diff --git a/.devcontainer.json b/.devcontainer.json deleted file mode 100644 index 14d70b4..0000000 --- a/.devcontainer.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "windows", - "service": "windows", - "forwardPorts": [8006], - "dockerComposeFile": "compose.yml" -} diff --git a/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json b/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json new file mode 100644 index 0000000..cc0e5ae --- /dev/null +++ b/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 11 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "11e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/020 - Windows 11 LTSC/devcontainer.json b/.devcontainer/020 - Windows 11 LTSC/devcontainer.json new file mode 100644 index 0000000..23e54ff --- /dev/null +++ b/.devcontainer/020 - Windows 11 LTSC/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 11 LTSC", + "service": "windows", + "containerEnv": { + "VERSION": "11l" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/030 - Windows 10 Pro/devcontainer.json b/.devcontainer/030 - Windows 10 Pro/devcontainer.json new file mode 100644 index 0000000..c5a647b --- /dev/null +++ b/.devcontainer/030 - Windows 10 Pro/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 10 Pro", + "service": "windows", + "containerEnv": { + "VERSION": "10" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json b/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json new file mode 100644 index 0000000..1466e11 --- /dev/null +++ b/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 10 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "10e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/050 - Windows 10 LTSC/devcontainer.json b/.devcontainer/050 - Windows 10 LTSC/devcontainer.json new file mode 100644 index 0000000..dfc8f5c --- /dev/null +++ b/.devcontainer/050 - Windows 10 LTSC/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 10 LTSC", + "service": "windows", + "containerEnv": { + "VERSION": "10l" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json b/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json new file mode 100644 index 0000000..e58f7ad --- /dev/null +++ b/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 8.1 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "8e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json b/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json new file mode 100644 index 0000000..85878f0 --- /dev/null +++ b/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 7 Ultimate", + "service": "windows", + "containerEnv": { + "VERSION": "7u" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json b/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json new file mode 100644 index 0000000..b99c942 --- /dev/null +++ b/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Vista Ultimate", + "service": "windows", + "containerEnv": { + "VERSION": "vu" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/090 - Windows XP Professional/devcontainer.json b/.devcontainer/090 - Windows XP Professional/devcontainer.json new file mode 100644 index 0000000..a2c51c4 --- /dev/null +++ b/.devcontainer/090 - Windows XP Professional/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows XP Professional", + "service": "windows", + "containerEnv": { + "VERSION": "xp" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/100 - Windows 2000 Professional/devcontainer.json b/.devcontainer/100 - Windows 2000 Professional/devcontainer.json new file mode 100644 index 0000000..e5fab13 --- /dev/null +++ b/.devcontainer/100 - Windows 2000 Professional/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 2000 Professional", + "service": "windows", + "containerEnv": { + "VERSION": "2k" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/110 - Windows Server 2025/devcontainer.json b/.devcontainer/110 - Windows Server 2025/devcontainer.json new file mode 100644 index 0000000..96089cc --- /dev/null +++ b/.devcontainer/110 - Windows Server 2025/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2025", + "service": "windows", + "containerEnv": { + "VERSION": "2025" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/120 - Windows Server 2022/devcontainer.json b/.devcontainer/120 - Windows Server 2022/devcontainer.json new file mode 100644 index 0000000..9897a67 --- /dev/null +++ b/.devcontainer/120 - Windows Server 2022/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2022", + "service": "windows", + "containerEnv": { + "VERSION": "2022" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/130 - Windows Server 2019/devcontainer.json b/.devcontainer/130 - Windows Server 2019/devcontainer.json new file mode 100644 index 0000000..9903599 --- /dev/null +++ b/.devcontainer/130 - Windows Server 2019/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2019", + "service": "windows", + "containerEnv": { + "VERSION": "2019" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/140 - Windows Server 2016/devcontainer.json b/.devcontainer/140 - Windows Server 2016/devcontainer.json new file mode 100644 index 0000000..614b171 --- /dev/null +++ b/.devcontainer/140 - Windows Server 2016/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2016", + "service": "windows", + "containerEnv": { + "VERSION": "2016" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json b/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json new file mode 100644 index 0000000..158036c --- /dev/null +++ b/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2012 R2", + "service": "windows", + "containerEnv": { + "VERSION": "2012" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json b/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json new file mode 100644 index 0000000..5dc1af6 --- /dev/null +++ b/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2008 R2", + "service": "windows", + "containerEnv": { + "VERSION": "2008" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/170 - Windows Server 2003/devcontainer.json b/.devcontainer/170 - Windows Server 2003/devcontainer.json new file mode 100644 index 0000000..c47effb --- /dev/null +++ b/.devcontainer/170 - Windows Server 2003/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows Server 2003", + "service": "windows", + "containerEnv": { + "VERSION": "2003" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/180 - Tiny11/devcontainer.json b/.devcontainer/180 - Tiny11/devcontainer.json new file mode 100644 index 0000000..225a746 --- /dev/null +++ b/.devcontainer/180 - Tiny11/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Tiny11", + "service": "windows", + "containerEnv": { + "VERSION": "tiny11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/190 - Tiny11 Core/devcontainer.json b/.devcontainer/190 - Tiny11 Core/devcontainer.json new file mode 100644 index 0000000..78da098 --- /dev/null +++ b/.devcontainer/190 - Tiny11 Core/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Tiny11 Core", + "service": "windows", + "containerEnv": { + "VERSION": "core11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/200 - Tiny11 Nano/devcontainer.json b/.devcontainer/200 - Tiny11 Nano/devcontainer.json new file mode 100644 index 0000000..c7fdca9 --- /dev/null +++ b/.devcontainer/200 - Tiny11 Nano/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Tiny11 Nano", + "service": "windows", + "containerEnv": { + "VERSION": "nano11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/210 - Tiny10/devcontainer.json b/.devcontainer/210 - Tiny10/devcontainer.json new file mode 100644 index 0000000..3df1b88 --- /dev/null +++ b/.devcontainer/210 - Tiny10/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Tiny10", + "service": "windows", + "containerEnv": { + "VERSION": "tiny10" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.devcontainer/codespaces.yml b/.devcontainer/codespaces.yml new file mode 100644 index 0000000..85e3f64 --- /dev/null +++ b/.devcontainer/codespaces.yml @@ -0,0 +1,21 @@ +services: + windows: + container_name: windows + image: ghcr.io/dockur/windows + environment: + RAM_SIZE: "half" + DISK_SIZE: "max" + CPU_CORES: "max" + devices: + - /dev/kvm + - /dev/net/tun + cap_add: + - NET_ADMIN + ports: + - 8006:8006 + - 3389:3389/tcp + - 3389:3389/udp + volumes: + - ./windows:/storage + restart: on-failure + stop_grace_period: 2m diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..d7c98a8 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "Windows 11 Pro", + "service": "windows", + "containerEnv": { + "VERSION": "11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "codespaces.yml", + "workspaceFolder": "/workspaces/windows", + "initializeCommand": "docker system prune --all --force" +} diff --git a/.dockerignore b/.dockerignore index 258778b..154d44a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,4 +1,5 @@ .dockerignore +.devcontainer .git .github .gitignore diff --git a/.github/winboat.png b/.github/winboat.png new file mode 100644 index 0000000..2b5f6db Binary files /dev/null and b/.github/winboat.png differ diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 788a2b0..9e9d278 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -7,19 +7,29 @@ jobs: name: shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - name: Run ShellCheck + - + name: Checkout + uses: actions/checkout@v5 + - + name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: SHELLCHECK_OPTS: -x --source-path=src -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 - - name: Validate XML - uses: action-pack/valid-xml@v1 - with: - path: "assets" - file-endings: ".xml" - - name: Lint Dockerfile + - + name: Lint Dockerfile uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: Dockerfile ignore: DL3006,DL3008 failure-threshold: warning + - + name: Validate XML + uses: action-pack/valid-xml@v1 + with: + path: "assets" + file-endings: ".xml" + - + name: Validate JSON and YML files + uses: GrantBirki/json-yaml-validate@v4 + with: + yaml_exclude_regex: ".*\\kubernetes\\.yml$" diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml new file mode 100644 index 0000000..51f8503 --- /dev/null +++ b/.github/workflows/review.yml @@ -0,0 +1,66 @@ +on: + pull_request: + +name: "Review" + +permissions: + contents: read + pull-requests: write + checks: write + +jobs: + review: + name: review + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v5 + - + name: Spelling + uses: reviewdog/action-misspell@v1 + with: + locale: "US" + level: warning + pattern: | + *.md + *.sh + reporter: github-pr-review + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: Hadolint + uses: reviewdog/action-hadolint@v1 + with: + level: warning + reporter: github-pr-review + hadolint_ignore: DL3006 DL3008 + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: YamlLint + uses: reviewdog/action-yamllint@v1 + with: + level: warning + reporter: github-pr-review + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: ActionLint + uses: reviewdog/action-actionlint@v1 + with: + level: warning + reporter: github-pr-review + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: Shellformat + uses: reviewdog/action-shfmt@v1 + with: + level: warning + shfmt_flags: "-i 2 -ci -bn" + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: Shellcheck + uses: reviewdog/action-shellcheck@v1 + with: + level: warning + reporter: github-pr-review + shellcheck_flags: -x -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4903636..c275f1a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,12 +1,6 @@ on: workflow_dispatch: pull_request: - paths: - - '**/*.sh' - - '**/*.xml' - - '.github/workflows/test.yml' - - '.github/workflows/check.yml' - - 'Dockerfile' name: "Test" permissions: {} diff --git a/Dockerfile b/Dockerfile index 49e8c8b..bf6dab2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG VERSION_ARG="latest" FROM scratch AS build-amd64 -COPY --from=qemux/qemu:7.21 / / +COPY --from=qemux/qemu:7.27 / / ARG TARGETARCH ARG DEBCONF_NOWARNINGS="yes" @@ -19,7 +19,7 @@ RUN set -eu && \ cabextract \ libxml2-utils \ libarchive-tools && \ - wget "https://github.com/gershnik/wsdd-native/releases/download/v1.21/wsddn_1.21_${TARGETARCH}.deb" -O /tmp/wsddn.deb -q && \ + wget "https://github.com/gershnik/wsdd-native/releases/download/v1.22/wsddn_1.22_${TARGETARCH}.deb" -O /tmp/wsddn.deb -q && \ dpkg -i /tmp/wsddn.deb && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* @@ -27,7 +27,7 @@ RUN set -eu && \ COPY --chmod=755 ./src /run/ COPY --chmod=755 ./assets /run/assets -ADD --chmod=664 https://github.com/qemus/virtiso-whql/releases/download/v1.9.47-0/virtio-win-1.9.47.tar.xz /var/drivers.txz +ADD --chmod=664 https://github.com/qemus/virtiso-whql/releases/download/v1.9.48-0/virtio-win-1.9.48.tar.xz /var/drivers.txz FROM dockurr/windows-arm:${VERSION_ARG} AS build-arm64 FROM build-${TARGETARCH} diff --git a/assets/win10x64-enterprise-eval.xml b/assets/win10x64-enterprise-eval.xml index 41e8a70..ee75f27 100644 --- a/assets/win10x64-enterprise-eval.xml +++ b/assets/win10x64-enterprise-eval.xml @@ -376,50 +376,60 @@ 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 14 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 22 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win10x64-enterprise.xml b/assets/win10x64-enterprise.xml index c998592..5e5eb8c 100644 --- a/assets/win10x64-enterprise.xml +++ b/assets/win10x64-enterprise.xml @@ -379,50 +379,60 @@ 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 14 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 22 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win10x64-iot.xml b/assets/win10x64-iot.xml index bed9cbe..00a049e 100644 --- a/assets/win10x64-iot.xml +++ b/assets/win10x64-iot.xml @@ -385,50 +385,60 @@ 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 14 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 22 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win10x64-ltsc.xml b/assets/win10x64-ltsc.xml index 6957f2b..e77dd6a 100644 --- a/assets/win10x64-ltsc.xml +++ b/assets/win10x64-ltsc.xml @@ -382,50 +382,60 @@ 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 14 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 22 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win10x64.xml b/assets/win10x64.xml index ef19c57..7c21359 100644 --- a/assets/win10x64.xml +++ b/assets/win10x64.xml @@ -379,50 +379,60 @@ 13 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 14 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 22 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-enterprise-eval.xml b/assets/win11x64-enterprise-eval.xml index 32dac2a..39c3f02 100644 --- a/assets/win11x64-enterprise-eval.xml +++ b/assets/win11x64-enterprise-eval.xml @@ -408,56 +408,61 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 22 + 23 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 23 + 24 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 24 + 25 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 25 + 26 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-enterprise.xml b/assets/win11x64-enterprise.xml index 4c6746e..bafed49 100644 --- a/assets/win11x64-enterprise.xml +++ b/assets/win11x64-enterprise.xml @@ -411,56 +411,61 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 22 + 23 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 23 + 24 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 24 + 25 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 25 + 26 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-iot.xml b/assets/win11x64-iot.xml index 91ab3ce..d6825d0 100644 --- a/assets/win11x64-iot.xml +++ b/assets/win11x64-iot.xml @@ -411,56 +411,61 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 22 + 23 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 23 + 24 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 24 + 25 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 25 + 26 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64-ltsc.xml b/assets/win11x64-ltsc.xml index 7707cfb..a9a6ce7 100644 --- a/assets/win11x64-ltsc.xml +++ b/assets/win11x64-ltsc.xml @@ -411,56 +411,61 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 22 + 23 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 23 + 24 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 24 + 25 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 25 + 26 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win11x64.xml b/assets/win11x64.xml index 95d1d16..8082c7c 100644 --- a/assets/win11x64.xml +++ b/assets/win11x64.xml @@ -411,56 +411,61 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 22 + 23 reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f Disable unsupported hardware notifications - 23 + 24 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 24 + 25 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - 25 + 26 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2008r2-eval.xml b/assets/win2008r2-eval.xml index e7bd802..09a23ce 100644 --- a/assets/win2008r2-eval.xml +++ b/assets/win2008r2-eval.xml @@ -266,30 +266,35 @@ 15 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 16 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 20 + 21 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2008r2.xml b/assets/win2008r2.xml index a345bf8..5dee0a5 100644 --- a/assets/win2008r2.xml +++ b/assets/win2008r2.xml @@ -269,30 +269,35 @@ 15 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 16 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 17 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 17 + 18 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 19 + 20 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 20 + 21 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2012r2-eval.xml b/assets/win2012r2-eval.xml index a9de3c6..6351559 100644 --- a/assets/win2012r2-eval.xml +++ b/assets/win2012r2-eval.xml @@ -284,30 +284,40 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 14 + 15 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 15 + 16 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 17 