diff --git a/compose.yml b/compose.yml index f305849..064332a 100644 --- a/compose.yml +++ b/compose.yml @@ -2,8 +2,19 @@ services: windows: image: dockurr/windows container_name: windows + privileged: true + healthcheck: + test: "[ -f /data/ready ] || exit 1" + interval: 60s + retries: 5 + start_period: 300s + timeout: 2s environment: VERSION: "11" + USERNAME: "bill" + PASSWORD: "gates" + DEBUG: "y" + MANUAL: "n" devices: - /dev/kvm - /dev/net/tun @@ -14,3 +25,7 @@ services: - 3389:3389/tcp - 3389:3389/udp stop_grace_period: 2m + volumes: + - ./scripts:/oem + - ./shared:/data + - ./custom.xml:/custom.xml \ No newline at end of file diff --git a/custom.xml b/custom.xml new file mode 100644 index 0000000..29729f9 --- /dev/null +++ b/custom.xml @@ -0,0 +1,470 @@ + + + + + + en-US + + 0409:00000409 + en-US + en-US + en-US + + + + + 0 + true + + + + 1 + EFI + 128 + + + + 2 + MSR + 128 + + + + 3 + Primary + true + + + + + + 1 + 1 + + FAT32 + + + + 2 + 2 + + + + 3 + 3 + + C + NTFS + + + + + + + + 0 + 3 + + false + + + + true + Never + + + false + Never + + + true + Docker + Windows for Docker + + VK7JG-NPHTM-C97JM-9MPGT-3V66T + + + false + + false + + + + 1 + reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f + + + 2 + reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f + + + 3 + reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f + + + 4 + reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f + + + + + + + false + + + + + true + + + 1 + + + + + true + + + * + + Dockur + Windows for Docker + 24/7 + + Dockur + https://github.com/dockur/windows/issues + + Windows for Docker + + + 1 + + + true + true + https://google.com + about:blank + + + true + true + https://google.com + about:blank + + + 0 + + + 1 + + + 0409:00000409 + en-US + en-US + en-US + + + + + 1 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f + + + 2 + reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT" + + + 3 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f + + + 4 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f + + + 5 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 6 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 7 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f + + + 8 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 9 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f + + + 10 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f + + + 11 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f + + + 12 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f + + + 13 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f + + + 14 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f + + + 15 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f + + + 16 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f + + + 17 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f + + + 18 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f + + + 19 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f + + + 20 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f + + + 21 + reg.exe unload "HKU\mount" + + + 22 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f + + + 23 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f + + + 24 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f + + + 25 + reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f + Set Network Location to Home + + + + + false + + + 0 + + + + + true + all + @FirewallAPI.dll,-28752 + + + + + + + + + true + + + 1 + + + + + + Docker + Administrators + + + true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine> + <Description>Allow RDP login with blank password</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine> + <Description>Install VirtIO display driver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C "type nul > \\host.lan\Data\ready"</CommandLine> + <Description>Let host known that all configuration is done</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/scripts/dependencies_windows.ps1 b/scripts/dependencies_windows.ps1 new file mode 100644 index 0000000..06a9101 --- /dev/null +++ b/scripts/dependencies_windows.ps1 @@ -0,0 +1,130 @@ +$ErrorActionPreference = "Stop" + +# https://stackoverflow.com/questions/9948517/how-to-stop-a-powershell-script-on-the-first-error +function CheckStatus { + if (-not $?) + { + throw "Native Failure" + } +} + +function Validate-FileHash($filePath, $expectedHash, [Parameter(Mandatory=$false)] $algorithm) { + if ($algorithm -ne $null) { + $computedHash = Get-FileHash $filePath -Algorithm $algorithm + } else { + $computedHash = Get-FileHash $filePath + } + if ($computedHash.Hash -ne $expectedHash) { + Write-Error "incorrect hash for file: $filePath, actual: $($computedHash.Hash), expected: $expectedHash" + exit 1 + } +} + +function Install-STUN() { + $ZipPath = "stunserver_win64_1_2_16.zip" + $URL = "http://www.stunprotocol.org/$ZipPath" + $Destination = "C:\workspace\stunserver" + $Hash = "CDC8C68400E3B9ECE95F900699CEF1535CFCF4E59C34AF9A33F4679638ACA3A1" + + echo "Downloading $URL" + curl.exe -L $URL -o $ZipPath + CheckStatus + + Validate-FileHash $ZipPath $Hash + + echo "Extracting $ZipPath to $Destination" + Expand-Archive $ZipPath -DestinationPath $Destination + CheckStatus +} + +function Install-iperf() { + $ZipPath = "iperf3.17_64.zip" + $URL = "https://files.budman.pw/$ZipPath" + $Hash = "C1AB63DE610D73779D1003753F8DCD3FAAE0B6AC5BE1EAF31BBF4A1D3D2E3356" + $Destination = "C:\workspace\iperf3" + $DestinationTmp = "$Destination.tmp" + + echo "Downloading $URL" + curl.exe -L $URL -o $ZipPath + CheckStatus + + Validate-FileHash $ZipPath $Hash + + echo "Extracting $ZipPath to $DestinationTmp" + Expand-Archive $ZipPath -DestinationPath $DestinationTmp + CheckStatus + + $firstSubDir = Get-ChildItem -Path $DestinationTmp -Directory | Select-Object -First 1 + echo "Moving $DestinationTmp\$firstSubDir to $Destination" + mv $DestinationTmp\$firstSubDir $Destination + Remove-Item $DestinationTmp +} + +function Install-Python() { + $InstallerPath = "python-3.13.0-amd64.exe" + $URL = "https://www.python.org/ftp/python/3.13.0/$InstallerPath" + $Hash = "78156AD0CF0EC4123BFB5333B40F078596EBF15F2D062A10144863680AFBDEFC" + + echo "Downloading $URL" + curl.exe -L $URL -o $InstallerPath + CheckStatus + + Validate-FileHash $InstallerPath $Hash + + echo "Installing python.." + Start-Process -NoNewWindow -Wait -FilePath $PWD\$InstallerPath -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 Include_test=0 Include_doc=0 Include_dev=1 Include_launcher=0 Include_tcltk=0" + CheckStatus + + $env:Path = [System.Environment]::GetEnvironmentVariable("Path", [System.EnvironmentVariableTarget]::Machine) + + python.exe -m pip install --upgrade pip +} + +function Install-WinDump() { + $InstallerPath = "nmap-7.12-setup.exe" + $URL = "https://nmap.org/dist/$InstallerPath" + $Hash = "56580F1EEBDCCFBC5CE6D75690600225738DDBE8D991A417E56032869B0F43C7" + + echo "Downloading $URL" + curl.exe -L $URL -o $InstallerPath + CheckStatus + + Validate-FileHash $InstallerPath $Hash + + echo "Installing winpcap.." + Start-Process -NoNewWindow -Wait -FilePath $PWD\$InstallerPath -ArgumentList "/S" + CheckStatus + + sc.exe config npf start= auto + CheckStatus + + $BinaryPath = "WinDump.exe" + $URL = "https://www.winpcap.org/windump/install/bin/windump_3_9_5/$BinaryPath" + $Hash = "d59bc54721951dec855cbb4bbc000f9a71ea4d95" + + echo "Downloading $URL" + curl.exe -L $URL -o $BinaryPath + CheckStatus + + Validate-FileHash $BinaryPath $Hash SHA1 +} + +[System.IO.Directory]::CreateDirectory("C:\workspace") +CheckStatus + +cd C:\workspace +setx PATH "%PATH%;C:\workspace\uniffi" + +Install-STUN +CheckStatus + +Install-iperf +CheckStatus + +Install-Python +CheckStatus + +Install-WinDump +CheckStatus + +pip install Pyro5==5.15 diff --git a/scripts/disable_updates.ps1 b/scripts/disable_updates.ps1 new file mode 100644 index 0000000..5db31e3 --- /dev/null +++ b/scripts/disable_updates.ps1 @@ -0,0 +1,52 @@ +$ErrorActionPreference = "Stop" + +function Set-RegistryProperty { + param ( + [string]$path, + [string]$name, + [int]$value + ) + + if (-not (Test-Path $path)) { + New-Item -Path $path -Force + } + + if (-not (Test-Path "$path\$name")) { + New-ItemProperty -Path $path -Name $name -Value $value -Force + } else { + Set-ItemProperty -Path $path -Name $name -Value $value -Force + } +} + +Write-Output "Windows Update settings have been configured to disable automatic updates and notifications." + +$settings = @( + @{ Type = "registry"; Name = "NoAutoUpdate"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" }, + @{ Type = "registry"; Name = "AUOptions"; Value = 0; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" }, + @{ Type = "registry"; Name = "ExcludeWUDriversInQualityUpdate"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" }, + @{ Type = "registry"; Name = "DisableWindowsUpdateAccess"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" }, + @{ Type = "registry"; Name = "NoAutoRebootWithLoggedOnUsers"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" }, + @{ Type = "registry"; Name = "DisableAutoReboot"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" }, + @{ Type = "registry"; Name = "UseWUServer"; Value = 0; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" }, + @{ Type = "registry"; Name = "ExternalManaged"; Value = 1; Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" }, + @{ Type = "registry"; Name = "DODownloadMode"; Value = 0; Path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" }, + + @{ Type = "service"; Name = "wuauserv"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv" }, + @{ Type = "service"; Name = "BITS"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\BITS" }, + @{ Type = "service"; Name = "cryptsvc"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\cryptsvc" }, + @{ Type = "service"; Name = "dosvc"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\dosvc" }, + @{ Type = "service"; Name = "usosvc"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\usosvc" }, + @{ Type = "service"; Name = "msiserver"; Value = 4; Path = "HKLM:\SYSTEM\CurrentControlSet\Services\msiserver" } +) + +foreach ($setting in $settings) { + if ($setting.Type -eq "registry") { + Set-RegistryProperty -path $setting.Path -name $setting.Name -value $setting.Value + Write-Output "Set $($setting.Name) to $($setting.Value) in $($setting.Path)." + } elseif ($setting.Type -eq "service") { + Set-RegistryProperty -path $setting.Path -name "Start" -value $setting.Value + Write-Output "Disabled $($setting.Name) service." + } +} + +Write-Output "All specified Windows Update services and group policies have been disabled." diff --git a/scripts/install.bat b/scripts/install.bat new file mode 100644 index 0000000..2f430c2 --- /dev/null +++ b/scripts/install.bat @@ -0,0 +1,9 @@ +pushd "C:/OEM" + +powershell -ExecutionPolicy Bypass -File "dependencies_windows.ps1" +powershell -ExecutionPolicy Bypass -File "optimize.ps1" +powershell -ExecutionPolicy Bypass -File "disable_updates.ps1" + +popd + +shutdown /f /r /t 0 diff --git a/scripts/optimize.ps1 b/scripts/optimize.ps1 new file mode 100644 index 0000000..017ccbe --- /dev/null +++ b/scripts/optimize.ps1 @@ -0,0 +1,36 @@ +$ErrorActionPreference = "Stop" + +# Set Power Plan to High Performance and disable sleep +Write-Output "Configuring Power Plan to High Performance and disabling sleep..." +slmgr /rearm +powercfg -setactive SCHEME_MIN +powercfg /x -hibernate-timeout-ac 0 +powercfg /x -hibernate-timeout-dc 0 +powercfg /x -disk-timeout-ac 0 +powercfg /x -disk-timeout-dc 0 +powercfg /x -monitor-timeout-ac 0 +powercfg /x -monitor-timeout-dc 0 +powercfg /x -standby-timeout-ac 0 +powercfg /x -standby-timeout-dc 0 + +# Disable Windows Search Indexing (optional, for minimal interruption) +Write-Output "Disabling Windows Search indexing service..." +Stop-Service -Name "WSearch" -Force -ErrorAction SilentlyContinue +Set-Service -Name "WSearch" -StartupType Disabled + +# Set Network Adapters to not enter Power Saving mode +Write-Output "Disabling Power Saving for Network Adapters..." +Get-WmiObject -Namespace root\wmi -Class MSPower_DeviceEnable -Filter "InstanceName LIKE 'PCI\\\\VEN%'" | ForEach-Object { + $_.Enable = $false + $_.Put() +} + +# Set Firewall to allow all connections (optional; adjust based on your requirements) +Write-Output "Configuring Windows Firewall to allow all connections (if necessary)..." +Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False +netsh advfirewall set allprofiles state off + +# This can't be done inside provision script, because a restart is needed for changes to take effect. +Write-Host "Enable IPv6" +reg add hklm\system\currentcontrolset\services\tcpip6\parameters /f /v DisabledComponents /t REG_DWORD /d 0 +