Compare commits


No commits in common. "Windows10" and "master" have entirely different histories.

53 changed files with 99 additions and 1134 deletions

View File

@ -1,87 +0,0 @@
kind: pipeline
type: kubernetes
name: 'Packer Build'
- name: output
name: flexvolsmb-drone-output
- name: scratch
name: flexvolsmb-drone-scratch
- name: Debugging information
- yamllint --version
- packer --version
- pwsh --version
- ovftool --version
- name: Windows 10
pull: always
- sed -i -e "s/<<img-productkey>>/$${PRODUCTKEY}/" packer/preseed/Windows10/Autounattend.xml
- |
sed -i -e "s/<<img-password>>/$${WINRM_PASSWORD}/g" \
packer/preseed/Windows10/Autounattend.xml \
- |
yamllint -d "{extends: relaxed, rules: {line-length: disable}}" scripts
- |
packer init -upgrade \
- |
packer validate \
-var vm_guestos=win10 \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var winrm_password=$${WINRM_PASSWORD} \
- |
packer build \
-on-error=cleanup \
-var vm_guestos=win10 \
-var repo_username=$${REPO_USERNAME} \
-var repo_password=$${REPO_PASSWORD} \
-var vsphere_password=$${VSPHERE_PASSWORD} \
-var winrm_password=$${WINRM_PASSWORD} \
from_secret: vsphere_password
from_secret: winrm_password
from_secret: repo_username
from_secret: repo_password
from_secret: prodkey_win10
- name: output
path: /output
- name: Remove temporary resources
- |
pwsh -file scripts/Remove-Resources.ps1 \
-VSphereFQDN 'bv11-vc.bessems.lan' \
-VSphereUsername 'administrator@vsphere.local' \
-VSpherePassword $${VSPHERE_PASSWORD}
from_secret: vsphere_password
- name: scratch
path: /scratch
- success
- failure

View File

@ -1 +1,15 @@
# Packer.Images [![Build Status](]( # Packer.Images
Opinionated set of packer templates for producing .OVA appliances, which can then be deployed (semi)unattended through the use of vApp properties:
## [![Build Status]( **Ubuntu Server 20.04**]( - <small>LTS</small>
Lorem ipsum.
## [![Build Status]( **Windows Server 2019**]( - <small>LTSC xx09</small>
This image in itself does not actually provide much benefit over other customization methods that are available during an unattended deployment; it serves primarily as a basis for the following images.
## [![Build Status]( **ADDS**]( - <small>Active Directory Domain Services</small>
Lorem ipsum.
## [![Build Status]( **ADCS**]( - <small>Active Directory Certificate Services</small>
Lorem ipsum.

View File

@ -1,16 +0,0 @@
script = <<-EOH
$nic = get-netadapter
Get-NetAdapterBinding InterfaceAlias $ ComponentID ms_tcpip6
control "ipv6" do
title 'Disabled network protocol IPv6'
desc '
This test assures that IPv6 is disabled
describe powershell(script) do
its('stdout') { should match 'False' }

View File

@ -1,29 +0,0 @@
script = <<-EOH
# Initialize variable to empty array
$NonCompliantServices = @()
# Specify relevant services
$Services = @(
# Enumerate all services
$NonCompliantServices += Get-Service $Services -ErrorAction 'SilentlyContinue' | Where-Object {$_.StartType -ne 'Disabled'}
# Output; 'True' or list of noncompliant services
Write-Output ($True, $NonCompliantServices)[!($NonCompliantServices.Count -eq 0)]
control "disabled_services" do
title 'Disabled services'
desc '
This test assures that all unneeded services are set to "disabled".
describe powershell(script) do
its('stdout') { should match 'True' }

View File

@ -1,29 +0,0 @@
script = <<-EOH
# Initialize variable to empty array
$LogicalDisks = @()
# Enumerate all logicaldisks
# DriveType:
# Unknown (0)
# No Root Directory (1)
# Removable Disk (2)
# Local Disk (3)
# Network Drive (4)
# Compact Disc (5)
# RAM Disk (6)
$LogicalDisks += Get-WmiObject -Class 'win32_logicaldisk' -Filter 'DriveType=3'
# Filter/Quantify
($LogicalDisks.Count -eq 1) -and (($LogicalDisks | Where-Object {$_.DeviceID -ne 'C:'}).Count -eq 0)
control "single_disk" do
title 'Single Disk'
desc '
This test assures that only a single disk (C:) is available
describe powershell(script) do
its('stdout') { should match 'True' }