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 16 + 18 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 17 + 19 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2012r2.xml b/assets/win2012r2.xml index 1d1a5b6..bb3dd70 100644 --- a/assets/win2012r2.xml +++ b/assets/win2012r2.xml @@ -287,30 +287,40 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 14 + 15 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 15 + 16 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 17 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 16 + 18 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 17 + 19 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2016-eval.xml b/assets/win2016-eval.xml index 568e9f5..d788960 100644 --- a/assets/win2016-eval.xml +++ b/assets/win2016-eval.xml @@ -284,50 +284,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2016.xml b/assets/win2016.xml index 6f75c66..e055e00 100644 --- a/assets/win2016.xml +++ b/assets/win2016.xml @@ -287,50 +287,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2019-eval.xml b/assets/win2019-eval.xml index cca0e35..332d974 100644 --- a/assets/win2019-eval.xml +++ b/assets/win2019-eval.xml @@ -288,50 +288,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2019-hv.xml b/assets/win2019-hv.xml index 4c416cf..2fb6e32 100644 --- a/assets/win2019-hv.xml +++ b/assets/win2019-hv.xml @@ -293,50 +293,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2019.xml b/assets/win2019.xml index 5133bed..b5d8235 100644 --- a/assets/win2019.xml +++ b/assets/win2019.xml @@ -291,50 +291,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2022-eval.xml b/assets/win2022-eval.xml index b525065..5748cb4 100644 --- a/assets/win2022-eval.xml +++ b/assets/win2022-eval.xml @@ -288,50 +288,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2022.xml b/assets/win2022.xml index 9159226..eac9414 100644 --- a/assets/win2022.xml +++ b/assets/win2022.xml @@ -291,50 +291,60 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f Remove Search from the Taskbar - 14 + 15 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 15 + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 17 + 18 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 18 + 19 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 19 + 20 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 20 + 22 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 21 + 23 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2025-eval.xml b/assets/win2025-eval.xml index 9ec3a7d..5b92f00 100644 --- a/assets/win2025-eval.xml +++ b/assets/win2025-eval.xml @@ -307,46 +307,51 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win2025.xml b/assets/win2025.xml index 8098192..2796db6 100644 --- a/assets/win2025.xml +++ b/assets/win2025.xml @@ -310,46 +310,51 @@ 15 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 16 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f Remove Task View from the Taskbar - 16 + 17 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f Remove Widgets from the Taskbar - 17 + 18 reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f Remove Chat from the Taskbar - 18 + 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 19 + 20 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 20 + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 21 + 22 cmd /C rd /q C:\Windows.old Remove empty Windows.old folder - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win81x64-enterprise-eval.xml b/assets/win81x64-enterprise-eval.xml index a406f7f..745fd9d 100644 --- a/assets/win81x64-enterprise-eval.xml +++ b/assets/win81x64-enterprise-eval.xml @@ -269,30 +269,40 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 14 + 15 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 15 + 16 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 17 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 16 + 18 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 17 + 19 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win81x64-enterprise.xml b/assets/win81x64-enterprise.xml index db6eec9..a073c38 100644 --- a/assets/win81x64-enterprise.xml +++ b/assets/win81x64-enterprise.xml @@ -272,30 +272,40 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 14 + 15 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 15 + 16 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 17 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 16 + 18 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 17 + 19 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/win81x64.xml b/assets/win81x64.xml index bf1ff5e..6b45785 100644 --- a/assets/win81x64.xml +++ b/assets/win81x64.xml @@ -279,30 +279,40 @@ 12 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 13 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 14 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f Turn off Windows Update auto download - 14 + 15 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 15 + 16 + reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f + Disable Network Discovery popup + + + 17 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 16 + 18 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 17 + 19 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax64-enterprise.xml b/assets/winvistax64-enterprise.xml index d6ff627..a3dac19 100644 --- a/assets/winvistax64-enterprise.xml +++ b/assets/winvistax64-enterprise.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax64-ultimate.xml b/assets/winvistax64-ultimate.xml index 78ed091..eb12e60 100644 --- a/assets/winvistax64-ultimate.xml +++ b/assets/winvistax64-ultimate.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax64.xml b/assets/winvistax64.xml index d1de997..ad2ac70 100644 --- a/assets/winvistax64.xml +++ b/assets/winvistax64.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax86-enterprise.xml b/assets/winvistax86-enterprise.xml index 91c96df..5092331 100644 --- a/assets/winvistax86-enterprise.xml +++ b/assets/winvistax86-enterprise.