en-US de-DE en-US en-US en-US en-US true OnError true 0 true 1 EFI 300 2 MSR 100 3 Primary true 1 3 Windows C NTFS true VK7JG-NPHTM-C97JM-9MPGT-3V66T Never false OnError false OnError true false 0 3 OnError %configsetroot%\drivers 1 nano11 true 0 1 powershell.exe -WindowStyle "Normal" -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;" 2 powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\Specialize.ps1" 3 reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT" 4 powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\DefaultUser.ps1" 5 reg.exe unload "HKU\DefaultUser" de-DE en-US en-US en-US true false Admin Administrators secret true</PlainText> </Password> </LocalAccount> <LocalAccount wcm:action="add"> <Name>User</Name> <DisplayName></DisplayName> <Group>Users</Group> <Password> <Value>user</Value> <PlainText>true</PlainText> </Password> </LocalAccount> </LocalAccounts> </UserAccounts> <AutoLogon> <Username>Admin</Username> <Enabled>true</Enabled> <Password> <Value>secret</Value> <PlainText>true</PlainText> </Password> </AutoLogon> <OOBE> <ProtectYourPC>3</ProtectYourPC> <HideEULAPage>true</HideEULAPage> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE> </OOBE> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <Order>1</Order> <CommandLine>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\FirstLogon.ps1"</CommandLine> </SynchronousCommand> </FirstLogonCommands> </component> </settings> <Extensions xmlns="https://schneegans.de/windows/unattend-generator/"> <Build> <Commit> <Hash>1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</Hash> <GitHubUrl>https://github.com/cschneegans/unattend-generator/commit/1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</GitHubUrl> </Commit> </Build> <ExtractScript> param( [xml] $Document ); foreach( $file in $Document.unattend.Extensions.File ) { $path = [System.Environment]::ExpandEnvironmentVariables( $file.GetAttribute( 'path' ) ); mkdir -Path( $path | Split-Path -Parent ) -ErrorAction 'SilentlyContinue'; $encoding = switch( [System.IO.Path]::GetExtension( $path ) ) { { $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; } { $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); } default { [System.Text.Encoding]::Default; } }; $bytes = $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ); [System.IO.File]::WriteAllBytes( $path, $bytes ); } </ExtractScript> <File path="C:\Windows\Setup\Scripts\RemovePackages.ps1"> $selectors = @( 'Microsoft.Microsoft3DViewer'; 'Microsoft.BingSearch'; 'Microsoft.WindowsCamera'; 'Clipchamp.Clipchamp'; 'Microsoft.WindowsAlarms'; 'Microsoft.Copilot'; 'Microsoft.549981C3F5F10'; 'Microsoft.Windows.DevHome'; 'MicrosoftCorporationII.MicrosoftFamily'; 'Microsoft.WindowsFeedbackHub'; 'Microsoft.Edge.GameAssist'; 'Microsoft.GetHelp'; 'Microsoft.Getstarted'; 'microsoft.windowscommunicationsapps'; 'Microsoft.WindowsMaps'; 'Microsoft.MixedReality.Portal'; 'Microsoft.BingNews'; 'Microsoft.MicrosoftOfficeHub'; 'Microsoft.Office.OneNote'; 'Microsoft.OutlookForWindows'; 'Microsoft.Paint'; 'Microsoft.MSPaint'; 'Microsoft.People'; 'Microsoft.Windows.Photos'; 'Microsoft.PowerAutomateDesktop'; 'MicrosoftCorporationII.QuickAssist'; 'Microsoft.SkypeApp'; 'Microsoft.ScreenSketch'; 'Microsoft.MicrosoftSolitaireCollection'; 'Microsoft.MicrosoftStickyNotes'; 'Microsoft.WindowsStore'; 'Microsoft.StorePurchaseApp'; 'MicrosoftTeams'; 'MSTeams'; 'Microsoft.Todos'; 'Microsoft.WindowsSoundRecorder'; 'Microsoft.Wallet'; 'Microsoft.BingWeather'; 'Microsoft.Xbox.TCUI'; 'Microsoft.XboxApp'; 'Microsoft.XboxGameOverlay'; 'Microsoft.XboxGamingOverlay'; 'Microsoft.XboxIdentityProvider'; 'Microsoft.XboxSpeechToTextOverlay'; 'Microsoft.GamingApp'; 'Microsoft.YourPhone'; 'Microsoft.ZuneMusic'; 'Microsoft.ZuneVideo'; ); $getCommand = { Get-AppxProvisionedPackage -Online; }; $filterCommand = { $_.DisplayName -eq $selector; }; $removeCommand = { [CmdletBinding()] param( [Parameter( Mandatory, ValueFromPipeline )] $InputObject ); process { $InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue'; } }; $type = 'Package'; $logfile = 'C:\Windows\Setup\Scripts\RemovePackages.log'; & { $installed = & $getCommand; foreach( $selector in $selectors ) { $result = [ordered] @{ Selector = $selector; }; $found = $installed | Where-Object -FilterScript $filterCommand; if( $found ) { $result.Output = $found | & $removeCommand; if( $? ) { $result.Message = "$type removed."; } else { $result.Message = "$type not removed."; $result.Error = $Error[0]; } } else { $result.Message = "$type not installed."; } $result | ConvertTo-Json -Depth 3 -Compress; } } *>&1 | Out-String -Width 1KB -Stream >> $logfile; </File> <File path="C:\Windows\Setup\Scripts\RemoveCapabilities.ps1"> $selectors = @( 'Print.Fax.Scan'; 'Language.Handwriting'; 'Browser.InternetExplorer'; 'MathRecognizer'; 'OneCoreUAP.OneSync'; 'Microsoft.Windows.MSPaint'; 'App.Support.QuickAssist'; 'Microsoft.Windows.SnippingTool'; 'Language.Speech'; 'Language.TextToSpeech'; 'App.StepsRecorder'; 'Hello.Face.18967'; 'Hello.Face.Migration.18967'; 'Hello.Face.20134'; 'Media.WindowsMediaPlayer'; 'Microsoft.Windows.WordPad'; ); $getCommand = { Get-WindowsCapability -Online | Where-Object -Property 'State' -NotIn -Value @( 'NotPresent'; 'Removed'; ); }; $filterCommand = { ($_.Name -split '~')[0] -eq $selector; }; $removeCommand = { [CmdletBinding()] param( [Parameter( Mandatory, ValueFromPipeline )] $InputObject ); process { $InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue'; } }; $type = 'Capability'; $logfile = 'C:\Windows\Setup\Scripts\RemoveCapabilities.log'; & { $installed = & $getCommand; foreach( $selector in $selectors ) { $result = [ordered] @{ Selector = $selector; }; $found = $installed | Where-Object -FilterScript $filterCommand; if( $found ) { $result.Output = $found | & $removeCommand; if( $? ) { $result.Message = "$type removed."; } else { $result.Message = "$type not removed."; $result.Error = $Error[0]; } } else { $result.Message = "$type not installed."; } $result | ConvertTo-Json -Depth 3 -Compress; } } *>&1 | Out-String -Width 1KB -Stream >> $logfile; </File> <File path="C:\Windows\Setup\Scripts\RemoveFeatures.ps1"> $selectors = @( 'MediaPlayback'; 'Microsoft-RemoteDesktopConnection'; 'Recall'; 'Microsoft-SnippingTool'; ); $getCommand = { Get-WindowsOptionalFeature -Online | Where-Object -Property 'State' -NotIn -Value @( 'Disabled'; 'DisabledWithPayloadRemoved'; ); }; $filterCommand = { $_.FeatureName -eq $selector; }; $removeCommand = { [CmdletBinding()] param( [Parameter( Mandatory, ValueFromPipeline )] $InputObject ); process { $InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue'; } }; $type = 'Feature'; $logfile = 'C:\Windows\Setup\Scripts\RemoveFeatures.log'; & { $installed = & $getCommand; foreach( $selector in $selectors ) { $result = [ordered] @{ Selector = $selector; }; $found = $installed | Where-Object -FilterScript $filterCommand; if( $found ) { $result.Output = $found | & $removeCommand; if( $? ) { $result.Message = "$type removed."; } else { $result.Message = "$type not removed."; $result.Error = $Error[0]; } } else { $result.Message = "$type not installed."; } $result | ConvertTo-Json -Depth 3 -Compress; } } *>&1 | Out-String -Width 1KB -Stream >> $logfile; </File> <File path="C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml"> <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Triggers> <BootTrigger> <Repetition> <Interval>P1D</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Enabled>true</Enabled> </BootTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>S-1-5-19</UserId> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>PT72H</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command> <Arguments>-WindowStyle Hidden -NoProfile -NonInteractive -Command "$format = 'yyyy-MM-ddTHH\:mm\:ssK'; $now = [datetime]::UtcNow; $start = $now.ToString($format); $end = $now.AddDays(7).ToString($format); $params = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'String'; Force = $true; Verbose = $true; }; 'PauseFeatureUpdatesStartTime', 'PauseQualityUpdatesStartTime', 'PauseUpdatesStartTime' | foreach { Set-ItemProperty @params -Name $_ -Value $start; }; 'PauseFeatureUpdatesEndTime', 'PauseQualityUpdatesEndTime', 'PauseUpdatesExpiryTime' | foreach { Set-ItemProperty @params -Name $_ -Value $end; };"</Arguments> </Exec> </Actions> </Task> </File> <File path="C:\Windows\Setup\Scripts\MoveActiveHours.xml"> <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Triggers> <BootTrigger> <Repetition> <Interval>PT4H</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Enabled>true</Enabled> </BootTrigger> <RegistrationTrigger> <Repetition> <Interval>PT4H</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Enabled>true</Enabled> </RegistrationTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>S-1-5-19</UserId> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>PT72H</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>%windir%\System32\conhost.exe</Command> <Arguments>--headless %windir%\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -NoProfile -NonInteractive -Command "$p = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'DWord'; }; $h = [datetime]::Now.Hour; Set-ItemProperty @p -Name 'ActiveHoursStart' -Value (($h + 23) % 24); Set-ItemProperty @p -Name 'ActiveHoursEnd' -Value (($h + 11) % 24); Set-ItemProperty @p -Name 'SmartActiveHoursState' -Value 0;"</Arguments> </Exec> </Actions> </Task> </File> <File path="C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1"> $excludes = Get-ChildItem -LiteralPath 'Registry::HKU\DefaultUser\AppEvents\EventLabels' | Where-Object -FilterScript { ($_ | Get-ItemProperty).ExcludeFromCPL -eq 1; } | Select-Object -ExpandProperty 'PSChildName'; Get-ChildItem -Path 'Registry::HKU\DefaultUser\AppEvents\Schemes\Apps\*\*' | Where-Object -Property 'PSChildName' -NotIn $excludes | Get-ChildItem -Include '.Current' | Set-ItemProperty -Name '(Default)' -Value ''; </File> <File path="C:\Windows\Setup\Scripts\SetStartPins.ps1"> $json = '{"pinnedList":[]}'; if( [System.Environment]::OSVersion.Version.Build -lt 20000 ) { return; } $key = 'Registry::HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start'; New-Item -Path $key -ItemType 'Directory' -ErrorAction 'SilentlyContinue'; Set-ItemProperty -LiteralPath $key -Name 'ConfigureStartPins' -Value $json -Type 'String'; </File> <File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml"> <LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" /> </StartLayoutCollection> </DefaultLayoutOverride> </LayoutModificationTemplate> </File> <File path="C:\Windows\Setup\Scripts\SetWallpaper.ps1"> Add-Type -TypeDefinition ' using System.Drawing; using System.Runtime.InteropServices; public static class WallpaperSetter { [DllImport("user32.dll")] private static extern bool SetSysColors( int cElements, int[] lpaElements, int[] lpaRgbValues ); [DllImport("user32.dll")] private static extern bool SystemParametersInfo( uint uiAction, uint uiParam, string pvParam, uint fWinIni ); public static void SetDesktopBackground(Color color) { SystemParametersInfo(20, 0, "", 0); SetSysColors(1, new int[] { 1 }, new int[] { ColorTranslator.ToWin32(color) }); } public static void SetDesktopImage(string file) { SystemParametersInfo(20, 0, file, 0); } } ' -ReferencedAssemblies 'System.Drawing'; function Set-WallpaperColor { param( [string] $HtmlColor ); $color = [System.Drawing.ColorTranslator]::FromHtml( $HtmlColor ); [WallpaperSetter]::SetDesktopBackground( $color ); Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 1 -Force; Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value '' -Force; Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Colors' -Name 'Background' -Type 'String' -Value "$($color.R) $($color.G) $($color.B)" -Force; } function Set-WallpaperImage { param( [string] $LiteralPath ); if( $LiteralPath | Test-Path ) { [WallpaperSetter]::SetDesktopImage( $LiteralPath ); Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 0 -Force; Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value $LiteralPath -Force; } else { "Cannot use '$LiteralPath' as a desktop wallpaper because that file does not exist."; } } Set-WallpaperColor -HtmlColor '#008080'; </File> <File path="C:\Windows\Setup\Scripts\Specialize.ps1"> $scripts = @( { reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f; }; { Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' -Force -ErrorAction 'SilentlyContinue'; }; { Remove-Item -LiteralPath 'C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk', 'C:\Windows\System32\OneDriveSetup.exe', 'C:\Windows\SysWOW64\OneDriveSetup.exe' -ErrorAction 'Continue'; }; { Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' -Force -ErrorAction 'SilentlyContinue'; }; { reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f; }; { & 'C:\Windows\Setup\Scripts\RemovePackages.ps1'; }; { & 'C:\Windows\Setup\Scripts\RemoveCapabilities.ps1'; }; { & 'C:\Windows\Setup\Scripts\RemoveFeatures.ps1'; }; { net.exe accounts /lockoutthreshold:0; }; { net.exe accounts /maxpwage:UNLIMITED; }; { Register-ScheduledTask -TaskName 'PauseWindowsUpdate' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml' -Raw ); }; { reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v DisableNotifications /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v VerifiedAndReputablePolicyState /t REG_DWORD /d 0 /f; }; { reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f; reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v ServiceEnabled /t REG_DWORD /d 0 /f; reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyMalicious /t REG_DWORD /d 0 /f; reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyPasswordReuse /t REG_DWORD /d 0 /f; reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyUnsafeApp /t REG_DWORD /d 0 /f; reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v HideSystray /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f }; { reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f }; { Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force; }; { fsutil.exe behavior set disableLastAccess 1; }; { reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f; reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f; }; { Register-ScheduledTask -TaskName 'MoveActiveHours' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\MoveActiveHours.xml' -Raw ); }; { reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f; }; { reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation" /v DisableStartupSound /t REG_DWORD /d 1 /f; reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EditionOverrides" /v UserSetting_DisableStartupSound /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\Software\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f; }; { reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v BackgroundModeEnabled /t REG_DWORD /d 0 /f; reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v StartupBoostEnabled /t REG_DWORD /d 0 /f; }; { & 'C:\Windows\Setup\Scripts\SetStartPins.ps1'; }; { Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force; }; { reg.exe add "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f; }; { reg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f; }; ); & { [float] $complete = 0; [float] $increment = 100 / $scripts.Count; foreach( $script in $scripts ) { Write-Progress -Id 0 -Activity 'Running scripts to customize your Windows installation. Do not close this window.' -PercentComplete $complete; '*** Will now execute command «{0}».' -f $( $script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1…'; ); $start = [datetime]::Now; & $script; '*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds; "`r`n" * 3; $complete += $increment; } } *>&1 | Out-String -Width 1KB -Stream >> "C:\Windows\Setup\Scripts\Specialize.log"; </File> <File path="C:\Windows\Setup\Scripts\UserOnce.ps1"> $scripts = @( { Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage; }; { @( Get-ChildItem -LiteralPath $env:USERPROFILE -Force -Recurse -Depth 2; ) | Where-Object -FilterScript { $_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint ); } | Remove-Item -Force -Recurse -Verbose; }; { Set-ItemProperty -LiteralPath 'Registry::HKCU\AppEvents\Schemes' -Name '(Default)' -Type 'String' -Value '.None'; }; { Set-ItemProperty -LiteralPath 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Search' -Name 'SearchboxTaskbarMode' -Type 'DWord' -Value 0; }; { Set-ItemProperty -LiteralPath 'Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects' -Name 'VisualFXSetting' -Type 'DWord' -Value 2 -Force; }; { & 'C:\Windows\Setup\Scripts\SetWallpaper.ps1'; }; { Get-Process -Name 'explorer' -ErrorAction 'SilentlyContinue' | Where-Object -FilterScript { $_.SessionId -eq ( Get-Process -Id $PID ).SessionId; } | Stop-Process -Force; }; { # Custom PS script to shut the system down after competing the user account setup & 'C:\Windows\Setup\Scripts\FinishUserSetupAndShutdown.ps1'; }; ); & { [float] $complete = 0; [float] $increment = 100 / $scripts.Count; foreach( $script in $scripts ) { Write-Progress -Id 0 -Activity 'Running scripts to configure this user account. Do not close this window.' -PercentComplete $complete; '*** Will now execute command «{0}».' -f $( $script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1…'; ); $start = [datetime]::Now; & $script; '*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds; "`r`n" * 3; $complete += $increment; } } *>&1 | Out-String -Width 1KB -Stream >> "$env:TEMP\UserOnce.log"; </File> <File path="C:\Windows\Setup\Scripts\DefaultUser.ps1"> $scripts = @( { reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore" /f; }; { Remove-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run' -Name 'OneDriveSetup' -Force -ErrorAction 'Continue'; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\GameDVR" /v AppCaptureEnabled /t REG_DWORD /d 0 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d 1 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d 0 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d 0 /f; reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d 0 /f; reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f; reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v PreventOverride /t REG_DWORD /d 0 /f; }; { & 'C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1'; }; { $names = @( 'ContentDeliveryAllowed'; 'FeatureManagementEnabled'; 'OEMPreInstalledAppsEnabled'; 'PreInstalledAppsEnabled'; 'PreInstalledAppsEverEnabled'; 'SilentInstalledAppsEnabled'; 'SoftLandingEnabled'; 'SubscribedContentEnabled'; 'SubscribedContent-310093Enabled'; 'SubscribedContent-338387Enabled'; 'SubscribedContent-338388Enabled'; 'SubscribedContent-338389Enabled'; 'SubscribedContent-338393Enabled'; 'SubscribedContent-353694Enabled'; 'SubscribedContent-353696Enabled'; 'SubscribedContent-353698Enabled'; 'SystemPaneSuggestionsEnabled'; ); foreach( $name in $names ) { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v $name /t REG_DWORD /d 0 /f; } }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarAl /t REG_DWORD /d 0 /f; }; { reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\Explorer" /v DisableSearchBoxSuggestions /t REG_DWORD /d 1 /f; }; { reg.exe add "HKU\DefaultUser\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f; }; { reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "UnattendedSetup" /t REG_SZ /d "powershell.exe -WindowStyle \""Normal\"" -ExecutionPolicy \""Unrestricted\"" -NoProfile -File \""C:\Windows\Setup\Scripts\UserOnce.ps1\""" /f; }; ); & { [float] $complete = 0; [float] $increment = 100 / $scripts.Count; foreach( $script in $scripts ) { Write-Progress -Id 0 -Activity 'Running scripts to modify the default user’’s registry hive. Do not close this window.' -PercentComplete $complete; '*** Will now execute command «{0}».' -f $( $script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1…'; ); $start = [datetime]::Now; & $script; '*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds; "`r`n" * 3; $complete += $increment; } } *>&1 | Out-String -Width 1KB -Stream >> "C:\Windows\Setup\Scripts\DefaultUser.log"; </File> <File path="C:\Windows\Setup\Scripts\FirstLogon.ps1"> $scripts = @( { # Set-ItemProperty -LiteralPath 'Registry::HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'AutoLogonCount' -Type 'DWord' -Force -Value 0; }; { @( Get-ChildItem -LiteralPath 'C:\' -Force; Get-ChildItem -LiteralPath 'C:\Users' -Force; Get-ChildItem -LiteralPath 'C:\Users\Default' -Force -Recurse -Depth 2; Get-ChildItem -LiteralPath 'C:\Users\Public' -Force -Recurse -Depth 2; Get-ChildItem -LiteralPath 'C:\ProgramData' -Force; ) | Where-Object -FilterScript { $_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint ); } | Remove-Item -Force -Recurse -Verbose; }; { Disable-ComputerRestore -Drive 'C:\'; }; { cmd.exe /c "rmdir C:\Windows.old"; }; { Set-Service -Name WSearch -StartupType 'Disabled' -Status 'Stopped' ` -ErrorAction 'SilentlyContinue'; }; { $keepList = @( 'autounattend.xml', 'drivers' ); Get-ChildItem -Path "${env:WINDIR}\ConfigSetRoot" | Where-Object { $_.Name -notin $keepList } | ForEach-Object { Write-Output "Removing non-essential file/folder from ConfigSetRoot: $($_.Name)" Remove-Item -Path $_.FullName -Recurse -Force } }; { & "$env:WINDIR\Setup\Scripts\WinRM.ps1"; }; { & "$env:WINDIR\Setup\Scripts\WinFSP.ps1"; }; { & "$env:WINDIR\Setup\Scripts\OpenSSH.ps1"; }; { # & "$env:WINDIR\Setup\Scripts\InstallChocolatey.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallPython.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallNodeJS.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallYarn1.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallGit.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallVisualStudio.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallWindowsSDK.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallRust.ps1"; }; { & "$env:WINDIR\Setup\Scripts\InstallMesa3dOpenGL.ps1"; }; { Remove-Item -LiteralPath @( 'C:\Windows\Panther\unattend.xml'; 'C:\Windows\Panther\unattend-original.xml'; 'C:\Windows\Setup\Scripts\Wifi.xml'; ) -Force -ErrorAction 'SilentlyContinue' -Verbose; }; { Remove-Item -LiteralPath @( Get-ChildItem -LiteralPath $(Join-Path -Path $env:WINDIR -ChildPath 'Temp') -Force; Get-ChildItem -LiteralPath $(Join-Path -Path $env:LOCALAPPDATA -ChildPath 'Temp') -Force; ) -Force -ErrorAction 'SilentlyContinue' -Verbose; }; { powercfg.exe /hibernate off; powercfg.exe /change standby-timeout-dc 0; powercfg.exe /change standby-timeout-ac 0; powercfg.exe /change hibernate-timeout-dc 0; powercfg.exe /change hibernate-timeout-ac 0; }; { & "$env:WINDIR\Setup\Scripts\FinishSystemSetupAndReboot.ps1"; }; ); & { [float] $complete = 