stkn/win11-builder
1
0
Fork 0
Code Activity
Files
wip
win11-builder/configs/autounattend-bootstrap-amd64-20260524.xml
T
stkn e577b48c6c WIP 
Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
2026-06-04 17:56:16 +02:00

1225 lines
52 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&GeoLocation=94&Locale=de-DE&Keyboard=00000407&PEMode=Generated&DisableDefender=true&SkipIntegrityCheck=true&InstallFromMode=Name&InstallFromName=Windows+11+Pro&PartitionMode=Unattended&TargetDisk=0&PartitionLayout=GPT&EspSize=300&RecoveryMode=None&DiskAssertionMode=Skip&WindowsEditionMode=Generic&WindowsEdition=pro&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&BypassNetworkCheck=true&UseConfigurationSet=true&ComputerNameMode=Random&TimeZoneMode=Implicit&UserAccountMode=Unattended&AccountName0=Admin&AccountDisplayName0=&AccountPassword0=secret&AccountGroup0=Administrators&AccountName1=User&AccountDisplayName1=&AccountPassword1=user&AccountGroup1=Users&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Disabled&HideFiles=HiddenSystem&ShowFileExtensions=true&TaskbarSearch=Hide&TaskbarIconsMode=Default&DisableWidgets=true&LeftTaskbar=true&DisableBingResults=true&StartTilesMode=Empty&StartPinsMode=Empty&DisableWindowsUpdate=true&DisableUac=true&DisableSac=true&DisableSmartScreen=true&DisableSystemRestore=true&EnableLongPaths=true&DeleteJunctions=true&AllowPowerShellScripts=true&DisableLastAccess=true&PreventAutomaticReboot=true&TurnOffSystemSounds=true&DisableAppSuggestions=true&PreventDeviceEncryption=true&HideEdgeFre=true&DisableEdgeStartupBoost=true&DeleteWindowsOld=true&DisableAutomaticRestartSignOn=true&EffectsMode=Performance&DesktopIconsMode=Default&StartFoldersMode=Default&WifiMode=Skip&ExpressSettings=DisableAll&LockKeysMode=Skip&StickyKeysMode=Disabled&ColorMode=Default&WallpaperMode=Solid&WallpaperColor=%23008080&LockScreenMode=Default&Remove3DViewer=true&RemoveBingSearch=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveWindowsHello=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGameAssist=true&RemoveGetHelp=true&RemoveHandwriting=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveMediaFeatures=true&RemoveStore=true&RemoveMixedReality=true&RemoveZuneVideo=true&RemoveNews=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOneSync=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemoveQuickAssist=true&RemoveRecall=true&RemoveRdpClient=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveSpeech=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWallet=true&RemoveWeather=true&RemoveFaxAndScan=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Skip&AppLockerMode=Skip-->
<settings pass="offlineServicing"></settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
<UILanguageFallback>en-US</UILanguageFallback>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UseConfigurationSet>true</UseConfigurationSet>
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>EFI</Type>
<Size>300</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>MSR</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>3</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Order>1</Order>
<PartitionID>3</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
</ModifyPartition>
</ModifyPartitions>
</Disk>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<ProductKey>
<!-- generic windows 11 pro product key -->
<Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
<WillShowUI>Never</WillShowUI>
</ProductKey>
</UserData>
<UpgradeData>
<Upgrade>false</Upgrade>
<WillShowUI>OnError</WillShowUI>
</UpgradeData>
<DynamicUpdate>
<Enable>false</Enable>
<WillShowUI>OnError</WillShowUI>
</DynamicUpdate>
<ImageInstall>
<OSImage>
<Compact>true</Compact>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>3</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
</OSImage>
</ImageInstall>
</component>
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DriverPaths>
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
<Path>%configsetroot%\drivers</Path>
</PathAndCredentials>
</DriverPaths>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ComputerName>nano11</ComputerName>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>powershell.exe -WindowStyle "Normal" -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\Specialize.ps1"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\DefaultUser.ps1"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="auditSystem"></settings>
