Initial commit

Packer/scripts/.gitignore

@@ -0,0 +1,3 @@
+*.exe
+*.msi
+*.msu

Packer/scripts/MakeWindows10GreatAgain.ps1

@@ -0,0 +1,21 @@
+# Import the registry keys
+Write-Host "Making Windows 10 Great again"
+Write-Host "Importing registry keys..."
+regedit /s a:\MakeWindows10GreatAgain.reg
+
+# Install Powershell Help items
+Write-Host "Updating Powershell Help Library..."
+Update-Help
+
+# Remove OneDrive from the System
+Write-Host "Removing OneDrive..."
+$onedrive = Get-Process onedrive -ErrorAction SilentlyContinue
+if ($onedrive) {
+  taskkill /f /im OneDrive.exe
+}
+c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall
+
+# Disable SMBv1
+Write-Host "Disabling SMBv1"
+Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$false
+

Packer/scripts/MakeWindows10GreatAgain.reg

@@ -0,0 +1,45 @@
+Windows Registry Editor Version 5.00
+
+# Disable Cortana (Windows search still remains)
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search]
+"AllowCortana"=dword:00000000
+
+# Disable Notification Center
+[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer]
+"DisableNotificationCenter"=dword:00000001
+
+# Don't reboot when users are logged in for Windows updates
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
+"NoAutoRebootWithLoggedOnUsers"=dword:00000001
+
+# Disable Microsoft.com accounts
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
+"NoConnectedUser"=dword:00000003
+
+# Show all file extensions
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
+"HideFileExt"=dword:00000000
+
+# Set explorer to open to "This PC" for new windows
+[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
+"LaunchTo"=dword:00000001
+
+# Show hidden files (not including OS files)
+[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
+"Hidden"=dword:00000001
+
+# Show "This PC" on Desktop
+# Created by: Shawn Brink
+# http://www.tenforums.com
+[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
+"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
+
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
+"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
+ 
+[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
+"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
+
+# Enable Developer Mode (prerequisite for Linux subsystem)
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock]
+"AllowDevelopmentWithoutDevLicense"=dword:00000001

Packer/scripts/chef.bat

@@ -0,0 +1,6 @@
+if not exist "C:\Windows\Temp\chef.msi" (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.getchef.com/chef/install.msi', 'C:\Windows\Temp\chef.msi')" <NUL
+)
+
+msiexec /qb /i C:\Windows\Temp\chef.msi
+powershell -Command "Start-Sleep 1" <NUL

Packer/scripts/chocolatey.bat

@@ -0,0 +1 @@
+powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" <NUL

Packer/scripts/chocopacks.bat

@@ -0,0 +1,6 @@
+:: Ensure C:\Chocolatey\bin is on the path
+set /p PATH=<C:\Windows\Temp\PATH
+
+:: Install all the things; for example:
+cmd /c choco install 7zip
+cmd /c choco install notepadplusplus

Packer/scripts/compact.bat

@@ -0,0 +1,39 @@
+if "%PACKER_BUILDER_TYPE:~0,6%"=="hyperv" (
+  echo "Skip compact steps in Hyper-V build."
+  goto :eof
+)
+if not exist "C:\Windows\Temp\7z920-x64.msi" (
+	powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
+)
+msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
+
+if not exist "C:\Windows\Temp\ultradefrag.zip" (
+	powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://downloads.sourceforge.net/project/ultradefrag/stable-release/6.1.0/ultradefrag-portable-6.1.0.bin.amd64.zip', 'C:\Windows\Temp\ultradefrag.zip')" <NUL
+)
+
+if not exist "C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe" (
+	cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\ultradefrag.zip -oC:\Windows\Temp"
+)
+
+if not exist "C:\Windows\Temp\SDelete.zip" (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.sysinternals.com/files/SDelete.zip', 'C:\Windows\Temp\SDelete.zip')" <NUL
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://vagrantboxes.blob.core.windows.net/box/sdelete/v1.6.1/sdelete.exe', 'C:\Windows\Temp\sdelete.exe')" <NUL
+)
+
+if not exist "C:\Windows\Temp\sdelete.exe" (
+	cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\SDelete.zip -oC:\Windows\Temp"
+)
+
+msiexec /qb /x C:\Windows\Temp\7z920-x64.msi
+
+net stop wuauserv
+rmdir /S /Q C:\Windows\SoftwareDistribution\Download
+mkdir C:\Windows\SoftwareDistribution\Download
+net start wuauserv
+
+if "%PACKER_BUILDER_TYPE%" neq "hyperv-iso" (
+	cmd /c C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe --optimize --repeat C:
+
+	cmd /c %SystemRoot%\System32\reg.exe ADD HKCU\Software\Sysinternals\SDelete /v EulaAccepted /t REG_DWORD /d 1 /f
+	cmd /c C:\Windows\Temp\sdelete.exe -q -z C:
+)

Packer/scripts/compile-dotnet-assemblies.bat

@@ -0,0 +1,15 @@
+::http://support.microsoft.com/kb/2570538
+::http://robrelyea.wordpress.com/2007/07/13/may-be-helpful-ngen-exe-executequeueditems/
+
+if "%PROCESSOR_ARCHITECTURE%"=="AMD64" goto 64BIT
+
+%windir%\microsoft.net\framework\v4.0.30319\ngen.exe update /force /queue
+%windir%\microsoft.net\framework\v4.0.30319\ngen.exe executequeueditems
+
+exit /b
+
+:64BIT
+%windir%\microsoft.net\framework\v4.0.30319\ngen.exe update /force /queue
+%windir%\microsoft.net\framework64\v4.0.30319\ngen.exe update /force /queue
+%windir%\microsoft.net\framework\v4.0.30319\ngen.exe executequeueditems
+%windir%\microsoft.net\framework64\v4.0.30319\ngen.exe executequeueditems