0; [float] $increment = 100 / $scripts.Count; foreach( $script in $scripts ) { Write-Progress -Id 0 -Activity 'Running scripts to finalize your Windows installation. Do not close this window.' -PercentComplete $complete; '*** Will now execute command «{0}».' -f $( $script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1…'; ); $start = [datetime]::Now; & $script; '*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds; "`r`n" * 3; $complete += $increment; } } *>&1 | Out-String -Width 1KB -Stream >> "C:\Windows\Setup\Scripts\FirstLogon.log"; </File>   <File path="C:\Windows\Setup\Scripts\WinRM.ps1"> # Prev: Unrestricted/LocalMachine Set-ExecutionPolicy Unrestricted -Scope Process -Force -ErrorAction Ignore; Write-Output "Running WinRM quickconfig setup..."; cmd.exe /c "winrm quickconfig -q -force"; Write-Output "Disabling WinRM over HTTP..."; # Scope: Public Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP" | Out-Null; # Scope: Domain,Private Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-NoScope" | Out-Null; Get-ChildItem WSMan:\Localhost\listener -Force | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null; Write-Output "Configuring WinRM for HTTPS..."; Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000' -Force | Out-Null; Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024' -Force | Out-Null; Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false' -Force | Out-Null; Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true' -Force | Out-Null; Set-Item -Path WSMan:\LocalHost\Service\Auth\CredSSP -Value 'true' -Force | Out-Null; New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP" ` -DisplayName "Windows Remote Management (HTTPS-In)" ` -Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" ` -Group "Windows Remote Management" ` -Program "System" ` -Protocol TCP ` -LocalPort "5986" ` -Action Allow ` -Profile Domain,Private | Out-Null; New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" ` -DisplayName "Windows Remote Management (HTTPS-In)" ` -Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" ` -Group "Windows Remote Management" ` -Program "System" ` -Protocol TCP ` -LocalPort "5986" ` -Action Allow ` -Profile Public | Out-Null; $Hostname = [System.Net.Dns]::GetHostByName((hostname)).HostName.ToUpper(); $Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $Hostname; New-Item -Path WSMan:\LocalHost\Listener -Address * -Transport HTTPS -Hostname $Hostname -CertificateThumbPrint $Cert.Thumbprint -Port "5986" -force | Out-Null; Write-Output "Configuring WinRM service for automatic start..."; Set-Service -Name WinRM -StartupType Automatic | Out-Null; Write-Output "Restarting WinRM Service..."; Restart-Service -Name WinRM -Force | Out-Null; </File>  <File path="C:\Windows\Setup\Scripts\OpenSSH.ps1"> # Common defines $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # # OpenSSH for Win32 # $pkg_version = "10.0.0.0p2"; $pkg_file = "OpenSSH-${pkg_version}-${cpu_arch}.msi"; $pkg_url = & { if ($cpu_arch -eq "amd64") { "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${pkg_version}-Preview/OpenSSH-Win64-v$($pkg_version -Replace 'p\d+$', '').msi"; } else { "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${pkg_version}-Preview/OpenSSH-ARM64-v$($pkg_version -Replace 'p\d+$', '').msi"; } }; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.OpenSSH; if ($pkg_config.install -ne $true) { Write-Output "Skipping OpenSSH ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing OpenSSH ${pkg_version}..."; Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\OpenSSH.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; Write-Output "Installing OpenSSH Server..."; if (Test-Path "$env:ProgramFiles\OpenSSH\install-sshd.ps1") { & "$env:ProgramFiles\OpenSSH\install-sshd.ps1"; } elseif (Test-Path "$env:ProgramFiles\OpenSSH-Win64\install-sshd.ps1") { & "$env:ProgramFiles\OpenSSH-Win64\install-sshd.ps1"; } else { Write-Output "No 'install-sshd.ps1' script found, skipping step"; } Write-Output "Enabling OpenSSH Server..."; Set-Service -Name sshd -StartupType Automatic | Out-Null; New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP" ` -DisplayName "OpenSSH Server (SSH-In)" ` -Description "Inbound rule for OpenSSH Server connections. [TCP 22]" ` -Group "Windows Remote Management" ` -Protocol TCP ` -LocalPort "22" ` -Action Allow ` -Profile Domain,Private | Out-Null; New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP-PUBLIC" ` -DisplayName "OpenSSH Server (SSH-In)" ` -Description "Inbound rule for OpenSSH Server connections. [TCP 22]" ` -Group "Windows Remote Management" ` -Protocol TCP ` -LocalPort "22" ` -Action Allow ` -Profile Public | Out-Null; try { $userNames = & { # Autoselection of first drive with autounattend.xml $unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0]; $xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"]/.."; Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'} | %{ $_.Node.InnerText }; }; $privileges = @( 'SeBatchLogonRight', 'SeRemoteShutdownPrivilege' ); Write-Output "Granting provisioned users ($($usernames -join ', ')) additional privileges..."; secedit /export /areas user_rights /cfg "$env:TEMP\secpol.cfg" | Out-Null; $userNames | ForEach-Object { $account = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "$_"; $accountSid = $account.Translate([System.Security.Principal.SecurityIdentifier]).Value; if ([string]::IsNullOrEmpty($accountSid)) { Write-Output "Failed to resolve SID for account '$_', skipping"; return; } $privileges | ForEach-Object { (Get-Content "$env:TEMP\secpol.cfg") -replace "^$_ .