<settings pass="auditUser"></settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<InputLocale>de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<PreventDeviceEncryption>true</PreventDeviceEncryption>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ConfigureChatAutoInstall>false</ConfigureChatAutoInstall>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>Admin</Name>
<DisplayName></DisplayName>
<Group>Administrators</Group>
<Password>
<Value>secret</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
<LocalAccount wcm:action="add">
<Name>User</Name>
<DisplayName></DisplayName>
<Group>Users</Group>
<Password>
<Value>user</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Username>Admin</Username>
<Enabled>true</Enabled>
<Password>
<Value>secret</Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
<OOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
</OOBE>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\FirstLogon.ps1"</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
<Build>
<Commit>
<Hash>1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</Hash>
<GitHubUrl>https://github.com/cschneegans/unattend-generator/commit/1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</GitHubUrl>
</Commit>
</Build>
<ExtractScript>
param(
[xml] $Document
);
foreach( $file in $Document.unattend.Extensions.File ) {
$path = [System.Environment]::ExpandEnvironmentVariables( $file.GetAttribute( 'path' ) );
mkdir -Path( $path | Split-Path -Parent ) -ErrorAction 'SilentlyContinue';
$encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
{ $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
{ $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
default { [System.Text.Encoding]::Default; }
};
$bytes = $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() );
[System.IO.File]::WriteAllBytes( $path, $bytes );
}
</ExtractScript>
<File path="C:\Windows\Setup\Scripts\RemovePackages.ps1">
$selectors = @(
'Microsoft.Microsoft3DViewer';
'Microsoft.BingSearch';
'Microsoft.WindowsCamera';
'Clipchamp.Clipchamp';
'Microsoft.WindowsAlarms';
'Microsoft.Copilot';
'Microsoft.549981C3F5F10';
'Microsoft.Windows.DevHome';
'MicrosoftCorporationII.MicrosoftFamily';
'Microsoft.WindowsFeedbackHub';
'Microsoft.Edge.GameAssist';
'Microsoft.GetHelp';
'Microsoft.Getstarted';
'microsoft.windowscommunicationsapps';
'Microsoft.WindowsMaps';
'Microsoft.MixedReality.Portal';
'Microsoft.BingNews';
'Microsoft.MicrosoftOfficeHub';
'Microsoft.Office.OneNote';
'Microsoft.OutlookForWindows';
'Microsoft.Paint';
'Microsoft.MSPaint';
'Microsoft.People';
'Microsoft.Windows.Photos';
'Microsoft.PowerAutomateDesktop';
'MicrosoftCorporationII.QuickAssist';
'Microsoft.SkypeApp';
'Microsoft.ScreenSketch';
'Microsoft.MicrosoftSolitaireCollection';
'Microsoft.MicrosoftStickyNotes';
'Microsoft.WindowsStore';
'Microsoft.StorePurchaseApp';
'MicrosoftTeams';
'MSTeams';
'Microsoft.Todos';
'Microsoft.WindowsSoundRecorder';
'Microsoft.Wallet';
'Microsoft.BingWeather';
'Microsoft.Xbox.TCUI';
'Microsoft.XboxApp';
'Microsoft.XboxGameOverlay';
'Microsoft.XboxGamingOverlay';
'Microsoft.XboxIdentityProvider';
'Microsoft.XboxSpeechToTextOverlay';
'Microsoft.GamingApp';
'Microsoft.YourPhone';
'Microsoft.ZuneMusic';
'Microsoft.ZuneVideo';
);
$getCommand = {
Get-AppxProvisionedPackage -Online;
};
$filterCommand = {
$_.DisplayName -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
}
};
$type = 'Package';
$logfile = 'C:\Windows\Setup\Scripts\RemovePackages.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\RemoveCapabilities.ps1">
$selectors = @(
'Print.Fax.Scan';
'Language.Handwriting';
'Browser.InternetExplorer';
'MathRecognizer';
'OneCoreUAP.OneSync';
'Microsoft.Windows.MSPaint';
'App.Support.QuickAssist';
'Microsoft.Windows.SnippingTool';
'Language.Speech';
'Language.TextToSpeech';
'App.StepsRecorder';
'Hello.Face.18967';
'Hello.Face.Migration.18967';
'Hello.Face.20134';
'Media.WindowsMediaPlayer';
'Microsoft.Windows.WordPad';
);
$getCommand = {
Get-WindowsCapability -Online | Where-Object -Property 'State' -NotIn -Value @(
'NotPresent';
'Removed';
);
};
$filterCommand = {
($_.Name -split '~')[0] -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
}
};
$type = 'Capability';