View File

@ -1,54 +0,0 @@
control "software_installed-7zip" do
title 'Included Default Applications: 7-Zip'
desc '
This test assures that the software application "7-Zip" is installed.
describe chocolatey_package('7zip.install') do
it { should be_installed }
# control "software_installed-dotnetfx" do
# title 'Included Default Applications: .NET'
# desc '
# This test assures that the software application ".NET" is installed.
# '
# describe chocolatey_package('dotnetfx') do
# it { should be_installed }
# end
# end
# control "software_installed-foxitreader" do
# title 'Included Default Applications: Foxit Reader'
# desc '
# This test assures that the software application "Foxit Reader" is installed.
# '
# describe chocolatey_package('foxitreader') do
# it { should be_installed }
# end
# end
# control "software_installed-notepadplusplus" do
# title 'Included Default Applications: Notepad++'
# desc '
# This test assures that the software application "Notepad++" is installed.
# '
# describe chocolatey_package('notepadplusplus') do
# it { should be_installed }
# end
# end
# control "software_installed-putty" do
# title 'Included Default Applications: Putty'
# desc '
# This test assures that the software application "PuTTy" is installed.
# '
# describe chocolatey_package('putty') do
# it { should be_installed }
# end
# end

View File

@ -1,10 +0,0 @@
name: Windows 10 IoT Enterprise
title: Windows 10 IoT Enterprise InSpec Tests
summary: Unit test for Windows 10 IoT Enterprise
version: 1.0.0
license: Proprietary
- platform-family: windows

View File

@ -1,159 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component xmlns:wcm="" xmlns:xsi="" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<Disk wcm:action="add">
<CreatePartition wcm:action="add">
<ModifyPartition wcm:action="add">
<Label>Windows 10</Label>
<!-- <FullName>Spamasaurus Rex</FullName>
<Organization>Spamasaurus Rex</Organization> -->
<MetaData wcm:action="add">
<component xmlns:wcm="" xmlns:xsi="" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<component xmlns:wcm="" xmlns:xsi="" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set execution policy 64bit</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set execution policy 32bit</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c reg add "HKLM\System\CurrentControlSet\Control\Network\NewNetworkWindowOff"</CommandLine>
<Description>Disable new network prompt</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Set-NetworkProfile.ps1</CommandLine>
<Description>Set network profile to private</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Disable-WinRM.ps1</CommandLine>
<Description>Disable WinRM</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c a:\Install-VMwareTools.cmd</CommandLine>
<Description>Install VMware Tools</Description>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Enable-WinRM.ps1</CommandLine>
<Description>Enable WinRM</Description>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<!-- Rename computer here. -->
<TimeZone>W. Europe Standard Time</TimeZone>
<component xmlns:wcm="" xmlns:xsi="" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<settings pass="specialize">

View File

@ -1,18 +0,0 @@
variable "vcenter_server" {}
variable "vsphere_username" {}
variable "vsphere_password" {}
variable "vsphere_host" {}
variable "vsphere_datacenter" {}
variable "vsphere_templatefolder" {}
variable "vsphere_folder" {}
variable "vsphere_datastore" {}
variable "vsphere_network" {}
variable "vm_name" {}
variable "vm_guestos" {}
variable "winrm_password" {}
variable "repo_username" {}
variable "repo_password" {}

View File

@ -2,6 +2,7 @@ vcenter_server = "bv11-vc.bessems.lan"
vsphere_username = "administrator@vsphere.local" vsphere_username = "administrator@vsphere.local"
vsphere_datacenter = "DeSchakel" vsphere_datacenter = "DeSchakel"
vsphere_host = "bv11-esx.bessems.lan" vsphere_host = "bv11-esx.bessems.lan"
vsphere_hostip = ""
vsphere_datastore = "Datastore01.SSD" vsphere_datastore = "Datastore01.SSD"
vsphere_folder = "/Packer" vsphere_folder = "/Packer"
vsphere_templatefolder = "/Templates" vsphere_templatefolder = "/Templates"