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax86-ultimate.xml b/assets/winvistax86-ultimate.xml index c3ec41a..97ad23e 100644 --- a/assets/winvistax86-ultimate.xml +++ b/assets/winvistax86-ultimate.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/assets/winvistax86.xml b/assets/winvistax86.xml index 07003fb..ade1942 100644 --- a/assets/winvistax86.xml +++ b/assets/winvistax86.xml @@ -233,25 +233,30 @@ 19 reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f - Enable RemoteAPP to launch unlisted programs + Enable RemoteApp to launch unlisted programs 20 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f + Disable RemoteApp allowlist + + + 21 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes Enable Network Discovery - 21 + 22 netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes Enable File Sharing - 22 + 23 cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data Create desktop shortcut to shared folder - + - 23 + 24 cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat" Execute custom script from the OEM folder if exists diff --git a/readme.md b/readme.md index 50a66b4..adbb6bf 100644 --- a/readme.md +++ b/readme.md @@ -53,7 +53,7 @@ services: ##### Via Docker CLI: ```bash -docker run -it --rm --name windows -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/windows:/storage" --stop-timeout 120 dockurr/windows +docker run -it --rm --name windows -e "VERSION=11" -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/windows:/storage" --stop-timeout 120 docker.io/dockurr/windows ``` ##### Via Kubernetes: @@ -66,6 +66,10 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/dockur/windows) +##### Via a graphical installer: + +[![Download WinBoat](https://github.com/dockur/windows/raw/master/.github/winboat.png)](https://winboat.app) + ## FAQ 💬 ### How do I use it? @@ -156,7 +160,7 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas ### How do I change the amount of CPU or RAM? - By default, the container will be allowed to use a maximum of 2 CPU cores and 4 GB of RAM. + By default, Windows will be allowed to use 2 CPU cores and 4 GB of RAM. If you want to adjust this, you can specify the desired amount using the following environment variables: @@ -168,9 +172,9 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas ### How do I configure the username and password? - By default, a user called `Docker` is created during installation and its password is `admin`. + By default, a user called `Docker` is created and its password is `admin`. - If you want to use different credentials, you can configure them in your compose file (only before installation): + If you want to use different credentials during installation, you can configure them in your compose file: ```yaml environment: @@ -182,7 +186,7 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas By default, the English version of Windows will be downloaded. - But before installation you can add the `LANGUAGE` environment variable to your compose file, in order to specify an alternative language: + But you can add the `LANGUAGE` environment variable to your compose file, in order to specify an alternative language to be downloaded: ```yaml environment: @@ -193,7 +197,7 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas ### How do I select the keyboard layout? - If you want to use a keyboard layout or locale that is not the default for your selected language, you can add `KEYBOARD` and `REGION` variables like this (before installation): + If you want to use a keyboard layout or locale that is not the default for your selected language, you can add `KEYBOARD` and `REGION` variables like this: ```yaml environment: @@ -201,15 +205,6 @@ kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/mas KEYBOARD: "en-US" ``` -### How do I select the edition? - - Windows Server offers a minimalistic Core edition without a GUI. To select those non-standard editions, you can add a `EDITION` variable like this (before installation): - - ```yaml - environment: - EDITION: "core" - ``` - ### How do I install a custom image? In order to download an unsupported ISO image, specify its URL in the `VERSION` environment variable: diff --git a/src/define.sh b/src/define.sh index d094037..3db2069 100644 --- a/src/define.sh +++ b/src/define.sh @@ -1108,14 +1108,14 @@ getLink4() { url="nano11_25h2/nano11%2025h2.iso" ;; "core11" ) - size=2159738880 - sum="78f0f44444ff95b97125b43e560a72e0d6ce0a665cf9f5573bf268191e5510c1" - url="tiny-11-core-x-64-beta-1/tiny11%20core%20x64%20beta%201.iso" + size=3176654848 + sum="29c055fcfb7b089abd9e007e7abe4bb82c70a03aac9d65e56a38b87ab32d04d2" + url="tiny11_25H2/tiny11core_25H2_Oct25.iso" ;; "tiny11" ) - size=3788177408 - sum="a028800a91addc35d8ae22dce7459b67330f7d69d2f11c70f53c0fdffa5b4280" - url="tiny11-2311/tiny11%202311%20x64.iso" + size=5514559488 + sum="92484f2b7f707e42383294402a9eabbadeaa5ede80ac633390ae7f3537e36275" + url="tiny11_25H2/tiny11_25H2_Oct25.iso" ;; "tiny10" ) size=3839819776 @@ -1123,9 +1123,9 @@ getLink4() { url="tiny-10-23-h2/tiny10%20x64%2023h2.iso" ;; "win11x64" ) - size=5819484160 - sum="b56b911bf18a2ceaeb3904d87e7c770bdf92d3099599d61ac2497b91bf190b11" - url="windows-11-24h2-x64/Windows%2011%2024H2%20x64.iso" + size=7736125440 + sum="d141f6030fed50f75e2b03e1eb2e53646c4b21e5386047cb860af5223f102a32" + url="W11x64_26200.6584/26200.6584.250915-1905.25h2_ge_release_svc_refresh_CLIENT_CONSUMER_x64FRE_en-us.iso" ;; "win11x64-enterprise" | "win11x64-enterprise-eval" ) size=6209064960 @@ -1620,7 +1620,7 @@ prepareInstall() { echo "[UserData]" echo " FullName=\"$username\"" echo " ComputerName=\"*\"" - echo " OrgName=\"Windows for Docker\"" + echo " OrgName=\"$APP for $ENGINE\"" echo " $KEY" echo "" echo "[Identification]" diff --git a/src/entry.sh b/src/entry.sh index b7f9e0a..71e939e 100644 --- a/src/entry.sh +++ b/src/entry.sh @@ -8,9 +8,10 @@ set -Eeuo pipefail cd /run -. start.sh # Placeholder +. start.sh # Startup hook . utils.sh # Load functions . reset.sh # Initialize system +. server.sh # Start webserver . define.sh # Define versions . mido.sh # Download Windows . install.sh # Run installation @@ -21,7 +22,9 @@ cd /run . boot.sh # Configure boot . proc.sh # Initialize processor . power.sh # Configure shutdown +. memory.sh # Check available memory . config.sh # Configure arguments +. finish.sh # Finish initialization trap - ERR @@ -33,9 +36,11 @@ info "Booting ${APP}${BOOT_DESC} using QEMU v$version..." terminal ( sleep 30; boot ) & -tail -fn +0 "$QEMU_LOG" 2>/dev/null & +tail -fn +0 "$QEMU_LOG" --pid=$$ 2>/dev/null & cat "$QEMU_TERM" 2> /dev/null | tee "$QEMU_PTY" | \ sed -u -e 's/\x1B\[[=0-9;]*[a-z]//gi' \ +-e 's/\x1B\x63//g' -e 's/\x1B\[[=?]7l//g' \ +-e '/^$/d' -e 's/\x44\x53\x73//g' \ -e 's/failed to load Boot/skipped Boot/g' \ -e 's/0): Not Found/0)/g' & wait $! || : diff --git a/src/install.sh b/src/install.sh index 396911f..7be2996 100644 --- a/src/install.sh +++ b/src/install.sh @@ -22,7 +22,11 @@ backup () { fi - mkdir -p "$root" + if ! makeDir "$root"; then + error "Failed to create directory \"$root\" !" + return 1 + fi + local folder="$name" local dir="$root/$folder" @@ -34,7 +38,11 @@ backup () { done rm -rf "$dir" - mkdir -p "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" + return 1 + fi [ -f "$iso" ] && mv -f "$iso" "$dir/" find "$STORAGE" -maxdepth 1 -type f -iname 'data.*' -not -iname '*.iso' -exec mv -n {} "$dir/" \; @@ -127,7 +135,6 @@ startInstall() { if [[ "${VERSION,,}" == "http"* ]]; then file=$(basename "${VERSION%%\?*}") - file="${file//+/ }" printf -v file '%b' "${file//%/\\x}" file="${file//[!A-Za-z0-9._-]/_}" @@ -156,7 +163,9 @@ startInstall() { ! backup "" && error "Backup failed!" fi - mkdir -p "$TMP" + if ! makeDir "$TMP"; then + error "Failed to create directory \"$TMP\" !" + fi if [ -z "$CUSTOM" ]; then @@ -178,6 +187,20 @@ startInstall() { return 0 } +writeFile() { + + local txt="$1" + local path="$2" + + echo "$txt" >"$path" + + if ! setOwner "$path"; then + error "Failed to set the owner for \"$path\" !" + fi + + return 0 +} + finishInstall() { local iso="$1" @@ -188,6 +211,10 @@ finishInstall() { error "Failed to find ISO file: $iso" && return 1 fi + if [[ "$iso" == "$STORAGE/"* ]]; then + ! setOwner "$iso" && error "Failed to set the owner for \"$iso\" !" + fi + if [[ "$aborted" != [Yy1]* ]]; then # Mark ISO as prepared via magic byte byte="16" && [[ "$MANUAL" == [Yy1]* ]] && byte="17" @@ -196,56 +223,68 @@ finishInstall() { fi fi - cp -f /run/version "$STORAGE/windows.ver" + local file="$STORAGE/windows.ver" + cp -f /run/version "$file" + ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" if [[ "$iso" == "$STORAGE/"* ]]; then if [[ "$aborted" != [Yy1]* ]] || [ -z "$CUSTOM" ]; then base=$(basename "$iso") - echo "$base" > "$STORAGE/windows.base" + file="$STORAGE/windows.base" + writeFile "$base" "$file" fi fi if [[ "${PLATFORM,,}" == "x64" ]]; then if [[ "${BOOT_MODE,,}" == "windows_legacy" ]]; then - echo "$BOOT_MODE" > "$STORAGE/windows.mode" + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" if [[ "${MACHINE,,}" != "q35" ]]; then - echo "$MACHINE" > "$STORAGE/windows.old" + file="$STORAGE/windows.old" + writeFile "$MACHINE" "$file" fi else # Enable secure boot + TPM on manual installs as Win11 requires if [[ "$MANUAL" == [Yy1]* || "$aborted" == [Yy1]* ]]; then if [[ "${DETECTED,,}" == "win11"* ]]; then BOOT_MODE="windows_secure" - echo "$BOOT_MODE" > "$STORAGE/windows.mode" + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" fi fi # Enable secure boot on multi-socket systems to workaround freeze if [ -n "$SOCKETS" ] && [[ "$SOCKETS" != "1" ]]; then BOOT_MODE="windows_secure" - echo "$BOOT_MODE" > "$STORAGE/windows.mode" + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" fi fi fi if [ -n "${ARGS:-}" ]; then ARGUMENTS="$ARGS ${ARGUMENTS:-}" - echo "$ARGS" > "$STORAGE/windows.args" + file="$STORAGE/windows.args" + writeFile "$ARGS" "$file" fi if [ -n "${VGA:-}" ] && [[ "${VGA:-}" != "virtio"* ]]; then - echo "$VGA" > "$STORAGE/windows.vga" + file="$STORAGE/windows.vga" + writeFile "$VGA" "$file" fi if [ -n "${USB:-}" ] && [[ "${USB:-}" != "qemu-xhci"* ]]; then - echo "$USB" > "$STORAGE/windows.usb" + file="$STORAGE/windows.usb" + writeFile "$USB" "$file" fi if [ -n "${DISK_TYPE:-}" ] && [[ "${DISK_TYPE:-}" != "scsi" ]]; then - echo "$DISK_TYPE" > "$STORAGE/windows.type" + file="$STORAGE/windows.type" + writeFile "$DISK_TYPE" "$file" fi if [ -n "${ADAPTER:-}" ] && [[ "${ADAPTER:-}" != "virtio-net-pci" ]]; then - echo "$ADAPTER" > "$STORAGE/windows.net" + file="$STORAGE/windows.net" + writeFile "$ADAPTER" "$file" fi rm -rf "$TMP" @@ -339,19 +378,24 @@ extractESD() { local dir="$2" local version="$3" local desc="$4" - local size size_gb space space_gb desc + local size size_gb sizes space space_gb + local desc total total1 total2 total3 total4 + local imageIndex links links1 links2 links3 links4 - local msg="Extracting $desc bootdisk..." - info "$msg" && html "$msg" + local msg="Extracting $desc bootdisk" + info "$msg..." && html "$msg..." if [ "$(stat -c%s "$iso")" -lt 100000000 ]; then error "Invalid ESD file: Size is smaller than 100 MB" && return 1 fi rm -rf "$dir" - mkdir -p "$dir" - size=16106127360 + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi + + size=9606127360 size_gb=$(formatBytes "$size") space=$(df --output=avail -B 1 "$dir" | tail -n 1) space_gb=$(formatBytes "$space") @@ -367,40 +411,70 @@ extractESD() { error "Cannot read the image count in ESD file!" && return 1 fi - wimlib-imagex apply "$iso" 1 "$dir" --quiet 2>/dev/null || { + sizes=$(wimlib-imagex info "$iso" | grep "Total Bytes:") + links=$(wimlib-imagex info "$iso" | grep "Hard Link Bytes:") + + total1=$(awk "NR==1{ print; }" <<< "$sizes" | cut -d':' -f2 | sed 's/^ *//') + links1=$(awk "NR==1{ print; }" <<< "$links" | cut -d':' -f2 | sed 's/^ *//') + total=$(( total1 - links1 )) + + total3=$(awk "NR==3{ print; }" <<< "$sizes" | cut -d':' -f2 | sed 's/^ *//') + links3=$(awk "NR==3{ print; }" <<< "$links" | cut -d':' -f2 | sed 's/^ *//') + total3=$(( total3 - links3 )) + total3=$(( total3 + 60000000 )) + + /run/progress.sh "$dir" "$total" "$msg ([P])..." & + + imageIndex="1" + wimlib-imagex apply "$iso" "$imageIndex" "$dir" --quiet 2>/dev/null || { retVal=$? - error "Extracting $desc bootdisk failed" && return $retVal + fKill "progress.sh" + error "Extracting $desc bootdisk failed ($retVal)" && return 1 } + fKill "progress.sh" + local bootWimFile="$dir/sources/boot.wim" local installWimFile="$dir/sources/install.wim" - local msg="Extracting $desc environment..." - info "$msg" && html "$msg" + local msg="Extracting $desc environment" + info "$msg..." && html "$msg..." - wimlib-imagex export "$iso" 2 "$bootWimFile" --compress=none --quiet || { + imageIndex="2" + /run/progress.sh "$bootWimFile" "$total3" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$bootWimFile" --compress=none --quiet || { retVal=$? - error "Adding WinPE failed" && return ${retVal} + fKill "progress.sh" + error "Adding WinPE failed ($retVal)" && return 1 } - local msg="Extracting $desc setup..." - info "$msg" && html "$msg" + fKill "progress.sh" - wimlib-imagex export "$iso" 3 "$bootWimFile" --compress=none --boot --quiet || { + local msg="Extracting $desc setup" + info "$msg..." + + imageIndex="3" + /run/progress.sh "$bootWimFile" "$total3" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$bootWimFile" --compress=none --boot --quiet || { retVal=$? - error "Adding Windows Setup failed" && return ${retVal} + fKill "progress.sh" + error "Adding Windows Setup failed ($retVal)" && return 1 } + fKill "progress.sh" + if [[ "${PLATFORM,,}" == "x64" ]]; then LABEL="CCCOMA_X64FRE_EN-US_DV9" else LABEL="CPBA_A64FRE_EN-US_DV9" fi - local msg="Extracting $desc image..." - info "$msg" && html "$msg" + local msg="Extracting $desc image" + info "$msg..." && html "$msg..." - local edition imageIndex imageEdition + local edition imageEdition edition=$(getCatalog "$version" "name") if [ -z "$edition" ]; then @@ -408,15 +482,27 @@ extractESD() { fi for (( imageIndex=4; imageIndex<=esdImageCount; imageIndex++ )); do - imageEdition=$(wimlib-imagex info "$iso" ${imageIndex} | grep '^Description:' | sed 's/Description:[ \t]*//') + + imageEdition=$(wimlib-imagex info "$iso" "$imageIndex" | grep '^Description:' | sed 's/Description:[ \t]*//') [[ "${imageEdition,,}" != "${edition,,}" ]] && continue - wimlib-imagex export "$iso" ${imageIndex} "$installWimFile" --compress=LZMS --chunk-size 128K --quiet || { + + total4=$(du -sb "$iso" | cut -f1) + total4=$(( total4 + 3000000 )) + + /run/progress.sh "$installWimFile" "$total4" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$installWimFile" --compress=LZMS --chunk-size 128K --quiet || { retVal=$? - error "Addition of $imageIndex to the $desc image failed" && return $retVal + fKill "progress.sh" + error "Addition of $imageIndex to the $desc image failed ($retVal)" && return 1 } + + fKill "progress.sh" return 0 + done + fKill "progress.sh" error "Failed to find product '$edition' in install.wim!" && return 1 } @@ -440,18 +526,21 @@ extractImage() { return 1 fi - local msg="Extracting $desc image..." - info "$msg" && html "$msg" + local msg="Extracting $desc image" + info "$msg..." && html "$msg..." rm -rf "$dir" - mkdir -p "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi size=$(stat -c%s "$iso") size_gb=$(formatBytes "$size") space=$(df --output=avail -B 1 "$dir" | tail -n 1) space_gb=$(formatBytes "$space") - if ((size<100000000)); then + if (( size < 100000000 )); then error "Invalid ISO file: Size is smaller than 100 MB" && return 1 fi @@ -460,11 +549,15 @@ extractImage() { fi rm -rf "$dir" + /run/progress.sh "$dir" "$size" "$msg ([P])..." & if ! 7z x "$iso" -o"$dir" > /dev/null; then + fKill "progress.sh" error "Failed to extract ISO file: $iso" && return 1 fi + fKill "progress.sh" + if [[ "${UNPACK:-}" != [Yy1]* ]]; then LABEL=$(isoinfo -d -i "$iso" | sed -n 's/Volume id: //p') @@ -759,6 +852,7 @@ updateXML() { [ -z "$HEIGHT" ] && HEIGHT="720" [ -z "$WIDTH" ] && WIDTH="1280" + sed -i "s/>Windows for Docker$APP for $ENGINE1080<\/VerticalResolution>/$HEIGHT<\/VerticalResolution>/g" "$asset" sed -i "s/1920<\/HorizontalResolution>/$WIDTH<\/HorizontalResolution>/g" "$asset" @@ -1076,8 +1170,8 @@ buildImage() { desc=$(printVersion "$DETECTED" "ISO") - local msg="Building $desc image..." - info "$msg" && html "$msg" + local msg="Building $desc image" + info "$msg..." && html "$msg..." [ -z "$LABEL" ] && LABEL="Windows" @@ -1094,6 +1188,8 @@ buildImage() { error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1 fi + /run/progress.sh "$out" "$size" "$msg ([P])..." & + if [[ "${BOOT_MODE,,}" != "windows_legacy" ]]; then genisoimage -o "$out" -b "$ETFS" -no-emul-boot -c "$cat" -iso-level 4 -J -l -D -N -joliet-long -relaxed-filenames -V "${LABEL::30}" \ @@ -1114,6 +1210,8 @@ buildImage() { fi + fKill "progress.sh" + if [ -n "$failed" ]; then [ -s "$log" ] && echo "$(<"$log")" error "Failed to build image!" && return 1 @@ -1126,6 +1224,8 @@ buildImage() { [[ "$error" != "$hide" ]] && echo "$error" mv -f "$out" "$BOOT" || return 1 + ! setOwner "$BOOT" && error "Failed to set the owner for \"$BOOT\" !" + return 0 } diff --git a/src/mido.sh b/src/mido.sh index cc5b251..369fc17 100644 --- a/src/mido.sh +++ b/src/mido.sh @@ -487,8 +487,11 @@ getESD() { info "$msg" && html "$msg" rm -rf "$dir" - mkdir -p "$dir" + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi + local xFile="products.xml" local eFile="esd_edition.xml" local fFile="products_filter.xml" diff --git a/src/power.sh b/src/power.sh index 1c2c223..98a6f73 100644 --- a/src/power.sh +++ b/src/power.sh @@ -74,6 +74,7 @@ ready() { finish() { local pid + local cnt=0 local reason=$1 touch "$QEMU_END" @@ -81,20 +82,32 @@ finish() { if [ -s "$QEMU_PID" ]; then pid=$(<"$QEMU_PID") - error "Forcefully terminating Windows, reason: $reason..." + echo && error "Forcefully terminating Windows, reason: $reason..." { kill -15 "$pid" || true; } 2>/dev/null while isAlive "$pid"; do + sleep 1 + cnt=$((cnt+1)) + # Workaround for zombie pid [ ! -s "$QEMU_PID" ] && break + + if [ "$cnt" == "5" ]; then + echo && error "QEMU did not terminate itself, forcefully killing process..." + { kill -9 "$pid" || true; } 2>/dev/null + fi + done + fi if [ ! -f "$STORAGE/windows.boot" ] && [ -f "$BOOT" ]; then # Remove CD-ROM ISO after install if ready; then - touch "$STORAGE/windows.boot" + local file="$STORAGE/windows.boot" + touch "$file" + ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" if [[ "$REMOVE" != [Nn]* ]]; then rm -f "$BOOT" 2>/dev/null || true fi diff --git a/src/samba.sh b/src/samba.sh index bf5bf30..7cd3210 100644 --- a/src/samba.sh +++ b/src/samba.