$logfile = 'C:\Windows\Setup\Scripts\RemoveCapabilities.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\RemoveFeatures.ps1">
$selectors = @(
'MediaPlayback';
'Microsoft-RemoteDesktopConnection';
'Recall';
'Microsoft-SnippingTool';
);
$getCommand = {
Get-WindowsOptionalFeature -Online | Where-Object -Property 'State' -NotIn -Value @(
'Disabled';
'DisabledWithPayloadRemoved';
);
};
$filterCommand = {
$_.FeatureName -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
}
};
$type = 'Feature';
$logfile = 'C:\Windows\Setup\Scripts\RemoveFeatures.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml">
&lt;Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"&gt;
&lt;Triggers&gt;
&lt;BootTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;P1D&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/BootTrigger&gt;
&lt;/Triggers&gt;
&lt;Principals&gt;
&lt;Principal id="Author"&gt;
&lt;UserId&gt;S-1-5-19&lt;/UserId&gt;
&lt;RunLevel&gt;LeastPrivilege&lt;/RunLevel&gt;
&lt;/Principal&gt;
&lt;/Principals&gt;
&lt;Settings&gt;
&lt;MultipleInstancesPolicy&gt;IgnoreNew&lt;/MultipleInstancesPolicy&gt;
&lt;DisallowStartIfOnBatteries&gt;false&lt;/DisallowStartIfOnBatteries&gt;
&lt;StopIfGoingOnBatteries&gt;false&lt;/StopIfGoingOnBatteries&gt;
&lt;AllowHardTerminate&gt;true&lt;/AllowHardTerminate&gt;
&lt;StartWhenAvailable&gt;false&lt;/StartWhenAvailable&gt;
&lt;RunOnlyIfNetworkAvailable&gt;false&lt;/RunOnlyIfNetworkAvailable&gt;
&lt;IdleSettings&gt;
&lt;StopOnIdleEnd&gt;true&lt;/StopOnIdleEnd&gt;
&lt;RestartOnIdle&gt;false&lt;/RestartOnIdle&gt;
&lt;/IdleSettings&gt;
&lt;AllowStartOnDemand&gt;true&lt;/AllowStartOnDemand&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;Hidden&gt;false&lt;/Hidden&gt;
&lt;RunOnlyIfIdle&gt;false&lt;/RunOnlyIfIdle&gt;
&lt;WakeToRun&gt;false&lt;/WakeToRun&gt;
&lt;ExecutionTimeLimit&gt;PT72H&lt;/ExecutionTimeLimit&gt;
&lt;Priority&gt;7&lt;/Priority&gt;
&lt;/Settings&gt;
&lt;Actions Context="Author"&gt;
&lt;Exec&gt;
&lt;Command&gt;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe&lt;/Command&gt;
&lt;Arguments&gt;-WindowStyle Hidden -NoProfile -NonInteractive -Command "$format = 'yyyy-MM-ddTHH\:mm\:ssK'; $now = [datetime]::UtcNow; $start = $now.ToString($format); $end = $now.AddDays(7).ToString($format); $params = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'String'; Force = $true; Verbose = $true; }; 'PauseFeatureUpdatesStartTime', 'PauseQualityUpdatesStartTime', 'PauseUpdatesStartTime' | foreach { Set-ItemProperty @params -Name $_ -Value $start; }; 'PauseFeatureUpdatesEndTime', 'PauseQualityUpdatesEndTime', 'PauseUpdatesExpiryTime' | foreach { Set-ItemProperty @params -Name $_ -Value $end; };"&lt;/Arguments&gt;
&lt;/Exec&gt;
&lt;/Actions&gt;
&lt;/Task&gt;
</File>
<File path="C:\Windows\Setup\Scripts\MoveActiveHours.xml">
&lt;Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"&gt;
&lt;Triggers&gt;
&lt;BootTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;PT4H&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/BootTrigger&gt;
&lt;RegistrationTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;PT4H&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/RegistrationTrigger&gt;
&lt;/Triggers&gt;
&lt;Principals&gt;
&lt;Principal id="Author"&gt;
&lt;UserId&gt;S-1-5-19&lt;/UserId&gt;
&lt;RunLevel&gt;LeastPrivilege&lt;/RunLevel&gt;
&lt;/Principal&gt;
&lt;/Principals&gt;
&lt;Settings&gt;
&lt;MultipleInstancesPolicy&gt;IgnoreNew&lt;/MultipleInstancesPolicy&gt;
&lt;DisallowStartIfOnBatteries&gt;false&lt;/DisallowStartIfOnBatteries&gt;
&lt;StopIfGoingOnBatteries&gt;false&lt;/StopIfGoingOnBatteries&gt;
&lt;AllowHardTerminate&gt;true&lt;/AllowHardTerminate&gt;
&lt;StartWhenAvailable&gt;false&lt;/StartWhenAvailable&gt;
&lt;RunOnlyIfNetworkAvailable&gt;false&lt;/RunOnlyIfNetworkAvailable&gt;
&lt;IdleSettings&gt;
&lt;StopOnIdleEnd&gt;true&lt;/StopOnIdleEnd&gt;
&lt;RestartOnIdle&gt;false&lt;/RestartOnIdle&gt;
&lt;/IdleSettings&gt;
&lt;AllowStartOnDemand&gt;true&lt;/AllowStartOnDemand&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;Hidden&gt;false&lt;/Hidden&gt;
&lt;RunOnlyIfIdle&gt;false&lt;/RunOnlyIfIdle&gt;
&lt;WakeToRun&gt;false&lt;/WakeToRun&gt;
&lt;ExecutionTimeLimit&gt;PT72H&lt;/ExecutionTimeLimit&gt;
&lt;Priority&gt;7&lt;/Priority&gt;
&lt;/Settings&gt;
&lt;Actions Context="Author"&gt;
&lt;Exec&gt;
&lt;Command&gt;%windir%\System32\conhost.exe&lt;/Command&gt;
