Draft: Windows 10 OVA

vmware/windows-10/.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+packerlog.txt
+/packer_cache/*
+/iso/*
+/builds/*

vmware/windows-10/cookbooks/packer/Berksfile

@@ -0,0 +1,3 @@
+source 'https://supermarket.chef.io'
+
+metadata

vmware/windows-10/cookbooks/packer/chefignore

@@ -0,0 +1,115 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+.envrc
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+REVISION
+TAGS*
+tmtags
+.vscode
+.editorconfig
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+mkmf.log
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.delivery/*
+.foodcritic
+.kitchen*
+.mdlrc
+.overcommit.yml
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+.yamllint
+azure-pipelines.yml
+Dangerfile
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+mlc_config.json
+Procfile
+Rakefile
+spec/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitkeep
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Documentation #
+#############
+CODE_OF_CONDUCT*
+CONTRIBUTING*
+documentation/*
+TESTING*
+UPGRADING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

vmware/windows-10/cookbooks/packer/kitchen.yml

@@ -0,0 +1,37 @@
+driver:
+  name: vagrant
+  customize:
+    cpus: 2
+    memory: 4096
+
+transport:
+  name: winrm
+  elevated: true
+
+provisioner:
+  name: chef_zero
+  deprecations_as_errors: true
+
+platforms:
+  - name: windows-2019
+    driver_config:
+      box: tas50/windows_2019
+  - name: windows-2016
+    driver_config:
+      box: tas50/windows_2016
+  - name: windows-2012r2
+    driver_config:
+      box: tas50/windows_2012r2
+
+suites:
+  - name: default
+    run_list:
+      - recipe[packer::disable_windows_update]
+      - recipe[packer::remove_defender]
+      - recipe[packer::configure_power]
+      - recipe[packer::disable_screensaver]
+      - recipe[packer::vm_tools]
+      - recipe[packer::enable_file_sharing]
+      - recipe[packer::enable_remote_desktop]
+      - recipe[packer::cleanup]
+      - recipe[packer::defrag]

vmware/windows-10/cookbooks/packer/metadata.rb

@@ -0,0 +1,7 @@
+name 'packer'
+maintainer 'Tim Smith'
+maintainer_email '[email protected]'
+license 'Apache-2.0'
+description 'Resources run during packer builds'
+version '1.0.0'
+chef_version '>= 15.0'

vmware/windows-10/cookbooks/packer/recipes/cleanup.rb

@@ -0,0 +1,79 @@
+# OneDrive takes up 150 megs and isn't needed for testing
+windows_package 'Microsoft OneDrive' do
+  action :remove
+end
+
+# Skype takes up 26 megs
+windows_package 'Skype' do
+  action :remove
+end
+
+if windows_workstation? && !node['platform_version'].to_i == 10 # cleanmgr isn't on servers
+  # registry key locations pulled from https://github.com/spjeff/spadmin/blob/master/Cleanmgr.ps1
+  # thanks @spjeff!
+  registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Update Cleanup' do
+    values [{
+      name: 'StateFlags0001',
+      type: :dword,
+      data: 2,
+    }]
+  end
+
+  registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files' do
+    values [{
+      name: 'StateFlags0001',
+      type: :dword,
+      data: 2,
+    }]
+  end
+
+  execute 'run cleanmgr' do
+    command 'C:\Windows\System32\cleanmgr.exe /sagerun:1'
+    ignore_failure true
+    live_stream true
+  end
+end
+
+execute 'clean SxS' do
+  command 'Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase'
+  ignore_failure true
+  live_stream true
+end
+
+powershell_script 'remove unnecesary directories' do
+  code <<-EOH
+  @(
+      "C:\\Recovery",
+      "$env:localappdata\\temp\\*",
+      "$env:windir\\logs",
+      "$env:windir\\temp",
+      "$env:windir\\winsxs\\manifestcache",
+      "C:\\Users\\vagrant\Favorites\\*"
+  ) | % {
+          if(Test-Path $_) {
+              Write-Host "Removing $_"
+              try {
+                Takeown /d Y /R /f $_
+                Icacls $_ /GRANT:r administrators:F /T /c /q  2>&1 | Out-Null
+                Remove-Item $_ -Recurse -Force | Out-Null
+              } catch { $global:error.RemoveAt(0) }
+          }
+      }
+  EOH
+end
+
+# clean all of the event logs
+%w(Application Security Setup System).each do |log|
+  execute "Cleaning the #{log} event log" do
+    command "wevtutil clear-log #{log}"
+  end
+end
+
+# remove pagefile. it will get created on boot next time
+registry_key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' do
+  values [{
+    name: 'PagingFiles',
+    type: :string,
+    data: '',
+  }]
+end

vmware/windows-10/cookbooks/packer/recipes/configure_power.rb

@@ -0,0 +1,16 @@
+execute 'Set high performance power profile' do
+  command 'powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
+end
+
+execute 'Turn off Hibernation' do
+  command 'powercfg.exe /hibernate off'
+  ignore_failure :quiet # if unsupported on the hardware it errors
+end
+
+execute 'Turn off monitor timeout on AC power' do
+  command 'powercfg -Change -monitor-timeout-ac 0'
+end
+
+execute 'Turn off monitor timeout on DC power' do
+  command 'powercfg -Change -monitor-timeout-dc 0'
+end