View File

@ -1,133 +0,0 @@
packer {
required_plugins {
windows-update = {
version = ">= 0.14.0"
source = ""
source "vsphere-iso" "win10" {
vcenter_server = var.vcenter_server
username = var.vsphere_username
password = var.vsphere_password
insecure_connection = "true"
vm_name = "${var.vm_guestos}-${var.vm_name}"
datacenter = var.vsphere_datacenter
host = var.vsphere_host
folder = var.vsphere_folder
datastore = var.vsphere_datastore
guest_os_type = "windows9_64Guest"
boot_order = "disk,cdrom"
boot_command = [""]
boot_wait = "5m"
communicator = "winrm"
winrm_username = "administrator"
winrm_password = var.winrm_password
winrm_timeout = "10m"
CPUs = 2
RAM = 8192
network_adapters {
network = var.vsphere_network
network_card = "vmxnet3"
storage {
disk_size = 20480
disk_thin_provisioned = true
disk_controller_type = ["lsilogic-sas"]
usb_controller = ["xhci"]
floppy_files = [
iso_checksum = "sha256:8D1663B71280533824CF95C7AB48ADAF5A187C38FCFF5B16A569F903688916D0"
iso_paths = [
iso_url = "https://${var.repo_username}:${var.repo_password}"
shutdown_command = "C:\\Windows\\System32\\Sysprep\\sysprep.exe /generalize /oobe /unattend:A:\\Sysprep_Unattend.xml"
shutdown_timeout = "1h"
export {
images = false
output_directory = "/scratch/win10"
remove_cdrom = true
build {
sources = ["source.vsphere-iso.win10"]
provisioner "windows-update" {
filters = [
"exclude:$_.Title -like '*Preview*'",
provisioner "powershell" {
inline = [
"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12",
"Invoke-Expression ((New-Object Net.WebClient).DownloadString(''))"
provisioner "powershell" {
inline = [
"choco config set --name=limit-output --value=LimitOutput",
"choco install -y 7zip.install",
"choco install -y sysinternals",
"choco install -y firefox"
provisioner "windows-update" {
filters = [
"exclude:$_.Title -like '*Preview*'",
provisioner "powershell" {
inline = [
"New-Item -Path 'C:\\Payload\\Scripts' -ItemType 'Directory' -Force:$True -Confirm:$False"
provisioner "file" {
destination = "C:\\Payload\\"
source = "scripts/Windows10/payload/"
provisioner "powershell" {
scripts = [
post-processor "shell-local" {
inline = [
"pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
" -OVFFile '/scratch/win10/${var.vm_guestos}-${var.vm_name}.ovf' \\",
" -Parameter @{''='${var.vm_guestos}';'appliance.version'='${var.vm_name}'}\"",
"pwsh -file scripts/Update-Manifest.ps1 \\",
" -ManifestFileName '/scratch/win10/${var.vm_guestos}-${var.vm_name}.mf'",
"ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
" '/scratch/win10/${var.vm_guestos}-${var.vm_name}.ovf' \\",
" /output/Windows10.ova"

View File

@ -0,0 +1,52 @@
$PowerCliConfigurationSplat = @{
Scope = 'User'
ParticipateInCEIP = $False
Confirm = $False
InvalidCertificateAction = 'Ignore'
Set-PowerCLIConfiguration @PowerCliConfigurationSplat
$ConnectVIServerSplat = @{
Server = $VSphereFQDN
User = "$VSphereUsername"
Password = "$VSpherePassword"
WarningAction = 'SilentlyContinue'
Connect-VIServer @ConnectVIServerSplat | Out-Null
$GetVMSplat = @{
Name = $VMName
$VM = Get-VM @GetVMSplat
$GetHarddiskSplat = @{
VM = $VM
$Harddisk = Get-Harddisk @GetHarddiskSplat
$VMFolder = ($Harddisk.Filename.Substring(0, $Harddisk.Filename.LastIndexOf('/')) -split ' ')[1]
$NewDatastoreDriveSplat = @{
Name = 'ds'
Datastore = ($VM | Get-Datastore)
New-DatastoreDrive @NewDatastoreDriveSplat
$CopyDatastoreItemSplat = @{
Item = "ds:\$($VMFolder)\*.vmdk"
Destination = (Get-Item $PWD)
Copy-DatastoreItem @CopyDatastoreItemSplat
Disconnect-VIServer * -Confirm:$False

View File

@ -1,8 +0,0 @@
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
$winrmService = Get-Service -Name WinRM
if ($winrmService.Status -eq "Running"){
Disable-PSRemoting -Force
Stop-Service winrm
Set-Service -Name winrm -StartupType Disabled