Packer/scripts/create-domain.ps1

@@ -0,0 +1,39 @@
+if ((gwmi win32_computersystem).partofdomain -eq $false) {
+
+  Write-Host 'Creating domain controller'
+  # Disable password complexity policy
+  secedit /export /cfg C:\secpol.cfg
+  (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
+  secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY
+  rm -force C:\secpol.cfg -confirm:$false
+
+  # Set administrator password
+  $computerName = $env:COMPUTERNAME
+  $adminPassword = "vagrant"
+  $adminUser = [ADSI] "WinNT://$computerName/Administrator,User"
+  $adminUser.SetPassword($adminPassword)
+
+  $PlainPassword = "vagrant" # "P@ssw0rd"
+  $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force
+
+  # Windows Server 2012 R2
+  Install-WindowsFeature AD-domain-services
+  Import-Module ADDSDeployment
+  Install-ADDSForest `
+    -SafeModeAdministratorPassword $SecurePassword `
+    -CreateDnsDelegation:$false `
+    -DatabasePath "C:\Windows\NTDS" `
+    -DomainMode "Win2012" `
+    -DomainName "windomain.local" `
+    -DomainNetbiosName "WINDOMAIN" `
+    -ForestMode "Win2012" `
+    -InstallDns:$true `
+    -LogPath "C:\Windows\NTDS" `
+    -NoRebootOnCompletion:$true `
+    -SysvolPath "C:\Windows\SYSVOL" `
+    -Force:$true
+
+  $newDNSServers = "8.8.8.8", "4.4.4.4"
+  $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -eq "10.0.2.15"}
+  $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)}
+}

Packer/scripts/debloat-windows.ps1

@@ -0,0 +1,27 @@
+if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv")) {
+  Write-Host Skip debloat steps in Hyper-V build.
+} else {
+  Write-Host Downloading debloat zip
+  $url="https://github.com/StefanScherer/Debloat-Windows-10/archive/master.zip"
+  (New-Object System.Net.WebClient).DownloadFile($url, "$env:TEMP\debloat.zip")
+  Expand-Archive -Path $env:TEMP\debloat.zip -DestinationPath $env:TEMP -Force
+
+  #Write-Host Disable scheduled tasks
+  #. $env:TEMP\Debloat-Windows-10-master\utils\disable-scheduled-tasks.ps1
+  #Write-Host Block telemetry
+  #. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1
+  #Write-Host Disable services
+  #. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1
+  Write-host Disable Windows Defender
+  #. $env:TEMP\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1
+  Uninstall-WindowsFeature Windows-Defender-Features
+  Write-host Optimize Windows Update
+  . $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1
+  #Write-host Disable Windows Update
+  #Set-Service wuauserv -StartupType Disabled
+  #Write-Host Remove OneDrive
+  #. $env:TEMP\Debloat-Windows-10-master\scripts\remove-onedrive.ps1
+
+  rm $env:TEMP\debloat.zip
+  rm -recurse $env:TEMP\Debloat-Windows-10-master
+}

Packer/scripts/dis-updates.bat

@@ -0,0 +1,19 @@
+rem http://www.windows-commandline.com/disable-automatic-updates-command-line/
+reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f
+
+rem remove optional WSUS server settings
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f
+
+rem even harder, disable windows update service
+rem sc config wuauserv start= disabled
+rem net stop wuauserv
+
+if exist C:\Windows\Temp\win-updates.log (
+  echo Show Windows Updates log file C:\Windows\Temp\win-updates.log
+  dir C:\Windows\Temp\win-updates.log
+  type C:\Windows\Temp\win-updates.log
+  rem output of type command is not fully shown in packer/ssh session, so try PowerShell
+  rem but it will hang if log file is about 22 KByte
+  rem powershell -command "Get-Content C:\Windows\Temp\win-updates.log"
+  echo End of Windows Updates log file C:\Windows\Temp\win-updates.log
+)

Packer/scripts/dis-updates.ps1

@@ -0,0 +1,30 @@
+<#
+.SYNOPSIS
+   Disables automatic windows updates
+.DESCRIPTION
+   Disables checking for and applying Windows Updates (does not prevent updates from being applied manually or being pushed down)
+   Run on the machine that updates need disabling on.
+.PARAMETER <paramName>
+   None
+.EXAMPLE
+   ./Disable-WindowsUpdates.ps1
+#>
+$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
+if ($RunningAsAdmin)
+{
+
+	$Updates = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings
+
+	if ($Updates.ReadOnly -eq $True) { Write-Error "Cannot update Windows Update settings due to GPO restrictions." }
+
+	else {
+		$Updates.NotificationLevel = 1 #Disabled
+		$Updates.Save()
+		$Updates.Refresh()
+		Write-Output "Automatic Windows Updates disabled."
+	}
+}
+
+else 
+{	Write-Warning "Must be executed in Administrator level shell."
+	Write-Warning "Script Cancelled!" } 

Packer/scripts/disable-auto-logon.bat

@@ -0,0 +1 @@
+reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 0 /f

Packer/scripts/disable-screensaver.ps1

@@ -0,0 +1,4 @@
+Write-Host "Disabling Screensaver"
+Set-ItemProperty "HKCU:\Control Panel\Desktop" -Name ScreenSaveActive -Value 0 -Type DWord
+& powercfg -x -monitor-timeout-ac 0
+& powercfg -x -monitor-timeout-dc 0

Packer/scripts/disable-tasks.bat

@@ -0,0 +1,2 @@
+schtasks /End /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
+schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE

Packer/scripts/disable-winrm.ps1

@@ -0,0 +1,8 @@
+netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
+netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
+$winrmService = Get-Service -Name WinRM
+if ($winrmService.Status -eq "Running"){
+    Disable-PSRemoting -Force
+}
+Stop-Service winrm
+Set-Service -Name winrm -StartupType Disabled

Packer/scripts/docker/10/install-containers-feature.ps1

@@ -0,0 +1,6 @@
+# https://msdn.microsoft.com/de-de/virtualization/windowscontainers/quick_start/quick_start_windows_10
+Write-Host "Install Containers feature"
+Enable-WindowsOptionalFeature -Online -FeatureName containers -All -NoRestart
+Write-Host "Install Hyper-V feature"
+Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart
+sc.exe config winrm start= delayed-auto

