Access Events,{0cce9227-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Registry,{0cce921e-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Removable Storage,{0cce9245-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Audit Policy Change,{0cce922f-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Authentication Policy Change,{0cce9230-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit MPSSVC Rule-Level Policy Change,{0cce9232-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other Policy Change Events,{0cce9234-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Non Sensitive Privilege Use,{0cce9229-69ae-11d9-bed3-505054503030},Failure,,2
,System,Audit Sensitive Privilege Use,{0cce9228-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Other System Events,{0cce9214-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security State Change,{0cce9210-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit Security System Extension,{0cce9211-69ae-11d9-bed3-505054503030},Success and Failure,,3
,System,Audit System Integrity,{0cce9212-69ae-11d9-bed3-505054503030},Success and Failure,,3
1 Machine Name Policy Target Subcategory Subcategory GUID Inclusion Setting Exclusion Setting Setting Value
2 System Audit Credential Validation {0cce923f-69ae-11d9-bed3-505054503030} Success and Failure 3
3 System Audit Other Account Logon Events {0cce9241-69ae-11d9-bed3-505054503030} Success and Failure 3
4 System Audit Security Group Management {0cce9237-69ae-11d9-bed3-505054503030} Success and Failure 3
5 System Audit User Account Management {0cce9235-69ae-11d9-bed3-505054503030} Success and Failure 3
6 System Audit DPAPI Activity {0cce922d-69ae-11d9-bed3-505054503030} Success and Failure 3
7 System Audit PNP Activity {0cce9248-69ae-11d9-bed3-505054503030} Success and Failure 3
8 System Audit Process Creation {0cce922b-69ae-11d9-bed3-505054503030} Success and Failure 3
9 System Audit Process Termination {0cce922c-69ae-11d9-bed3-505054503030} Success and Failure 3
10 System Audit Account Lockout {0cce9217-69ae-11d9-bed3-505054503030} Success and Failure 3
11 System Audit User / Device Claims {0cce9247-69ae-11d9-bed3-505054503030} Success and Failure 3
12 System Audit Group Membership {0cce9249-69ae-11d9-bed3-505054503030} Success and Failure 3
13 System Audit Logoff {0cce9216-69ae-11d9-bed3-505054503030} Success and Failure 3
14 System Audit Logon {0cce9215-69ae-11d9-bed3-505054503030} Success and Failure 3
15 System Audit Other Logon/Logoff Events {0cce921c-69ae-11d9-bed3-505054503030} Success and Failure 3
16 System Audit Special Logon {0cce921b-69ae-11d9-bed3-505054503030} Success and Failure 3
17 System Audit Detailed File Share {0cce9244-69ae-11d9-bed3-505054503030} Success and Failure 3
18 System Audit File Share {0cce9224-69ae-11d9-bed3-505054503030} Success and Failure 3
19 System Audit File System {0cce921d-69ae-11d9-bed3-505054503030} Success and Failure 3
20 System Audit Filtering Platform Connection {0cce9226-69ae-11d9-bed3-505054503030} Failure 2
21 System Audit Other Object Access Events {0cce9227-69ae-11d9-bed3-505054503030} Success and Failure 3
22 System Audit Registry {0cce921e-69ae-11d9-bed3-505054503030} Success and Failure 3
23 System Audit Removable Storage {0cce9245-69ae-11d9-bed3-505054503030} Success and Failure 3
24 System Audit Audit Policy Change {0cce922f-69ae-11d9-bed3-505054503030} Success and Failure 3
25 System Audit Authentication Policy Change {0cce9230-69ae-11d9-bed3-505054503030} Success and Failure 3
26 System Audit MPSSVC Rule-Level Policy Change {0cce9232-69ae-11d9-bed3-505054503030} Success and Failure 3
27 System Audit Other Policy Change Events {0cce9234-69ae-11d9-bed3-505054503030} Success and Failure 3
28 System Audit Non Sensitive Privilege Use {0cce9229-69ae-11d9-bed3-505054503030} Failure 2
29 System Audit Sensitive Privilege Use {0cce9228-69ae-11d9-bed3-505054503030} Success and Failure 3
30 System Audit Other System Events {0cce9214-69ae-11d9-bed3-505054503030} Success and Failure 3
31 System Audit Security State Change {0cce9210-69ae-11d9-bed3-505054503030} Success and Failure 3
32 System Audit Security System Extension {0cce9211-69ae-11d9-bed3-505054503030} Success and Failure 3
33 System Audit System Integrity {0cce9212-69ae-11d9-bed3-505054503030} Success and Failure 3

BIN
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf Normal file
View File

Binary file not shown.

BIN
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/DomainSysvol/GPO/Machine/registry.pol Normal file
View File

Binary file not shown.

1
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/bkupInfo.xml Normal file
View File

@@ -0,0 +1 @@
<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{EC31A138-BD53-40CE-A368-0ED65005F02E}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{39471c5e-04d5-4275-bf10-47653a177887}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2017-07-26T19:35:10]]></BackupTime><ID><![CDATA[{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Workstations Enhanced Auditing Policy]]></GPODisplayName></BackupInst>

BIN
Vagrant/resources/GPO/Workstations_Enhanced_Auditing_Policy/{1CC39F6D-972E-4E7F-A5BD-AEB9C0B1083F}/gpreport.xml Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More