diff options
Diffstat (limited to 'packer/files/scripts/windows')
| -rw-r--r-- | packer/files/scripts/windows/cleanup.ps1 | 132 | ||||
| -rw-r--r-- | packer/files/scripts/windows/disable-updates.ps1 | 13 | ||||
| -rw-r--r-- | packer/files/scripts/windows/enable-winrm-http.ps1 | 29 | ||||
| -rw-r--r-- | packer/files/scripts/windows/init.ps1 | 25 | ||||
| -rw-r--r-- | packer/files/scripts/windows/setup-qemu-guest-agent.ps1 | 14 | ||||
| -rw-r--r-- | packer/files/scripts/windows/sysprep-shutdown.bat | 6 |
6 files changed, 219 insertions, 0 deletions
diff --git a/packer/files/scripts/windows/cleanup.ps1 b/packer/files/scripts/windows/cleanup.ps1 new file mode 100644 index 0000000..6242ac5 --- /dev/null +++ b/packer/files/scripts/windows/cleanup.ps1 @@ -0,0 +1,132 @@ +$ErrorActionPreference = "SilentlyContinue" +Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue | Out-Null + +try { + $System = GWMI Win32_ComputerSystem -EnableAllPrivileges + $System.AutomaticManagedPagefile = $False + $System.Put() | Out-Null + $CurrentPageFile = gwmi -query "select * from Win32_PageFileSetting where name='c:\\pagefile.sys'" + $CurrentPageFile.InitialSize = 512 + $CurrentPageFile.MaximumSize = 512 + $CurrentPageFile.Put() | Out-Null + + Write-Host "[INFO] Changed pagefile size" +} catch { + Write-Host "[ERR] Error occured while attempting to modify pagefile size" + Write-Host "$($_.Exception.Message)" +} + +try { + DISM /Online /Cleanup-Image /StartComponentCleanup /ResetBase /Quiet + Write-Host "[INFO] Executed dism to cleanup image and reset" +} catch { + Write-Host "[ERR] Error occured while running dism to cleanup image and reset" + Write-Host "$($_.Exception.Message)" +} + +try { + Remove-Item -Path "C:\Recovery" -Recurse -Force + Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force | Remove-Item -Recurse -Force | Out-Null + Get-ChildItem "C:\Windows\SoftwareDistribution\*" -Recurse -Force | Remove-Item -Recurse -Force | Out-Null + Get-ChildItem "C:\Users\*\AppData\Local\Temp\*" -Recurse -Force | Remove-Item -Recurse -Force | Out-Null + Get-ChildItem "C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" -Recurse -Force | Remove-Item -Recurse -Force | Out-Null + Get-ChildItem "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" -Recurse -Filter *uninstall*.lnk | % { Remove-Item -Force $_.FullName | Out-Null } + + @( + "$env:localappdata\Nuget", + "$env:localappdata\temp\*", + "$env:windir\logs", + "$env:windir\panther", + "$env:windir\temp\*", + "$env:windir\winsxs\manifestcache" + ) | ForEach-Object { + if ((Test-Path $_) -And ($_ -NotLike "*.ps1")) { + try { + Takeown /d Y /R /f $_ 2>&1 | Out-Null + Icacls $_ /GRANT:r administrators:F /T /c /q 2>&1 | Out-Null + Remove-Item $_ -Recurse -Force | Out-Null + } + catch { $global:error.RemoveAt(0) } + } + } + + Write-Host "[INFO] Removed temporary and build files" +} catch { + Write-Host "[ERR] Error occured while attempting to remove temporary and build files" + Write-Host "$($_.Exception.Message)" +} + +try { + & defrag.exe C: /h *> $null + Write-Host "[INFO] Executed defrag.exe" +} +catch { + Write-Host "[ERR] Error occured while running defrag.exe" + Write-Host "$($_.Exception.Message)" +} + +try { + & cleanmgr.exe /verylowdisk *> $null + Write-Host "[INFO] Executed cleanmgr.exe" +} +catch { + Write-Host "[ERR] Error occured while running cleanmgr.exe" + Write-Host "$($_.Exception.Message)" +} + +try { + $FilePath = "C:\zero.tmp" + $Volume = Get-WmiObject win32_logicaldisk -filter "DeviceID='C:'" + $ArraySize = 64kb + $SpaceToLeave = $Volume.Size * 0.05 + $FileSize = $Volume.FreeSpace - $SpaceToLeave + $ZeroArray = New-Object byte[]($ArraySize) + + $Stream = [IO.File]::OpenWrite($FilePath) + try { + $CurFileSize = 0 + while ($CurFileSize -lt $FileSize) { + $Stream.Write($ZeroArray, 0, $ZeroArray.Length) + $CurFileSize += $ZeroArray.Length + } + } + finally { + if ($Stream) { + $Stream.Close() + } + } + + Remove-Item $FilePath + + Write-Host "[INFO] Zeroed out empty space" +} catch { + Write-Host "[ERR] Error occured while attempting to zero out empty space" + Write-Host "$($_.Exception.Message)" +} + +try { + powercfg /change monitor-timeout-ac 0 + powercfg /change monitor-timeout-dc 0 + powercfg /change disk-timeout-ac 0 + powercfg /change disk-timeout-dc 0 + powercfg /change standby-timeout-ac 0 + powercfg /change standby-timeout-dc 0 + powercfg /change hibernate-timeout-ac 0 + powercfg /change hibernate-timeout-dc 0 + + Write-Host "[INFO] Disabled screen timeout, disk timeout, standby, hibernate" +} catch { + Write-Host "[ERR] Error occured while attempting to modify screen timeout, disk timeout, standby, hibernate" + Write-Host "$($_.Exception.Message)" +} + +try { + Clear-EventLog -LogName (Get-EventLog -List).log + Clear-EventLog -LogName (Get-EventLog -List).log + Clear-EventLog -LogName (Get-EventLog -List).log + + Write-Host "[INFO] Cleared out event logs" +} catch { + Write-Host "[ERR] Error occured while clearing event logs" + Write-Host "$($_.Exception.Message)" +} diff --git a/packer/files/scripts/windows/disable-updates.ps1 b/packer/files/scripts/windows/disable-updates.ps1 new file mode 100644 index 0000000..69d6441 --- /dev/null +++ b/packer/files/scripts/windows/disable-updates.ps1 @@ -0,0 +1,13 @@ +# https://learn.microsoft.com/en-us/windows/win32/api/wuapi/ne-wuapi-automaticupdatesnotificationlevel +# https://learn.microsoft.com/en-us/archive/blogs/jamesone/managing-windows-update-with-powershell +try { + $updates = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings + if ($updates.ReadOnly -eq $true) { + Write-Error "[ERR] Cannot update Windows Update settings due to GPO restrictions" + } else { + $updates.NotificationLevel = 1 + $updates.Save() + $updates.Refresh() + Write-Output "[INFO] Automatic Windows Updates disabled" + } +} catch { Write-Output "[ERR] Exception while disabling Automatic Windows Updates" } diff --git a/packer/files/scripts/windows/enable-winrm-http.ps1 b/packer/files/scripts/windows/enable-winrm-http.ps1 new file mode 100644 index 0000000..44d8e70 --- /dev/null +++ b/packer/files/scripts/windows/enable-winrm-http.ps1 @@ -0,0 +1,29 @@ +Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private + +New-ItemProperty ` + -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ` + -Name LocalAccountTokenFilterPolicy ` + -Value 1 ` + -Force | Out-Null + +winrm quickconfig -q +winrm quickconfig -transport:http +winrm set winrm/config '@{MaxTimeoutms="1800000"}' +winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service/auth '@{Basic="true"}' +winrm set winrm/config/service/auth '@{CredSSP="true"}' +winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}' +Start-Process -FilePath C:\Windows\System32\cmd.exe -ArgumentList "/c sc.exe config WinRM start= delayed-auto" -Wait -Verbose +Start-Process -FilePath C:\Windows\System32\cmd.exe -ArgumentList "/c sc.exe stop WinRM" -Wait -Verbose +Start-Process -FilePath C:\Windows\System32\cmd.exe -ArgumentList "/c sc.exe start WinRM" -Wait -Verbose + +New-NetFirewallRule ` + -DisplayName WINRM-HTTP-In-TCP ` + -Direction Inbound ` + -Action Allow ` + -Protocol TCP ` + -LocalPort 5985 | Out-Null + +#netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes +#netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow remoteip=any diff --git a/packer/files/scripts/windows/init.ps1 b/packer/files/scripts/windows/init.ps1 new file mode 100644 index 0000000..3eea7b4 --- /dev/null +++ b/packer/files/scripts/windows/init.ps1 @@ -0,0 +1,25 @@ +Get-WmiObject Win32_UserAccount -Filter "Name='packer'" | % { $_.PasswordExpires = $false; $_.Put() } | Out-Null + +if ((Get-WmiObject -Class Win32_OperatingSystem).ProductType -ne 1) { + Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "DisableCAD" -Value 1 -Force + + secedit /export /cfg C:\secpol.cfg + (Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg + (Get-Content C:\secpol.cfg).replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 0") | Out-File C:\secpol.cfg + secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY + Remove-Item -Force C:\secpol.cfg -Confirm:$false +} + +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Power", "HiberFileSizePercent", 0) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Power", "HibernateEnabled", 0) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Reliability", "ShutdownReasonOn", 1) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Reliability", "ShutdownReasonUI", 2) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge", "HideFirstRunExperience", 1) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", 1) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "IncludeRecommendedUpdates", 0) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "AUOptions", 2) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge", "HideFirstRunExperience", 1) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", 1) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "IncludeRecommendedUpdates", 0) +[Microsoft.Win32.Registry]::SetValue("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "AUOptions", 2) + diff --git a/packer/files/scripts/windows/setup-qemu-guest-agent.ps1 b/packer/files/scripts/windows/setup-qemu-guest-agent.ps1 new file mode 100644 index 0000000..a2baefa --- /dev/null +++ b/packer/files/scripts/windows/setup-qemu-guest-agent.ps1 @@ -0,0 +1,14 @@ +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + +try { + $url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win-guest-tools.exe" + (New-Object System.Net.WebClient).DownloadFile($url, "C:\virtio-win-guest-tools.exe") + Write-Output "[INFO] Downloaded $url" + + Start-Process -FilePath "C:\virtio-win-guest-tools.exe" -ArgumentList "/install /passive /norestart" -Wait -Verbose + Write-Output "[INFO] Successfully installed VirtIO Guest Tools" + Remove-Item "C:\virtio-win-guest-tools.exe" -Force +} catch { + Write-Host "[ERR] Error occured while installing VirtIO Guest Tools" + Write-Host "$($_.Exception.Message)" +} diff --git a/packer/files/scripts/windows/sysprep-shutdown.bat b/packer/files/scripts/windows/sysprep-shutdown.bat new file mode 100644 index 0000000..623820a --- /dev/null +++ b/packer/files/scripts/windows/sysprep-shutdown.bat @@ -0,0 +1,6 @@ +@echo off +for %%i in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do ( + if exist %%i:\sysprep.xml ( + call C:\Windows\System32\Sysprep\sysprep.exe /generalize /oobe /unattend:%%i:\sysprep.xml /shutdown + ) +) |