Packer/scripts/docker/10/install-docker.ps1

@@ -0,0 +1,13 @@
+Set-ExecutionPolicy Bypass -scope Process
+New-Item -Type Directory -Path "$($env:ProgramFiles)\docker"
+# wget -outfile $env:TEMP\docker-17.03.0-ce.zip "https://dockermsft.blob.core.windows.net/dockercontainer/docker-1-13-1.zip"
+Write-Host "Downloading docker ..."
+wget -outfile $env:TEMP\docker-17.03.0-ce.zip "https://get.docker.com/builds/Windows/x86_64/docker-17.03.0-ce.zip"
+Expand-Archive -Path $env:TEMP\docker-17.03.0-ce.zip -DestinationPath $env:TEMP -Force
+copy $env:TEMP\docker\*.exe $env:ProgramFiles\docker
+Remove-Item $env:TEMP\docker-17.03.0-ce.zip
+[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\docker", [EnvironmentVariableTarget]::Machine)
+$env:Path = $env:Path + ";$($env:ProgramFiles)\docker"
+Write-Host "Registering docker service ..."
+. dockerd --register-service -H npipe:// -H 0.0.0.0:2375 -G docker
+Start-Service Docker

Packer/scripts/docker/2016/install-containers-feature.ps1

@@ -0,0 +1,9 @@
+Write-Host "Install Containers feature"
+Install-WindowsFeature -Name Containers
+
+if ((GWMI Win32_Processor).VirtualizationFirmwareEnabled[0] -and (GWMI Win32_Processor).SecondLevelAddressTranslationExtensions[0]) {
+  Write-Host "Install Hyper-V feature"
+  Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
+} else {
+  Write-Host "Skipping installation of Hyper-V feature"
+}

Packer/scripts/docker/2016/install-docker.ps1

@@ -0,0 +1,12 @@
+$ProgressPreference = 'SilentlyContinue'
+
+Set-ExecutionPolicy Bypass -scope Process
+New-Item -Type Directory -Path "$($env:ProgramFiles)\docker"
+wget -outfile $env:TEMP\docker-17-03-0-ee.zip "https://dockermsft.blob.core.windows.net/dockercontainer/docker-17-03-0-ee.zip"
+Expand-Archive -Path $env:TEMP\docker-17-03-0-ee.zip -DestinationPath $env:TEMP -Force
+copy $env:TEMP\docker\*.exe $env:ProgramFiles\docker
+Remove-Item $env:TEMP\docker-17-03-0-ee.zip
+[Environment]::SetEnvironmentVariable("Path", $env:Path + ";$($env:ProgramFiles)\docker", [EnvironmentVariableTarget]::Machine)
+$env:Path = $env:Path + ";$($env:ProgramFiles)\docker"
+. dockerd --register-service -H npipe:// -H 0.0.0.0:2375 -G docker
+Start-Service docker

Packer/scripts/docker/add-docker-group.ps1

@@ -0,0 +1,5 @@
+Write-Host Creating group docker
+net localgroup docker /add
+$username = $env:USERNAME
+Write-Host Adding user $username to group docker
+net localgroup docker $username /add

Packer/scripts/docker/disable-windows-defender.ps1

@@ -0,0 +1 @@
+Set-MpPreference -DisableRealtimeMonitoring $true

Packer/scripts/docker/docker-pull-async.ps1

@@ -0,0 +1,16 @@
+function DockerPull {
+  Param ([string]$image)
+
+  Write-Host Installing $image ...
+  $j = Start-Job -ScriptBlock { docker pull $args[0] } -ArgumentList $image
+  while ( $j.JobStateInfo.state -ne "Completed" -And $j.JobStateInfo.state -ne "Failed" ) {
+    Write-Host $j.JobStateInfo.state
+    Start-Sleep 10
+  }
+
+  $results = Receive-Job -Job $j
+  $results
+}
+
+DockerPull microsoft/windowsservercore
+DockerPull microsoft/nanoserver

Packer/scripts/docker/enable-winrm.ps1

@@ -0,0 +1,21 @@
+Enable-PSRemoting -Force
+winrm quickconfig -q
+winrm quickconfig -transport:http
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+winrm set winrm/config/client/auth '@{Basic="true"}'
+winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
+
+if (Test-Path A:\install-containers-feature.ps1) {
+  . A:\install-containers-feature.ps1
+}
+
+Stop-Service winrm
+. sc.exe config winrm start= delayed-auto
+
+netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
+netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
+
+Restart-Computer

Packer/scripts/docker/open-docker-insecure-port.ps1

@@ -0,0 +1,6 @@
+Write-Host "WARNING: DO NOT USE DOCKER IN PRODUCTION WITHOUT TLS"
+Write-Host "Opening Docker insecure port 2375"
+
+if (!(Get-NetFirewallRule | where {$_.Name -eq "Dockerinsecure2375"})) {
+    New-NetFirewallRule -Name "Dockerinsecure2375" -DisplayName "Docker insecure on TCP/2375" -Protocol tcp -LocalPort 2375 -Action Allow -Enabled True
+}

Packer/scripts/docker/remove-docker-key-json.ps1

@@ -0,0 +1,9 @@
+# Do not restart Docker as it creates the key.json with an unique ID
+# This should not exist in the Vagrant basebox so you can spin up
+# multiple Vagrant boxes for a Docker swarm etc.
+
+Write-Host "Stopping Docker"
+Stop-Service docker
+
+Write-Host "Removing key.json to recreate key.json on first vagrant up"
+rm C:\ProgramData\docker\config\key.json

Packer/scripts/enable-rdp.bat

@@ -0,0 +1,2 @@
+netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Packer/scripts/enable-remote-desktop.bat

@@ -0,0 +1,14 @@
+rem from http://networkerslog.blogspot.de/2013/09/how-to-enable-remote-desktop-remotely.html
+
+rem 1) Enable Remote Desktop
+rem set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
+reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0 /f
+
+rem 2) Allow incoming RDP on firewall
+rem Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
+netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
+
+rem 3) Enable secure RDP authentication
+rem set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0   
+reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "UserAuthentication" /t REG_DWORD /d 0 /f
+

