Revert package manager (not compatible with winRM!!!)

packer/preseed/Server2019/pvscsi/Autounattend.xml

@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="utf-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend">
+    <servicing/>
+    <settings pass="auditSystem">
+        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <DriverPaths>
+                <PathAndCredentials wcm:action="add" wcm:keyValue="1">
+                    <Path>E:\Program Files\VMware\VMware Tools\Drivers\pvscsi\Win8\amd64</Path>
+                </PathAndCredentials>
+            </DriverPaths>
+        </component>
+    </settings>
+    <settings pass="windowsPE">
+        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <DiskConfiguration>
+                <Disk wcm:action="add">
+                    <CreatePartitions>
+                        <CreatePartition wcm:action="add">
+                            <Order>1</Order>
+                            <Type>Primary</Type>
+                            <Extend>true</Extend>
+                        </CreatePartition>
+                    </CreatePartitions>
+                    <ModifyPartitions>
+                        <ModifyPartition wcm:action="add">
+                            <Extend>false</Extend>
+                            <Format>NTFS</Format>
+                            <Letter>C</Letter>
+                            <Order>1</Order>
+                            <PartitionID>1</PartitionID>
+                            <Label>Windows Server 2019</Label>
+                        </ModifyPartition>
+                    </ModifyPartitions>
+                    <DiskID>0</DiskID>
+                    <WillWipeDisk>true</WillWipeDisk>
+                </Disk>
+                <WillShowUI>OnError</WillShowUI>
+            </DiskConfiguration>
+            <UserData>
+                <AcceptEula>true</AcceptEula>
+                <!-- <FullName>Spamasaurus Rex</FullName>
+                <Organization>Spamasaurus Rex</Organization> -->
+                <ProductKey>
+                    <Key><<img-productkey>></Key>
+                    <WillShowUI>Never</WillShowUI>
+                </ProductKey>
+            </UserData>
+            <ImageInstall>
+                <OSImage>
+                    <InstallTo>
+                        <DiskID>0</DiskID>
+                        <PartitionID>1</PartitionID>
+                    </InstallTo>
+                    <WillShowUI>OnError</WillShowUI>
+                    <InstallToAvailablePartition>false</InstallToAvailablePartition>
+                    <InstallFrom>
+                        <MetaData wcm:action="add">
+                            <Key>/IMAGE/INDEX</Key>
+                            <Value>4</Value>
+                        </MetaData>
+                    </InstallFrom>
+                </OSImage>
+            </ImageInstall>
+        </component>
+        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <SetupUILanguage>
+                <UILanguage>en-US</UILanguage>
+            </SetupUILanguage>
+            <InputLocale>en-US</InputLocale>
+            <SystemLocale>en-US</SystemLocale>
+            <UILanguage>en-US</UILanguage>
+            <UILanguageFallback>en-US</UILanguageFallback>
+            <UserLocale>en-US</UserLocale>
+        </component>
+    </settings>
+    <settings pass="offlineServicing">
+        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <EnableLUA>false</EnableLUA>
+        </component>
+    </settings>
+    <settings pass="oobeSystem">
+        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <InputLocale>en-US</InputLocale>
+            <SystemLocale>en-US</SystemLocale>
+            <UILanguage>en-US</UILanguage>
+            <UserLocale>en-US</UserLocale>
+        </component>
+        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <UserAccounts>
+                <AdministratorPassword>
+                    <Value><<img-password>></Value>
+                    <PlainText>true</PlainText>
+                </AdministratorPassword>
+            </UserAccounts>
+            <OOBE>
+                <HideEULAPage>true</HideEULAPage>
+                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+                <NetworkLocation>Home</NetworkLocation>
+                <ProtectYourPC>1</ProtectYourPC>
+            </OOBE>
+            <AutoLogon>
+                <Password>
+                    <Value><<img-password>></Value>
+                    <PlainText>true</PlainText>
+                </Password>
+                <Username>administrator</Username>
+                <Enabled>true</Enabled>
+            </AutoLogon>
+            <FirstLogonCommands>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
+                    <Description>Set execution policy 64bit</Description>
+                    <Order>1</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
+                    <Description>Set execution policy 32bit</Description>
+                    <Order>2</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c reg add "HKLM\System\CurrentControlSet\Control\Network\NewNetworkWindowOff"</CommandLine>
+                    <Description>Disable new network prompt</Description>
+                    <Order>3</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Set-NetworkProfile.ps1</CommandLine>
+                    <Description>Set network profile to private</Description>
+                    <Order>4</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Disable-WinRM.ps1</CommandLine>
+                    <Description>Disable WinRM</Description>
+                    <Order>5</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c a:\Install-VMwareTools.cmd</CommandLine>
+                    <Order>13</Order>
+                    <Description>Install VMware Tools</Description>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Enable-WinRM.ps1</CommandLine>
+                    <Description>Enable WinRM</Description>
+                    <Order>99</Order>
+                </SynchronousCommand>
+            </FirstLogonCommands>
+            <ShowWindowsLive>false</ShowWindowsLive>
+        </component>
+    </settings>
+    <settings pass="specialize">
+        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <OEMInformation>
+                <HelpCustomized>false</HelpCustomized>
+            </OEMInformation>
+            <!-- Rename computer here. -->
+            <ComputerName>packer-template</ComputerName>
+            <TimeZone>W. Europe Standard Time</TimeZone>
+            <RegisteredOwner/>
+        </component>
+        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+            <SkipAutoActivation>true</SkipAutoActivation>
+        </component>
+    </settings>
+</unattend>