&lt;Arguments&gt;--headless %windir%\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -NoProfile -NonInteractive -Command "$p = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'DWord'; }; $h = [datetime]::Now.Hour; Set-ItemProperty @p -Name 'ActiveHoursStart' -Value (($h + 23) % 24); Set-ItemProperty @p -Name 'ActiveHoursEnd' -Value (($h + 11) % 24); Set-ItemProperty @p -Name 'SmartActiveHoursState' -Value 0;"&lt;/Arguments&gt;
&lt;/Exec&gt;
&lt;/Actions&gt;
&lt;/Task&gt;
</File>
<File path="C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1">
$excludes = Get-ChildItem -LiteralPath 'Registry::HKU\DefaultUser\AppEvents\EventLabels' |
Where-Object -FilterScript { ($_ | Get-ItemProperty).ExcludeFromCPL -eq 1; } |
Select-Object -ExpandProperty 'PSChildName';
Get-ChildItem -Path 'Registry::HKU\DefaultUser\AppEvents\Schemes\Apps\*\*' |
Where-Object -Property 'PSChildName' -NotIn $excludes |
Get-ChildItem -Include '.Current' | Set-ItemProperty -Name '(Default)' -Value '';
</File>
<File path="C:\Windows\Setup\Scripts\SetStartPins.ps1">
$json = '{"pinnedList":[]}';
if( [System.Environment]::OSVersion.Version.Build -lt 20000 ) {
return;
}
$key = 'Registry::HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start';
New-Item -Path $key -ItemType 'Directory' -ErrorAction 'SilentlyContinue';
Set-ItemProperty -LiteralPath $key -Name 'ConfigureStartPins' -Value $json -Type 'String';
</File>
<File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml">
&lt;LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"&gt;
&lt;LayoutOptions StartTileGroupCellWidth="6" /&gt;
&lt;DefaultLayoutOverride&gt;
&lt;StartLayoutCollection&gt;
&lt;StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" /&gt;
&lt;/StartLayoutCollection&gt;
&lt;/DefaultLayoutOverride&gt;
&lt;/LayoutModificationTemplate&gt;
</File>
<File path="C:\Windows\Setup\Scripts\SetWallpaper.ps1">
Add-Type -TypeDefinition '
using System.Drawing;
using System.Runtime.InteropServices;
public static class WallpaperSetter {
[DllImport("user32.dll")]
private static extern bool SetSysColors(
int cElements,
int[] lpaElements,
int[] lpaRgbValues
);
[DllImport("user32.dll")]
private static extern bool SystemParametersInfo(
uint uiAction,
uint uiParam,
string pvParam,
uint fWinIni
);
public static void SetDesktopBackground(Color color) {
SystemParametersInfo(20, 0, "", 0);
SetSysColors(1, new int[] { 1 }, new int[] { ColorTranslator.ToWin32(color) });
}
public static void SetDesktopImage(string file) {
SystemParametersInfo(20, 0, file, 0);
}
}
' -ReferencedAssemblies 'System.Drawing';
function Set-WallpaperColor {
param(
[string]
$HtmlColor
);
$color = [System.Drawing.ColorTranslator]::FromHtml( $HtmlColor );
[WallpaperSetter]::SetDesktopBackground( $color );
Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 1 -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value '' -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Colors' -Name 'Background' -Type 'String' -Value "$($color.R) $($color.G) $($color.B)" -Force;
}
function Set-WallpaperImage {
param(
[string]
$LiteralPath
);
if( $LiteralPath | Test-Path ) {
[WallpaperSetter]::SetDesktopImage( $LiteralPath );
Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 0 -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value $LiteralPath -Force;
} else {
"Cannot use '$LiteralPath' as a desktop wallpaper because that file does not exist.";
}
}
Set-WallpaperColor -HtmlColor '#008080';
</File>
<File path="C:\Windows\Setup\Scripts\Specialize.ps1">
$scripts = @(
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f;
};
{
Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' -Force -ErrorAction 'SilentlyContinue';
};
{
Remove-Item -LiteralPath 'C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk', 'C:\Windows\System32\OneDriveSetup.exe', 'C:\Windows\SysWOW64\OneDriveSetup.exe' -ErrorAction 'Continue';
};
{
Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' -Force -ErrorAction 'SilentlyContinue';
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\RemovePackages.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\RemoveCapabilities.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\RemoveFeatures.ps1';
};
{
net.exe accounts /lockoutthreshold:0;
};
{
net.exe accounts /maxpwage:UNLIMITED;
};
{
Register-ScheduledTask -TaskName 'PauseWindowsUpdate' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml' -Raw );