Packer/scripts/enable-uac.bat

@@ -0,0 +1 @@
+reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f

Packer/scripts/enable-winrm.bat

@@ -0,0 +1,2 @@
+rem Enable-NetFirewallRule for WinRM
+netsh advfirewall firewall add rule name="Port 5985" dir=in action=allow protocol=TCP localport=5985

Packer/scripts/enable-winrm.ps1

@@ -0,0 +1,13 @@
+Enable-PSRemoting -Force
+winrm quickconfig -q
+winrm quickconfig -transport:http
+winrm set winrm/config '@{MaxTimeoutms="1800000"}'
+winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
+winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+winrm set winrm/config/service/auth '@{Basic="true"}'
+winrm set winrm/config/client/auth '@{Basic="true"}'
+winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
+netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
+netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
+Set-Service winrm -startuptype "auto"
+Restart-Service winrm

Packer/scripts/fixnetwork.ps1

@@ -0,0 +1,23 @@
+# You cannot enable Windows PowerShell Remoting on network connections that are set to Public
+# Spin through all the network locations and if they are set to Public, set them to Private
+# using the INetwork interface:
+# http://msdn.microsoft.com/en-us/library/windows/desktop/aa370750(v=vs.85).aspx
+# For more info, see:
+# http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx
+
+# Network location feature was only introduced in Windows Vista - no need to bother with this
+# if the operating system is older than Vista
+if([environment]::OSVersion.version.Major -lt 6) { return }
+
+# You cannot change the network location if you are joined to a domain, so abort
+if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
+
+# Get network connections
+$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
+$connections = $networkListManager.GetNetworkConnections()
+
+$connections |foreach {
+	Write-Host $_.GetNetwork().GetName()"category was previously set to"$_.GetNetwork().GetCategory()
+	$_.GetNetwork().SetCategory(1)
+	Write-Host $_.GetNetwork().GetName()"changed to category"$_.GetNetwork().GetCategory()
+}

Packer/scripts/hotfix-KB2552055.bat

@@ -0,0 +1,23 @@
+@echo off
+:: Windows 7 / Windows 2008 R2 require KB2552055 hotfix
+:: This fixes a problem with wrong exitcode 0 instead of custom exitcode in PowerShell 2.0
+setlocal
+if defined ProgramFiles(x86) (
+  set link=http://hotfixv4.microsoft.com/Windows%%207/Windows%%20Server2008%%20R2%%20SP1/sp2/Fix373932/7600/free/438167_intl_x64_zip.exe
+  set msufilename=%TEMP%\Windows6.1-KB2552055-x64.msu
+) else (
+  set link=http://hotfixv4.microsoft.com/Windows%%207/Windows%%20Server2008%%20R2%%20SP1/sp2/Fix373932/7600/free/438164_intl_i386_zip.exe
+  set msufilename=%TEMP%\Windows6.1-KB2552055-x86.msu
+)
+set zipfilename=%TEMP%\KB2552055.zip
+
+echo Downloading Hotfix 2552055
+powershell -Command "(New-Object System.Net.WebClient).DownloadFile('%link%', '%zipfilename%')" <NUL
+echo Extracting Hotfix 2552055
+powershell -Command "(New-Object -com Shell.Application).NameSpace('%TEMP%').CopyHere((New-Object -Com Shell.Application).NameSpace('%zipfilename%').items())" <NUL
+echo Installing Hotfix 2552055
+wusa %msufilename% /quiet /norestart
+
+echo Cleanup Hotfix temp files
+del /Q %msufilename%
+del /Q %zipfilename%

Packer/scripts/hotfix-KB2842230.bat

@@ -0,0 +1,20 @@
+:: Windows 8 / Windows 2012 require KB2842230 hotfix
+:: The Windows Remote Management (WinRM) service does not use the customized value of the MaxMemoryPerShellMB quota.
+:: Instead, the WinRM service uses the default value, which is 150 MB. 
+:: http://hotfixv4.microsoft.com/Windows%208%20RTM/nosp/Fix452763/9200/free/463941_intl_x64_zip.exe
+
+@echo off
+set hotfix="C:\Windows\Temp\Windows8-RT-KB2842230-x64.msu"
+if not exist %hotfix% goto :eof
+
+:: get windows version
+for /f "tokens=2 delims=[]" %%G in ('ver') do (set _version=%%G) 
+for /f "tokens=2,3,4 delims=. " %%G in ('echo %_version%') do (set _major=%%G& set _minor=%%H& set _build=%%I) 
+
+:: 6.2 or 6.3
+if %_major% neq 6 goto :eof
+if %_minor% lss 2 goto :eof
+if %_minor% gtr 3 goto :eof
+
+@echo on
+start /wait wusa "%hotfix%" /quiet /norestart

Packer/scripts/installnet4.bat

@@ -0,0 +1,2 @@
+powershell -NoProfile -ExecutionPolicy unrestricted -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/5/6/2/562A10F9-C9F4-4313-A044-9C94E0A8FAC8/dotNetFx40_Client_x86_x64.exe', 'C:\Windows\Temp\dotNetFx40.exe')" <NUL
+C:\Windows\Temp\dotNetFx40.exe /q /norestart /repair

Packer/scripts/microsoft-updates.bat

@@ -0,0 +1,12 @@
+net stop wuauserv
+
+reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v EnableFeaturedSoftware /t REG_DWORD /d 1 /f
+
+reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f
+
+echo Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager") > A:\temp.vbs
+echo Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"") >> A:\temp.vbs
+
+cscript A:\temp.vbs
+
+net start wuauserv

