diff --git a/vmware/windows-10/.gitignore b/vmware/windows-10/.gitignore new file mode 100644 index 0000000..c34dc2b --- /dev/null +++ b/vmware/windows-10/.gitignore @@ -0,0 +1,5 @@ +.DS_Store +packerlog.txt +/packer_cache/* +/iso/* +/builds/* diff --git a/vmware/windows-10/cookbooks/packer/Berksfile b/vmware/windows-10/cookbooks/packer/Berksfile new file mode 100644 index 0000000..a078408 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/Berksfile @@ -0,0 +1,3 @@ +source 'https://supermarket.chef.io' + +metadata diff --git a/vmware/windows-10/cookbooks/packer/chefignore b/vmware/windows-10/cookbooks/packer/chefignore new file mode 100644 index 0000000..7efd6ac --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/vmware/windows-10/cookbooks/packer/kitchen.yml b/vmware/windows-10/cookbooks/packer/kitchen.yml new file mode 100644 index 0000000..f4eb3b0 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/kitchen.yml @@ -0,0 +1,37 @@ +driver: + name: vagrant + customize: + cpus: 2 + memory: 4096 + +transport: + name: winrm + elevated: true + +provisioner: + name: chef_zero + deprecations_as_errors: true + +platforms: + - name: windows-2019 + driver_config: + box: tas50/windows_2019 + - name: windows-2016 + driver_config: + box: tas50/windows_2016 + - name: windows-2012r2 + driver_config: + box: tas50/windows_2012r2 + +suites: + - name: default + run_list: + - recipe[packer::disable_windows_update] + - recipe[packer::remove_defender] + - recipe[packer::configure_power] + - recipe[packer::disable_screensaver] + - recipe[packer::vm_tools] + - recipe[packer::enable_file_sharing] + - recipe[packer::enable_remote_desktop] + - recipe[packer::cleanup] + - recipe[packer::defrag] diff --git a/vmware/windows-10/cookbooks/packer/metadata.rb b/vmware/windows-10/cookbooks/packer/metadata.rb new file mode 100644 index 0000000..0f33a4e --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/metadata.rb @@ -0,0 +1,7 @@ +name 'packer' +maintainer 'Tim Smith' +maintainer_email 'tsmith@chef.io' +license 'Apache-2.0' +description 'Resources run during packer builds' +version '1.0.0' +chef_version '>= 15.0' diff --git a/vmware/windows-10/cookbooks/packer/recipes/cleanup.rb b/vmware/windows-10/cookbooks/packer/recipes/cleanup.rb new file mode 100644 index 0000000..a4e56d0 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/cleanup.rb @@ -0,0 +1,79 @@ +# OneDrive takes up 150 megs and isn't needed for testing +windows_package 'Microsoft OneDrive' do + action :remove +end + +# Skype takes up 26 megs +windows_package 'Skype' do + action :remove +end + +if windows_workstation? && !node['platform_version'].to_i == 10 # cleanmgr isn't on servers + # registry key locations pulled from https://github.com/spjeff/spadmin/blob/master/Cleanmgr.ps1 + # thanks @spjeff! + registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Update Cleanup' do + values [{ + name: 'StateFlags0001', + type: :dword, + data: 2, + }] + end + + registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files' do + values [{ + name: 'StateFlags0001', + type: :dword, + data: 2, + }] + end + + execute 'run cleanmgr' do + command 'C:\Windows\System32\cleanmgr.exe /sagerun:1' + ignore_failure true + live_stream true + end +end + +execute 'clean SxS' do + command 'Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase' + ignore_failure true + live_stream true +end + +powershell_script 'remove unnecesary directories' do + code <<-EOH + @( + "C:\\Recovery", + "$env:localappdata\\temp\\*", + "$env:windir\\logs", + "$env:windir\\temp", + "$env:windir\\winsxs\\manifestcache", + "C:\\Users\\vagrant\Favorites\\*" + ) | % { + if(Test-Path $_) { + Write-Host "Removing $_" + try { + Takeown /d Y /R /f $_ + Icacls $_ /GRANT:r administrators:F /T /c /q 2>&1 | Out-Null + Remove-Item $_ -Recurse -Force | Out-Null + } catch { $global:error.RemoveAt(0) } + } + } + EOH +end + +# clean all of the event logs +%w(Application Security Setup System).each do |log| + execute "Cleaning