packer/windowsserver2019.pkr.hcl

@@ -30,7 +30,7 @@ source "vsphere-iso" "srv2019-template" {
   winrm_password          = var.winrm_password
   winrm_timeout           = "10m"
 
-  RAM                     = 8192
+  RAM                     = 4096
   CPUs                    = 2
 
   network_adapters {
@@ -89,7 +89,7 @@ source "vsphere-iso" "srv2019-virtual" {
   winrm_timeout           = "10m"
   winrm_username          = "administrator"
 
-  RAM                     = 8192
+  RAM                     = 4096
   CPUs                    = 2
 
   network_adapters {
@@ -159,11 +159,11 @@ source "vsphere-iso" "srv2019-baremetal" {
     disk_size             = 20480
     disk_thin_provisioned = true
   }
-  disk_controller_type    = ["lsilogic-sas"]
+  disk_controller_type    = ["pvscsi"]
   usb_controller          = ["xhci"]
 
   floppy_files            = [
-    "packer/preseed/Server2019/Autounattend.xml",
+    "packer/preseed/Server2019/pvscsi/Autounattend.xml",
     "packer/preseed/Server2019/Sysprep_Unattend.xml",
     "scripts/Set-NetworkProfile.ps1",
     "scripts/Disable-WinRM.ps1",
@@ -185,44 +185,49 @@ source "vsphere-iso" "srv2019-baremetal" {
 }
 
 build {
+  // sources = [
+  //   "source.vsphere-iso.srv2019-template",
+  //   "source.vsphere-iso.srv2019-virtual",
+  //   "source.vsphere-iso.srv2019-baremetal"
+  // ]
   sources = [
     "source.vsphere-iso.srv2019-template",
-    "source.vsphere-iso.srv2019-virtual",
-    "source.vsphere-iso.srv2019-baremetal"
+    "source.vsphere-iso.srv2019-virtual"
   ]
 