Packer/scripts/openssh.ps1

@@ -0,0 +1,88 @@
+param (
+  [switch]$AutoStart = $false
+)
+
+Write-Output "AutoStart: $AutoStart"
+$is_64bit = [IntPtr]::size -eq 8
+
+# setup openssh
+$ssh_download_url = "http://www.mls-software.com/files/setupssh-7.1p1-1.exe"
+
+if (!(Test-Path "C:\Program Files\OpenSSH\bin\ssh.exe")) {
+    Write-Output "Downloading $ssh_download_url"
+    (New-Object System.Net.WebClient).DownloadFile($ssh_download_url, "C:\Windows\Temp\openssh.exe")
+
+    # initially set the port to 2222 so that there is not a race
+    # condition in which packer connects to SSH before we can disable the service
+    Start-Process "C:\Windows\Temp\openssh.exe" "/S /port=2222 /privsep=1 /password=D@rj33l1ng" -NoNewWindow -Wait
+}
+
+Stop-Service "OpenSSHd" -Force
+
+# ensure vagrant can log in
+Write-Output "Setting vagrant user file permissions"
+New-Item -ItemType Directory -Force -Path "C:\Users\vagrant\.ssh"
+C:\Windows\System32\icacls.exe "C:\Users\vagrant" /grant "vagrant:(OI)(CI)F"
+C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\bin" /grant "vagrant:(OI)RX"
+C:\Windows\System32\icacls.exe "C:\Program Files\OpenSSH\usr\sbin" /grant "vagrant:(OI)RX"
+
+Write-Output "Setting SSH home directories"
+    (Get-Content "C:\Program Files\OpenSSH\etc\passwd") |
+    Foreach-Object { $_ -replace '/home/(\w+)', '/cygdrive/c/Users/$1' } |
+    Set-Content 'C:\Program Files\OpenSSH\etc\passwd'
+
+# disabled for vcloud to make vagrant-serverspec work
+# Set shell to /bin/sh to return exit status
+# $passwd_file = Get-Content 'C:\Program Files\OpenSSH\etc\passwd'
+# $passwd_file = $passwd_file -replace '/bin/bash', '/bin/sh'
+# Set-Content 'C:\Program Files\OpenSSH\etc\passwd' $passwd_file
+
+# fix opensshd to not be strict
+Write-Output "Setting OpenSSH to be non-strict"
+$sshd_config = Get-Content "C:\Program Files\OpenSSH\etc\sshd_config"
+$sshd_config = $sshd_config -replace 'StrictModes yes', 'StrictModes no'
+$sshd_config = $sshd_config -replace '#PubkeyAuthentication yes', 'PubkeyAuthentication yes'
+$sshd_config = $sshd_config -replace '#PermitUserEnvironment no', 'PermitUserEnvironment yes'
+# disable the use of DNS to speed up the time it takes to establish a connection
+$sshd_config = $sshd_config -replace '#UseDNS yes', 'UseDNS no'
+# disable the login banner
+$sshd_config = $sshd_config -replace 'Banner /etc/banner.txt', '#Banner /etc/banner.txt'
+# next time OpenSSH starts have it listen on th eproper port
+$sshd_config = $sshd_config -replace 'Port 2222', "Port 22"
+Set-Content "C:\Program Files\OpenSSH\etc\sshd_config" $sshd_config
+
+Write-Output "Removing ed25519 key as Vagrant net-ssh 2.9.1 does not support it"
+Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key"
+Remove-Item -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\etc\ssh_host_ed25519_key.pub"
+
+# use c:\Windows\Temp as /tmp location
+Write-Output "Setting temp directory location"
+Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "C:\Program Files\OpenSSH\tmp"
+C:\Program` Files\OpenSSH\bin\junction.exe /accepteula "C:\Program Files\OpenSSH\tmp" "C:\Windows\Temp"
+C:\Windows\System32\icacls.exe "C:\Windows\Temp" /grant "vagrant:(OI)(CI)F"
+
+# add 64 bit environment variables missing from SSH
+Write-Output "Setting SSH environment"
+$sshenv = "TEMP=C:\Windows\Temp"
+if ($is_64bit) {
+    $env_vars = "ProgramFiles(x86)=C:\Program Files (x86)", `
+        "ProgramW6432=C:\Program Files", `
+        "CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files", `
+        "CommonProgramW6432=C:\Program Files\Common Files"
+    $sshenv = $sshenv + "`r`n" + ($env_vars -join "`r`n")
+}
+Set-Content C:\Users\vagrant\.ssh\environment $sshenv
+
+# record the path for provisioners (without the newline)
+Write-Output "Recording PATH for provisioners"
+Set-Content C:\Windows\Temp\PATH ([byte[]][char[]] $env:PATH) -Encoding Byte
+
+# configure firewall
+Write-Output "Configuring firewall"
+netsh advfirewall firewall add rule name="SSHD" dir=in action=allow service=OpenSSHd enable=yes
+netsh advfirewall firewall add rule name="SSHD" dir=in action=allow program="C:\Program Files\OpenSSH\usr\sbin\sshd.exe" enable=yes
+netsh advfirewall firewall add rule name="ssh" dir=in action=allow protocol=TCP localport=22
+
+if ($AutoStart -eq $true) {
+    Start-Service "OpenSSHd"
+}

Packer/scripts/pin-powershell.bat

@@ -0,0 +1,4 @@
+rem https://connect.microsoft.com/PowerShell/feedback/details/1609288/pin-to-taskbar-no-longer-working-in-windows-10
+copy "A:\WindowsPowerShell.lnk" "%TEMP%\Windows PowerShell.lnk"
+A:\PinTo10.exe /PTFOL01:'%TEMP%' /PTFILE01:'Windows PowerShell.lnk'
+exit /b 0

Packer/scripts/puppet-enterprise.bat

@@ -0,0 +1,10 @@
+if not exist "C:\Windows\Temp\puppet.msi" (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://pm.puppetlabs.com/puppet-enterprise/3.0.1/puppet-enterprise-3.0.1.msi', 'C:\Windows\Temp\puppet.msi')" <NUL
+)
+
+:: http://docs.puppetlabs.com/pe/latest/install_windows.html
+msiexec /qn /i C:\Windows\Temp\puppet.msi /log C:\Windows\Temp\puppet.log
+
+<nul set /p ".=;C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\bin" >> C:\Windows\Temp\PATH
+set /p PATH=<C:\Windows\Temp\PATH
+setx PATH "%PATH%" /m