vmware/windows-10/cookbooks/packer/recipes/defrag.rb

@@ -0,0 +1,20 @@
+remote_file ::File.join(Chef::Config[:file_cache_path], 'ultradefrag.zip') do
+  source 'http://downloads.sourceforge.net/ultradefrag/ultradefrag-portable-7.1.4.bin.amd64.zip'
+  action :create
+end
+
+archive_file 'Decompress ultradefrag' do
+  path ::File.join(Chef::Config[:file_cache_path], 'ultradefrag.zip')
+  destination ::File.join(Chef::Config[:file_cache_path], 'temp_defrag')
+  action :extract
+end
+
+execute 'Rename ultradefrag' do
+  command "move #{::File.join(Chef::Config[:file_cache_path])}\\temp_defrag\\ultradefrag-* #{::File.join(Chef::Config[:file_cache_path], 'ultradefrag')}"
+  not_if { ::File.exist?(::File.join(Chef::Config[:file_cache_path], 'ultradefrag')) }
+end
+
+execute 'Run ultradefrag' do
+  command "#{::File.join(Chef::Config[:file_cache_path], 'ultradefrag', 'udefrag.exe')} --optimize --repeat %SystemDrive%"
+  action :run
+end

vmware/windows-10/cookbooks/packer/recipes/disable_screensaver.rb

@@ -0,0 +1,5 @@
+# Disable the screensaver
+registry_key 'HKEY_CURRENT_USER\Control Panel\Desktop' do
+  values [{ name: 'ScreenSaveActive', type: :dword, data: 0 }] # disable
+  action :create
+end

vmware/windows-10/cookbooks/packer/recipes/disable_windows_update.rb

@@ -0,0 +1,4 @@
+# don't waste CPU / network bandwidth checking for updates
+windows_update_settings 'disable windows update' do
+  disable_automatic_updates true
+end

vmware/windows-10/cookbooks/packer/recipes/enable_file_sharing.rb

@@ -0,0 +1,3 @@
+execute 'enable filesharing' do
+  command 'netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes'
+end

vmware/windows-10/cookbooks/packer/recipes/enable_remote_desktop.rb

@@ -0,0 +1,10 @@
+registry_key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server' do
+  values [{
+    name: 'fDenyTSConnections',
+    type: :dword,
+    data: 0 }]
+end
+
+execute 'Enable RDP firewall rule' do
+  command 'netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes'
+end

vmware/windows-10/cookbooks/packer/recipes/remove_defender.rb

@@ -0,0 +1,3 @@
+windows_defender 'disable windows defender' do
+  action :disable
+end

vmware/windows-10/cookbooks/packer/recipes/set_local_account_token_filter_policy.rb

@@ -0,0 +1,7 @@
+registry_key 'HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Policies\system' do
+  values [{
+    name: 'LocalAccountTokenFilterPolicy',
+    type: :dword,
+    data: 1,
+  }]
+end

vmware/windows-10/cookbooks/packer/recipes/updates.rb

@@ -0,0 +1,13 @@
+if windows_nt_version == '10.0.17763' # 2019
+  # This is basically a service pack and we should install it to fix a giant pile of bugs
+  msu_package '2020-04 monthly rollup' do
+    source 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/04/windows10.0-kb4550969-x64_7d0a6efbe9e4d44253babdc161873513f88fc1e4.msu'
+    action :install
+  end
+elsif windows_nt_version == '10.0.14393' # 2016
+  # This is basically a service pack and we should install it to fix a giant pile of bugs
+  msu_package '2020-04 monthly rollup' do
+    source 'http://download.windowsupdate.com/d/msdownload/update/software/updt/2020/04/windows10.0-kb4550947-x64_f2ec932f8fb2be82d2f430b5dcd1ec4b92a7611c.msu'
+    action :install
+  end
+end

vmware/windows-10/cookbooks/packer/recipes/vm_tools.rb

@@ -0,0 +1,37 @@
+# install virtualbox guest additions on vbox guests
+if vbox?
+  directory 'C:/Windows/Temp/virtualbox' do
+    recursive true
+  end
+
+  powershell_script 'install vbox guest additions' do
+    code <<-EOH
+      Get-ChildItem E:/cert/ -Filter vbox*.cer | ForEach-Object {
+          E:/cert/VBoxCertUtil.exe add-trusted-publisher $_.FullName --root $_.FullName
+      }
+
+      Start-Process -FilePath "e:/VBoxWindowsAdditions.exe" -ArgumentList "/S" -WorkingDirectory "C:/Windows/Temp/virtualbox" -Wait
+    EOH
+    ignore_failure true
+  end
+
+  directory 'C:/Windows/Temp/virtualbox' do
+    action :delete
+  end
+end
+
+# install vmware tools on vmware guests
+# This is from https://github.com/luciusbono/Packer-Windows10/blob/master/install-guest-tools.ps1
+if vmware?
+  powershell_script 'install vmware tools' do
+    code <<-'EOH'
+      $isopath = 'C:\Windows\Temp\vmware.iso'
+      Mount-DiskImage -ImagePath $isopath
+      $exe = ((Get-DiskImage -ImagePath $isopath | Get-Volume).Driveletter + ':\setup.exe')
+      $parameters = '/S /v "/qn REBOOT=R"'
+      Start-Process -FilePath $exe -ArgumentList $parameters -Wait
+      Dismount-DiskImage -ImagePath $isopath
+      Remove-Item $isopath
+    EOH
+  end
+end