+", "`$0,*$accountSid" | Out-File "$env:TEMP\secpol.cfg"; }; }; secedit /configure /db c:\windows\security\local.sdb /cfg "$env:TEMP\secpol.cfg" /areas user_rights /quiet; Remove-Item -Path "$env:TEMP\secpol.cfg" -Force -Confirm:$false -ErrorAction SilentlyContinue; } catch { Write-Output "Failed to grant users shutdown permissions"; } </File>  <File path="C:\Windows\Setup\Scripts\InstallChocolatey.ps1"> $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Chocolatey; if ($pkg_config.install -ne $true) { Write-Output "Skipping Chocolatey installation"; exit; } Write-Output "Installing Chocolatey..."; Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')); </File>  <File path="C:\Windows\Setup\Scripts\InstallMesa3dOpenGL.ps1"> # # Common defines # $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # # Git # $pkg_version = "26.1.1"; $pkg_file = "mesa3d-${pkg_version}-${cpu_arch}.7z"; $pkg_url = & { if ($cpu_arch -eq "amd64") { "https://github.com/pal1000/mesa-dist-win/releases/download/${pkg_version}/mesa3d-${pkg_version}-release-msvc.7z"; } else { # TODO: Find source for this... "https://github.com/pal1000/mesa-dist-win/releases/download/${pkg_version}/mesa3d-${pkg_version}-release-msvc.7z"; } }; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Mesa3dOpenGL; if ($pkg_config.install -ne $true) { Write-Output "Skipping Mesa3d ${pkg_version} OpenGL installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Unpacking Mesa3d ${pkg_version} OpenGL..."; New-Item -Path "${env:TEMP}\mesa3d" -Type 'Directory' -Force | Out-Null; Start-Process "tar.exe" -ArgumentList @( "-x -f `"${env:TEMP}\${pkg_file}`"", "-C `"${env:TEMP}\mesa3d`"" ) -WindowStyle 'Hidden' -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; Write-Output "Installing Mesa3d ${pkg_version} OpenGL..."; Start-Process -FilePath "${env:TEMP}\mesa3d\systemwidedeploy.cmd" -ArgumentList '1' -WindowStyle 'Hidden' -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\mesa3d" -Force -Recurse -ErrorAction 'SilentlyContinue'; </File>  <File path="C:\Windows\Setup\Scripts\InstallGit.ps1"> # # Common defines # $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # # Git # $pkg_version = "2.54.0"; $pkg_file = "git-${pkg_version}-${cpu_arch}.exe"; $pkg_url = & { if ($cpu_arch -eq "amd64") { "https://github.com/git-for-windows/git/releases/download/v${pkg_version}.windows.1/Git-${pkg_version}-64-bit.exe"; } else { "https://github.com/git-for-windows/git/releases/download/v${pkg_version}.windows.1/Git-${pkg_version}-${cpu_arch}.exe"; } }; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Git; if ($pkg_config.install -ne $true) { Write-Output "Skipping Git ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing Git ${pkg_version}..."; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` "/ALLUSERS /VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /COMPONENTS=`"icons,assoc,assoc_sh,windowsterminal`"", ` "/o:EditorOption=Nano", ` "/o:CurlOption=WinSSL", ` "/o:PathOption=CmdTools" ` -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File> <File path="C:\Windows\Setup\Scripts\InstallPython.ps1"> # Common defines $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # Python $pkg_version = "3.14.5"; $pkg_file = "python-${pkg_version}-${cpu_arch}.exe"; $pkg_url = "https://www.python.org/ftp/python/${pkg_version}/python-${pkg_version}-${cpu_arch}.exe"; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Python; if ($pkg_config.install -ne $true) { Write-Output "Skipping Python ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing Python ${pkg_version}..."; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList "/quiet PrependPath=1 InstallAllUsers=1" -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File> <File path="C:\Windows\Setup\Scripts\InstallNodeJS.ps1"> # Common defines $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # NodeJS (LTS) $pkg_version = "24.15.0"; $pkg_file = "node-${pkg_version}-${cpu_arch}.msi"; $pkg_url = & { if ($cpu_arch -eq "amd64") { "https://nodejs.org/dist/v${pkg_version}/node-v${pkg_version}-x64.msi"; } else { "https://nodejs.org/dist/v${pkg_version}/node-v${pkg_version}-${cpu_arch}.msi"; } }; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.NodeJS; if ($pkg_config.install -ne $true) { Write-Output "Skipping NodeJS ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing NodeJS ${pkg_version}..."; Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\node.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File> <File path="C:\Windows\Setup\Scripts\InstallYarn1.ps1"> # Yarn Legacy $pkg_version = "1.22.22"; $pkg_file = "yarn-${pkg_version}.msi"; $pkg_url = "https://github.com/yarnpkg/yarn/releases/download/v${pkg_version}/yarn-${pkg_version}.msi"; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Yarn; if ($pkg_config.install -ne $true) { Write-Output "Skipping Yarn Legacy ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing Yarn Legacy ${pkg_version}..."; Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\yarn.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File> <File path="C:\Windows\Setup\Scripts\InstallRust.ps1"> # Common defines $cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower(); # Rust MSVC $pkg_version = "1.96.0"; $pkg_file = "rust-${pkg_version}-msvc-${cpu_arch}.msi"; $pkg_url = & { if ($cpu_arch -eq "amd64") { "https://static.rust-lang.org/dist/rust-${pkg_version}-x86_64-pc-windows-msvc.msi"; } else { "https://static.rust-lang.org/dist/rust-${pkg_version}-aarch64-pc-windows-msvc.msi"; } }; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Rust; if ($pkg_config.install -ne $true) { Write-Output "Skipping Rust MSVC ${pkg_version} installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing Rust MSVC ${pkg_version}..."; Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\rust.