Packer/scripts/puppet.bat

@@ -0,0 +1,10 @@
+if not exist "C:\Windows\Temp\puppet.msi" (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://downloads.puppetlabs.com/windows/puppet-3.6.2.msi', 'C:\Windows\Temp\puppet.msi')" <NUL
+)
+
+:: http://docs.puppetlabs.com/pe/latest/install_windows.html
+msiexec /qn /i C:\Windows\Temp\puppet.msi /log C:\Windows\Temp\puppet.log
+
+<nul set /p ".=;C:\Program Files (x86)\Puppet Labs\Puppet\bin" >> C:\Windows\Temp\PATH
+set /p PATH=<C:\Windows\Temp\PATH
+setx PATH "%PATH%" /m

Packer/scripts/rearm-windows.ps1

@@ -0,0 +1,8 @@
+# Replaces "slmgr.vbs /rearm"
+# https://powershell.org/forums/topic/run-command-quietly-start-process/
+# https://msdn.microsoft.com/en-us/library/ee957713(v=vs.85).aspx
+
+Write-Host "Resetting the Windows evaluation timer"
+
+$x = Get-WmiObject SoftwarelicensingService
+$x.ReArmWindows()

Packer/scripts/rsync.bat

@@ -0,0 +1,19 @@
+rem install rsync
+if not exist "C:\Windows\Temp\7z920-x64.msi" (
+    powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
+)
+msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
+
+pushd C:\Windows\Temp
+powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://mirrors.kernel.org/sourceware/cygwin/x86_64/release/rsync/rsync-3.1.0-1.tar.xz', 'C:\Windows\Temp\rsync-3.1.0-1.tar.xz')" <NUL
+cmd /c ""C:\Program Files\7-Zip\7z.exe" x rsync-3.1.0-1.tar.xz"
+cmd /c ""C:\Program Files\7-Zip\7z.exe" x rsync-3.1.0-1.tar"
+copy /Y usr\bin\rsync.exe "C:\Program Files\OpenSSH\bin\rsync.exe"
+rmdir /s /q usr
+del rsync-3.1.0-1.tar
+popd
+
+msiexec /qb /x C:\Windows\Temp\7z920-x64.msi
+
+rem make symlink for c:/vagrant share
+mklink /D "C:\Program Files\OpenSSH\vagrant" "C:\vagrant"

Packer/scripts/salt.bat

@@ -0,0 +1,11 @@
+if not exist "C:\Windows\Temp\salt64.exe" (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://docs.saltstack.com/downloads/Salt-Minion-2014.1.3-1-AMD64-Setup.exe', 'C:\Windows\Temp\salt64.exe')" <NUL
+)
+
+:: http://docs.saltstack.com/en/latest/topics/installation/windows.html
+c:\windows\temp\salt64.exe /S
+:: /master=<yoursaltmaster> /minion-name=<thisminionname>
+
+<nul set /p ".=;C:\salt" >> C:\Windows\Temp\PATH
+set /p PATH=<C:\Windows\Temp\PATH
+setx PATH "%PATH%" /m

Packer/scripts/set-powerplan.ps1

@@ -0,0 +1,7 @@
+Try {
+  $HighPerf = powercfg -l | %{if($_.contains("High performance")) {$_.split()[3]}}
+  $CurrPlan = $(powercfg -getactivescheme).split()[3]
+  if ($CurrPlan -ne $HighPerf) {powercfg -setactive $HighPerf}
+} Catch {
+  Write-Warning -Message "Unable to set power plan to high performance"
+}

Packer/scripts/set-winrm-automatic.bat

@@ -0,0 +1,2 @@
+echo Set WinRM start type to auto
+sc config winrm start= auto

Packer/scripts/sysprep.bat

@@ -0,0 +1,2 @@
+net stop tiledatamodelsvc
+c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml

Packer/scripts/uac-enable.bat

@@ -0,0 +1 @@
+reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v EnableLUA /t REG_DWORD /d 1

Packer/scripts/unattend.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend">
+    <settings pass="generalize">
+        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <SkipRearm>0</SkipRearm>
+        </component>
+        <!--
+        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
+            <DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
+        </component>
+        -->
+    </settings>
+    <settings pass="oobeSystem">
+        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <OOBE>
+                <HideEULAPage>true</HideEULAPage>
+                <ProtectYourPC>3</ProtectYourPC>
+                <NetworkLocation>Work</NetworkLocation>
+                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+                <SkipUserOOBE>true</SkipUserOOBE>
+                <SkipMachineOOBE>true</SkipMachineOOBE>
+            </OOBE>
+            <AutoLogon>
+                <Password>
+                    <Value>vagrant</Value>
+                    <PlainText>true</PlainText>
+                </Password>
+                <Enabled>true</Enabled>
+                <LogonCount>1</LogonCount>
+                <Username>vagrant</Username>
+            </AutoLogon>
+        </component>
+    </settings>
+    <settings pass="specialize">
+        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <ComputerName>vagrant-2012</ComputerName>
+            <CopyProfile>false</CopyProfile>
+        </component>
+    </settings>
+</unattend>

Packer/scripts/vagrant-ssh.bat

@@ -0,0 +1,6 @@
+:: vagrant public key
+if exist a:\vagrant.pub (
+  copy a:\vagrant.pub C:\Users\vagrant\.ssh\authorized_keys
+) else (
+  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')" <NUL
+)