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v DisableNotifications /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v VerifiedAndReputablePolicyState /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v ServiceEnabled /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyMalicious /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyPasswordReuse /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyUnsafeApp /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v HideSystray /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f
};
{
Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force;
};
{
fsutil.exe behavior set disableLastAccess 1;
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f;
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f;
};
{
Register-ScheduledTask -TaskName 'MoveActiveHours' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\MoveActiveHours.xml' -Raw );
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation" /v DisableStartupSound /t REG_DWORD /d 1 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EditionOverrides" /v UserSetting_DisableStartupSound /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v BackgroundModeEnabled /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v StartupBoostEnabled /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\SetStartPins.ps1';
};
{
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
};
{
reg.exe add "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f;
};
{
reg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f;
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to customize your Windows installation. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\Specialize.log";
</File>
<File path="C:\Windows\Setup\Scripts\UserOnce.ps1">
$scripts = @(
{
Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;
};
{
@(
Get-ChildItem -LiteralPath $env:USERPROFILE -Force -Recurse -Depth 2;
) | Where-Object -FilterScript {
$_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint );
} | Remove-Item -Force -Recurse -Verbose;
};
{
Set-ItemProperty -LiteralPath 'Registry::HKCU\AppEvents\Schemes' -Name '(Default)' -Type 'String' -Value '.None';
};
{
Set-ItemProperty -LiteralPath 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Search' -Name 'SearchboxTaskbarMode' -Type 'DWord' -Value 0;
};
{
Set-ItemProperty -LiteralPath 'Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects' -Name 'VisualFXSetting' -Type 'DWord' -Value 2 -Force;
};
{
&amp; 'C:\Windows\Setup\Scripts\SetWallpaper.ps1';
};
{
Get-Process -Name 'explorer' -ErrorAction 'SilentlyContinue' | Where-Object -FilterScript {
$_.SessionId -eq ( Get-Process -Id $PID ).SessionId;
} | Stop-Process -Force;
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to configure this user account. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "$env:TEMP\UserOnce.log";
</File>
<File path="C:\Windows\Setup\Scripts\DefaultUser.ps1">
$scripts = @(
{
reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore" /f;
};
{
Remove-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run' -Name 'OneDriveSetup' -Force -ErrorAction 'Continue';
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\GameDVR" /v AppCaptureEnabled /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v PreventOverride /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1';
};
{
$names = @(
'ContentDeliveryAllowed';
'FeatureManagementEnabled';
'OEMPreInstalledAppsEnabled';
'PreInstalledAppsEnabled';
'PreInstalledAppsEverEnabled';
'SilentInstalledAppsEnabled';
'SoftLandingEnabled';
'SubscribedContentEnabled';
'SubscribedContent-310093Enabled';
'SubscribedContent-338387Enabled';
'SubscribedContent-338388Enabled';
'SubscribedContent-338389Enabled';
'SubscribedContent-338393Enabled';
'SubscribedContent-353694Enabled';
'SubscribedContent-353696Enabled';
'SubscribedContent-353698Enabled';
'SystemPaneSuggestionsEnabled';
);
foreach( $name in $names ) {
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v $name /t REG_DWORD /d 0 /f;
}
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarAl /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\Explorer" /v DisableSearchBoxSuggestions /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "UnattendedSetup" /t REG_SZ /d "powershell.exe -WindowStyle \""Normal\"" -ExecutionPolicy \""Unrestricted\"" -NoProfile -File \""C:\Windows\Setup\Scripts\UserOnce.ps1\""" /f;