   provisioner "windows-update" {
   }
 
+  // provisioner "powershell" {
+  //   scripts = [
+  //     "scripts/Install-Prerequisites.ps1",
+  //     "scripts/Install-WinGet.ps1"
+  //   ]
+  // }
+  // provisioner "powershell" {
+  //   inline = [
+  //     "winget install mozilla.firefox",
+  //     "winget install 7zip.7zip",
+  //     "winget install microsoft.dotnetframework"
+  //   ]
+  //   // valid_exit_codes = [0, 3010]
+  // }
   provisioner "powershell" {
-    scripts = [
-      "scripts/Install-WinGet.ps1"
+    inline = [
+      "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12",
+      "Invoke-Expression ((New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"
     ]
   }
   provisioner "powershell" {
     inline           = [
-      "winget install mozilla.firefox",
-      "winget install 7zip.7zip",
-      "winget install microsoft.dotnetframework"
+      "choco config set --name=limit-output --value=LimitOutput",
+      "choco install -y dotnetfx",
+      "choco install -y 7zip.install",
+      "choco install -y sysinternals",
+      "choco install -y firefox"
     ]
-    // valid_exit_codes = [0, 3010]
+    valid_exit_codes = [0, 3010]
   }
-  // provisioner "powershell" {
-  //   inline = [
-  //     "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12",
-  //     "Invoke-Expression ((New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"
-  //   ]
-  // }
-  // provisioner "powershell" {
-  //   inline           = [
-  //     "choco config set --name=limit-output --value=LimitOutput",
-  //     "choco install -y dotnetfx",
-  //     "choco install -y 7zip.install",
-  //     "choco install -y sysinternals",
-  //     "choco install -y firefox"
-  //   ]
-  //   valid_exit_codes = [0, 3010]
-  // }
 
   provisioner "windows-update" {
   }
@@ -237,13 +242,13 @@ build {
   provisioner "file" {
     only        = ["vsphere-iso.srv2019-virtual"]
     destination = "C:\\Payload\\"
-    source      = "scripts/Server2019/payload/"
+    source      = "scripts/payload/"
   }
 
   provisioner "powershell" {
     only    = ["vsphere-iso.srv2019-virtual"]
     scripts = [
-      "scripts/Server2019/Register-ScheduledTask.ps1"
+      "scripts/Register-ScheduledTask.ps1"
     ]
   }
 

scripts/Install-Prerequisites.ps1

@@ -0,0 +1,40 @@
+[CmdletBinding()]
+Param(
+    # No parameters
+)
+
+$RequiredPSModules = @(
+    'ntobjectmanager'   # Provides cmdlet 'Set-ExecutionAlias'
+)
+
+$InstallPackageProviderSplat = @{
+    Name               = 'NuGet'
+    MinimumVersion     = '2.8.5.201'
+    Force              = $True
+    Confirm            = $False
+}
+Install-PackageProvider @InstallPackageProviderSplat
+$SetPSRepositorySplat = @{
+    Name               = 'PSGallery'
+    InstallationPolicy = 'Trusted'
+}
+Set-PSRepository @SetPSRepositorySplat
+$InstallModuleSplat = @{
+    Name               = $RequiredPSModules
+    Force              = $True
+    Confirm            = $False
+}
+Install-Module @InstallModuleSplat
+$SetPSRepositorySplat = @{
+    Name               = 'PSGallery'
+    InstallationPolicy = 'Untrusted'
+}
+Set-PSRepository @SetPSRepositorySplat
+
+# Double check whether the required PowerShell modules are available
+ForEach ($Module in $RequiredPSModules) {
+    If ([boolean](Get-Module -Name $Module -ListAvailable) -ne $True) {
+        Write-Error -Message "Missing PowerShell module '$($Module)'"
+        Exit 1
+    }
+}

scripts/Install-WinGet.ps1

@@ -1,24 +1,74 @@
+#Requires -Modules 'NtObjectManager'
 [CmdletBinding()]
 Param(
     # None
 )
 