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File>  <File path="C:\Windows\Setup\Scripts\InstallVisualStudio.ps1"> # Common $cacheDrive = @(Get-ChildItem function:[d-z]: -n | ?{Test-Path $_\NvVars})[0]; # # VSWhere (AMD64 only) # & { $pkg_version = "3.1.7"; $pkg_file = "vswhere-${pkg_version}.exe"; $pkg_url = "https://github.com/microsoft/vswhere/releases/download/${pkg_version}/vswhere.exe"; $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.VSWhere; if ($pkg_config.install -ne $true) { Write-Output "Skipping VSWhere ${pkg_version} installation"; return; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing VSWhere ${pkg_version}..." Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "${env:WINDIR}\vswhere.exe"; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; }; # # VisualStudio 2026 Community or Buildtools # & { $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.VisualStudio; # VS edition, one of: 'community' | 'buildtools' $vs_edition = 'buildtools'; if (-not [string]::IsNullOrWhiteSpace($pkg_config.edition)) { $vs_edition = $pkg_config.edition; } # VS version, only '18' supported $vs_version = '18'; # if (-not [string]::IsNullOrWhiteSpace($pkg_config.version)) { # $vs_version = $pkg_config.version; # } if (($pkg_config.install -ne $true) -or [string]::IsNullOrWhiteSpace($vs_edition) -or -not (@('community', 'buildtools') -contains $vs_edition)) { Write-Output "Skipping VisualStudio ${vs_version} ${vs_edition} installation"; return; } # # VS 2026 buildtools (default) or community edition # if ($vs_edition -eq "buildtools") { # # VS2026 Buildtools # $pkg_version = "${vs_version}"; $pkg_file = "vs_buildtools-${pkg_version}.exe"; $pkg_url = "https://aka.ms/vs/${pkg_version}/Stable/vs_buildtools.exe"; $pkg_layout = "z:\vs_buildtools-${pkg_version}"; $pkg_options = @( '--add Microsoft.VisualStudio.Workload.VCTools', '--add Microsoft.VisualStudio.Component.VC.ATLMFC', '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64', '--add Microsoft.VisualStudio.Component.VC.ATL.ARM64', '--add Microsoft.VisualStudio.Component.VC.MFC.ARM64', '--includeRecommended' ); if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } # Use cache device, if available if (Test-Path -Path "z:") { if (-not (Test-Path -Path "${pkg_layout}\${pkg_file}")) { Write-Output "Generating VS 2026 Buildtools layout at '${pkg_layout}'..."; Remove-Item -Path "${pkg_layout}" -Recurse -Force -ErrorAction 'SilentlyContinue' | Out-Null; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` (@( "--layout `"${pkg_layout}`" --passive --wait --arch all --keepLayoutVersion --lang `"en-US de-DE`"" ) + $pkg_options) ` -Wait -PassThru | Out-Null; } } if (Test-Path -Path "${pkg_layout}\${pkg_file}") { Write-Output "Installing VS 2026 Buildtools using layout at '${pkg_layout}'..."; Start-Process -FilePath "${pkg_layout}\${pkg_file}" -ArgumentList ` (@( '--passive --wait --norestart --nocache' ) + $pkg_options) ` -Wait -PassThru | Out-Null; } else { Write-Output "Installing VisualStudio 2026 Buildtools..."; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` (@( '--passive --wait --norestart --nocache' ) + $pkg_options) ` -Wait -PassThru | Out-Null; } Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; } elseif ($vs_edition -eq "community") { # # VS2026 Community # $pkg_version = "${vs_version}"; $pkg_file = "vs_community-${pkg_version}.exe"; $pkg_url = "https://aka.ms/vs/${pkg_version}/Stable/vs_community.exe"; $pkg_layout = "z:\vs_community-${pkg_version}"; $pkg_options = @( '--add Microsoft.VisualStudio.Workload.NativeDesktop', '--add Microsoft.VisualStudio.Component.VC.ATLMFC', '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64', '--add Microsoft.VisualStudio.Component.VC.ATL.ARM64', '--add Microsoft.VisualStudio.Component.VC.MFC.ARM64', '--remove Component.VisualStudio.GitHub.Copilot', '--remove ComponentGroup.Microsoft.NET.AppModernization', '--remove Microsoft.VisualStudio.Component.IntelliCode', '--remove Component.Microsoft.VisualStudio.LiveShare.2022', '--remove Component.Incredibuild', '--remove Component.IncredibuildMenu', '--includeRecommended' ); if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } # Use cache device, if available if (Test-Path -Path "z:") { if (-not (Test-Path -Path "${pkg_layout}\${pkg_file}")) { Write-Output "Generating VS 2026 Community layout at '${pkg_layout}'..."; Remove-Item -Path "${pkg_layout}" -Recurse -Force -ErrorAction 'SilentlyContinue' | Out-Null; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` (@( "--layout `"${pkg_layout}`" --passive --wait --arch all --keepLayoutVersion --lang `"en-US de-DE`"" ) + $pkg_options) ` -Wait -PassThru | Out-Null; } } if (Test-Path -Path "${pkg_layout}\${pkg_file}") { Write-Output "Installing VS 2026 Community using layout at '${pkg_layout}'..."; Start-Process -FilePath "${pkg_layout}\${pkg_file}" -ArgumentList ` (@( '--passive --wait --norestart --nocache' ) + $pkg_options) ` -Wait -PassThru | Out-Null; } else { Write-Output "Installing VisualStudio 2026 Community..."; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` (@( '--passive --wait --norestart --nocache' ) + $pkg_options) ` -Wait -PassThru | Out-Null; } Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; } }; </File>  <File path="C:\Windows\Setup\Scripts\InstallWindowsSDK.ps1"> # Common $cacheDrive = @(Get-ChildItem function:[d-z]: -n | ?