View File

@ -1,18 +0,0 @@
$NetworkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$Connections = $NetworkListManager.GetNetworkConnections()
$Connections | ForEach-Object { $_.GetNetwork().SetCategory(1) }
Enable-PSRemoting -Force
winrm quickconfig -q
winrm quickconfig -transport:http
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public new remoteip=any
Set-Service winrm -startuptype "auto"
Restart-Service winrm

View File

@ -1,2 +0,0 @@
@rem Silent mode, basic UI, no reboot
e:\setup64 /s /v "/qb REBOOT=R"

View File

@ -1,73 +0,0 @@
<?xml version="1.0" encoding="utf-8" ?>
<!-- services to disable -->
<Name> VMUpgradeHelper </Name>
<Name> vmvss </Name>
<Name>Virtual Server</Name>
<!-- Virtual Machine Helper -->
<!-- Xen-specific service -->
<!-- drivers to disable -->
<Name> pvscsi </Name>
<Name> vmci </Name>
<Name> vmmouse </Name>
<Name> vmaudio </Name>
<Name> vmrawdsk </Name>
<Name> vmxnet </Name>
<Name> vmxnet3ndis6 </Name>
<Name> vm3dmp </Name>
<Name> vmdebug </Name>
<Name> vmxnet3ndis5 </Name>
<!-- storage drivers -->
<!-- VIA chipset drivers -->
<!-- network drivers: Intel(R) PRO/100 -->
<!-- tape drivers -->
<!-- Virtual Machine Monitor -->
<!-- Xen-specific drivers -->

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -16,7 +16,7 @@ $PowerCliConfigurationSplat = @{
Confirm = $False Confirm = $False
InvalidCertificateAction = 'Ignore' InvalidCertificateAction = 'Ignore'
} }
Set-PowerCLIConfiguration @PowerCliConfigurationSplat | Out-Null Set-PowerCLIConfiguration @PowerCliConfigurationSplat
$ConnectVIServerSplat = @{ $ConnectVIServerSplat = @{
Server = $VSphereFQDN Server = $VSphereFQDN
@ -26,26 +26,14 @@ $ConnectVIServerSplat = @{
} }
Connect-VIServer @ConnectVIServerSplat | Out-Null Connect-VIServer @ConnectVIServerSplat | Out-Null
$GetVMSplat = @{ $RemoveVMSplat = @{
Name = "*$($VMName)*" VM = "$($VMName)*"
ErrorAction = 'SilentlyContinue'
If ([boolean](Get-VM @GetVMSplat)) {
$RemoveVMSplat = @{
VM = Get-VM @GetVMSplat
DeletePermanently = $True DeletePermanently = $True
Confirm = $False Confirm = $False
ErrorAction = 'SilentlyContinue' ErrorAction = 'SilentlyContinue'
Remove-VM @RemoveVMSplat
} }
Remove-VM @RemoveVMSplat
# Also delete ISO/floppy?
Disconnect-VIServer * -Confirm:$False Disconnect-VIServer * -Confirm:$False
$RemoveItemSplat = @{
Path = "/scratch/*"
Recurse = $True
Force = $True
Confirm = $False
Remove-Item @RemoveItemSplat

View File

@ -1,23 +0,0 @@
# You cannot enable Windows PowerShell Remoting on network connections that are set to Public
# Spin through all the network locations and if they are set to Public, set them to Private
# using the INetwork interface:
# For more info, see:
# Network location feature was only introduced in Windows Vista - no need to bother with this
# if the operating system is older than Vista
if([environment]::OSVersion.version.Major -lt 6) { return }
# You cannot change the network location if you are joined to a domain, so abort
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
# Get network connections
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$connections = $networkListManager.GetNetworkConnections()
$connections |foreach {
Write-Host $_.GetNetwork().GetName()"category was previously set to"$_.GetNetwork().GetCategory()
Write-Host $_.GetNetwork().GetName()"changed to category"$_.GetNetwork().GetCategory()