+# Download dependencies
+$AppxDependencies = @(
+    @{
+        ShortName     = 'vclibs'
+        QualifiedName = 'Microsoft.VCLibs.140.00_8wekyb3d8bbwe'
+    },
+    @{
+        ShortName     = 'vclibsuwp'
+        QualifiedName = 'Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe'
+    }
+)
+ForEach ($Dependency in $AppxDependencies) {
+    $InvokeWebRequestSplat = @{
+        Uri             = 'https://store.rg-adguard.net/api/GetFiles'
+        Method          = 'POST'
+        ContentType     = 'application/x-www-form-urlencoded'
+        Body            = "type=PackageFamilyName&url=$($Dependency.QualifiedName)&ring=RP&lang=en-US"
+        UseBasicParsing = $True
+    }
+    $InvokeWebRequestSplat = @{
+        Uri     = ((Invoke-WebRequest @InvokeWebRequestSplat).Links | Where-Object {$_.OuterHTML -match '.appx' -and $_.outerHTML -match 'x64'}).href
+        OutFile = "$env:temp/$($Dependency.ShortName).appx"
+    }
+    Invoke-WebRequest @InvokeWebRequestSplat
+}
+# Download latest release (along with license) from github
 $InvokeRestMethodSplat = @{
     Uri    = "https://api.github.com/repos/microsoft/winget-cli/releases/latest"
     Method = 'GET'
 }
+$LatestRelease = Invoke-RestMethod @InvokeRestMethodSplat
 $InvokeWebRequestSplat = @{
-    Uri = ((Invoke-RestMethod @InvokeRestMethodSplat).assets | Where-Object {$_.name -like '*.appxbundle'}).browser_download_url
-    Out = "$env:temp\winget.appxbundle"
+    Uri     = ($LatestRelease.assets | Where-Object {$_.name -like '*.msixbundle'}).browser_download_url
+    OutFile = "$env:temp\winget.msixbundle"
+}
+Invoke-WebRequest @InvokeWebRequestSplat
+$InvokeWebRequestSplat = @{
+    Uri     = ($LatestRelease.assets | Where-Object {$_.name -like '*license*.xml'}).browser_download_url
+    OutFile = "$env:temp\wingetlicense.xml"
 }
 Invoke-WebRequest @InvokeWebRequestSplat
 
-$InvokeWebRequestSplat = @{
-    Uri = "https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx"
-    Out = "$env:temp\vclibs.appx"
+# Install dependencies
+$AppxDependencies.ShortName | ForEach-Object {
+    $AddAppxPackageSplat = @{
+        Path = "$env:temp/$($_).appx"
     }
-Invoke-WebRequest @InvokeWebRequestSplat
+    Add-AppxPackage @AddAppxPackageSplat
+}
+# Install winget
+$AddAppxProvisionedPackageSplat = @{
+    Online = $True
+    PackagePath = "$env:temp\winget.msixbundle"
+    LicensePath = "$env:temp\wingetlicense.xml"
+}
+Add-AppxProvisionedPackage @AddAppxProvisionedPackageSplat
 
-If (Test-Path -Path "$env:temp\winget.appxbundle") {
-    & dism.exe /Online /Add-ProvisionedAppxPackage /PackagePath:"$env:temp\winget.appxbundle" /SkipLicense /DependencyPackagePath:"$env:temp\vclibs.appx"
+# Create reparse point
+$SetExecutionAliasSplat = @{
+    Path        = "$([System.Environment]::SystemDirectory)\winget.exe"
+    PackageName = "Microsoft.DesktopAppInstaller_8wekyb3d8bbwe"
+    EntryPoint  = "Microsoft.DesktopAppInstaller_8wekyb3d8bbwe!winget"
+    Target      = "$((Get-AppxPackage Microsoft.DesktopAppInstaller).InstallLocation)\AppInstallerCLI.exe"
+    AppType     = 'Desktop'
+    Version     = 3
 }
+Set-ExecutionAlias @SetExecutionAliasSplat
+& explorer.exe "shell:appsFolder\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe!winget"