{Test-Path $_\NvVars})[0]; $pkg_locations = @{ # Win11 28000 "10.0.28000.1839" = "https://go.microsoft.com/fwlink/?linkid=2361309"; # Win11 26100 "10.0.26100.8249" = "https://go.microsoft.com/fwlink/?linkid=2361308"; # Required for Chromium builds (as of 2026-05-30) "10.0.26100.7705" = "https://go.microsoft.com/fwlink/?linkid=2349110"; }; $pkg_version = "10.0.26100.7705"; $pkg_file = "winsdksetup-${pkg_version}.exe"; $pkg_url = $pkg_locations[$pkg_version]; $pkg_features = @( # Required for Chromium builds (minumum version: 10.0.26100.3323) "OptionId.WindowsDesktopDebuggers", # Useful tools "OptionId.MSIInstallTools", "OptionId.SigningTools", # "OptionId.WindowsPerformanceToolkit", # "OptionId.AvrfExternal", # "OptionId.NetFxSoftwareDevelopmentKit", # "OptionId.WindowsSoftwareLogoToolkit", # "OptionId.IpOverUsb", # "OptionId.UWPManaged", # "OptionId.UWPCPP", # "OptionId.UWPLocalized", # "OptionId.DesktopCPPx86", "" # sentinel ); $pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.WinSDK; if ($pkg_config.install -ne $true) { Write-Output "Skipping WinSDK installation"; exit; } if (Test-Path -Path "z:\${pkg_file}") { Write-Output "Reading package '${pkg_file}' from cache..."; Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}"; } else { Write-Output "Fetching package from '${pkg_url}'..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; } } Write-Output "Installing Windows SDK ${pkg_version}..."; # additional options /layout [path] /list $pkg_options = & { $options = @(); $features = $pkg_features -Join " "; if (-not ([string]::IsNullOrEmpty($features))) { $options += "/features `"${features}`""; } $options; }; Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList ` (@( '/quiet /norestart /ceip off', "/log `"${env:WINDIR}\Setup\Scripts\WinSDK.log`"" ) + $pkg_options) ` -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; </File>  <File path="C:\Windows\Setup\Scripts\WinFSP.ps1"> # Download and install WinFSP $pkg_version = "2.2.26112"; $pkg_file = "winfsp-${pkg_version}.msi"; $pkg_url = "https://github.com/winfsp/winfsp/releases/download/v2.2B1/winfsp-${pkg_version}.msi"; Write-Output "Installing WinFSP ${pkg_version}..."; (New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}"); Start-Process "msiexec.exe" ` -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\winfsp.log`" /passive /norestart ALLUSERS=1" ` -Wait -PassThru | Out-Null; Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue'; # Load viofs driver # Start-Process "PnpUtil.exe" -ArgumentList "/add-driver `"${env:SystemDrive}\Drivers\viofs\viofs.inf`" /install" ` # -Wait -PassThru; Start-Process "PnpUtil.exe" -ArgumentList "/add-driver `"${env:WINDIR}\ConfigSetRoot\drivers\viofs\viofs.inf`" /install" ` -Wait -PassThru; # Install VirtioFS service #New-Service -Name VirtioFsSvc -DisplayName 'Virtio FS Service' ` # -BinaryPathName "${env:SystemDrive}\drivers\viofs\virtiofs.exe" ` # -StartupType 'Automatic' ` # -DependsOn 'WinFsp.Launcher'; New-Service -Name VirtioFsSvc -DisplayName 'Virtio FS Service' ` -BinaryPathName "${env:WINDIR}\ConfigSetRoot\drivers\viofs\virtiofs.exe" ` -StartupType 'Automatic' ` -DependsOn 'WinFsp.Launcher'; Start-Service -Name VirtioFsSvc -PassThru; </File>   <File path="C:\Windows\Setup\Scripts\FinishSystemSetupAndReboot.ps1"> # Autoselection of first drive with autounattend.xml $unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0]; Write-Output "Resolving user account credentials from '$unattendXmlPath'..."; $xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"][1]/.."; $userName = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText; $userPass = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Password/ns:Value" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText; Write-Output "Credentials for user account: '${userName}' / '$(''.PadRight($userPass.Length, '*'))'"; # Resolve SID from username $userAccount = New-Object System.Security.Principal.NTAccount($userName); $userSid = $userAccount.Translate([System.Security.Principal.SecurityIdentifier]).value; Write-Output "Resolved username '${userName}' to SID '${userSid}'"; # # Set-ExecutionPolicy -ExecutionPolicy 'RemoteSigned' -Scope 'LocalMachine' -ErrorAction 'SilentlyContinue'; # Switch auto-logon to builder user Write-Output "Switching autologon to user account '$userName'..."; reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'AutoAdminLogon' /t 'REG_SZ' /d '1' /f; reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'DefaultUserName' /t 'REG_SZ' /d "$userName" /f; reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'DefaultPassword' /t 'REG_SZ' /d "$userPass" /f; # Reboot into user account Write-Output "Scheduling system reboot to complete '$userName' setup..."; shutdown.exe /r /f /t 30; </File>  <File path="C:\Windows\Setup\Scripts\FinishUserSetupAndShutdown.ps1"> # Autoselection of first drive with autounattend.xml $unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0]; Write-Output "Resolving user account credentials from '$unattendXmlPath'..."; $xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"][1]/.."; $userName = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText; if ($env:USERNAME -eq $userName) { Write-Output "Scheduling system shutdown to finish setup..."; shutdown.exe /s /t 5; } </File> <File path="C:\Windows\Setup\Scripts\config.json"> { "packages": { "Git": { "install": true, "version": "2.54.0" }, "Mesa3dOpenGL": { "install": true, "version": "26.1.1" }, "NodeJS": { "install": true, "version": "24.15.0" }, "OpenSSH": { "install": true, "version": "10.0.0.0p2" }, "Python": { "install": true, "version": "3.14.5" }, "Rust": { "install": true, "version": "1.96.0" }, "VisualStudio": { "install": true, "version": "18", "edition": "buildtools" }, "VSWhere": { "install": false }, "WinSDK": { "install": true, "version": "10.0.26100.7705" }, "Yarn": { "install": true, "version": "1.22.22" } } } </File> </Extensions> </unattend>