View File

@ -1,6 +1,15 @@
#Requires -Modules 'powershell-yaml' #Requires -Modules 'powershell-yaml'
[CmdletBinding()] [CmdletBinding()]
Param( Param(
If ([boolean]($_.IndexOfAny([io.path]::GetInvalidFileNameChars()) -lt 0)) {
} Else {
Throw 'Provided input contains invalid characters; aborting.'
[Parameter(Mandatory)] [Parameter(Mandatory)]
[ValidateScript({ [ValidateScript({
If (Test-Path($_)) { If (Test-Path($_)) {
@ -9,12 +18,11 @@ Param(
Throw "'$_' is not a valid filename (within working directory '$PWD'), or access denied; aborting." Throw "'$_' is not a valid filename (within working directory '$PWD'), or access denied; aborting."
} }
})] })]
[string]$OVFFile, [string]$OVFFile
) )
$GetContentSplat = @{ $GetContentSplat = @{
Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml") Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".$($TemplateName).yml")
Raw = $True Raw = $True
} }
$RawContent = Get-Content @GetContentSplat $RawContent = Get-Content @GetContentSplat
@ -22,24 +30,7 @@ $ConvertFromYamlSplat = @{
Yaml = $RawContent Yaml = $RawContent
AllDocuments = $True AllDocuments = $True
} }
$YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat $OVFConfig = ConvertFrom-Yaml @ConvertFromYamlSplat
# Check if the respective .yml file declared substitutions which need to be parsed
If (($YamlDocuments.Count -gt 1) -and $YamlDocuments[-1].Variables) {
ForEach ($Pattern in $YamlDocuments[-1].Variables) {
$RawContent = $RawContent -replace "\{\{ ($($Pattern.Name)) \}\}", [string](Invoke-Expression -Command $Pattern.Expression)
# Perform conversion to Yaml again, now with parsed file contents
$ConvertFromYamlSplat = @{
Yaml = $RawContent
AllDocuments = $True
$YamlDocuments = ConvertFrom-Yaml @ConvertFromYamlSplat
$OVFConfig = $YamlDocuments[0..($YamlDocuments.Count - 2)]
Else {
$OVFConfig = $YamlDocuments
$SourceFile = Get-Item -Path $OVFFile $SourceFile = Get-Item -Path $OVFFile
$GetContentSplat = @{ $GetContentSplat = @{
@ -80,22 +71,6 @@ If ($OVFConfig.DeploymentConfigurations.Count -gt 0) {
$XMLAttrTransport = $XML.CreateAttribute('transport', $XML.DocumentElement.ovf) $XMLAttrTransport = $XML.CreateAttribute('transport', $XML.DocumentElement.ovf)
$XMLAttrTransport.Value = 'com.vmware.guestInfo' $XMLAttrTransport.Value = 'com.vmware.guestInfo'
[void]$XML.SelectSingleNode('//Any:VirtualHardwareSection', $NS).Attributes.Append($XMLAttrTransport) [void]$XML.SelectSingleNode('//Any:VirtualHardwareSection', $NS).Attributes.Append($XMLAttrTransport)
ForEach ($ExtraConfig in $OVFConfig.AdvancedOptions) {
$XMLExtraConfig = $XML.CreateElement('vmw:ExtraConfig', $XML.DocumentElement.vmw)
$XMLExtraConfigAttrRequired = $XML.CreateAttribute('required', $XML.DocumentElement.ovf)
$XMLExtraConfigAttrRequired.Value = "$([boolean]$ExtraConfig.Required)".ToLower()
$XMLExtraConfigAttrKey = $XML.CreateAttribute('key', $XML.DocumentElement.vmw)
$XMLExtraConfigAttrKey.Value = $ExtraConfig.Key
$XMLExtraConfigAttrValue = $XML.CreateAttribute('value', $XML.DocumentElement.vmw)
$XMLExtraConfigAttrValue.Value = $ExtraConfig.Value
[void]$XML.SelectSingleNode('//Any:VirtualHardwareSection', $NS).AppendChild($XMLExtraConfig)
Write-Host "Added $($OVFConfig.AdvancedOptions.Count) 'vmw:ExtraConfig' nodes"
$XMLProductSection = $XML.SelectSingleNode('//Any:ProductSection', $NS) $XMLProductSection = $XML.SelectSingleNode('//Any:ProductSection', $NS)
If ($XMLProductSection -eq $Null) { If ($XMLProductSection -eq $Null) {
@ -128,13 +103,13 @@ ForEach ($Category in $OVFConfig.PropertyCategories) {