Packer/scripts/vm-guest-tools.bat

@@ -0,0 +1,63 @@
+if not exist "C:\Windows\Temp\7z920-x64.msi" (
+    powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z920-x64.msi', 'C:\Windows\Temp\7z920-x64.msi')" <NUL
+)
+msiexec /qb /i C:\Windows\Temp\7z920-x64.msi
+
+if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware
+if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox
+if "%PACKER_BUILDER_TYPE%" equ "parallels-iso" goto :parallels
+goto :done
+
+:vmware
+
+if exist "C:\Users\vagrant\windows.iso" (
+    move /Y C:\Users\vagrant\windows.iso C:\Windows\Temp
+)
+
+if not exist "C:\Windows\Temp\windows.iso" (
+    powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://softwareupdate.vmware.com/cds/vmw-desktop/ws/12.5.7/5813279/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
+    cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp"
+    FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso"
+    rd /S /Q "C:\Program Files (x86)\VMWare"
+)
+
+cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare"
+cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\"
+
+rd /Q "C:\Windows\Temp\vmware-tools.tar"
+rd /Q "C:\Windows\Temp\windows.iso"
+rd /S /Q "C:\Windows\Temp\VMware"
+goto :done
+
+:virtualbox
+
+:: There needs to be Oracle CA (Certificate Authority) certificates installed in order
+:: to prevent user intervention popups which will undermine a silent installation.
+cmd /c certutil -addstore -f "TrustedPublisher" A:\oracle-cert.cer
+
+if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" (
+    move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp
+)
+
+if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" (
+    powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.virtualbox.org/virtualbox/5.1.28/VBoxGuestAdditions_5.1.28.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" <NUL
+)
+
+cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox"
+certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha256-r3.cer
+certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer
+certutil -addstore -f "TrustedPublisher" C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer
+cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S
+rd /S /Q "C:\Windows\Temp\virtualbox"
+goto :done
+
+:parallels
+if exist "C:\Users\vagrant\prl-tools-win.iso" (
+	move /Y C:\Users\vagrant\prl-tools-win.iso C:\Windows\Temp
+	cmd /C "C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\prl-tools-win.iso -oC:\Windows\Temp\parallels
+	cmd /C C:\Windows\Temp\parallels\PTAgent.exe /install_silent
+	rd /S /Q "C:\Windows\Temp\parallels"
+)
+
+:done
+msiexec /qb /x C:\Windows\Temp\7z920-x64.msi

Packer/scripts/wait-for-desktop-file.ps1

@@ -0,0 +1,15 @@
+# for debugging
+# wait until a file has been removed from desktop
+$file = "C:\users\vagrant\Desktop\delete-to-continue.txt"
+
+if (-Not (Test-Path $file)) {
+  Write-Host "Remove me" | Out-File $file
+}
+
+Write-Host "Wait until someone removes $file"
+
+while (Test-Path $file) {
+  Sleep 1
+}
+
+Write-Host "Done waiting!"