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to modify the default user&#x2019;&#x2019;s registry hive. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\DefaultUser.log";
</File>
<File path="C:\Windows\Setup\Scripts\FirstLogon.ps1">
$scripts = @(
{
# Set-ItemProperty -LiteralPath 'Registry::HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'AutoLogonCount' -Type 'DWord' -Force -Value 0;
};
{
@(
Get-ChildItem -LiteralPath 'C:\' -Force;
Get-ChildItem -LiteralPath 'C:\Users' -Force;
Get-ChildItem -LiteralPath 'C:\Users\Default' -Force -Recurse -Depth 2;
Get-ChildItem -LiteralPath 'C:\Users\Public' -Force -Recurse -Depth 2;
Get-ChildItem -LiteralPath 'C:\ProgramData' -Force;
) | Where-Object -FilterScript {
$_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint );
} | Remove-Item -Force -Recurse -Verbose;
};
{
Disable-ComputerRestore -Drive 'C:\';
};
{
cmd.exe /c "rmdir C:\Windows.old";
};
{
Set-Service -Name WSearch -StartupType 'Disabled' -Status 'Stopped' `
-Force -ErrorAction 'SilentlyContinue';
};
{
&amp; 'C:\Windows\Setup\Scripts\WinRM.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\OpenSSH.ps1';
};
{
# &amp; 'C:\Windows\Setup\Scripts\InstallChocolatey.ps1';
};
{
# &amp; 'C:\Windows\Setup\Scripts\InstallPython.ps1';
};
{
# &amp; 'C:\Windows\Setup\Scripts\InstallNodeJS.ps1';
};
{
# &amp; 'C:\Windows\Setup\Scripts\InstallGit.ps1';
};
{
# &amp; 'C:\Windows\Setup\Scripts\InstallVisualStudio.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\WinFSP.ps1';
};
{
Remove-Item -LiteralPath @(
'C:\Windows\Panther\unattend.xml';
'C:\Windows\Panther\unattend-original.xml';
'C:\Windows\Setup\Scripts\Wifi.xml';
) -Force -ErrorAction 'SilentlyContinue' -Verbose;
};
{
Remove-Item -LiteralPath @(
Get-ChildItem -LiteralPath $(Join-Path -Path $env:WINDIR -ChildPath 'Temp') -Force;
Get-ChildItem -LiteralPath $(Join-Path -Path $env:LOCALAPPDATA -ChildPath 'Temp') -Force;
) -Force -ErrorAction 'SilentlyContinue' -Verbose;
};
{
$keepList = @( 'autounattend.xml' );
Get-ChildItem -Path "${env:WINDIR}\ConfigSetRoot" | Where-Object { $_.Name -notin $keepList } | ForEach-Object {
Write-Output "Removing non-essential file/folder from ConfigSetRoot: $($_.Name)"
Remove-Item -Path $_.FullName -Recurse -Force
}
};
{
New-Item -Path "${env:USERPROFILE}\nano11builder" -Type Directory -Force;
(New-Object System.Net.WebClient).DownloadFile('https://git.bitplumber.de/stkn/win11-builder/raw/branch/main/bootstrap/nano11builder-headless.ps1', `
"${env:USERPROFILE}\nano11builder\nano11builder.ps1");
};
{
cmd.exe /c "shutdown /r /f /t 3"
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to finalize your Windows installation. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\FirstLogon.log";
</File>
<!--
##### custom scripts start #####
-->
<!-- Windows remote management interface setup script -->
<File path="C:\Windows\Setup\Scripts\WinRM.ps1">
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
Write-Output "Running WinRM quickconfig setup..."
cmd.exe /c winrm quickconfig -q -force
Write-Output "Disabling WinRM over HTTP..."
# Scope: Public
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP"
# Scope: Domain,Private
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-NoScope"
Get-ChildItem WSMan:\Localhost\listener -Force | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue
Write-Output "Configuring WinRM for HTTPS..."
Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000' -Force
Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024' -Force
Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false' -Force
Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true' -Force
Set-Item -Path WSMan:\LocalHost\Service\Auth\CredSSP -Value 'true' -Force
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Domain,Private
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Public
$Hostname = [System.Net.Dns]::GetHostByName((hostname)).HostName.ToUpper()
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $Hostname
New-Item -Path WSMan:\LocalHost\Listener -Address * -Transport HTTPS -Hostname $Hostname -CertificateThumbPrint $Cert.Thumbprint -Port "5986" -force
Write-Output "Configuring WinRM service for automatic start..."
Set-Service -Name WinRM -StartupType Automatic
Write-Output "Restarting WinRM Service..."