the #{log} event log" do + command "wevtutil clear-log #{log}" + end +end + +# remove pagefile. it will get created on boot next time +registry_key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' do + values [{ + name: 'PagingFiles', + type: :string, + data: '', + }] +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/configure_power.rb b/vmware/windows-10/cookbooks/packer/recipes/configure_power.rb new file mode 100644 index 0000000..6f36bb2 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/configure_power.rb @@ -0,0 +1,16 @@ +execute 'Set high performance power profile' do + command 'powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c' +end + +execute 'Turn off Hibernation' do + command 'powercfg.exe /hibernate off' + ignore_failure :quiet # if unsupported on the hardware it errors +end + +execute 'Turn off monitor timeout on AC power' do + command 'powercfg -Change -monitor-timeout-ac 0' +end + +execute 'Turn off monitor timeout on DC power' do + command 'powercfg -Change -monitor-timeout-dc 0' +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/defrag.rb b/vmware/windows-10/cookbooks/packer/recipes/defrag.rb new file mode 100644 index 0000000..0873d67 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/defrag.rb @@ -0,0 +1,20 @@ +remote_file ::File.join(Chef::Config[:file_cache_path], 'ultradefrag.zip') do + source 'http://downloads.sourceforge.net/ultradefrag/ultradefrag-portable-7.1.4.bin.amd64.zip' + action :create +end + +archive_file 'Decompress ultradefrag' do + path ::File.join(Chef::Config[:file_cache_path], 'ultradefrag.zip') + destination ::File.join(Chef::Config[:file_cache_path], 'temp_defrag') + action :extract +end + +execute 'Rename ultradefrag' do + command "move #{::File.join(Chef::Config[:file_cache_path])}\\temp_defrag\\ultradefrag-* #{::File.join(Chef::Config[:file_cache_path], 'ultradefrag')}" + not_if { ::File.exist?(::File.join(Chef::Config[:file_cache_path], 'ultradefrag')) } +end + +execute 'Run ultradefrag' do + command "#{::File.join(Chef::Config[:file_cache_path], 'ultradefrag', 'udefrag.exe')} --optimize --repeat %SystemDrive%" + action :run +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/disable_screensaver.rb b/vmware/windows-10/cookbooks/packer/recipes/disable_screensaver.rb new file mode 100644 index 0000000..54f5a0a --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/disable_screensaver.rb @@ -0,0 +1,5 @@ +# Disable the screensaver +registry_key 'HKEY_CURRENT_USER\Control Panel\Desktop' do + values [{ name: 'ScreenSaveActive', type: :dword, data: 0 }] # disable + action :create +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/disable_windows_update.rb b/vmware/windows-10/cookbooks/packer/recipes/disable_windows_update.rb new file mode 100644 index 0000000..52bf975 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/disable_windows_update.rb @@ -0,0 +1,4 @@ +# don't waste CPU / network bandwidth checking for updates +windows_update_settings 'disable windows update' do + disable_automatic_updates true +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/enable_file_sharing.rb b/vmware/windows-10/cookbooks/packer/recipes/enable_file_sharing.rb new file mode 100644 index 0000000..3baecad --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/enable_file_sharing.rb @@ -0,0 +1,3 @@ +execute 'enable filesharing' do + command 'netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes' +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/enable_remote_desktop.rb b/vmware/windows-10/cookbooks/packer/recipes/enable_remote_desktop.rb new file mode 100644 index 0000000..67291be --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/enable_remote_desktop.rb @@ -0,0 +1,10 @@ +registry_key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server' do + values [{ + name: 'fDenyTSConnections', + type: :dword, + data: 0 }] +end + +execute 'Enable RDP firewall rule' do + command 'netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes' +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/remove_defender.rb b/vmware/windows-10/cookbooks/packer/recipes/remove_defender.rb new file mode 100644 index 0000000..8a511ad --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/remove_defender.rb @@ -0,0 +1,3 @@ +windows_defender 'disable windows defender' do + action :disable +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/set_local_account_token_filter_policy.rb b/vmware/windows-10/cookbooks/packer/recipes/set_local_account_token_filter_policy.rb new file mode 100644 index 0000000..c6623a0 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/set_local_account_token_filter_policy.rb @@ -0,0 +1,7 @@ +registry_key 'HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Policies\system' do + values [{ + name: 'LocalAccountTokenFilterPolicy', + type: :dword, + data: 1, + }] +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/updates.rb b/vmware/windows-10/cookbooks/packer/recipes/updates.rb new file mode 100644 index 0000000..07a4d24 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/updates.rb @@ -0,0 +1,13 @@ +if windows_nt_version == '10.0.17763' # 2019 + # This is basically a service pack and we should install it to fix a giant pile of bugs + msu_package '2020-04 monthly rollup' do + source 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/04/windows10.0-kb4550969-x64_7d0a6efbe9e4d44253babdc161873513f88fc1e4.msu' + action :install + end +elsif windows_nt_version == '10.0.14393' # 2016 + # This is basically a service pack and we should install it to fix a giant pile of bugs + msu_package '2020-04 monthly rollup' do + source 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/04/windows10.0-kb4550947-x64_f2ec932f8fb2be82d2f430b5dcd1ec4b92a7611c.msu' + action :install + end +end diff --git a/vmware/windows-10/cookbooks/packer/recipes/vm_tools.rb b/vmware/windows-10/cookbooks/packer/recipes/vm_tools.rb new file mode 100644 index 0000000..600c5a1 --- /dev/null +++ b/vmware/windows-10/cookbooks/packer/recipes/vm_tools.rb @@ -0,0 +1,37 @@ +# install virtualbox guest additions on vbox guests +if vbox? + directory 'C:/Windows/Temp/virtualbox' do + recursive true + end + + powershell_script 'install vbox guest additions' do + code <<-EOH + Get-ChildItem E:/cert/ -Filter vbox*.cer | ForEach-Object { + E:/cert/VBoxCertUtil.exe add-trusted-publisher $_.FullName --root $_.FullName + } + + Start-Process -FilePath "e:/VBoxWindowsAdditions.exe" -ArgumentList "/S" -WorkingDirectory "C:/Windows/Temp/virtualbox" -Wait + EOH + ignore_failure true + end + + directory 'C:/Windows/Temp/virtualbox' do + action :delete + end +end + +# install vmware tools on vmware guests +# This is from https://github.com/luciusbono/Packer-Windows10/blob/master/install-guest-tools.ps1 +if vmware? + powershell_script 'install vmware tools' do + code <<-'EOH' + $isopath = 'C:\Windows\Temp\vmware.iso' + Mount-DiskImage -ImagePath $isopath + $exe = ((Get-DiskImage -ImagePath $isopath | Get-Volume).Driveletter + ':\setup.exe') + $parameters = '/S /v "/qn REBOOT=R"' + Start-Process -FilePath $exe -ArgumentList $parameters -Wait + Dismount-DiskImage -ImagePath $isopath + Remove-Item $isopath + EOH + end +end diff --git a/vmware/windows-10/scripts/common/base_setup.ps1 b/vmware/windows-10/scripts/common/base_setup.ps1 new file mode 100644 index 0000000..d66fb8d --- /dev/null +++ b/vmware/windows-10/scripts/common/base_setup.ps1 @@ -0,0 +1,50 @@ +Write-Host "Performing the WinRM setup necessary to get the host ready for packer to run Chef..." + +# Make 100% sure we prevent Packer from connecting to WinRM while we +# attempt to configure everything +Disable-NetFirewallRule -DisplayGroup 'Windows Remote Management' + +# Disable UAC +Set-ItemProperty -Path "registry::HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value 0 + +# parts of this are from https://github.com/luciusbono/Packer-Windows10/blob/master/configure-winrm.ps1 +# and https://github.com/rgl/windows-2016-vagrant/blob/master/winrm.ps1 + +# Supress network location Prompt +New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" -Force + +# The above suppresses the prompt but defaults to "Public" which prevents WinRM from being enabled even with the SkipNetworkProfileCheck arg +# This command sets any network connections detected to Private to allow WinRM to be configured and started +Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory "Private" + +# Does a lot: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-6 +Enable-PSRemoting -SkipNetworkProfileCheck -Force +# May not be necessary since we set the profile to Private above +Set-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -RemoteAddress Any # allow winrm over public profile interfaces + +Write-Host '* Deleting any pre-existing listeners' +winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null +winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null +Write-Host '* Creating an HTTP listener' +winrm create winrm/config/listener?Address=*+Transport=HTTP | Out-Null +winrm create winrm/config/listener?Address=*+Transport=HTTPS | Out-Null + +winrm set winrm/config '@{MaxTimeoutms="1800000"}' +winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="2048"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service/auth '@{Basic="true"}' +winrm set winrm/config/client/auth '@{Basic="true"}' + +# Restart WinRM service +Stop-Service -Name "winrm" +Set-Service -Name "winrm" -StartupType "Automatic" +Start-Service -Name "winrm" + +# Enable WinRM in Firewall for any remote address +Get-NetFirewallRule -DisplayGroup "Windows Remote Management" | Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -RemoteAddress Any +Enable-NetFirewallRule -DisplayGroup "Windows Remote Management" + +# Allow time to view output before window is closed +Start-Sleep -Seconds 2 + +exit 0 diff --git a/vmware/windows-10/scripts/common/cleanup.ps1 b/vmware/windows-10/scripts/common/cleanup.ps1 new file mode 100644 index 0000000..f17179f --- /dev/null +++ b/vmware/windows-10/scripts/common/cleanup.ps1 @@ -0,0 +1,43 @@ +Write-Host "Uninstalling Chef..." +$app = Get-WmiObject -Class Win32_Product | Where-Object { + $_.Name -match "Chef" +} +$app.Uninstall() + +Write-Host "Removing leftover Chef files..." +Remove-Item "C:\Opscode\" -Recurse -Force -ErrorAction SilentlyContinue +Remove-Item "C:\Chef\" -Recurse -Force -ErrorAction SilentlyContinue + +Write-Host "Cleaning Temp Files..." +try { + Takeown /d Y /R /f "C:\Windows\Temp\*" + Icacls "C:\Windows\Temp\*" /GRANT:r administrators:F /T /c /q 2>&1 + Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue +} catch { } + +Write-Host "Optimizing Drive" +Optimize-Volume -DriveLetter C + +Write-Host "Wiping empty space on disk..." +$FilePath="c:\zero.tmp" +$Volume = Get-WmiObject win32_logicaldisk -filter "DeviceID='C:'" +$ArraySize= 64kb +$SpaceToLeave= $Volume.Size * 0.05 +$FileSize= $Volume.FreeSpace - $SpacetoLeave +$ZeroArray= new-object byte[]($ArraySize) + +$Stream= [io.File]::OpenWrite($FilePath) +try { + $CurFileSize = 0 + while($CurFileSize -lt $FileSize) { + $Stream.Write($ZeroArray,0, $ZeroArray.Length) + $CurFileSize +=$ZeroArray.Length + } +} +finally { + if($Stream) { + $Stream.Close() + } +} + +Remove-Item $FilePath diff --git a/vmware/windows-10/scripts/tidal/install_additional_tools.ps1 b/vmware/windows-10/scripts/tidal/install_additional_tools.ps1 new file mode 100644 index 0000000..4fb8bed --- /dev/null +++ b/vmware/windows-10/scripts/tidal/install_additional_tools.ps1 @@ -0,0 +1,8 @@ +Write-Host "++ Install chrome ++" +choco install -y googlechrome +Start-Sleep -Seconds 40 + +# Find more information on this here: +# https://github.com/tidalmigrations/machine_stats/tree/master/windows#authentication-error +Write-Host "++ Set trustedhosts to all ++" +Set-Item WSMan:localhost\client\trustedhosts -value * -Force diff --git a/vmware/windows-10/scripts/tidal/install_docker.ps1 b/vmware/windows-10/scripts/tidal/install_docker.ps1 