Packer/scripts/win-updates.ps1

@@ -0,0 +1,238 @@
+param($global:RestartRequired=0,
+        $global:MoreUpdates=0,
+        $global:MaxCycles=5,
+        $MaxUpdatesPerCycle=500,
+        $BeginWithRestart=0)
+
+$Logfile = "C:\Windows\Temp\win-updates.log"
+
+function LogWrite {
+   Param ([string]$logstring)
+   $now = Get-Date -format s
+   Add-Content $Logfile -value "$now $logstring"
+   Write-Host $logstring
+}
+
+function Check-ContinueRestartOrEnd() {
+    $RegistryKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
+    $RegistryEntry = "InstallWindowsUpdates"
+    switch ($global:RestartRequired) {
+        0 {
+            $prop = (Get-ItemProperty $RegistryKey).$RegistryEntry
+            if ($prop) {
+                LogWrite "Restart Registry Entry Exists - Removing It"
+                Remove-ItemProperty -Path $RegistryKey -Name $RegistryEntry -ErrorAction SilentlyContinue
+            }
+
+            LogWrite "No Restart Required"
+            Check-WindowsUpdates
+
+            if (($global:MoreUpdates -eq 1) -and ($script:Cycles -le $global:MaxCycles)) {
+                Install-WindowsUpdates
+            } elseif ($script:Cycles -gt $global:MaxCycles) {
+                LogWrite "Exceeded Cycle Count - Stopping"
+                Invoke-Expression "a:\enable-winrm.ps1"
+            } else {
+                LogWrite "Done Installing Windows Updates"
+                Invoke-Expression "a:\enable-winrm.ps1"
+            }
+        }
+        1 {
+            $prop = (Get-ItemProperty $RegistryKey).$RegistryEntry
+            if (-not $prop) {
+                LogWrite "Restart Registry Entry Does Not Exist - Creating It"
+                Set-ItemProperty -Path $RegistryKey -Name $RegistryEntry -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File $($script:ScriptPath) -MaxUpdatesPerCycle $($MaxUpdatesPerCycle)"
+            } else {
+                LogWrite "Restart Registry Entry Exists Already"
+            }
+
+            LogWrite "Restart Required - Restarting..."
+            Restart-Computer
+        }
+        default {
+            LogWrite "Unsure If A Restart Is Required"
+            break
+        }
+    }
+}
+
+function Install-WindowsUpdates() {
+    $script:Cycles++
+    LogWrite "Evaluating Available Updates with limit of $($MaxUpdatesPerCycle):"
+    $UpdatesToDownload = New-Object -ComObject 'Microsoft.Update.UpdateColl'
+    $script:i = 0;
+    $CurrentUpdates = $SearchResult.Updates
+    while($script:i -lt $CurrentUpdates.Count -and $script:CycleUpdateCount -lt $MaxUpdatesPerCycle) {
+        $Update = $CurrentUpdates.Item($script:i)
+        if (($Update -ne $null) -and (!$Update.IsDownloaded)) {
+            [bool]$addThisUpdate = $false
+            if ($Update.InstallationBehavior.CanRequestUserInput) {
+                LogWrite "> Skipping: $($Update.Title) because it requires user input"
+            } else {
+                if (!($Update.EulaAccepted)) {
+                    LogWrite "> Note: $($Update.Title) has a license agreement that must be accepted. Accepting the license."
+                    $Update.AcceptEula()
+                    [bool]$addThisUpdate = $true
+                    $script:CycleUpdateCount++
+                } else {
+                    [bool]$addThisUpdate = $true
+                    $script:CycleUpdateCount++
+                }
+            }
+
+            if ([bool]$addThisUpdate) {
+                LogWrite "Adding: $($Update.Title)"
+                $UpdatesToDownload.Add($Update) |Out-Null
+            }
+        }
+        $script:i++
+    }
+
+    if ($UpdatesToDownload.Count -eq 0) {
+        LogWrite "No Updates To Download..."
+    } else {
+        LogWrite 'Downloading Updates...'
+        $ok = 0;
+        while (! $ok) {
+            try {
+                $Downloader = $UpdateSession.CreateUpdateDownloader()
+                $Downloader.Updates = $UpdatesToDownload
+                $Downloader.Download()
+                $ok = 1;
+            } catch {
+                LogWrite $_.Exception | Format-List -force
+                LogWrite "Error downloading updates. Retrying in 30s."
+                $script:attempts = $script:attempts + 1
+                Start-Sleep -s 30
+            }
+        }
+    }
+
+    $UpdatesToInstall = New-Object -ComObject 'Microsoft.Update.UpdateColl'
+    [bool]$rebootMayBeRequired = $false
+    LogWrite 'The following updates are downloaded and ready to be installed:'
+    foreach ($Update in $SearchResult.Updates) {
+        if (($Update.IsDownloaded)) {
+            LogWrite "> $($Update.Title)"
+            $UpdatesToInstall.Add($Update) |Out-Null
+
+            if ($Update.InstallationBehavior.RebootBehavior -gt 0){
+                [bool]$rebootMayBeRequired = $true
+            }
+        }
+    }
+
+    if ($UpdatesToInstall.Count -eq 0) {
+        LogWrite 'No updates available to install...'
+        $global:MoreUpdates=0
+        $global:RestartRequired=0
+        Invoke-Expression "a:\enable-winrm.ps1"
+        break
+    }
+
+    if ($rebootMayBeRequired) {
+        LogWrite 'These updates may require a reboot'
+        $global:RestartRequired=1
+    }
+
+    LogWrite 'Installing updates...'
+
+    $Installer = $script:UpdateSession.CreateUpdateInstaller()
+    $Installer.Updates = $UpdatesToInstall
+    $InstallationResult = $Installer.Install()
+
+    LogWrite "Installation Result: $($InstallationResult.ResultCode)"
+    LogWrite "Reboot Required: $($InstallationResult.RebootRequired)"
+    LogWrite 'Listing of updates installed and individual installation results:'
+    if ($InstallationResult.RebootRequired) {
+        $global:RestartRequired=1
+    } else {
+        $global:RestartRequired=0
+    }
+
+    for($i=0; $i -lt $UpdatesToInstall.Count; $i++) {
+        New-Object -TypeName PSObject -Property @{
+            Title = $UpdatesToInstall.Item($i).Title
+            Result = $InstallationResult.GetUpdateResult($i).ResultCode
+        }
+        LogWrite "Item: " $UpdatesToInstall.Item($i).Title
+        LogWrite "Result: " $InstallationResult.GetUpdateResult($i).ResultCode;
+    }
+
+    Check-ContinueRestartOrEnd
+}
+
+function Check-WindowsUpdates() {
+    LogWrite "Checking For Windows Updates"
+    $Username = $env:USERDOMAIN + "\" + $env:USERNAME
+
+    New-EventLog -Source $ScriptName -LogName 'Windows Powershell' -ErrorAction SilentlyContinue
+
+    $Message = "Script: " + $ScriptPath + "`nScript User: " + $Username + "`nStarted: " + (Get-Date).toString()
+
+    Write-EventLog -LogName 'Windows Powershell' -Source $ScriptName -EventID "104" -EntryType "Information" -Message $Message
+    LogWrite $Message
+
+    $script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher()
+    $script:successful = $FALSE
+    $script:attempts = 0
+    $script:maxAttempts = 12
+    while(-not $script:successful -and $script:attempts -lt $script:maxAttempts) {
+        try {
+            $script:SearchResult = $script:UpdateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")
+            $script:successful = $TRUE
+        } catch {
+            LogWrite $_.Exception | Format-List -force
+            LogWrite "Search call to UpdateSearcher was unsuccessful. Retrying in 10s."
+            $script:attempts = $script:attempts + 1
+            Start-Sleep -s 10
+        }
+    }
+
+    if ($SearchResult.Updates.Count -ne 0) {
+        $Message = "There are " + $SearchResult.Updates.Count + " more updates."
+        LogWrite $Message
+        try {
+            for($i=0; $i -lt $script:SearchResult.Updates.Count; $i++) {
+              LogWrite $script:SearchResult.Updates.Item($i).Title
+              LogWrite $script:SearchResult.Updates.Item($i).Description
+              LogWrite $script:SearchResult.Updates.Item($i).RebootRequired
+              LogWrite $script:SearchResult.Updates.Item($i).EulaAccepted
+          }
+            $global:MoreUpdates=1
+        } catch {
+            LogWrite $_.Exception | Format-List -force
+            LogWrite "Showing SearchResult was unsuccessful. Rebooting."
+            $global:RestartRequired=1
+            $global:MoreUpdates=0
+            Check-ContinueRestartOrEnd
+            LogWrite "Show never happen to see this text!"
+            Restart-Computer
+        }
+    } else {
+        LogWrite 'There are no applicable updates'
+        $global:RestartRequired=0
+        $global:MoreUpdates=0
+    }
+}
+
+$script:ScriptName = $MyInvocation.MyCommand.ToString()
+$script:ScriptPath = $MyInvocation.MyCommand.Path
+$script:UpdateSession = New-Object -ComObject 'Microsoft.Update.Session'
+$script:UpdateSession.ClientApplicationID = 'Packer Windows Update Installer'
+$script:UpdateSearcher = $script:UpdateSession.CreateUpdateSearcher()
+$script:SearchResult = New-Object -ComObject 'Microsoft.Update.UpdateColl'
+$script:Cycles = 0
+$script:CycleUpdateCount = 0
+
+if ($BeginWithRestart) {
+  $global:RestartRequired = 1
+  Check-ContinueRestartOrEnd
+}
+
+Check-WindowsUpdates
+if ($global:MoreUpdates -eq 1) {
+    Install-WindowsUpdates
+} else {
+    Check-ContinueRestartOrEnd
+}