Restart-Service -Name WinRM -Force
</File>
<!-- OpenSSH server installation script -->
<File path="C:\Windows\Setup\Scripts\OpenSSH.ps1">
Write-Output "Installing OpenSSH 10.0.0.0p2 manually...";
(New-Object System.Net.WebClient).DownloadFile('https://github.com/PowerShell/Win32-OpenSSH/releases/download/10.0.0.0p2-Preview/OpenSSH-AMD64-v10.0.0.0.msi', "${env:TEMP}\openssh-amd64.msi");
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\openssh-amd64.msi`" /log `"C:\Windows\Setup\Scripts\openssh-amd64.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru;
Remove-Item -LiteralPath "${env:TEMP}\openssh-amd64.msi" -Force -ErrorAction 'SilentlyContinue';
Write-Output "Installing OpenSSH Server..."
&amp; "$env:ProgramFiles\OpenSSH-Win64\install-sshd.ps1"
Write-Output "Enabling OpenSSH Server..."
Set-Service -Name sshd -StartupType Automatic
New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP" `
-DisplayName "OpenSSH Server (SSH-In)" `
-Description "Inbound rule for OpenSSH Server connections. [TCP 22]" `
-Group "Windows Remote Management" `
-Protocol TCP `
-LocalPort "22" `
-Action Allow `
-Profile Domain,Private
New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP-PUBLIC" `
-DisplayName "OpenSSH Server (SSH-In)" `
-Description "Inbound rule for OpenSSH Server connections. [TCP 22]" `
-Group "Windows Remote Management" `
-Protocol TCP `
-LocalPort "22" `
-Action Allow `
-Profile Public
</File>
<!-- Chocolatey installation script (unused) -->
<File path="C:\Windows\Setup\Scripts\InstallChocolatey.ps1">
Write-Output "Installing Chocolatey..."
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
</File>
<!--
Application / package installation script
Previously based on chocolatey, but that does not support Arm64 natively, so...
-->
<File path="C:\Windows\Setup\Scripts\InstallGit.ps1">
#
# Common defines
#
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# Git
#
$git_version = "2.54.0";
$git_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://github.com/git-for-windows/git/releases/download/v${git_version}.windows.1/Git-${git_version}-64-bit.exe";
} else {
"https://github.com/git-for-windows/git/releases/download/v${git_version}.windows.1/Git-${git_version}-${cpu_arch}.exe";
}
};
Write-Output "Installing Git ${git_version} manually...";
(New-Object System.Net.WebClient).DownloadFile($git_url, "${env:TEMP}\git-${cpu_arch}.exe");
Start-Process -FilePath "${env:TEMP}\git-${cpu_arch}.exe" -ArgumentList `
"/ALLUSERS /VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /COMPONENTS=`"icons,assoc,assoc_sh,windowsterminal`"", `
"/o:EditorOption=Nano", `
"/o:CurlOption=WinSSL", `
"/o:PathOption=CmdTools" `
-Wait -PassThru;
Remove-Item -LiteralPath "${env:TEMP}\git-${cpu_arch}.exe" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallPython.ps1">
#
# Common defines
#
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# Python
#
$python_version = "3.14.5";
$python_url = "https://www.python.org/ftp/python/${python_version}/python-${python_version}-${cpu_arch}.exe";
Write-Output "Installing Python ${python_version} manually...";
(New-Object System.Net.WebClient).DownloadFile($python_url, "${env:TEMP}\python-${cpu_arch}.exe");
Start-Process -FilePath "${env:TEMP}\python-${cpu_arch}.exe" -ArgumentList "/quiet PrependPath=1 InstallAllUsers=1" -Wait -PassThru;
Remove-Item -LiteralPath "${env:TEMP}\python-${cpu_arch}.exe" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallNodeJS.ps1">
#
# Common defines
#
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# NodeJS (LTS)
#
$node_version = "24.15.0";
$node_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://nodejs.org/dist/v${node_version}/node-v${node_version}-x64.msi";
} else {
"https://nodejs.org/dist/v${node_version}/node-v${node_version}-${cpu_arch}.msi";
}
};
Write-Output "Installing NodeJS ${node_version} manually...";
(New-Object System.Net.WebClient).DownloadFile($node_url, "${env:TEMP}\node-${cpu_arch}.msi");
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\node-${cpu_arch}.msi`" /log `"${env:WINDIR}\Setup\Scripts\node-${cpu_arch}.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru;
Remove-Item -LiteralPath "${env:TEMP}\node-${cpu_arch}.msi" -Force -ErrorAction 'SilentlyContinue';
</File>
<!--
VisualStudio 2022 / 2026 installation script
NOTE: Installation fails on Arm64
-->
<File path="C:\Windows\Setup\Scripts\InstallVisualStudio.ps1">
#
# VSWhere (AMD64 only)
#
$vswhere_version = "3.1.7";
$vswhere_url = "https://github.com/microsoft/vswhere/releases/download/${vswhere_version}/vswhere.exe";
Write-Output "Installing VSWhere ${vswhere_version} manually..."
