From df718b4408770b147fea355c054c337573a71e00 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Sat, 6 Jul 2019 18:29:29 -0700 Subject: [PATCH] Update to 1903 --- Packer/answer_files/10/Autounattend.xml | 7 +- Packer/answer_files/2012/Autounattend.xml | 292 ----------------- Packer/answer_files/2012_r2/Autounattend.xml | 242 -------------- .../2012_r2_core/Autounattend.xml | 242 -------------- .../2012_r2_hyperv/Autounattend.xml | 296 ------------------ Packer/answer_files/2016/Autounattend.xml | 6 +- .../2016/Autounattend_sysprep.xml | 49 --- .../answer_files/2016_core/Autounattend.xml | 229 -------------- Packer/scripts/MakeWindows10GreatAgain.ps1 | 23 -- Packer/scripts/MakeWindows10GreatAgain.reg | 49 --- Packer/scripts/sysprep.bat | 4 +- Packer/windows_10.json | 59 +--- Packer/windows_2016.json | 39 +-- Vagrant/Vagrantfile | 13 +- .../GPO/disable_windows_defender/manifest.xml | 1 + .../Backup.xml | 18 ++ .../DomainSysvol/GPO/Machine/comment.cmtx | 12 + .../DomainSysvol/GPO/Machine/registry.pol | Bin 0 -> 368 bytes .../bkupInfo.xml | 1 + .../gpreport.xml | Bin 0 -> 20188 bytes Vagrant/resources/windows/shutup10.cfg | 15 +- Vagrant/scripts/MakeWindows10GreatAgain.ps1 | 21 +- ...configure-disable-windows-defender-gpo.ps1 | 29 ++ ci/build_machine_bootstrap.sh | 4 +- ci/manual_machine_bootstrap.sh | 8 +- ci/manual_machine_bootstrap_vmware.sh | 8 +- 26 files changed, 121 insertions(+), 1546 deletions(-) delete mode 100755 Packer/answer_files/2012/Autounattend.xml delete mode 100755 Packer/answer_files/2012_r2/Autounattend.xml delete mode 100755 Packer/answer_files/2012_r2_core/Autounattend.xml delete mode 100755 Packer/answer_files/2012_r2_hyperv/Autounattend.xml delete mode 100755 Packer/answer_files/2016/Autounattend_sysprep.xml delete mode 100755 Packer/answer_files/2016_core/Autounattend.xml delete mode 100755 Packer/scripts/MakeWindows10GreatAgain.ps1 delete mode 100755 Packer/scripts/MakeWindows10GreatAgain.reg create mode 100755 Vagrant/resources/GPO/disable_windows_defender/manifest.xml create mode 100755 Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/Backup.xml create mode 100755 Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/comment.cmtx create mode 100755 Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/registry.pol create mode 100755 Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/bkupInfo.xml create mode 100755 Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/gpreport.xml create mode 100644 Vagrant/scripts/configure-disable-windows-defender-gpo.ps1 diff --git a/Packer/answer_files/10/Autounattend.xml b/Packer/answer_files/10/Autounattend.xml index 419d4eb..0d3ead9 100755 --- a/Packer/answer_files/10/Autounattend.xml +++ b/Packer/answer_files/10/Autounattend.xml @@ -200,15 +200,14 @@ Enable AutoLogon - + false @@ -244,6 +244,9 @@ true + + true + diff --git a/Packer/answer_files/2012/Autounattend.xml b/Packer/answer_files/2012/Autounattend.xml deleted file mode 100755 index efc2a28..0000000 --- a/Packer/answer_files/2012/Autounattend.xml +++ /dev/null @@ -1,292 +0,0 @@ - - - - - - - - - - 1 - Primary - true - - - - - false - NTFS - C - 1 - 1 - - - - 0 - true - - OnError - - - true - Vagrant Administrator - Vagrant Inc. - - - - - - Never - - - - - - 0 - 1 - - OnError - false - - - /IMAGE/NAME - Windows Server 2012 SERVERSTANDARD - - - - - - - - en-US - - de-DE - de-DE - en-US - en-US - de-DE - - - - - false - - - - - - - vagrant - true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Description>Vagrant User</Description> - <DisplayName>vagrant</DisplayName> - <Group>administrators</Group> - <Name>vagrant</Name> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Home</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <SkipUserOOBE>true</SkipUserOOBE> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - </OOBE> - <AutoLogon> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Username>vagrant</Username> - <Enabled>true</Enabled> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 64 Bit</Description> - <Order>1</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 32 Bit</Description> - <Order>2</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine> - <Description>winrm quickconfig -q</Description> - <Order>3</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine> - <Description>winrm quickconfig -transport:http</Description> - <Order>4</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine> - <Description>Win RM MaxTimoutms</Description> - <Order>5</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine> - <Description>Win RM MaxMemoryPerShellMB</Description> - <Order>6</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine> - <Description>Win RM AllowUnencrypted</Description> - <Order>7</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine> - <Description>Win RM auth Basic</Description> - <Order>8</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine> - <Description>Win RM client auth Basic</Description> - <Order>9</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine> - <Description>Win RM listener Address/Port</Description> - <Order>10</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine> - <Description>Win RM adv firewall enable</Description> - <Order>11</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine> - <Description>Win RM port open</Description> - <Order>12</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c net stop winrm </CommandLine> - <Description>Stop Win RM Service </Description> - <Order>13</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine> - <Description>Win RM Autostart</Description> - <Order>14</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c net start winrm</CommandLine> - <Description>Start Win RM Service</Description> - <Order>15</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>16</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>17</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>18</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>19</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>20</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>21</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>22</Order> - <Description>Disable password expiration for vagrant user</Description> - </SynchronousCommand> - <!-- WITHOUT WINDOWS UPDATES --> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine> - <Description>Install OpenSSH</Description> - <Order>99</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <!-- END WITHOUT WINDOWS UPDATES --> - <!-- WITH WINDOWS UPDATES --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> - <Order>98</Order> - <Description>Enable Microsoft Updates</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine> - <Description>Install Windows Updates</Description> - <Order>100</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - --> - <!-- END WITH WINDOWS UPDATES --> - </FirstLogonCommands> - <ShowWindowsLive>false</ShowWindowsLive> - </component> - </settings> - <settings pass="specialize"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <OEMInformation> - <HelpCustomized>false</HelpCustomized> - </OEMInformation> - <!