$XMLPropertyAttrKey.Value = $Property.Key $XMLPropertyAttrKey.Value = $Property.Key
$XMLPropertyAttrType = $XML.CreateAttribute('type', $XML.DocumentElement.ovf) $XMLPropertyAttrType = $XML.CreateAttribute('type', $XML.DocumentElement.ovf)
Switch -regex ($Property.Type) { Switch -regex ($Property.Type) {
'^boolean' { 'boolean' {
$XMLPropertyAttrType.Value = 'boolean' $XMLPropertyAttrType.Value = 'boolean'
} }
'^int' { 'int' {
$XMLPropertyAttrType.Value = 'uint8' $XMLPropertyAttrType.Value = 'uint8'
$Qualifiers = @() $Qualifiers = @()
If ($Property.Type -match '^int\((\d*)\.\.(\d*)\)') { If ($Property.Type -match 'int\((\d*)\.\.(\d*)\)') {
If ($Matches[1]) { If ($Matches[1]) {
$Qualifiers += "MinValue($($Matches[1]))" $Qualifiers += "MinValue($($Matches[1]))"
} }
@ -146,20 +121,20 @@ ForEach ($Category in $OVFConfig.PropertyCategories) {
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers)
} }
} }
'^ip' { 'ip' {
$XMLPropertyAttrType.Value = 'string' $XMLPropertyAttrType.Value = 'string'
$XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.vmw) $XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.vmw)
$XMLPropertyAttrQualifiers.Value = 'Ip' $XMLPropertyAttrQualifiers.Value = 'Ip'
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers)
} }
'^password' { 'password' {
$XMLPropertyAttrType.Value = 'string' $XMLPropertyAttrType.Value = 'string'
$XMLPropertyAttrPassword = $XML.CreateAttribute('password', $XML.DocumentElement.ovf) $XMLPropertyAttrPassword = $XML.CreateAttribute('password', $XML.DocumentElement.ovf)
$XMLPropertyAttrPassword.Value = 'true' $XMLPropertyAttrPassword.Value = 'true'
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrPassword) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrPassword)
$Qualifiers = @() $Qualifiers = @()
If ($Property.Type -match '^password\((\d*)\.\.(\d*)\)') { If ($Property.Type -match 'password\((\d*)\.\.(\d*)\)') {
If ($Matches[1]) { If ($Matches[1]) {
$Qualifiers += "MinLen($($Matches[1]))" $Qualifiers += "MinLen($($Matches[1]))"
} }
@ -171,10 +146,10 @@ ForEach ($Category in $OVFConfig.PropertyCategories) {
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers)
} }
} }
'^string' { 'string' {
$XMLPropertyAttrType.Value = 'string' $XMLPropertyAttrType.Value = 'string'
$Qualifiers = @() $Qualifiers = @()
If ($Property.Type -match '^string\((\d*)\.\.(\d*)\)') { If ($Property.Type -match 'string\((\d*)\.\.(\d*)\)') {
If ($Matches[1]) { If ($Matches[1]) {
$Qualifiers += "MinLen($($Matches[1]))" $Qualifiers += "MinLen($($Matches[1]))"
} }
@ -184,7 +159,7 @@ ForEach ($Category in $OVFConfig.PropertyCategories) {
$XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.ovf) $XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.ovf)
$XMLPropertyAttrQualifiers.Value = $Qualifiers -join ' ' $XMLPropertyAttrQualifiers.Value = $Qualifiers -join ' '
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers)
} ElseIf ($Property.Type -match '^string\[(.*)\]') { } ElseIf ($Property.Type -match 'string\[(.*)\]') {
$XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.ovf) $XMLPropertyAttrQualifiers = $XML.CreateAttribute('qualifiers', $XML.DocumentElement.ovf)
$XMLPropertyAttrQualifiers.Value = "ValueMap{$($Matches[1] -replace '","', '", "')}" $XMLPropertyAttrQualifiers.Value = "ValueMap{$($Matches[1] -replace '","', '", "')}"
[void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers) [void]$XMLProperty.Attributes.Append($XMLPropertyAttrQualifiers)