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash set -Eeuo pipefail -: "${SAMBA:="Y"}" # Enable Samba -: "${SAMBA_LEVEL:="1"}" # Logging level -: "${SAMBA_DEBUG:="N"}" # Disable debug +: "${SAMBA:="Y"}" # Enable Samba +: "${SAMBA_LEVEL:="1"}" # Logging level +: "${SAMBA_DEBUG:="N"}" # Disable debug tmp="/tmp/smb" rm -rf "$tmp" @@ -35,6 +35,7 @@ else fi html "Initializing shared folder..." +SAMBA_CONFIG="/etc/samba/smb.conf" [[ "$DEBUG" == [Yy1]* ]] && echo "Starting Samba daemon..." addShare() { @@ -42,58 +43,81 @@ addShare() { local ref="$2" local name="$3" local comment="$4" + local cfg="$5" + local owner="" - mkdir -p "$dir" || return 1 - ls -A "$dir" >/dev/null 2>&1 || return 1 + if [ ! -d "$dir" ]; then + if ! mkdir -p "$dir"; then + error "Failed to create shared folder ($dir)." && return 1 + fi + fi + + if ! ls -A "$dir" >/dev/null 2>&1; then + msg="No permission to access shared folder ($dir)." + msg+=" If SELinux is active, you need to add the \":Z\" flag to the bind mount." + error "$msg" && return 1 + fi + + if [ ! -w "$dir" ]; then + msg="shared folder ($dir) is not writeable!" + warn "$msg" + fi if [ -z "$(ls -A "$dir")" ]; then - chmod 777 "$dir" || return 1 + if ! chmod 2777 "$dir"; then + error "Failed to set permissions for directory $dir" && return 1 + fi + owner=$(stat -c %u "$dir") + if [[ "$owner" == "0" ]]; then + if ! chown "1000:1000" "$dir"; then + error "Failed to set ownership for directory $dir" && return 1 + fi + fi fi if [[ "$dir" == "$tmp" ]]; then - { echo "--------------------------------------------------------" - echo " $APP for Docker v$( "$dir/readme.txt" fi - { echo "" - echo "[$name]" - echo " path = $dir" - echo " comment = $comment" - echo " writable = yes" - echo " guest ok = yes" - echo " guest only = yes" - echo " force user = root" - echo " force group = root" - } >> "/etc/samba/smb.conf" + { echo "" + echo "[$name]" + echo " path = $dir" + echo " comment = $comment" + echo " writable = yes" + echo " guest ok = yes" + echo " guest only = yes" + } >> "$cfg" return 0 } -{ echo "[global]" +{ echo "[global]" echo " server string = Dockur" echo " netbios name = $hostname" echo " workgroup = WORKGROUP" echo " interfaces = $interfaces" echo " bind interfaces only = yes" + echo " socket address = $socket" echo " security = user" echo " guest account = nobody" echo " map to guest = Bad User" @@ -101,50 +125,50 @@ addShare() { echo " follow symlinks = yes" echo " wide links = yes" echo " unix extensions = no" - echo " socket address = $socket" + echo " inherit owner = yes" + echo " create mask = 0666" + echo " directory mask = 02777" + echo " force user = root" + echo " force group = root" + echo " force create mode = 0666" + echo " force directory mode = 02777" echo "" - echo " # disable printing services" + echo " # Disable printing services" echo " load printers = no" echo " printing = bsd" echo " printcap name = /dev/null" echo " disable spoolss = yes" -} > "/etc/samba/smb.conf" +} > "$SAMBA_CONFIG" +# Add shared folders share="/shared" [ ! -d "$share" ] && [ -d "$STORAGE/shared" ] && share="$STORAGE/shared" [ ! -d "$share" ] && [ -d "/data" ] && share="/data" [ ! -d "$share" ] && [ -d "$STORAGE/data" ] && share="$STORAGE/data" [ ! -d "$share" ] && share="$tmp" -m1="Failed to add shared folder" -m2="Please check its permissions." - -if ! addShare "$share" "/shared" "Data" "Shared"; then - error "$m1 '$share'. $m2" && return 0 -fi +! addShare "$share" "/shared" "Data" "Shared" "$SAMBA_CONFIG" && return 0 if [ -d "/shared2" ]; then - addShare "/shared2" "/shared2" "Data2" "Shared" || error "$m1 '/shared2'. $m2" + addShare "/shared2" "/shared2" "Data2" "Shared" "$SAMBA_CONFIG" || : else if [ -d "/data2" ]; then - addShare "/data2" "/shared2" "Data2" "Shared" || error "$m1 '/data2'. $m2." + addShare "/data2" "/shared2" "Data2" "Shared" "$SAMBA_CONFIG" || : fi fi if [ -d "/shared3" ]; then - addShare "/shared3" "/shared3" "Data3" "Shared" || error "$m1 '/shared3'. $m2" + addShare "/shared3" "/shared3" "Data3" "Shared" "$SAMBA_CONFIG" || : else if [ -d "/data3" ]; then - addShare "/data3" "/shared3" "Data3" "Shared" || error "$m1 '/data3'. $m2" + addShare "/data3" "/shared3" "Data3" "Shared" "$SAMBA_CONFIG" || : fi fi -IFS=',' read -r -a dirs <<< "${SHARES:-}" -for dir in "${dirs[@]}"; do - [ ! -d "$dir" ] && continue - dir_name=$(basename "$dir") - addShare "$dir" "/shared" "$dir_name" "Shared $dir_name" || error "Failed to create shared folder for $dir!" -done +# Create directories if missing +mkdir -p /var/lib/samba/sysvol +mkdir -p /var/lib/samba/private +mkdir -p /var/lib/samba/bind-dns # Try to repair Samba permissions [ -d /run/samba/msg.lock ] && chmod -R 0755 /run/samba/msg.lock 2>/dev/null || : @@ -159,7 +183,7 @@ if ! smbd -l /var/log/samba; then fi if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then - tail -fn +0 /var/log/samba/log.smbd & + tail -fn +0 /var/log/samba/log.smbd --pid=$$ & fi case "${NETWORK,,}" in @@ -180,7 +204,7 @@ if [[ "${BOOT_MODE:-}" == "windows_legacy" ]]; then fi if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then - tail -fn +0 /var/log/samba/log.nmbd & + tail -fn +0 /var/log/samba/log.nmbd --pid=$$ & fi else @@ -196,7 +220,7 @@ else fi if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then - tail -fn +0 /var/log/wsddn.log & + tail -fn +0 /var/log/wsddn.log --pid=$$ & fi fi