-- Rename computer here. --> - <ComputerName>vagrant-2012</ComputerName> - <TimeZone>W. Europe Standard Time</TimeZone> - <RegisteredOwner/> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <!-- Disable IE ESC. --> - <IEHardenAdmin>false</IEHardenAdmin> - <IEHardenUser>false</IEHardenUser> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <SkipAutoActivation>true</SkipAutoActivation> - </component> - </settings> - <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows server 2008 r2 serverdatacenter.clg"/> -</unattend> diff --git a/Packer/answer_files/2012_r2/Autounattend.xml b/Packer/answer_files/2012_r2/Autounattend.xml deleted file mode 100755 index be7d920..0000000 --- a/Packer/answer_files/2012_r2/Autounattend.xml +++ /dev/null @@ -1,242 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SetupUILanguage> - <UILanguage>en-US</UILanguage> - </SetupUILanguage> - <InputLocale>en-US</InputLocale> - <SystemLocale>en-US</SystemLocale> - <UILanguage>en-US</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>en-US</UserLocale> - </component> - <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Type>Primary</Type> - <Order>1</Order> - <Size>350</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Active>true</Active> - <Format>NTFS</Format> - <Label>boot</Label> - <Order>1</Order> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Format>NTFS</Format> - <Label>Windows 2012 R2</Label> - <Letter>C</Letter> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>0</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - <ImageInstall> - <OSImage> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME </Key> - <Value>Windows Server 2012 R2 SERVERSTANDARD</Value> - </MetaData> - </InstallFrom> - <InstallTo> - <DiskID>0</DiskID> - <PartitionID>2</PartitionID> - </InstallTo> - </OSImage> - </ImageInstall> - <UserData> - <!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx --> - <ProductKey> - <!-- Do not uncomment the Key element if you are using trial ISOs --> - <!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs --> - <!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>--> - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>Vagrant</FullName> - <Organization>Vagrant</Organization> - </UserData> - </component> - </settings> - <settings pass="specialize"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <OEMInformation> - <HelpCustomized>false</HelpCustomized> - </OEMInformation> - <ComputerName>vagrant-2012-r2</ComputerName> - <TimeZone>W. Europe Standard Time</TimeZone> - <RegisteredOwner /> - </component> - <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> - </component> - <component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <IEHardenAdmin>false</IEHardenAdmin> - <IEHardenUser>false</IEHardenUser> - </component> - <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> - </component> - <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SkipAutoActivation>true</SkipAutoActivation> - </component> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <RunSynchronous> - <RunSynchronousCommand wcm:action="add"> - <Order>1</Order> - <Description>Set Execution Policy 64 Bit</Description> - <Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path> - </RunSynchronousCommand> - <RunSynchronousCommand wcm:action="add"> - <Order>2</Order> - <Description>Set Execution Policy 32 Bit</Description> - <Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path> - </RunSynchronousCommand> - <RunSynchronousCommand wcm:action="add"> - <Order>3</Order> - <Description>Disable WinRM</Description> - <Path>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</Path> - </RunSynchronousCommand> - </RunSynchronous> - </component> - </settings> - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <AutoLogon> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>vagrant</Username> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 64 Bit</Description> - <Order>1</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 32 Bit</Description> - <Order>2</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine> - <Description>Disable WinRM</Description> - <Order>3</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>4</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>5</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>6</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>7</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>8</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>9</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>10</Order> - <Description>Disable password expiration for vagrant user</Description> - </SynchronousCommand> - <!-- WITHOUT WINDOWS UPDATES --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine> - <Description>Enable WinRM</Description> - <Order>99</Order> - </SynchronousCommand> - --> - <!-- END WITHOUT WINDOWS UPDATES --> - <!-- WITH WINDOWS UPDATES --> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> - <Order>98</Order> - <Description>Enable Microsoft Updates</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine> - <Description>Install Windows Updates</Description> - <Order>100</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <!-- END WITH WINDOWS UPDATES --> - </FirstLogonCommands> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Home</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - <RegisteredOwner /> - </component> - </settings> - <settings pass="offlineServicing"> - <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - <cpi:offlineImage cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> -</unattend> diff --git a/Packer/answer_files/2012_r2_core/Autounattend.xml b/Packer/answer_files/2012_r2_core/Autounattend.xml deleted file mode 100755 index 4860c85..0000000 --- a/Packer/answer_files/2012_r2_core/Autounattend.xml +++ /dev/null @@ -1,242 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SetupUILanguage> - <UILanguage>en-US</UILanguage> - </SetupUILanguage> - <InputLocale>de-DE</InputLocale> - <SystemLocale>de-DE</SystemLocale> - <UILanguage>en-US</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>de-DE</UserLocale> - </component> - <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Type>Primary</Type> - <Order>1</Order> - <Size>350</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Active>true</Active> - <Format>NTFS</Format> - <Label>boot</Label> - <Order>1</Order> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Format>NTFS</Format> - <Label>Windows 2012 R2</Label> - <Letter>C</Letter> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>0</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - <ImageInstall> - <OSImage> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME </Key> - <Value>Windows Server 2012 R2 SERVERSTANDARDCORE</Value> - </MetaData> - </InstallFrom> - <InstallTo> - <DiskID>0</DiskID> - <PartitionID>2</PartitionID> - </InstallTo> - </OSImage> - </ImageInstall> - <UserData> - <!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx --> - <ProductKey> - <!-- Do not uncomment the Key element if you are using trial ISOs --> - <!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs --> - <!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>--> - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>Vagrant</FullName> - <Organization>Vagrant</Organization> - </UserData> - </component> - </settings> - <settings pass="specialize"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <OEMInformation> - <HelpCustomized>false</HelpCustomized> - </OEMInformation> - <ComputerName>vagrant-2012-r2</ComputerName> - <TimeZone>W. Europe Standard Time</TimeZone> - <RegisteredOwner/> - </component> - <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> - </component> - <component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <IEHardenAdmin>false</IEHardenAdmin> - <IEHardenUser>false</IEHardenUser> - </component> - <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> - </component> - <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SkipAutoActivation>true</SkipAutoActivation> - </component> - <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <RunSynchronous> - <RunSynchronousCommand wcm:action="add"> - <Order>1</Order> - <Description>Set Execution Policy 64 Bit</Description> - <Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path> - </RunSynchronousCommand> - <RunSynchronousCommand wcm:action="add"> - <Order>2</Order> - <Description>Set Execution Policy 32 Bit</Description> - <Path>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</Path> - </RunSynchronousCommand> - <RunSynchronousCommand wcm:action="add"> - <Order>3</Order> - <Description>Disable WinRM</Description> - <Path>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</Path> - </RunSynchronousCommand> - </RunSynchronous> - </component> - </settings> - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <AutoLogon> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>vagrant</Username> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 64 Bit</Description> - <Order>1</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 32 Bit</Description> - <Order>2</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine> - <Description>Disable WinRM</Description> - <Order>3</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>4</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>5</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>6</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>7</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>8</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>9</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>10</Order> - <Description>Disable password expiration for vagrant user</Description> - </SynchronousCommand> - <!-- WITHOUT WINDOWS UPDATES --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine> - <Description>Enable WinRM</Description> - <Order>99</Order> - </SynchronousCommand> - --> - <!-- END WITHOUT WINDOWS UPDATES --> - <!-- WITH WINDOWS UPDATES --> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> - <Order>98</Order> - <Description>Enable Microsoft Updates</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine> - <Description>Install Windows Updates</Description> - <Order>100</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <!-- END WITH WINDOWS UPDATES --> - </FirstLogonCommands> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Home</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - <RegisteredOwner /> - </component> - </settings> - <settings pass="offlineServicing"> - <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - <cpi:offlineImage cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> -</unattend> diff --git a/Packer/answer_files/2012_r2_hyperv/Autounattend.xml b/Packer/answer_files/2012_r2_hyperv/Autounattend.xml deleted file mode 100755 index dbb0e2b..0000000 --- a/Packer/answer_files/2012_r2_hyperv/Autounattend.xml +++ /dev/null @@ -1,296 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <SetupUILanguage> - <UILanguage>en-US</UILanguage> - </SetupUILanguage> - <InputLocale>en-US</InputLocale> - <SystemLocale>en-US</SystemLocale> - <UILanguage>en-US</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>en-US</UserLocale> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Type>Primary</Type> - <Order>1</Order> - <Size>350</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Active>true</Active> - <Format>NTFS</Format> - <Label>boot</Label> - <Order>1</Order> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Format>NTFS</Format> - <Label>Windows 2012 R2</Label> - <Letter>C</Letter> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>0</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - <ImageInstall> - <OSImage> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME </Key> - <Value>Windows Server 2012 R2 SERVERHYPERCORE</Value> - </MetaData> - </InstallFrom> - <InstallTo> - <DiskID>0</DiskID> - <PartitionID>2</PartitionID> - </InstallTo> - </OSImage> - </ImageInstall> - <UserData> - <!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx --> - <ProductKey> - <!-- Do not uncomment the Key element if you are using trial ISOs --> - <!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs --> - <!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>--> - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>Vagrant</FullName> - <Organization>Vagrant</Organization> - </UserData> - </component> - </settings> - <settings pass="specialize"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <OEMInformation> - <HelpCustomized>false</HelpCustomized> - </OEMInformation> - <ComputerName>vagrant-2012-r2</ComputerName> - <TimeZone>Pacific Standard Time</TimeZone> - <RegisteredOwner/> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <IEHardenAdmin>false</IEHardenAdmin> - <IEHardenUser>false</IEHardenUser> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <SkipAutoActivation>true</SkipAutoActivation> - </component> - </settings> - <settings pass="oobeSystem"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <AutoLogon> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>vagrant</Username> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 64 Bit</Description> - <Order>1</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 32 Bit</Description> - <Order>2</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine> - <Description>winrm quickconfig -q</Description> - <Order>3</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine> - <Description>winrm quickconfig -transport:http</Description> - <Order>4</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine> - <Description>Win RM MaxTimoutms</Description> - <Order>5</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine> - <Description>Win RM MaxMemoryPerShellMB</Description> - <Order>6</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine> - <Description>Win RM AllowUnencrypted</Description> - <Order>7</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine> - <Description>Win RM auth Basic</Description> - <Order>8</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine> - <Description>Win RM client auth Basic</Description> - <Order>9</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine> - <Description>Win RM listener Address/Port</Description> - <Order>10</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine> - <Description>Win RM adv firewall enable</Description> - <Order>11</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine> - <Description>Win RM port open</Description> - <Order>12</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c net stop winrm </CommandLine> - <Description>Stop Win RM Service </Description> - <Order>13</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine> - <Description>Win RM Autostart</Description> - <Order>14</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c net start winrm</CommandLine> - <Description>Start Win RM Service</Description> - <Order>15</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>16</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>17</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>18</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>19</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>20</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>21</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>22</Order> - <Description>Disable password expiration for vagrant user</Description> - </SynchronousCommand> - <!-- WITHOUT WINDOWS UPDATES --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine> - <Description>Install OpenSSH</Description> - <Order>99</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - --> - <!-- END WITHOUT WINDOWS UPDATES --> - <!-- WITH WINDOWS UPDATES --> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> - <Order>98</Order> - <Description>Enable Microsoft Updates</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine> - <Description>Install Windows Updates</Description> - <Order>100</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <!-- END WITH WINDOWS UPDATES --> - </FirstLogonCommands> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Home</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - <RegisteredOwner/> - </component> - </settings> - <settings pass="offlineServicing"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim:c:/wim/install.wim#Windows Server 2012 R2 SERVERSTANDARD"/> -</unattend> diff --git a/Packer/answer_files/2016/Autounattend.xml b/Packer/answer_files/2016/Autounattend.xml index 1379bcc..0a415ae 100755 --- a/Packer/answer_files/2016/Autounattend.xml +++ b/Packer/answer_files/2016/Autounattend.xml @@ -50,7 +50,7 @@ <OSImage> <InstallFrom> <MetaData wcm:action="add"> - <Key>/IMAGE/NAME </Key> + <Key>/IMAGE/NAME</Key> <Value>Windows Server 2016 SERVERSTANDARD</Value> </MetaData> </InstallFrom> @@ -181,15 +181,14 @@ <Description>Disable password expiration for vagrant user</Description> </SynchronousCommand> <!-- WITHOUT WINDOWS UPDATES --> - <!-- <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine> <Description>Enable WinRM</Description> <Order>99</Order> </SynchronousCommand> - --> <!-- END WITHOUT WINDOWS UPDATES --> <!-- WITH WINDOWS UPDATES --> + <!-- <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> <Order>98</Order> @@ -207,6 +206,7 @@ <Order>100</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> + --> <!-- END WITH WINDOWS UPDATES --> </FirstLogonCommands> <OOBE> diff --git a/Packer/answer_files/2016/Autounattend_sysprep.xml b/Packer/answer_files/2016/Autounattend_sysprep.xml deleted file mode 100755 index cb538aa..0000000 --- a/Packer/answer_files/2016/Autounattend_sysprep.xml +++ /dev/null @@ -1,49 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="generalize"> - <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SkipRearm>0</SkipRearm> - </component> - <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <PersistAllDeviceInstalls>false</PersistAllDeviceInstalls> - <DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices> - </component> - </settings> - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <InputLocale>en-US</InputLocale> - <SystemLocale>en-US</SystemLocale> - <UILanguage>en-US</UILanguage> - <UserLocale>en-US</UserLocale> - </component> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <ProtectYourPC>1</ProtectYourPC> - <NetworkLocation>Home</NetworkLocation> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - </OOBE> - <TimeZone>UTC</TimeZone> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - </component> - </settings> - <settings pass="specialize"> - </settings> -</unattend> diff --git a/Packer/answer_files/2016_core/Autounattend.xml b/Packer/answer_files/2016_core/Autounattend.xml deleted file mode 100755 index 929d76b..0000000 --- a/Packer/answer_files/2016_core/Autounattend.xml +++ /dev/null @@ -1,229 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <SetupUILanguage> - <UILanguage>en-US</UILanguage> - </SetupUILanguage> - <InputLocale>en-US</InputLocale> - <SystemLocale>en-US</SystemLocale> - <UILanguage>en-US</UILanguage> - <UILanguageFallback>en-US</UILanguageFallback> - <UserLocale>en-US</UserLocale> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DiskConfiguration> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> - <Type>Primary</Type> - <Order>1</Order> - <Size>350</Size> - </CreatePartition> - <CreatePartition wcm:action="add"> - <Order>2</Order> - <Type>Primary</Type> - <Extend>true</Extend> - </CreatePartition> - </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> - <Active>true</Active> - <Format>NTFS</Format> - <Label>boot</Label> - <Order>1</Order> - <PartitionID>1</PartitionID> - </ModifyPartition> - <ModifyPartition wcm:action="add"> - <Format>NTFS</Format> - <Label>Windows 2016</Label> - <Letter>C</Letter> - <Order>2</Order> - <PartitionID>2</PartitionID> - </ModifyPartition> - </ModifyPartitions> - <DiskID>0</DiskID> - <WillWipeDisk>true</WillWipeDisk> - </Disk> - </DiskConfiguration> - <ImageInstall> - <OSImage> - <InstallFrom> - <MetaData wcm:action="add"> - <Key>/IMAGE/NAME </Key> - <Value>Windows Server 2016 SERVERSTANDARDCORE</Value> - </MetaData> - </InstallFrom> - <InstallTo> - <DiskID>0</DiskID> - <PartitionID>2</PartitionID> - </InstallTo> - </OSImage> - </ImageInstall> - <UserData> - <!-- Product Key from http://technet.microsoft.com/en-us/library/jj612867.aspx --> - <ProductKey> - <!-- Do not uncomment the Key element if you are using trial ISOs --> - <!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs --> - <!--<Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key>--> - <WillShowUI>OnError</WillShowUI> - </ProductKey> - <AcceptEula>true</AcceptEula> - <FullName>Vagrant</FullName> - <Organization>Vagrant</Organization> - </UserData> - </component> - </settings> - <settings pass="specialize"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <OEMInformation> - <HelpCustomized>false</HelpCustomized> - </OEMInformation> - <ComputerName>vagrant-2016</ComputerName> - <TimeZone>Pacific Standard Time</TimeZone> - <RegisteredOwner/> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <IEHardenAdmin>false</IEHardenAdmin> - <IEHardenUser>false</IEHardenUser> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> - </component> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <SkipAutoActivation>true</SkipAutoActivation> - </component> - </settings> - <settings pass="oobeSystem"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <AutoLogon> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>vagrant</Username> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 64 Bit</Description> - <Order>1</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <Description>Set Execution Policy 32 Bit</Description> - <Order>2</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1</CommandLine> - <Description>Disable WinRM</Description> - <Order>3</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>4</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>5</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>6</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>7</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>8</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>9</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>10</Order> - <Description>Disable password expiration for vagrant user</Description> - </SynchronousCommand> - <!-- WITHOUT WINDOWS UPDATES --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine> - <Description>Enable WinRM</Description> - <Order>99</Order> - </SynchronousCommand> - --> - <!-- END WITHOUT WINDOWS UPDATES --> - <!-- WITH WINDOWS UPDATES --> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\microsoft-updates.bat</CommandLine> - <Order>98</Order> - <Description>Enable Microsoft Updates</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-screensaver.ps1</CommandLine> - <Description>Disable Screensaver</Description> - <Order>99</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine> - <Description>Install Windows Updates</Description> - <Order>100</Order> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <!-- END WITH WINDOWS UPDATES --> - </FirstLogonCommands> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Home</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - </OOBE> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - <RegisteredOwner/> - </component> - </settings> - <settings pass="offlineServicing"> - <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> - <EnableLUA>false</EnableLUA> - </component> - </settings> - <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim:c:/wim/install.wim#Windows Server 2016 SERVERSTANDARD"/> -</unattend> diff --git a/Packer/scripts/MakeWindows10GreatAgain.ps1 b/Packer/scripts/MakeWindows10GreatAgain.ps1 deleted file mode 100755 index 67b4cc2..0000000 --- a/Packer/scripts/MakeWindows10GreatAgain.ps1 +++ /dev/null @@ -1,23 +0,0 @@ -# Import the registry keys -Write-Host "Making Windows 10 Great again" -Write-Host "Importing registry keys..." -regedit /s a:\MakeWindows10GreatAgain.reg - -# Remove OneDrive from the System -Write-Host "Removing OneDrive..." -$onedrive = Get-Process onedrive -ErrorAction SilentlyContinue -if ($onedrive) { - taskkill /f /im OneDrive.exe -} -c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall - -Write-Host "Running Update-Help..." -Update-Help -Force -ErrorAction SilentlyContinue - -Write-Host "Removing Microsoft Store, Mail, and Edge shortcuts from the taskbar..." -$appname = "Microsoft Edge" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} -$appname = "Microsoft Store" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} -$appname = "Mail" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} diff --git a/Packer/scripts/MakeWindows10GreatAgain.reg b/Packer/scripts/MakeWindows10GreatAgain.reg deleted file mode 100755 index e8ed2d4..0000000 --- a/Packer/scripts/MakeWindows10GreatAgain.reg +++ /dev/null @@ -1,49 +0,0 @@ -Windows Registry Editor Version 5.00 - -# Disable Cortana (Windows search still remains) -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search] -"AllowCortana"=dword:00000000 - -# Disable Notification Center -[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer] -"DisableNotificationCenter"=dword:00000001 - -# Don't reboot when users are logged in for Windows updates -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] -"NoAutoRebootWithLoggedOnUsers"=dword:00000001 - -# Disable Microsoft.com accounts -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] -"NoConnectedUser"=dword:00000003 - -# Show all file extensions -[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -"HideFileExt"=dword:00000000 - -# Set explorer to open to "This PC" for new windows -[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -"LaunchTo"=dword:00000001 - -# Show hidden files (not including OS files) -[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] -"Hidden"=dword:00000001 - -# Show "This PC" on Desktop -# Created by: Shawn Brink -# http://www.tenforums.com -[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] -"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 - -[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] -"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 - -[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] -"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 - -# Enable Developer Mode (prerequisite for Linux subsystem) -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock] -"AllowDevelopmentWithoutDevLicense"=dword:00000001 - -# Disable Microsoft People icon from taskbar -[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People] -"PeopleBand"=dword:00000000 diff --git a/Packer/scripts/sysprep.bat b/Packer/scripts/sysprep.bat index 4f2e49b..b660e54 100755 --- a/Packer/scripts/sysprep.bat +++ b/Packer/scripts/sysprep.bat @@ -1,2 +1,4 @@ net stop tiledatamodelsvc -c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml +echo "I am shutting down" +c:\windows\system32\sysprep\sysprep.exe /generalize /mode:vm /oobe /unattend:a:\unattend.xml +shutdown /s diff --git a/Packer/windows_10.json b/Packer/windows_10.json index 5360cfe..524fd07 100644 --- a/Packer/windows_10.json +++ b/Packer/windows_10.json @@ -1,37 +1,5 @@ { "builders": [ - { - "type": "hyperv-iso", - "vm_name":"windows_10", - "iso_url": "{{user `iso_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "boot_wait": "6m", - "communicator":"winrm", - "winrm_username": "vagrant", - "winrm_password": "vagrant", - "winrm_timeout" : "4h", - "ram_size": "2048", - "cpu": "2", - "switch_name": "{{user `switch_name`}}", - "guest_additions_mode": "none", - "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", - "disk_size": "{{user `disk_size`}}", - "floppy_files": [ - "{{user `autounattend`}}", - "./floppy/WindowsPowershell.lnk", - "./floppy/PinTo10.exe", - "./scripts/fixnetwork.ps1", - "./scripts/MakeWindows10GreatAgain.ps1", - "./scripts/MakeWindows10GreatAgain.reg", - "./scripts/rearm-windows.ps1", - "./scripts/disable-screensaver.ps1", - "./scripts/disable-winrm.ps1", - "./scripts/enable-winrm.ps1", - "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1" - ] - }, { "type": "vmware-iso", "vm_name":"windows_10", @@ -45,7 +13,8 @@ "winrm_username": "vagrant", "winrm_password": "vagrant", "winrm_timeout": "4h", - "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "shutdown_timeout": "2h", + "shutdown_command": "a:/sysprep.bat", "guest_os_type": "windows9-64", "disk_size": "{{user `disk_size`}}", "vnc_port_min": 5900, @@ -56,14 +25,14 @@ "./floppy/WindowsPowershell.lnk", "./floppy/PinTo10.exe", "./scripts/fixnetwork.ps1", - "./scripts/MakeWindows10GreatAgain.ps1", - "./scripts/MakeWindows10GreatAgain.reg", "./scripts/rearm-windows.ps1", "./scripts/disable-screensaver.ps1", "./scripts/disable-winrm.ps1", "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1" + "./scripts/win-updates.ps1", + "./scripts/unattend.xml", + "./scripts/sysprep.bat" ], "vmx_data": { "RemoteDisplay.vnc.enabled": "false", @@ -86,7 +55,8 @@ "winrm_username": "vagrant", "winrm_password": "vagrant", "winrm_timeout": "4h", - "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "shutdown_timeout": "2h", + "shutdown_command": "a:/sysprep.bat", "guest_os_type": "Windows81_64", "guest_additions_mode": "disable", "disk_size": "{{user `disk_size`}}", @@ -95,15 +65,14 @@ "./floppy/WindowsPowershell.lnk", "./floppy/PinTo10.exe", "./scripts/fixnetwork.ps1", - "./scripts/MakeWindows10GreatAgain.ps1", - "./scripts/MakeWindows10GreatAgain.reg", "./scripts/rearm-windows.ps1", "./scripts/disable-screensaver.ps1", "./scripts/disable-winrm.ps1", "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", "./scripts/win-updates.ps1", - "./scripts/oracle-cert.cer" + "./scripts/unattend.xml", + "./scripts/sysprep.bat" ], "vboxmanage": [ [ @@ -134,9 +103,7 @@ { "type": "powershell", "scripts": [ - "./scripts/debloat-windows.ps1", - "./scripts/rearm-windows.ps1", - "./scripts/MakeWindows10GreatAgain.ps1" + "./scripts/debloat-windows.ps1" ] }, { @@ -157,7 +124,7 @@ "./scripts/pin-powershell.bat", "./scripts/compile-dotnet-assemblies.bat", "./scripts/set-winrm-automatic.bat", - "./scripts/compact.bat" + "./scripts/dis-updates.bat" ] } ], @@ -170,9 +137,9 @@ } ], "variables": { - "iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455", + "iso_checksum": "ab4862ba7d1644c27f27516d24cb21e6b39234eb3301e5f1fb365a78b22f79b3", "iso_checksum_type": "sha256", - "iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso", + "iso_url": "https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso", "autounattend": "./answer_files/10/Autounattend.xml", "disk_size": "61440" } diff --git a/Packer/windows_2016.json b/Packer/windows_2016.json index 820b2a7..967f465 100644 --- a/Packer/windows_2016.json +++ b/Packer/windows_2016.json @@ -1,36 +1,5 @@ { "builders": [ - { - "vm_name":"WindowsServer2016", - "type": "hyperv-iso", - "disk_size": 41440, - "boot_wait": "0s", - "guest_additions_mode":"disable", - "iso_url": "{{user `iso_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "floppy_files": [ - "{{user `autounattend`}}", - "./floppy/WindowsPowershell.lnk", - "./floppy/PinTo10.exe", - "./scripts/unattend.xml", - "./scripts/sysprep.bat", - "./scripts/disable-screensaver.ps1", - "./scripts/disable-winrm.ps1", - "./scripts/enable-winrm.ps1", - "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1" - ], - "communicator":"winrm", - "winrm_username": "vagrant", - "winrm_password": "vagrant", - "winrm_timeout" : "2h", - "shutdown_command": "a:/sysprep.bat", - "ram_size": 2048, - "cpu": 2, - "switch_name":"{{user `hyperv_switchname`}}", - "enable_secure_boot":true - }, { "vm_name":"WindowsServer2016", "type": "vmware-iso", @@ -143,11 +112,6 @@ "./scripts/uac-enable.bat", "./scripts/compact.bat" ] - }, - { - "type": "file", - "source": "./answer_files/2016/Autounattend_sysprep.xml", - "destination": "c:/Windows/Temp/Autounattend_sysprep.xml" } ], "post-processors": [ @@ -162,7 +126,6 @@ "iso_url": "https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO", "iso_checksum_type": "md5", "iso_checksum": "70721288BBCDFE3239D8F8C0FAE55F1F", - "autounattend": "./answer_files/2016/Autounattend.xml", - "hyperv_switchname": "{{env `hyperv_switchname`}}" + "autounattend": "./answer_files/2016/Autounattend.xml" } } diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile index e8329f5..57bf59b 100644 --- a/Vagrant/Vagrantfile +++ b/Vagrant/Vagrantfile @@ -3,7 +3,7 @@ Vagrant.configure("2") do |config| config.vm.define "logger" do |cfg| cfg.vm.box = "bento/ubuntu-16.04" cfg.vm.hostname = "logger" - config.vm.provision :shell, path: "bootstrap.sh" + cfg.vm.provision :shell, path: "bootstrap.sh" cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provider "vmware_desktop" do |v, override| @@ -26,7 +26,7 @@ Vagrant.configure("2") do |config| end config.vm.define "dc" do |cfg| - cfg.vm.box = "detectionlab/win2016" + cfg.vm.box = "../Packer/windows_2016_vmware.box" cfg.vm.hostname = "dc" cfg.vm.boot_timeout = 600 cfg.winrm.transport = :plaintext @@ -54,6 +54,7 @@ Vagrant.configure("2") do |config| cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false + cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false @@ -79,7 +80,7 @@ Vagrant.configure("2") do |config| end config.vm.define "wef" do |cfg| - cfg.vm.box = "detectionlab/win2016" + cfg.vm.box = "../Packer/windows_2016_vmware.box" cfg.vm.hostname = "wef" cfg.vm.boot_timeout = 600 cfg.vm.communicator = "winrm" @@ -130,12 +131,12 @@ Vagrant.configure("2") do |config| end config.vm.define "win10" do |cfg| - cfg.vm.box = "detectionlab/win10" + cfg.vm.box = "../Packer/windows_10_vmware.box" cfg.vm.hostname = "win10" - cfg.vm.boot_timeout = 600 + cfg.vm.boot_timeout = 1200 cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true - cfg.winrm.timeout = 300 + cfg.winrm.timeout = 1200 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102" diff --git a/Vagrant/resources/GPO/disable_windows_defender/manifest.xml b/Vagrant/resources/GPO/disable_windows_defender/manifest.xml new file mode 100755 index 0000000..b7030ee --- /dev/null +++ b/Vagrant/resources/GPO/disable_windows_defender/manifest.xml @@ -0,0 +1 @@ +<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{288D6F79-F949-4C97-BE07-8997DBE821BC}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{d2ef48b7-bc16-4377-a67f-dbaab78aa80f}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-07-02T05:30:50]]></BackupTime><ID><![CDATA[{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst><BackupInst><GPOGuid><![CDATA[{288D6F79-F949-4C97-BE07-8997DBE821BC}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{d2ef48b7-bc16-4377-a67f-dbaab78aa80f}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-07-02T03:55:32]]></BackupTime><ID><![CDATA[{1E7FB85D-6EA1-4B41-A58D-EE7A938D28C8}]]></ID><Comment><![CDATA[Disable Windows Defender]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst></Backups> \ No newline at end of file diff --git a/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/Backup.xml b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/Backup.xml new file mode 100755 index 0000000..d5b772c --- /dev/null +++ b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/Backup.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation. All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations"> + <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-535525547-1807146305-221323077-1000]]></Sid><SamAccountName><![CDATA[vagrant]]></SamAccountName><Type><![CDATA[User]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[vagrant@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-535525547-1807146305-221323077-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@windomain.local]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-535525547-1807146305-221323077-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[WINDOMAIN]]></NetBIOSDomainName><DnsDomainName><![CDATA[windomain.local]]></DnsDomainName><UPN><![CDATA[Domain Admins@windomain.local]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{288D6F79-F949-4C97-BE07-8997DBE821BC}]]></ID><Domain><![CDATA[windomain.local]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ab 78 eb 1f 41 dd b6 6b 45 1f 31 0d e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ab 78 eb 1f 41 dd b6 6b 45 1f 31 0d 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 ab 78 eb 1f 41 dd b6 6b 45 1f 31 0d 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Disable Windows Defender]]></DisplayName><Options><![CDATA[0]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[196611]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> + <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry"> + <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{288D6F79-F949-4C97-BE07-8997DBE821BC}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/> + + <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{288D6F79-F949-4C97-BE07-8997DBE821BC}\Adm\*.*"/> + </GroupPolicyExtension> + + + + + + + + + + <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\dc.windomain.local\sysvol\windomain.local\Policies\{288D6F79-F949-4C97-BE07-8997DBE821BC}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject> +</GroupPolicyBackupScheme> \ No newline at end of file diff --git a/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/comment.cmtx b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/comment.cmtx new file mode 100755 index 0000000..275f4b9 --- /dev/null +++ b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/comment.cmtx @@ -0,0 +1,12 @@ +<?xml version='1.0' encoding='utf-8'?> +<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions"> + <policyNamespaces> + <using prefix="ns0" namespace="Microsoft.Policies.WindowsDefender"></using> + </policyNamespaces> + <comments> + <admTemplate></admTemplate> + </comments> + <resources minRequiredRevision="1.0"> + <stringTable></stringTable> + </resources> +</policyComments> \ No newline at end of file diff --git a/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/registry.pol b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/DomainSysvol/GPO/Machine/registry.pol new file mode 100755 index 0000000000000000000000000000000000000000..08a48aaaf6574e78b346646024e202b73aa36481 GIT binary patch literal 368 zcmcJK%?iRW5QIO$2k8s=1fB%1h0+QhjE7j$QqWY|K<V2%i9ZxPd)Vym?CfTyC|$b( zPE_<X1STv44nra2Mn|o1j6(9%4Z_Da+i(=-xvHOpX6(gn6cKZ}1Y2R9W|oWYId+-_ zAr%ki?|+fEPVCnkRh|E+%TP*-m7)y?sky7m<T<(vs_Ue&m)2hgpUvnZ?&aF?s)O>N K>}eNHmVTa<??BH0 literal 0 HcmV?d00001 diff --git a/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/bkupInfo.xml b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/bkupInfo.xml new file mode 100755 index 0000000..0e7c0a5 --- /dev/null +++ b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/bkupInfo.xml @@ -0,0 +1 @@ +<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{288D6F79-F949-4C97-BE07-8997DBE821BC}]]></GPOGuid><GPODomain><![CDATA[windomain.local]]></GPODomain><GPODomainGuid><![CDATA[{d2ef48b7-bc16-4377-a67f-dbaab78aa80f}]]></GPODomainGuid><GPODomainController><![CDATA[dc.windomain.local]]></GPODomainController><BackupTime><![CDATA[2019-07-02T05:30:50]]></BackupTime><ID><![CDATA[{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Disable Windows Defender]]></GPODisplayName></BackupInst> diff --git a/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/gpreport.xml b/Vagrant/resources/GPO/disable_windows_defender/{A1B5F23F-DC23-4225-98D0-22FD4EAF312C}/gpreport.xml new file mode 100755 index 0000000000000000000000000000000000000000..9a2740adc9809ca2e4aac7999bb31af012b13ee1 GIT binary patch literal 20188 zcmeI4TT>g!703HIRrwC8JY}nbLB_^_6>Sm0Zm6=+7Q#!C+82R^O$>raA}p24S5NZ) z^`YG}qZTs|t-#(XO1GKrbH8+-In96n({kUspWV4Ta}D=TH*h02cBk&b4c#Bz?_AS8 zb1V96=+4j`>-u}$9l8(x?v<Ok6St&MYZ~*dYrEgN-?*0h-u>XZnqzQ>g1D*gW6cHT zN6nhJOI=&m-?jgHruS9hx)A;ky82vLR|I$2{l&d?Z(L8fKZ=HP*Z0&EA)n3#@{;Fm zEb986+d%=>Z0gT7^H{WBh|3GfWFlUW*10(N-e12G$3N)GnICzh>pk&<But)T;WGI( zB)OK`m9&sK_fPafGx7fHF<Gh4m)-++BOV6g5K8|g9j)tcTe|<wy>c6}gYWeI!hd_= zI{JL2YkzV((j?#3b%kr&{@S|cH}$RK{w;2oEAhMSCEE8ATNIzy9^3m2=4aC3g|yq( zCzNNYiW(~Cspa+r<6IJL3&yGB+IL5SIgtJjKV!Yt^@i>bWChp*Rx$E;<7~VxSOi{r z=C1s>j;9(7*wI*cCYpPt-$vctV<Xg#W(`E$MDOq2foL<T@zSQ(w`q7qIz7;}Rr&Ty zeQxUY!sD6+A>w!|T8S-Y>s7G46#P|>r77EjquDSbo_){B{oub8m&8H1#M0OG{x^?t z8d}7Je;-TQBXKp6@1Vo6uJHR(SBQ1dUQB;IjoMbcTZDC61j<r~Uw0+do{#BE(&3W# zQogO~^-{lhe<A*f`s-dIP5oZ;ny~Ts^{Pgq8|1}EWVfP7xGC=5>9wg?xFw(ez3^?h z*NOtW{(WEX*jQh3I??C4-k0<`k!P%WNKIXB>f4d9@_ore?(6+nnpyKRHZ*oakX{S+ zJNJ#SfCDTY;qFMj9r1YR_C>{^UfZ(TH=+dT@9W;7J`eSqIj?^)X#~0g?+>AETb#`U z&b&2_$7~cRL+VHzNh4*G?v7-g=O8^UtI7XIVm<fQ9KKzz=Z9HFM{~cCeQZh#yWW=H zi7Tkv6<0lPb=Vj71h*&NCkA>ylC?gU?QVG6UMX1inyeXXH?LXI7(8uN*8NKJnt}vG zq}G*v2aMeU);zu=`PIYm9f=0K>y<pSuLuBbWTLgtl*2<`Jgwi}UGXE~fH=UaV4%AX zqnsG<P)W_3a`H@w(#7cA)hc!<K1YujzeD~ZpM;!(H7+8fkU!=fNkZ;0xx-0b>c(SO z3oVMvL;2dCXz6Orf$#6RpR{}GYwt4BJF6||4OHbR=1#Pf;=Q<ASOhQWHNe+qLu8{> zuaTaQk$IUv9Sh3tBpQnBV;@V#CAJhTCeK$(nTJ@!-gK-#+trVCmDN13vD3%1vg}@@ z3Z>P!dpv%oy=GSurfOk3fU)++R0z(cfxg!P@^34%vXev~M22c}rg0qz;+3GVM;px0 zd|rZ<AE-6t=cY$}4Y|ZtrFUhLD3cJo7hzB2%~VF&@g9o(T<V1vQybXQ$_t;St~NW% zL{63~=@%=o`VJfuEjDFKc7-}p%0t5p=r3Ai#DCY!wzxUd--T9A@N)Oq6b@zuI?_~7 zOUwEp`^&q%&PJrMZAllGqL_Lg^_o-v9Z99Jo8KIW!=AKvCU4JIVe)rUI3t8mL9jZI ztuwl!;qQWcENxNY$ww2QSDAHxywsM6UsjF7MvL{OS-8_P%P2S%2IDft&sZy}p`?oz zQWB^>J4FXJc3-`>q;IPuQ_UE8n@hnq?OMe=W^ycWOFBIk&*W|*!Iiwet#4GxChiZ4 z1nj`57ZUUNeJ-6?4edt1h!)xE4qQ~nlcE&})wpWqsDCR7jNK<uzv8_-%UQfv#Au%V zkgQhBXsM`zwH7f3Ps`#=kFt@rnp{+dc#NGDd>XG$As<%VVMVIz+*jv5YVLPs%v2OG zo4;QMOXVG__-C=#*)Mo!_zcgB>+BaKV%ArTT~)K#*Ps11{3>ErEhk7ZK3`o_hThXo zg#Fn&eg0W1(tYhb4)na?C#~AJx8t9GaJ8rJJk^c$!-k$4bp5D(eZJ8jqkHuZ&r6`* z;nh35U&{_J^c2+lwS3(=y%Q^DyYwi_s9*Mejq2s|Cz|<E)yw?TjJj$W)+KRuXVulT z#nx5J>Ah32);X`8TlPuR{q}ri6jZM}rgo3jXQ${Of7De=o^RDv%NTp8OFvdWNa)l2 zl6G$Ni}n28?QOjmtM_8{(>6VAs-L#iPusE?CEq_%wN7d4;QZY5TG&QDX5MN((S6tK zisP1^7f*cm5l`u@Tfxq6RO>7Y`kj6Xo7Pd?KN35=>i&^vJ@?yB)jP2$xoVvj78|Sg zb%Y%u9U}3GTSJ{!@oeI+qw)xsRdN-*ES#sK>xQno51REfI%xAXgS)AWQQP*z`QD(= zQ<XlO)>7vxeQxBBk)B#{60k3+(2v3OaBeZ**;aK<s9m)51dQ(3OP{&G6lpdq|Iy<Q zoy^<99eTnzOGodQb$OSM3pi77dxA6;Z}>wRVtzy(7M)r_9`qSzBU<rZapuon!t`}o zuXd1hUJgd{j=D6_M;x7f%DL(Op=$Ab&;QcDm_4t&tml&hc>`5?xV*VNEj`^k3N4#c zql@rnb&<9_FPs>R5o%f@NW~;$*h0TjTYGoTU=DScli4Twta7@x2qmklfGdm7qBR<! zM=xsw_?tn?jwyqOe(5u{{z|y`=q26I)hGw+@{3w&NE5~_r-rNY`^<O3WhvVAa=H<O zE5X6af=z>=3MK52%H&K3<AtC@>rme~jX>|+(04P^-}+uxj&&y+6&P*(^KlkEK8)w| z6?0BBhf`SmzkoCK7Kib66->5TGijP15#1S07iq&&!8}&a1~Z)O575e_M#jjV={DSO z9O;I)p{PBTAE7t;yQ|Ch$WuxeD4F0&lq11%shf;Vj^#40D%+s1c}X|=P0<&!mYViO z{@Vh6GP>0sedfr9ZdrO!Q*!#z>x;}5G4~|ZBBV0x9YMfmK6w0OrJ_bco<sNe78RA{ zsZr$Q;+cPoBhwgCG(|4TBj@~MEVhg{Er~n(e*yR!=U<Qw-RhR(B9$>>r?~l2Vr^Bv zgEWY2=s(7+PqGNkLy)nG@e5zi%Wpag6|JpkM?_Ej0N(&_i1OFB)q-iP7P;^za9cg$ zK9LfP<S71sOW<}QXbsr_>lb{ExXW*7vU3vTFJicjw3x*;<YF{)x0oHK<*}$-b}j0S zi;&CA-i>E63Y>9HBJc#?pL7lRM33OUaapeYvHmXw-jem0Jiotu7Am*5D4E4bB*v6F zb6|0{QZGhhcCoXg@qBX(8kyd)Ot0c&&t`jSzW|JMjz~kF-aRoc<X)<y`8{Uq^NHI$ zT`gC>pS1dL`M9i~7UAZ1l_`k%5qVhoJx8^DC-MlVj3du2^_~)!KPggCy^D7&2lsr} zYSaY#xY6hT9R|$eh&-ismou=eblb{wU}IfOyyJWJKP&+)4L?H2!+(e*jI%w_(7ok^ vN(k9DFUj<XfFIsx$?m>VJrpe?uLH6~SS{I!&-u!?9MhL0X*6K9(6;*@ZZa_1 literal 0 HcmV?d00001 diff --git a/Vagrant/resources/windows/shutup10.cfg b/Vagrant/resources/windows/shutup10.cfg index 80eabea..599a4a9 100755 --- a/Vagrant/resources/windows/shutup10.cfg +++ b/Vagrant/resources/windows/shutup10.cfg @@ -1,18 +1,18 @@ ############################################################################ -# This file was created with O&O ShutUp10 and can be imported onto another computer. +# This file was created with O&O ShutUp10 and can be imported onto another computer. # # Download the application at https://www.oo-software.com/en/shutup10 -# You can then import the file from within the program. +# You can then import the file from within the program. # # Alternatively you can import it automatically over a command line. Simply use -# the following parameter: +# the following parameter: # ooshutup10.exe <path to file> -# -# Selecting the Option /quiet ends the app right after the import and the user does not +# +# Selecting the Option /quiet ends the app right after the import and the user does not # get any feedback about the import. # # We are always happy to answer any questions you may have! -# (c) 2015-2018 O&O Software GmbH, Berlin. https://www.oo-software.com/ +# Copyright © O&O Software GmbH https://www.oo-software.com/ ############################################################################ P001 + @@ -58,6 +58,7 @@ S010 + E001 + E002 + E003 + +E008 + E007 + E010 + E009 + @@ -125,4 +126,4 @@ M012 + M013 + M014 + M015 + -N001 + +N001 - diff --git a/Vagrant/scripts/MakeWindows10GreatAgain.ps1 b/Vagrant/scripts/MakeWindows10GreatAgain.ps1 index a1a9508..870ac27 100644 --- a/Vagrant/scripts/MakeWindows10GreatAgain.ps1 +++ b/Vagrant/scripts/MakeWindows10GreatAgain.ps1 @@ -11,16 +11,14 @@ if ($onedrive) { } c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall -Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Running Update-Help..." -Update-Help -Force -ErrorAction SilentlyContinue - -Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..." -$appname = "Microsoft Edge" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} -$appname = "Microsoft Store" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} -$appname = "Mail" -((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} +# Fix in 1903 +#Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..." +#$appname = "Microsoft Edge" +#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} +#$appname = "Microsoft Store" +#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} +#$appname = "Mail" +#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..." powercfg -change -monitor-timeout-ac 0 @@ -33,10 +31,11 @@ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..." $shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe" $shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe" if (-not (Test-Path $shutUp10RepoPath)) { + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing ShutUp10 and disabling Windows Defender" Invoke-WebRequest -Uri "$shutUp10DownloadUrl" -OutFile $shutUp10RepoPath . $shutUp10RepoPath c:\vagrant\resources\windows\shutup10.cfg /quiet /force } else { - Write-Host "ShutUp10 was already installed. Moving On." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) ShutUp10 was already installed. Moving On." } # Remove the Edge shortcut from the Desktop diff --git a/Vagrant/scripts/configure-disable-windows-defender-gpo.ps1 b/Vagrant/scripts/configure-disable-windows-defender-gpo.ps1 new file mode 100644 index 0000000..bcd8348 --- /dev/null +++ b/Vagrant/scripts/configure-disable-windows-defender-gpo.ps1 @@ -0,0 +1,29 @@ +# Purpose: Install the GPO that disables Windows Defender +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to disable Windows Defender..." +Import-GPO -BackupGpoName 'Disable Windows Defender' -Path "c:\vagrant\resources\GPO\disable_windows_defender" -TargetName 'Disable Windows Defender' -CreateIfNeeded + +$OU = "ou=Workstations,dc=windomain,dc=local" +$gPLinks = $null +$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions +$GPO = Get-GPO -Name 'Disable Windows Defender' +If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) +{ + New-GPLink -Name 'Disable Windows Defender' -Target $OU -Enforced yes +} +else +{ + Write-Host "Disable Windows Defender GPO was already linked at $OU. Moving On." +} +$OU = "ou=Servers,dc=windomain,dc=local" +$gPLinks = $null +$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions +$GPO = Get-GPO -Name 'Disable Windows Defender' +If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) +{ + New-GPLink -Name 'Disable Windows Defender' -Target $OU -Enforced yes +} +else +{ + Write-Host "Disable Windows Defender GPO was already linked at $OU. Moving On." +} +gpupdate /force diff --git a/ci/build_machine_bootstrap.sh b/ci/build_machine_bootstrap.sh index 9b39870..8b33a47 100755 --- a/ci/build_machine_bootstrap.sh +++ b/ci/build_machine_bootstrap.sh @@ -75,8 +75,8 @@ ufw --force enable echo "[$(date +%H:%M:%S)]: Installing Vagrant..." mkdir /opt/vagrant cd /opt/vagrant || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb -dpkg -i vagrant_2.2.4_x86_64.deb +wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.5/vagrant_2.2.5_x86_64.deb +dpkg -i vagrant_2.2.5_x86_64.deb echo "[$(date +%H:%M:%S)]: Installing vagrant-reload plugin..." vagrant plugin install vagrant-reload diff --git a/ci/manual_machine_bootstrap.sh b/ci/manual_machine_bootstrap.sh index 1ca8521..3b6794f 100644 --- a/ci/manual_machine_bootstrap.sh +++ b/ci/manual_machine_bootstrap.sh @@ -22,8 +22,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab # Install Vagrant mkdir /opt/vagrant cd /opt/vagrant || exit 1 -wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb -dpkg -i vagrant_2.2.4_x86_64.deb +wget https://releases.hashicorp.com/vagrant/2.2.5/vagrant_2.2.5_x86_64.deb +dpkg -i vagrant_2.2.5_x86_64.deb vagrant plugin install vagrant-reload # Make the Vagrant instances headless @@ -33,8 +33,8 @@ sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile # Install Packer mkdir /opt/packer cd /opt/packer || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.0/packer_1.4.0_linux_amd64.zip -unzip packer_1.4.0_linux_amd64.zip +wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip +unzip packer_1.4.1_linux_amd64.zip cp packer /usr/local/bin/packer # Make the Packer images headless diff --git a/ci/manual_machine_bootstrap_vmware.sh b/ci/manual_machine_bootstrap_vmware.sh index c116aaa..11dc234 100644 --- a/ci/manual_machine_bootstrap_vmware.sh +++ b/ci/manual_machine_bootstrap_vmware.sh @@ -28,8 +28,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab # Install Vagrant mkdir /opt/vagrant cd /opt/vagrant || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb -dpkg -i vagrant_2.2.4_x86_64.deb +wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.5/vagrant_2.2.5_x86_64.deb +dpkg -i vagrant_2.2.5_x86_64.deb vagrant plugin install vagrant-reload vagrant plugin install vagrant-vmware-desktop echo $LICENSEFILE | base64 -d > /tmp/license.lic @@ -44,8 +44,8 @@ sed -i 's/v.gui = true/v.gui = false/g' Vagrantfile # Install Packer mkdir /opt/packer cd /opt/packer || exit 1 -wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.0/packer_1.4.0_linux_amd64.zip -unzip packer_1.4.0_linux_amd64.zip +wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.1/packer_1.4.1_linux_amd64.zip +unzip packer_1.4.1_linux_amd64.zip cp packer /usr/local/bin/packer # Make the Packer images headless