new file mode 100644 index 0000000..fb010a4 --- /dev/null +++ b/vmware/windows-10/scripts/tidal/install_docker.ps1 @@ -0,0 +1,8 @@ +# Install NuGet provider +Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Scope 'AllUsers' -Force + +# Install docker module +Install-Module -Name DockerMsftProvider -Repository PSGallery -Confirm:$False -Force + +# Install docker package +Install-Package -Name docker -ProviderName DockerMsftProvider -Force \ No newline at end of file diff --git a/vmware/windows-10/scripts/tidal/install_git.ps1 b/vmware/windows-10/scripts/tidal/install_git.ps1 new file mode 100644 index 0000000..90bcca5 --- /dev/null +++ b/vmware/windows-10/scripts/tidal/install_git.ps1 @@ -0,0 +1,12 @@ +# Tidal tool's version can only be cheked after restarting powershell +# Thus in this shell, instead of install_tidal_tools.ps1 +Write-Host "++ Checking tidal version ++" +tidal version + +# Install chocolatey +Write-Host "++ Install chocolatey ++" +Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) + +# Install git +Write-Host "++ Install git ++" +choco install --yes git diff --git a/vmware/windows-10/scripts/tidal/install_machine_stats.ps1 b/vmware/windows-10/scripts/tidal/install_machine_stats.ps1 new file mode 100644 index 0000000..6dcb5a1 --- /dev/null +++ b/vmware/windows-10/scripts/tidal/install_machine_stats.ps1 @@ -0,0 +1,9 @@ +## Clone machine-stats repo +Write-Host "++ Clone machine-stats repo ++" +git clone https://github.com/tidalmigrations/machine_stats.git C:\machine_stats +Start-Sleep -Seconds 10 + +# To run machine stats, go to `C:\machine_stats\Windows` +# and follow these guide lines +# https://guides.tidalmg.com/machine_stats.html#running-the-script +# https://github.com/tidalmigrations/machine_stats/tree/master/windows#usage diff --git a/vmware/windows-10/scripts/tidal/install_tidal_tools.ps1 b/vmware/windows-10/scripts/tidal/install_tidal_tools.ps1 new file mode 100644 index 0000000..6cdb138 --- /dev/null +++ b/vmware/windows-10/scripts/tidal/install_tidal_tools.ps1 @@ -0,0 +1,7 @@ +Write-Host "++ Downloading tidal tools ++" +Invoke-WebRequest -Uri https://get.tidal.sh/tidal-win-64-latest -OutFile C:\tidal-win-64.msi +Start-Sleep -Seconds 10 + +Write-Host "++ Installing tidal tools ++" +Start-Process C:\tidal-win-64.msi -ArgumentList "/quiet" +Start-Sleep -Seconds 10 diff --git a/vmware/windows-10/scripts/unattended/Autounattend.xml b/vmware/windows-10/scripts/unattended/Autounattend.xml new file mode 100644 index 0000000..173416a --- /dev/null +++ b/vmware/windows-10/scripts/unattended/Autounattend.xml @@ -0,0 +1,221 @@ + + + + + + + + E:\viostor\w10\amd64 + + + + E:\NetKVM\w10\amd64 + + + + E:\Balloon\w10\amd64 + + + + E:\pvpanic\w10\amd64 + + + + E:\qemupciserial\w10\amd64 + + + + E:\qxldod\w10\amd64 + + + + E:\vioinput\w10\amd64 + + + + E:\viorng\w10\amd64 + + + + E:\vioscsi\w10\amd64 + + + + E:\vioserial\w10\amd64 + + + + E:\vioserial\w10\amd64 + + + + + + en-US + + en-US + en-US + en-US + en-US + en-US + + + + + + + Primary + 1 + 100 + + + 2 + Primary + true + + + + + true + NTFS + + 1 + 1 + + + NTFS + + C + 2 + 2 + + + 0 + true + + + + + + + /IMAGE/NAME + Windows 10 Enterprise Evaluation + + + + 0 + 2 + + + + + + OnError + + true + Vagrant + Bento by Chef Software, Inc. + + + + + + 1 + + + false + false + + + + + en-US + en-US + en-US + en-US + + + + true + true + true + true + true + Work + 3 + true + true + + UTC + + + vagrant + true</PlainText> + </AdministratorPassword> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Password> + <Value>vagrant</Value> + <PlainText>true</PlainText> + </Password> + <Description>Vagrant User</Description> + <DisplayName>vagrant</DisplayName> + <Group>administrators</Group> + <Name>vagrant</Name> + </LocalAccount> + </LocalAccounts> + </UserAccounts> + <AutoLogon> + <Password> + <Value>vagrant</Value> + <PlainText>true</PlainText> + </Password> + <Username>vagrant</Username> + <Enabled>true</Enabled> + </AutoLogon> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Set