View File

@ -1,113 +0,0 @@
- Id: domainmember
Label: Domain member
Description: Windows 10 client joined to an Active Directory domain
- Id: standalone
Label: Stand-alone
Description: Stand-alone Windows 10 client
- Name: 0) Deployment information
- Key: deployment.type
Type: string
- domainmember
- standalone
UserConfigurable: false
- Name: 1) Operating System
- Key: guestinfo.hostname
Type: string(1..15)
Label: Hostname*
Description: '(max length: 15 characters)'
DefaultValue: ''
Configurations: '*'
UserConfigurable: true
- Key: guestinfo.administratorpw
Type: password(7..)
Label: Local administrator password*
Description: Must meet password complexity rules
DefaultValue: password
- standalone
UserConfigurable: true
- Key: guestinfo.ntpserver
Type: string(1..)
Label: Time server*
Description: A comma-separated list of timeservers
- standalone
UserConfigurable: true
- Name: 2) Networking
- Key: guestinfo.ipaddress
Type: ip
Label: IP Address*
Description: ''
DefaultValue: ''
Configurations: '*'
UserConfigurable: true
- Key: guestinfo.prefixlength
Type: int(8..32)
Label: Subnet prefix length*
Description: ''
DefaultValue: '24'
Configurations: '*'
UserConfigurable: true
- Key: guestinfo.dnsserver
Type: ip
Label: DNS server*
Description: ''
DefaultValue: ''
Configurations: '*'
UserConfigurable: true
- Key: guestinfo.gateway
Type: ip
Label: Gateway*
Description: ''
DefaultValue: ''
Configurations: '*'
UserConfigurable: true
- Name: 3) Active Directory membership
- Key: addsconfig.domainname
Type: string(1..)
Label: Domain name*
Description: Must be able to be resolved through provided DNS server
- domainmember
UserConfigurable: true
- Key: addsconfig.username
Type: string(1..)
Label: Domain account username*
Description: ''
DefaultValue: username
- domainmember
UserConfigurable: true
- Key: addsconfig.password
Type: password(1..)
Label: Domain account password*
Description: ''
DefaultValue: password
- domainmember
UserConfigurable: true
- Key:
Value: "{{ }}"
Required: false
- Key: appliance.version
Value: "{{ appliance.version }}"
Required: false
- Name:
Expression: |
- Name: appliance.version
Expression: |

View File

@ -1,7 +0,0 @@
# No parameters
# Create scheduled task
& schtasks.exe /Create /TN 'FirstBoot' /SC ONSTART /RU SYSTEM /TR "powershell.exe -file C:\Payload\Apply-FirstBootConfig.ps1"