(New-Object System.Net.WebClient).DownloadFile($vswhere_url, "${env:WINDIR}\vswhere.exe");
#
# VS2022 Buildtools
#
# Write-Output "Installing VisualStudio 2022 Buildtools manually..."
# (New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/17/release/vs_buildtools.exe', "${env:TEMP}\vs_buildtools.exe");
# Start-Process -FilePath "${env:TEMP}\vs_buildtools.exe" -ArgumentList `
# "--passive --wait --norestart --nocache", `
# "--add Microsoft.VisualStudio.Workload.VCTools", `
# "--add Microsoft.VisualStudio.Component.VC.ATLMFC", `
# "--add Microsoft.VisualStudio.Component.VC.ATL.ARM64", `
# "--add Microsoft.VisualStudio.Component.VC.MFC.ARM64" `
# -Wait -PassThru;
#
# VS2026 Buildtools
#
Write-Output "Installing VisualStudio 2026 Buildtools manually..."
(New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/18/Stable/vs_buildtools.exe', "${env:TEMP}\vs_buildtools.exe");
Start-Process -FilePath "${env:TEMP}\vs_buildtools.exe" -ArgumentList `
"--passive --wait --norestart --nocache", `
"--add Microsoft.VisualStudio.Workload.VCTools", `
"--add Microsoft.VisualStudio.Component.VC.ATLMFC", `
"--add Microsoft.VisualStudio.Component.VC.ATL.ARM64", `
"--add Microsoft.VisualStudio.Component.VC.MFC.ARM64" `
-Wait -PassThru;
#
# VS2022 Community
#
# Write-Output "Installing VisualStudio 2022 Community manually..."
# (New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/17/release/vs_community.exe', "${env:TEMP}\vs_community.exe");
# Start-Process -FilePath "${env:TEMP}\vs_community.exe" -ArgumentList `
# "--passive --wait --norestart --nocache", `
# "--add Microsoft.VisualStudio.Workload.NativeDesktop", `
# "--add Microsoft.VisualStudio.Component.VC.ATLMFC", `
# "--add Microsoft.VisualStudio.Component.VC.ATL.ARM64", `
# "--add Microsoft.VisualStudio.Component.VC.MFC.ARM64", `
# "--includeRecommended" `
# -Wait -PassThru;
# Remove VS bootstrapper
Remove-Item -LiteralPath @(
"${env:TEMP}\vs_buildtools.exe";
"${env:TEMP}\vs_community.exe";
) -Force -ErrorAction 'SilentlyContinue';
</File>
<!--
WinFSP and Virtio FS installation
-->
<File path="C:\Windows\Setup\Scripts\WinFSP.ps1">
# Download and install WinFSP
$winfsp_version = "2026 Beta 1";
#$winfsp_url = "https://github.com/winfsp/winfsp/releases/download/v2.2B1/winfsp-2.2.26112.msi";
$winfsp_url = "https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi";
Write-Output "Installing WinFSP ${winfsp_version} manually...";
(New-Object System.Net.WebClient).DownloadFile($winfsp_url, "${env:TEMP}\winfsp.msi");
Start-Process "msiexec.exe" `
-ArgumentList "/i `"${env:TEMP}\winfsp.msi`" /log `"${env:WINDIR}\Setup\Scripts\winfsp.log`" /passive /norestart ALLUSERS=1" `
-Wait -PassThru;
Remove-Item -LiteralPath "${env:TEMP}\winfsp.msi" -Force -ErrorAction 'SilentlyContinue';
# Load viofs driver
Start-Process "PnpUtil.exe" -ArgumentList "/add-driver `"${env:SystemDrive}\Drivers\viofs\viofs.inf`" /install" `
-Wait -PassThru;
# Install VirtioFS service
New-Service -Name VirtioFsSvc -DisplayName 'Virtio FS Service' `
-BinaryPathName "${env:SystemDrive}\Drivers\viofs\virtiofs.exe" `
-StartupType 'Automatic' `
-DependsOn 'WinFsp.Launcher';
Start-Service -Name VirtioFsSvc -PassThru;
</File>
<!--
##### custom scripts end #####
-->
</Extensions>
</unattend>
View Git Blame Copy Permalink