Execution Policy 64 Bit</Description> + <Order>1</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <Description>Set Execution Policy 32 Bit</Description> + <Order>2</Order> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>powershell -NoLogo -ExecutionPolicy RemoteSigned -File a:\base_setup.ps1</CommandLine> + <Description>Configure WinRM so packer can connect to run Chef</Description> + <Order>3</Order> + <RequiresUserInput>false</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> + <Order>4</Order> + <Description>Disable password expiration for vagrant user</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> + <settings pass="specialize"> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <!-- Disable IE ESC. --> + <IEHardenAdmin>false</IEHardenAdmin> + <IEHardenUser>false</IEHardenUser> + </component> + <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + </settings> +</unattend> diff --git a/vmware/windows-10/windows-10.json b/vmware/windows-10/windows-10.json new file mode 100644 index 0000000..38797c3 --- /dev/null +++ b/vmware/windows-10/windows-10.json @@ -0,0 +1,116 @@ +{ + "builders": [ + { + "type": "vmware-iso", + "vm_name": "tidal-windows-10", + "format": "ova", + + "iso_urls": [ + "iso/18363.418.191007-0143.19h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso", + "https://software-download.microsoft.com/download/pr/18363.418.191007-0143.19h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso" + ], + "iso_checksum": "{{ user `iso_checksum` }}", + + "communicator": "winrm", + "cpus": "{{ user `cpus` }}", + "memory": "{{ user `memory` }}", + "disk_size": "{{user `disk_size`}}", + "disk_adapter_type": "lsisas1068", + + "floppy_files": [ + "{{template_dir}}/scripts/unattended/Autounattend.xml", + "{{template_dir}}/scripts/common/base_setup.ps1" + ], + "guest_os_type": "windows9srv-64", + "headless": "{{ user `headless` }}", + "output_directory": "{{ user `build_directory` }}/packer-windows-10-vmware", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "shutdown_timeout": "15m", + "tools_upload_flavor": "windows", + "tools_upload_path": "c:/Windows/Temp/vmware.iso", + "version": 19, + "winrm_password": "vagrant", + "winrm_timeout": "12h", + "winrm_username": "vagrant" + } + ], + "provisioners": [ + { + "cookbook_paths": [ + "{{template_dir}}/cookbooks" + ], + "guest_os_type": "windows", + "run_list": [ + "packer::disable_windows_update", + "packer::configure_power", + "packer::disable_screensaver" + ], + "type": "chef-solo" + }, + { + "type": "windows-restart" + }, + { + "cookbook_paths": [ + "{{template_dir}}/cookbooks" + ], + "guest_os_type": "windows", + "run_list": [ + "packer::vm_tools", + "packer::enable_file_sharing", + "packer::enable_remote_desktop" + ], + "type": "chef-solo" + }, + { + "type": "windows-restart" + }, + { + "cookbook_paths": [ + "{{template_dir}}/cookbooks" + ], + "guest_os_type": "windows", + "run_list": [ + "packer::cleanup", + "packer::defrag" + ], + "type": "chef-solo" + }, + { + "elevated_password": "vagrant", + "elevated_user": "vagrant", + "script": "{{template_dir}}/scripts/common/cleanup.ps1", + "type": "powershell" + }, + { + "elevated_password": "vagrant", + "elevated_user": "vagrant", + "type": "powershell", + "scripts": [ + "{{template_dir}}/scripts/tidal/install_tidal_tools.ps1", + "{{template_dir}}/scripts/tidal/install_git.ps1", + "{{template_dir}}/scripts/tidal/install_machine_stats.ps1", + "{{template_dir}}/scripts/tidal/install_additional_tools.ps1" + ] + }, + { + "elevated_password": "vagrant", + "elevated_user": "Administrator", + "type": "powershell", + "scripts": [ + "{{template_dir}}/scripts/tidal/install_docker.ps1" + ] + }, + { + "type": "windows-restart" + } + ], + "variables": { + "build_directory": "./builds", + "cpus": "2", + "memory": "4096", + "disk_size": "40000", + "headless": "false", + "iso_checksum": "489ebee676e26cdb81377b0e6385c001a22589b8" + } +}