View File

@ -1,244 +0,0 @@
# No parameters
$SetLocationSplat = @{
Path = $PSScriptRoot
Set-Location @SetLocationSplat
$NewEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
ErrorAction = 'SilentlyContinue'
New-EventLog @NewEventLogSplat
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 1
Message = "FirstBoot sequence initiated [working directory: '$PWD']"
Write-EventLog @WriteEventLogSplat
$VMwareToolsExecutable = "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
[xml]$ovfEnv = & $VMwareToolsExecutable --cmd "info-get guestinfo.ovfEnv" | Out-String
$ovfProperties = $ovfEnv.ChildNodes.NextSibling.PropertySection.Property
$ovfPropertyValues = @{}
foreach ($ovfProperty in $ovfProperties) {
$ovfPropertyValues[$ovfProperty.key] = $ovfProperty.Value
# Check for mandatory values
Switch ($ovfPropertyValues['deployment.type']) {
'domainmember' {
$MandatoryProperties, $MissingProperties = @('guestinfo.hostname', 'guestinfo.ipaddress', 'guestinfo.prefixlength', 'guestinfo.gateway', 'addsconfig.domainname', 'addsconfig.username', 'addsconfig.password'), @()
'standalone' {
$MandatoryProperties, $MissingProperties = @('guestinfo.hostname', 'guestinfo.ipaddress', 'guestinfo.prefixlength', 'guestinfo.gateway', 'guestinfo.administratorpw', 'guestinfo.ntpserver'), @()
default {
# Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = "Unexpected or no value set for property 'deployment.type', cannot provision."
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
ForEach ($Property in $MandatoryProperties) {
If (!$ovfPropertyValues[$Property]) {
$MissingProperties += $Property
If ($MissingProperties.Length -gt 0) {
# Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {"'{0}'" -f $_}) -join ', '), cannot provision."
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
# Set hostname and description
If ($Env:ComputerName -ne $ovfPropertyValues['guestinfo.hostname']) {
$RenameComputerSplat = @{
NewName = $ovfPropertyValues['guestinfo.hostname']
Force = $True
Confirm = $False
Rename-Computer @RenameComputerSplat
$SetCimInstanceSplat = @{
InputObject = (Get-CimInstance -ClassName 'Win32_OperatingSystem')
Property = @{
Description = $ovfPropertyValues['guestinfo.hostname']
Set-CimInstance @SetCimInstanceSplat
# Restart the computer to apply changes
Restart-Computer -Force
# Configure network interface
If ((Get-WmiObject -Class 'Win32_NetworkAdapterConfiguration').IPAddress -NotContains $ovfPropertyValues['guestinfo.ipaddress']) {
$NewNetIPAddressSplat = @{
InterfaceAlias = (Get-NetAdapter).Name
AddressFamily = 'IPv4'
IPAddress = $ovfPropertyValues['guestinfo.ipaddress']
PrefixLength = $ovfPropertyValues['guestinfo.prefixlength']
DefaultGateway = $ovfPropertyValues['guestinfo.gateway']
$IPAddress = New-NetIPAddress @NewNetIPAddressSplat
# Wait for network connection to become available
$Timestamp, $TimeoutMinutes = (Get-Date), 5
Do {
If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Warning'
EventID = 13
Message = "Timeout after $($TimeoutMinutes) minutes waiting for network connection to become available."
Write-EventLog @WriteEventLogSplat
Start-Sleep -Milliseconds 250
$GetNetIPAddressSplat = @{
IPAddress = $ovfPropertyValues['guestinfo.ipaddress']
InterfaceIndex = $IPAddress.InterfaceIndex
AddressFamily = 'IPv4'
ErrorAction = 'SilentlyContinue'
} Until ((Get-NetIPAddress @GetNetIPAddressSplat).AddressState -eq 'Preferred')
$OldErrorActionPreference, $ErrorActionPreference = $ErrorActionPreference, 'SilentlyContinue'
$TestNetConnectionSplat = @{
ComputerName = ([IPAddress]$ovfPropertyValues['guestinfo.dnsserver']).IPAddressToString
InformationLevel = 'Quiet'
$SetDnsClientServerAddressSplat = @{
InterfaceAlias = (Get-NetAdapter).Name
ServerAddresses = If (
[boolean]($ovfPropertyValues['guestinfo.dnsserver'] -as [IPaddress]) -and (Test-NetConnection @TestNetConnectionSplat)) {
} else {
Validate = $False
Set-DnsClientServerAddress @SetDnsClientServerAddressSplat
$ErrorActionPreference, $OldErrorActionPreference = $OldErrorActionPreference, $NULL
Switch ($ovfPropertyValues['deployment.type']) {
'domainmember' {
# Join Active Directory domain as member
If (!(Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
$AddComputerSplat = @{
DomainName = $ovfPropertyValues['addsconfig.domainname']
Credential = New-Object System.Management.Automation.PSCredential(
(ConvertTo-SecureString $ovfPropertyValues['addsconfig.password'] -AsPlainText -Force)
# OUPath = $ovfPropertyValues['addsconfig.organizationalunit']
Restart = $True
Force = $True
Confirm = $False
Add-Computer @AddComputerSplat
# Previous cmdlet performs a reboot on completion; so these are commented out
# Restart-Computer -Force
# Exit
'standalone' {
# Change password of built-in Administrator
$BuiltinAdministrator = (Get-LocalUser | Where-Object {$_.SID -match '-500'})
$ConvertToSecureStringSplat = @{
String = $ovfPropertyValues['guestinfo.administratorpw']
AsPlainText = $True
Force = $True
$SetLocalUserSplat = @{
InputObject = $BuiltinAdministrator
Password = ConvertTo-SecureString @ConvertToSecureStringSplat
PasswordNeverExpires = $True
AccountNeverExpires = $True
### This setting is not allowed on the last administrator
# UserMayChangePassword = $False
Confirm = $False
Set-LocalUser @SetLocalUserSplat
$EnableLocalUserSplat = @{
InputObject = $BuiltinAdministrator
Confirm = $False
Enable-LocalUser @EnableLocalUserSplat
# Iterate through and invoke all payload scripts
#! TODO: add registry values to determine which scripts have already been invoked (in case of intermediate reboots)
$GetItemSplat = @{
Path = "$($PSScriptRoot)\Scripts\*.ps1"
ForEach ($Script in (Get-Item @GetItemSplat)) {
Try {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 4
Message = "Running script: '$($Script.FullName)'"
Write-EventLog @WriteEventLogSplat
& $Script.FullName -Parameter $ovfPropertyValues
Catch {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = @"
Error occurred while executing script '$($Script.Name)':
Write-EventLog @WriteEventLogSplat
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 42
Message = 'FirstBoot sequence applied and finished'
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE