stkn/win11-builder
1
0
Fork 0
Code Activity
Files
b09d3b16e213e1c8469a6879874bc9f75b69a075
win11-builder/configs/autounattend-builder-amd64-20260527.xml
T
stkn b09d3b16e2 WIP 
Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
2026-06-04 23:19:16 +02:00

1810 lines
76 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&GeoLocation=94&Locale=de-DE&Keyboard=00000407&PEMode=Generated&DisableDefender=true&SkipIntegrityCheck=true&InstallFromMode=Name&InstallFromName=Windows+11+Pro&PartitionMode=Unattended&TargetDisk=0&PartitionLayout=GPT&EspSize=300&RecoveryMode=None&DiskAssertionMode=Skip&WindowsEditionMode=Generic&WindowsEdition=pro&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&BypassNetworkCheck=true&UseConfigurationSet=true&ComputerNameMode=Random&TimeZoneMode=Implicit&UserAccountMode=Unattended&AccountName0=Admin&AccountDisplayName0=&AccountPassword0=secret&AccountGroup0=Administrators&AccountName1=User&AccountDisplayName1=&AccountPassword1=user&AccountGroup1=Users&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Disabled&HideFiles=HiddenSystem&ShowFileExtensions=true&TaskbarSearch=Hide&TaskbarIconsMode=Default&DisableWidgets=true&LeftTaskbar=true&DisableBingResults=true&StartTilesMode=Empty&StartPinsMode=Empty&DisableWindowsUpdate=true&DisableUac=true&DisableSac=true&DisableSmartScreen=true&DisableSystemRestore=true&EnableLongPaths=true&DeleteJunctions=true&AllowPowerShellScripts=true&DisableLastAccess=true&PreventAutomaticReboot=true&TurnOffSystemSounds=true&DisableAppSuggestions=true&PreventDeviceEncryption=true&HideEdgeFre=true&DisableEdgeStartupBoost=true&DeleteWindowsOld=true&DisableAutomaticRestartSignOn=true&EffectsMode=Performance&DesktopIconsMode=Default&StartFoldersMode=Default&WifiMode=Skip&ExpressSettings=DisableAll&LockKeysMode=Skip&StickyKeysMode=Disabled&ColorMode=Default&WallpaperMode=Solid&WallpaperColor=%23008080&LockScreenMode=Default&Remove3DViewer=true&RemoveBingSearch=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveWindowsHello=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGameAssist=true&RemoveGetHelp=true&RemoveHandwriting=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveMediaFeatures=true&RemoveStore=true&RemoveMixedReality=true&RemoveZuneVideo=true&RemoveNews=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOneSync=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemoveQuickAssist=true&RemoveRecall=true&RemoveRdpClient=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveSpeech=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWallet=true&RemoveWeather=true&RemoveFaxAndScan=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&WdacMode=Skip&AppLockerMode=Skip-->
<settings pass="offlineServicing"></settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
<UILanguageFallback>en-US</UILanguageFallback>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UseConfigurationSet>true</UseConfigurationSet>
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>
<Disk wcm:action="add">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>EFI</Type>
<Size>300</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>MSR</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>3</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Order>1</Order>
<PartitionID>3</PartitionID>
<Label>Windows</Label>
<Letter>C</Letter>
<Format>NTFS</Format>
</ModifyPartition>
</ModifyPartitions>
</Disk>
</DiskConfiguration>
<UserData>
<AcceptEula>true</AcceptEula>
<ProductKey>
<!-- generic windows 11 pro product key -->
<Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
<WillShowUI>Never</WillShowUI>
</ProductKey>
</UserData>
<UpgradeData>
<Upgrade>false</Upgrade>
<WillShowUI>OnError</WillShowUI>
</UpgradeData>
<DynamicUpdate>
<Enable>false</Enable>
<WillShowUI>OnError</WillShowUI>
</DynamicUpdate>
<ImageInstall>
<OSImage>
<Compact>true</Compact>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>3</PartitionID>
</InstallTo>
<WillShowUI>OnError</WillShowUI>
</OSImage>
</ImageInstall>
</component>
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DriverPaths>
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
<Path>%configsetroot%\drivers</Path>
</PathAndCredentials>
</DriverPaths>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ComputerName>nano11</ComputerName>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>powershell.exe -WindowStyle "Normal" -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\Specialize.ps1"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\DefaultUser.ps1"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="auditSystem"></settings>
<settings pass="auditUser"></settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<InputLocale>de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<PreventDeviceEncryption>true</PreventDeviceEncryption>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ConfigureChatAutoInstall>false</ConfigureChatAutoInstall>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>Admin</Name>
<DisplayName></DisplayName>
<Group>Administrators</Group>
<Password>
<Value>secret</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
<LocalAccount wcm:action="add">
<Name>User</Name>
<DisplayName></DisplayName>
<Group>Users</Group>
<Password>
<Value>user</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Username>Admin</Username>
<Enabled>true</Enabled>
<Password>
<Value>secret</Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
<OOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Work</NetworkLocation>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>powershell.exe -WindowStyle "Normal" -ExecutionPolicy "Unrestricted" -NoProfile -File "C:\Windows\Setup\Scripts\FirstLogon.ps1"</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<Extensions xmlns="https://schneegans.de/windows/unattend-generator/">
<Build>
<Commit>
<Hash>1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</Hash>
<GitHubUrl>https://github.com/cschneegans/unattend-generator/commit/1cbe01daa2a4b8df5548c4a5eb1cce7f28699acd</GitHubUrl>
</Commit>
</Build>
<ExtractScript>
param(
[xml] $Document
);
foreach( $file in $Document.unattend.Extensions.File ) {
$path = [System.Environment]::ExpandEnvironmentVariables( $file.GetAttribute( 'path' ) );
mkdir -Path( $path | Split-Path -Parent ) -ErrorAction 'SilentlyContinue';
$encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
{ $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
{ $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
default { [System.Text.Encoding]::Default; }
};
$bytes = $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() );
[System.IO.File]::WriteAllBytes( $path, $bytes );
}
</ExtractScript>
<File path="C:\Windows\Setup\Scripts\RemovePackages.ps1">
$selectors = @(
'Microsoft.Microsoft3DViewer';
'Microsoft.BingSearch';
'Microsoft.WindowsCamera';
'Clipchamp.Clipchamp';
'Microsoft.WindowsAlarms';
'Microsoft.Copilot';
'Microsoft.549981C3F5F10';
'Microsoft.Windows.DevHome';
'MicrosoftCorporationII.MicrosoftFamily';
'Microsoft.WindowsFeedbackHub';
'Microsoft.Edge.GameAssist';
'Microsoft.GetHelp';
'Microsoft.Getstarted';
'microsoft.windowscommunicationsapps';
'Microsoft.WindowsMaps';
'Microsoft.MixedReality.Portal';
'Microsoft.BingNews';
'Microsoft.MicrosoftOfficeHub';
'Microsoft.Office.OneNote';
'Microsoft.OutlookForWindows';
'Microsoft.Paint';
'Microsoft.MSPaint';
'Microsoft.People';
'Microsoft.Windows.Photos';
'Microsoft.PowerAutomateDesktop';
'MicrosoftCorporationII.QuickAssist';
'Microsoft.SkypeApp';
'Microsoft.ScreenSketch';
'Microsoft.MicrosoftSolitaireCollection';
'Microsoft.MicrosoftStickyNotes';
'Microsoft.WindowsStore';
'Microsoft.StorePurchaseApp';
'MicrosoftTeams';
'MSTeams';
'Microsoft.Todos';
'Microsoft.WindowsSoundRecorder';
'Microsoft.Wallet';
'Microsoft.BingWeather';
'Microsoft.Xbox.TCUI';
'Microsoft.XboxApp';
'Microsoft.XboxGameOverlay';
'Microsoft.XboxGamingOverlay';
'Microsoft.XboxIdentityProvider';
'Microsoft.XboxSpeechToTextOverlay';
'Microsoft.GamingApp';
'Microsoft.YourPhone';
'Microsoft.ZuneMusic';
'Microsoft.ZuneVideo';
);
$getCommand = {
Get-AppxProvisionedPackage -Online;
};
$filterCommand = {
$_.DisplayName -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
}
};
$type = 'Package';
$logfile = 'C:\Windows\Setup\Scripts\RemovePackages.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\RemoveCapabilities.ps1">
$selectors = @(
'Print.Fax.Scan';
'Language.Handwriting';
'Browser.InternetExplorer';
'MathRecognizer';
'OneCoreUAP.OneSync';
'Microsoft.Windows.MSPaint';
'App.Support.QuickAssist';
'Microsoft.Windows.SnippingTool';
'Language.Speech';
'Language.TextToSpeech';
'App.StepsRecorder';
'Hello.Face.18967';
'Hello.Face.Migration.18967';
'Hello.Face.20134';
'Media.WindowsMediaPlayer';
'Microsoft.Windows.WordPad';
);
$getCommand = {
Get-WindowsCapability -Online | Where-Object -Property 'State' -NotIn -Value @(
'NotPresent';
'Removed';
);
};
$filterCommand = {
($_.Name -split '~')[0] -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
}
};
$type = 'Capability';
$logfile = 'C:\Windows\Setup\Scripts\RemoveCapabilities.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\RemoveFeatures.ps1">
$selectors = @(
'MediaPlayback';
'Microsoft-RemoteDesktopConnection';
'Recall';
'Microsoft-SnippingTool';
);
$getCommand = {
Get-WindowsOptionalFeature -Online | Where-Object -Property 'State' -NotIn -Value @(
'Disabled';
'DisabledWithPayloadRemoved';
);
};
$filterCommand = {
$_.FeatureName -eq $selector;
};
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
}
};
$type = 'Feature';
$logfile = 'C:\Windows\Setup\Scripts\RemoveFeatures.log';
&amp; {
$installed = &amp; $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | &amp; $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; $logfile;
</File>
<File path="C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml">
&lt;Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"&gt;
&lt;Triggers&gt;
&lt;BootTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;P1D&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/BootTrigger&gt;
&lt;/Triggers&gt;
&lt;Principals&gt;
&lt;Principal id="Author"&gt;
&lt;UserId&gt;S-1-5-19&lt;/UserId&gt;
&lt;RunLevel&gt;LeastPrivilege&lt;/RunLevel&gt;
&lt;/Principal&gt;
&lt;/Principals&gt;
&lt;Settings&gt;
&lt;MultipleInstancesPolicy&gt;IgnoreNew&lt;/MultipleInstancesPolicy&gt;
&lt;DisallowStartIfOnBatteries&gt;false&lt;/DisallowStartIfOnBatteries&gt;
&lt;StopIfGoingOnBatteries&gt;false&lt;/StopIfGoingOnBatteries&gt;
&lt;AllowHardTerminate&gt;true&lt;/AllowHardTerminate&gt;
&lt;StartWhenAvailable&gt;false&lt;/StartWhenAvailable&gt;
&lt;RunOnlyIfNetworkAvailable&gt;false&lt;/RunOnlyIfNetworkAvailable&gt;
&lt;IdleSettings&gt;
&lt;StopOnIdleEnd&gt;true&lt;/StopOnIdleEnd&gt;
&lt;RestartOnIdle&gt;false&lt;/RestartOnIdle&gt;
&lt;/IdleSettings&gt;
&lt;AllowStartOnDemand&gt;true&lt;/AllowStartOnDemand&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;Hidden&gt;false&lt;/Hidden&gt;
&lt;RunOnlyIfIdle&gt;false&lt;/RunOnlyIfIdle&gt;
&lt;WakeToRun&gt;false&lt;/WakeToRun&gt;
&lt;ExecutionTimeLimit&gt;PT72H&lt;/ExecutionTimeLimit&gt;
&lt;Priority&gt;7&lt;/Priority&gt;
&lt;/Settings&gt;
&lt;Actions Context="Author"&gt;
&lt;Exec&gt;
&lt;Command&gt;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe&lt;/Command&gt;
&lt;Arguments&gt;-WindowStyle Hidden -NoProfile -NonInteractive -Command "$format = 'yyyy-MM-ddTHH\:mm\:ssK'; $now = [datetime]::UtcNow; $start = $now.ToString($format); $end = $now.AddDays(7).ToString($format); $params = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'String'; Force = $true; Verbose = $true; }; 'PauseFeatureUpdatesStartTime', 'PauseQualityUpdatesStartTime', 'PauseUpdatesStartTime' | foreach { Set-ItemProperty @params -Name $_ -Value $start; }; 'PauseFeatureUpdatesEndTime', 'PauseQualityUpdatesEndTime', 'PauseUpdatesExpiryTime' | foreach { Set-ItemProperty @params -Name $_ -Value $end; };"&lt;/Arguments&gt;
&lt;/Exec&gt;
&lt;/Actions&gt;
&lt;/Task&gt;
</File>
<File path="C:\Windows\Setup\Scripts\MoveActiveHours.xml">
&lt;Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"&gt;
&lt;Triggers&gt;
&lt;BootTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;PT4H&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/BootTrigger&gt;
&lt;RegistrationTrigger&gt;
&lt;Repetition&gt;
&lt;Interval&gt;PT4H&lt;/Interval&gt;
&lt;StopAtDurationEnd&gt;false&lt;/StopAtDurationEnd&gt;
&lt;/Repetition&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;/RegistrationTrigger&gt;
&lt;/Triggers&gt;
&lt;Principals&gt;
&lt;Principal id="Author"&gt;
&lt;UserId&gt;S-1-5-19&lt;/UserId&gt;
&lt;RunLevel&gt;LeastPrivilege&lt;/RunLevel&gt;
&lt;/Principal&gt;
&lt;/Principals&gt;
&lt;Settings&gt;
&lt;MultipleInstancesPolicy&gt;IgnoreNew&lt;/MultipleInstancesPolicy&gt;
&lt;DisallowStartIfOnBatteries&gt;false&lt;/DisallowStartIfOnBatteries&gt;
&lt;StopIfGoingOnBatteries&gt;false&lt;/StopIfGoingOnBatteries&gt;
&lt;AllowHardTerminate&gt;true&lt;/AllowHardTerminate&gt;
&lt;StartWhenAvailable&gt;false&lt;/StartWhenAvailable&gt;
&lt;RunOnlyIfNetworkAvailable&gt;false&lt;/RunOnlyIfNetworkAvailable&gt;
&lt;IdleSettings&gt;
&lt;StopOnIdleEnd&gt;true&lt;/StopOnIdleEnd&gt;
&lt;RestartOnIdle&gt;false&lt;/RestartOnIdle&gt;
&lt;/IdleSettings&gt;
&lt;AllowStartOnDemand&gt;true&lt;/AllowStartOnDemand&gt;
&lt;Enabled&gt;true&lt;/Enabled&gt;
&lt;Hidden&gt;false&lt;/Hidden&gt;
&lt;RunOnlyIfIdle&gt;false&lt;/RunOnlyIfIdle&gt;
&lt;WakeToRun&gt;false&lt;/WakeToRun&gt;
&lt;ExecutionTimeLimit&gt;PT72H&lt;/ExecutionTimeLimit&gt;
&lt;Priority&gt;7&lt;/Priority&gt;
&lt;/Settings&gt;
&lt;Actions Context="Author"&gt;
&lt;Exec&gt;
&lt;Command&gt;%windir%\System32\conhost.exe&lt;/Command&gt;
&lt;Arguments&gt;--headless %windir%\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -NoProfile -NonInteractive -Command "$p = @{ LiteralPath = 'Registry::HKLM\Software\Microsoft\WindowsUpdate\UX\Settings'; Type = 'DWord'; }; $h = [datetime]::Now.Hour; Set-ItemProperty @p -Name 'ActiveHoursStart' -Value (($h + 23) % 24); Set-ItemProperty @p -Name 'ActiveHoursEnd' -Value (($h + 11) % 24); Set-ItemProperty @p -Name 'SmartActiveHoursState' -Value 0;"&lt;/Arguments&gt;
&lt;/Exec&gt;
&lt;/Actions&gt;
&lt;/Task&gt;
</File>
<File path="C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1">
$excludes = Get-ChildItem -LiteralPath 'Registry::HKU\DefaultUser\AppEvents\EventLabels' |
Where-Object -FilterScript { ($_ | Get-ItemProperty).ExcludeFromCPL -eq 1; } |
Select-Object -ExpandProperty 'PSChildName';
Get-ChildItem -Path 'Registry::HKU\DefaultUser\AppEvents\Schemes\Apps\*\*' |
Where-Object -Property 'PSChildName' -NotIn $excludes |
Get-ChildItem -Include '.Current' | Set-ItemProperty -Name '(Default)' -Value '';
</File>
<File path="C:\Windows\Setup\Scripts\SetStartPins.ps1">
$json = '{"pinnedList":[]}';
if( [System.Environment]::OSVersion.Version.Build -lt 20000 ) {
return;
}
$key = 'Registry::HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start';
New-Item -Path $key -ItemType 'Directory' -ErrorAction 'SilentlyContinue';
Set-ItemProperty -LiteralPath $key -Name 'ConfigureStartPins' -Value $json -Type 'String';
</File>
<File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml">
&lt;LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"&gt;
&lt;LayoutOptions StartTileGroupCellWidth="6" /&gt;
&lt;DefaultLayoutOverride&gt;
&lt;StartLayoutCollection&gt;
&lt;StartLayout GroupCellWidth="6" xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" /&gt;
&lt;/StartLayoutCollection&gt;
&lt;/DefaultLayoutOverride&gt;
&lt;/LayoutModificationTemplate&gt;
</File>
<File path="C:\Windows\Setup\Scripts\SetWallpaper.ps1">
Add-Type -TypeDefinition '
using System.Drawing;
using System.Runtime.InteropServices;
public static class WallpaperSetter {
[DllImport("user32.dll")]
private static extern bool SetSysColors(
int cElements,
int[] lpaElements,
int[] lpaRgbValues
);
[DllImport("user32.dll")]
private static extern bool SystemParametersInfo(
uint uiAction,
uint uiParam,
string pvParam,
uint fWinIni
);
public static void SetDesktopBackground(Color color) {
SystemParametersInfo(20, 0, "", 0);
SetSysColors(1, new int[] { 1 }, new int[] { ColorTranslator.ToWin32(color) });
}
public static void SetDesktopImage(string file) {
SystemParametersInfo(20, 0, file, 0);
}
}
' -ReferencedAssemblies 'System.Drawing';
function Set-WallpaperColor {
param(
[string]
$HtmlColor
);
$color = [System.Drawing.ColorTranslator]::FromHtml( $HtmlColor );
[WallpaperSetter]::SetDesktopBackground( $color );
Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 1 -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value '' -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Colors' -Name 'Background' -Type 'String' -Value "$($color.R) $($color.G) $($color.B)" -Force;
}
function Set-WallpaperImage {
param(
[string]
$LiteralPath
);
if( $LiteralPath | Test-Path ) {
[WallpaperSetter]::SetDesktopImage( $LiteralPath );
Set-ItemProperty -Path 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers' -Name 'BackgroundType' -Type 'DWord' -Value 0 -Force;
Set-ItemProperty -Path 'Registry::HKCU\Control Panel\Desktop' -Name 'WallPaper' -Type 'String' -Value $LiteralPath -Force;
} else {
"Cannot use '$LiteralPath' as a desktop wallpaper because that file does not exist.";
}
}
Set-WallpaperColor -HtmlColor '#008080';
</File>
<File path="C:\Windows\Setup\Scripts\Specialize.ps1">
$scripts = @(
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f;
};
{
Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate' -Force -ErrorAction 'SilentlyContinue';
};
{
Remove-Item -LiteralPath 'C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk', 'C:\Windows\System32\OneDriveSetup.exe', 'C:\Windows\SysWOW64\OneDriveSetup.exe' -ErrorAction 'Continue';
};
{
Remove-Item -LiteralPath 'Registry::HKLM\Software\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate' -Force -ErrorAction 'SilentlyContinue';
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\RemovePackages.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\RemoveCapabilities.ps1';
};
{
&amp; 'C:\Windows\Setup\Scripts\RemoveFeatures.ps1';
};
{
net.exe accounts /lockoutthreshold:0;
};
{
net.exe accounts /maxpwage:UNLIMITED;
};
{
Register-ScheduledTask -TaskName 'PauseWindowsUpdate' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\PauseWindowsUpdate.xml' -Raw );
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v DisableNotifications /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v VerifiedAndReputablePolicyState /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v ServiceEnabled /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyMalicious /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyPasswordReuse /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WTDS\Components" /v NotifyUnsafeApp /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v HideSystray /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f
};
{
Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force;
};
{
fsutil.exe behavior set disableLastAccess 1;
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v AUOptions /t REG_DWORD /d 4 /f;
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f;
};
{
Register-ScheduledTask -TaskName 'MoveActiveHours' -Xml $( Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\MoveActiveHours.xml' -Raw );
};
{
reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation" /v DisableStartupSound /t REG_DWORD /d 1 /f;
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EditionOverrides" /v UserSetting_DisableStartupSound /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Edge" /v HideFirstRunExperience /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v BackgroundModeEnabled /t REG_DWORD /d 0 /f;
reg.exe add "HKLM\Software\Policies\Microsoft\Edge\Recommended" /v StartupBoostEnabled /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\SetStartPins.ps1';
};
{
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
Set-ItemProperty -LiteralPath "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow" -Name 'DefaultValue' -Value 0 -Type 'DWord' -Force;
};
{
reg.exe add "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f;
};
{
reg.exe add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableAutomaticRestartSignOn" /t REG_DWORD /d 1 /f;
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to customize your Windows installation. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\Specialize.log";
</File>
<File path="C:\Windows\Setup\Scripts\UserOnce.ps1">
$scripts = @(
{
Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;
};
{
@(
Get-ChildItem -LiteralPath $env:USERPROFILE -Force -Recurse -Depth 2;
) | Where-Object -FilterScript {
$_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint );
} | Remove-Item -Force -Recurse -Verbose;
};
{
Set-ItemProperty -LiteralPath 'Registry::HKCU\AppEvents\Schemes' -Name '(Default)' -Type 'String' -Value '.None';
};
{
Set-ItemProperty -LiteralPath 'Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Search' -Name 'SearchboxTaskbarMode' -Type 'DWord' -Value 0;
};
{
Set-ItemProperty -LiteralPath 'Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects' -Name 'VisualFXSetting' -Type 'DWord' -Value 2 -Force;
};
{
&amp; 'C:\Windows\Setup\Scripts\SetWallpaper.ps1';
};
{
Get-Process -Name 'explorer' -ErrorAction 'SilentlyContinue' | Where-Object -FilterScript {
$_.SessionId -eq ( Get-Process -Id $PID ).SessionId;
} | Stop-Process -Force;
};
{
# Custom PS script to shut the system down after competing the user account setup
&amp; 'C:\Windows\Setup\Scripts\FinishUserSetupAndShutdown.ps1';
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to configure this user account. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "$env:TEMP\UserOnce.log";
</File>
<File path="C:\Windows\Setup\Scripts\DefaultUser.ps1">
$scripts = @(
{
reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore" /f;
};
{
Remove-ItemProperty -LiteralPath 'Registry::HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run' -Name 'OneDriveSetup' -Force -ErrorAction 'Continue';
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\GameDVR" /v AppCaptureEnabled /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f;
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\AppHost" /v PreventOverride /t REG_DWORD /d 0 /f;
};
{
&amp; 'C:\Windows\Setup\Scripts\TurnOffSystemSounds.ps1';
};
{
$names = @(
'ContentDeliveryAllowed';
'FeatureManagementEnabled';
'OEMPreInstalledAppsEnabled';
'PreInstalledAppsEnabled';
'PreInstalledAppsEverEnabled';
'SilentInstalledAppsEnabled';
'SoftLandingEnabled';
'SubscribedContentEnabled';
'SubscribedContent-310093Enabled';
'SubscribedContent-338387Enabled';
'SubscribedContent-338388Enabled';
'SubscribedContent-338389Enabled';
'SubscribedContent-338393Enabled';
'SubscribedContent-353694Enabled';
'SubscribedContent-353696Enabled';
'SubscribedContent-353698Enabled';
'SystemPaneSuggestionsEnabled';
);
foreach( $name in $names ) {
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v $name /t REG_DWORD /d 0 /f;
}
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarAl /t REG_DWORD /d 0 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\Explorer" /v DisableSearchBoxSuggestions /t REG_DWORD /d 1 /f;
};
{
reg.exe add "HKU\DefaultUser\Control Panel\Accessibility\StickyKeys" /v Flags /t REG_SZ /d 10 /f;
};
{
reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v "UnattendedSetup" /t REG_SZ /d "powershell.exe -WindowStyle \""Normal\"" -ExecutionPolicy \""Unrestricted\"" -NoProfile -File \""C:\Windows\Setup\Scripts\UserOnce.ps1\""" /f;
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to modify the default user&#x2019;&#x2019;s registry hive. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\DefaultUser.log";
</File>
<File path="C:\Windows\Setup\Scripts\FirstLogon.ps1">
$scripts = @(
{
# Set-ItemProperty -LiteralPath 'Registry::HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'AutoLogonCount' -Type 'DWord' -Force -Value 0;
};
{
@(
Get-ChildItem -LiteralPath 'C:\' -Force;
Get-ChildItem -LiteralPath 'C:\Users' -Force;
Get-ChildItem -LiteralPath 'C:\Users\Default' -Force -Recurse -Depth 2;
Get-ChildItem -LiteralPath 'C:\Users\Public' -Force -Recurse -Depth 2;
Get-ChildItem -LiteralPath 'C:\ProgramData' -Force;
) | Where-Object -FilterScript {
$_.Attributes.HasFlag( [System.IO.FileAttributes]::ReparsePoint );
} | Remove-Item -Force -Recurse -Verbose;
};
{
Disable-ComputerRestore -Drive 'C:\';
};
{
cmd.exe /c "rmdir C:\Windows.old";
};
{
Set-Service -Name WSearch -StartupType 'Disabled' -Status 'Stopped' `
-ErrorAction 'SilentlyContinue';
};
{
$keepList = @( 'autounattend.xml', 'drivers' );
Get-ChildItem -Path "${env:WINDIR}\ConfigSetRoot" | Where-Object { $_.Name -notin $keepList } | ForEach-Object {
Write-Output "Removing non-essential file/folder from ConfigSetRoot: $($_.Name)"
Remove-Item -Path $_.FullName -Recurse -Force
}
};
{
&amp; "$env:WINDIR\Setup\Scripts\WinRM.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\WinFSP.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\OpenSSH.ps1";
};
{
# &amp; "$env:WINDIR\Setup\Scripts\InstallChocolatey.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallPython.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallNodeJS.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallYarn1.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallGit.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallVisualStudio.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallWindowsSDK.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallRust.ps1";
};
{
&amp; "$env:WINDIR\Setup\Scripts\InstallMesa3dOpenGL.ps1";
};
{
Remove-Item -LiteralPath @(
'C:\Windows\Panther\unattend.xml';
'C:\Windows\Panther\unattend-original.xml';
'C:\Windows\Setup\Scripts\Wifi.xml';
) -Force -ErrorAction 'SilentlyContinue' -Verbose;
};
{
Remove-Item -LiteralPath @(
Get-ChildItem -LiteralPath $(Join-Path -Path $env:WINDIR -ChildPath 'Temp') -Force;
Get-ChildItem -LiteralPath $(Join-Path -Path $env:LOCALAPPDATA -ChildPath 'Temp') -Force;
) -Force -ErrorAction 'SilentlyContinue' -Verbose;
};
{
powercfg.exe /hibernate off;
powercfg.exe /change standby-timeout-dc 0;
powercfg.exe /change standby-timeout-ac 0;
powercfg.exe /change hibernate-timeout-dc 0;
powercfg.exe /change hibernate-timeout-ac 0;
};
{
&amp; "$env:WINDIR\Setup\Scripts\FinishSystemSetupAndReboot.ps1";
};
);
&amp; {
[float] $complete = 0;
[float] $increment = 100 / $scripts.Count;
foreach( $script in $scripts ) {
Write-Progress -Id 0 -Activity 'Running scripts to finalize your Windows installation. Do not close this window.' -PercentComplete $complete;
'*** Will now execute command &#xAB;{0}&#xBB;.' -f $(
$script.ToString().Trim() -replace '\s+', ' ' -replace '^(.{99})(.+)$', '$1&#x2026;';
);
$start = [datetime]::Now;
&amp; $script;
'*** Finished executing command after {0:0} ms.' -f [datetime]::Now.Subtract( $start ).TotalMilliseconds;
"`r`n" * 3;
$complete += $increment;
}
} *&gt;&amp;1 | Out-String -Width 1KB -Stream &gt;&gt; "C:\Windows\Setup\Scripts\FirstLogon.log";
</File>
<!--
##### custom scripts start #####
-->
<!-- Windows remote management interface setup script -->
<File path="C:\Windows\Setup\Scripts\WinRM.ps1">
# Prev: Unrestricted/LocalMachine
Set-ExecutionPolicy Unrestricted -Scope Process -Force -ErrorAction Ignore;
Write-Output "Running WinRM quickconfig setup...";
cmd.exe /c "winrm quickconfig -q -force";
Write-Output "Disabling WinRM over HTTP...";
# Scope: Public
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP" | Out-Null;
# Scope: Domain,Private
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-NoScope" | Out-Null;
Get-ChildItem WSMan:\Localhost\listener -Force | Remove-Item -Recurse -Force -ErrorAction SilentlyContinue | Out-Null;
Write-Output "Configuring WinRM for HTTPS...";
Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000' -Force | Out-Null;
Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024' -Force | Out-Null;
Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false' -Force | Out-Null;
Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true' -Force | Out-Null;
Set-Item -Path WSMan:\LocalHost\Service\Auth\CredSSP -Value 'true' -Force | Out-Null;
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Domain,Private | Out-Null;
New-NetFirewallRule -Name "WINRM-HTTPS-In-TCP-PUBLIC" `
-DisplayName "Windows Remote Management (HTTPS-In)" `
-Description "Inbound rule for Windows Remote Management via WS-Management. [TCP 5986]" `
-Group "Windows Remote Management" `
-Program "System" `
-Protocol TCP `
-LocalPort "5986" `
-Action Allow `
-Profile Public | Out-Null;
$Hostname = [System.Net.Dns]::GetHostByName((hostname)).HostName.ToUpper();
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $Hostname;
New-Item -Path WSMan:\LocalHost\Listener -Address * -Transport HTTPS -Hostname $Hostname -CertificateThumbPrint $Cert.Thumbprint -Port "5986" -force | Out-Null;
Write-Output "Configuring WinRM service for automatic start...";
Set-Service -Name WinRM -StartupType Automatic | Out-Null;
Write-Output "Restarting WinRM Service...";
Restart-Service -Name WinRM -Force | Out-Null;
</File>
<!-- OpenSSH server installation script -->
<File path="C:\Windows\Setup\Scripts\OpenSSH.ps1">
# Common defines
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# OpenSSH for Win32
#
$pkg_version = "10.0.0.0p2";
$pkg_file = "OpenSSH-${pkg_version}-${cpu_arch}.msi";
$pkg_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://github.com/PowerShell/Win32-OpenSSH/releases/download/${pkg_version}-Preview/OpenSSH-Win64-v$($pkg_version -Replace 'p\d+$', '').msi";
} else {
"https://github.com/PowerShell/Win32-OpenSSH/releases/download/${pkg_version}-Preview/OpenSSH-ARM64-v$($pkg_version -Replace 'p\d+$', '').msi";
}
};
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.OpenSSH;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping OpenSSH ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing OpenSSH ${pkg_version}...";
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\OpenSSH.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
Write-Output "Installing OpenSSH Server...";
if (Test-Path "$env:ProgramFiles\OpenSSH\install-sshd.ps1") {
&amp; "$env:ProgramFiles\OpenSSH\install-sshd.ps1";
} elseif (Test-Path "$env:ProgramFiles\OpenSSH-Win64\install-sshd.ps1") {
&amp; "$env:ProgramFiles\OpenSSH-Win64\install-sshd.ps1";
} else {
Write-Output "No 'install-sshd.ps1' script found, skipping step";
}
Write-Output "Enabling OpenSSH Server...";
Set-Service -Name sshd -StartupType Automatic | Out-Null;
New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP" `
-DisplayName "OpenSSH Server (SSH-In)" `
-Description "Inbound rule for OpenSSH Server connections. [TCP 22]" `
-Group "Windows Remote Management" `
-Protocol TCP `
-LocalPort "22" `
-Action Allow `
-Profile Domain,Private | Out-Null;
New-NetFirewallRule -Name "OpenSSH-SSH-In-TCP-PUBLIC" `
-DisplayName "OpenSSH Server (SSH-In)" `
-Description "Inbound rule for OpenSSH Server connections. [TCP 22]" `
-Group "Windows Remote Management" `
-Protocol TCP `
-LocalPort "22" `
-Action Allow `
-Profile Public | Out-Null;
try {
$userNames = &amp; {
# Autoselection of first drive with autounattend.xml
$unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0];
$xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"]/..";
Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'} | %{ $_.Node.InnerText };
};
$privileges = @(
'SeBatchLogonRight',
'SeRemoteShutdownPrivilege'
);
Write-Output "Granting provisioned users ($($usernames -join ', ')) additional privileges...";
secedit /export /areas user_rights /cfg "$env:TEMP\secpol.cfg" | Out-Null;
$userNames | ForEach-Object {
$account = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "$_";
$accountSid = $account.Translate([System.Security.Principal.SecurityIdentifier]).Value;
if ([string]::IsNullOrEmpty($accountSid)) {
Write-Output "Failed to resolve SID for account '$_', skipping";
return;
}
$privileges | ForEach-Object {
(Get-Content "$env:TEMP\secpol.cfg") -replace "^$_ .+", "`$0,*$accountSid" | Out-File "$env:TEMP\secpol.cfg";
};
};
secedit /configure /db c:\windows\security\local.sdb /cfg "$env:TEMP\secpol.cfg" /areas user_rights /quiet;
Remove-Item -Path "$env:TEMP\secpol.cfg" -Force -Confirm:$false -ErrorAction SilentlyContinue;
} catch {
Write-Output "Failed to grant users shutdown permissions";
}
</File>
<!-- Chocolatey installation script (unused) -->
<File path="C:\Windows\Setup\Scripts\InstallChocolatey.ps1">
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Chocolatey;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Chocolatey installation";
exit;
}
Write-Output "Installing Chocolatey...";
Set-ExecutionPolicy Bypass -Scope Process -Force;
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072;
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'));
</File>
<!--
Mesa3d OpenGL drivers
-->
<File path="C:\Windows\Setup\Scripts\InstallMesa3dOpenGL.ps1">
#
# Common defines
#
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# Git
#
$pkg_version = "26.1.1";
$pkg_file = "mesa3d-${pkg_version}-${cpu_arch}.7z";
$pkg_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://github.com/pal1000/mesa-dist-win/releases/download/${pkg_version}/mesa3d-${pkg_version}-release-msvc.7z";
} else {
# TODO: Find source for this...
"https://github.com/pal1000/mesa-dist-win/releases/download/${pkg_version}/mesa3d-${pkg_version}-release-msvc.7z";
}
};
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Mesa3dOpenGL;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Mesa3d ${pkg_version} OpenGL installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Unpacking Mesa3d ${pkg_version} OpenGL...";
New-Item -Path "${env:TEMP}\mesa3d" -Type 'Directory' -Force | Out-Null;
Start-Process "tar.exe" -ArgumentList @(
"-x -f `"${env:TEMP}\${pkg_file}`"",
"-C `"${env:TEMP}\mesa3d`""
) -WindowStyle 'Hidden' -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
Write-Output "Installing Mesa3d ${pkg_version} OpenGL...";
Start-Process -FilePath "${env:TEMP}\mesa3d\systemwidedeploy.cmd" -ArgumentList '1' -WindowStyle 'Hidden' -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\mesa3d" -Force -Recurse -ErrorAction 'SilentlyContinue';
</File>
<!--
Application / package installation script
Previously based on chocolatey, but that does not support Arm64 natively, so...
-->
<File path="C:\Windows\Setup\Scripts\InstallGit.ps1">
#
# Common defines
#
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
#
# Git
#
$pkg_version = "2.54.0";
$pkg_file = "git-${pkg_version}-${cpu_arch}.exe";
$pkg_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://github.com/git-for-windows/git/releases/download/v${pkg_version}.windows.1/Git-${pkg_version}-64-bit.exe";
} else {
"https://github.com/git-for-windows/git/releases/download/v${pkg_version}.windows.1/Git-${pkg_version}-${cpu_arch}.exe";
}
};
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Git;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Git ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing Git ${pkg_version}...";
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
"/ALLUSERS /VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /COMPONENTS=`"icons,assoc,assoc_sh,windowsterminal`"", `
"/o:EditorOption=Nano", `
"/o:CurlOption=WinSSL", `
"/o:PathOption=CmdTools" `
-Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallPython.ps1">
# Common defines
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
# Python
$pkg_version = "3.14.5";
$pkg_file = "python-${pkg_version}-${cpu_arch}.exe";
$pkg_url = "https://www.python.org/ftp/python/${pkg_version}/python-${pkg_version}-${cpu_arch}.exe";
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Python;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Python ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing Python ${pkg_version}...";
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList "/quiet PrependPath=1 InstallAllUsers=1" -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallNodeJS.ps1">
# Common defines
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
# NodeJS (LTS)
$pkg_version = "24.15.0";
$pkg_file = "node-${pkg_version}-${cpu_arch}.msi";
$pkg_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://nodejs.org/dist/v${pkg_version}/node-v${pkg_version}-x64.msi";
} else {
"https://nodejs.org/dist/v${pkg_version}/node-v${pkg_version}-${cpu_arch}.msi";
}
};
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.NodeJS;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping NodeJS ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing NodeJS ${pkg_version}...";
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\node.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallYarn1.ps1">
# Yarn Legacy
$pkg_version = "1.22.22";
$pkg_file = "yarn-${pkg_version}.msi";
$pkg_url = "https://github.com/yarnpkg/yarn/releases/download/v${pkg_version}/yarn-${pkg_version}.msi";
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Yarn;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Yarn Legacy ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing Yarn Legacy ${pkg_version}...";
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\yarn.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<File path="C:\Windows\Setup\Scripts\InstallRust.ps1">
# Common defines
$cpu_arch = $env:PROCESSOR_ARCHITECTURE.ToLower();
# Rust MSVC
$pkg_version = "1.96.0";
$pkg_file = "rust-${pkg_version}-msvc-${cpu_arch}.msi";
$pkg_url = &amp; {
if ($cpu_arch -eq "amd64") {
"https://static.rust-lang.org/dist/rust-${pkg_version}-x86_64-pc-windows-msvc.msi";
} else {
"https://static.rust-lang.org/dist/rust-${pkg_version}-aarch64-pc-windows-msvc.msi";
}
};
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.Rust;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping Rust MSVC ${pkg_version} installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing Rust MSVC ${pkg_version}...";
Start-Process "msiexec.exe" -ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\rust.log`" /passive /norestart ALLUSERS=1" -Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<!--
VisualStudio 2022 / 2026 installation script
NOTE: Installation fails on Arm64
-->
<File path="C:\Windows\Setup\Scripts\InstallVisualStudio.ps1">
# Common
$cacheDrive = @(Get-ChildItem function:[d-z]: -n | ?{Test-Path $_\NvVars})[0];
#
# VSWhere (AMD64 only)
#
&amp; {
$pkg_version = "3.1.7";
$pkg_file = "vswhere-${pkg_version}.exe";
$pkg_url = "https://github.com/microsoft/vswhere/releases/download/${pkg_version}/vswhere.exe";
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.VSWhere;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping VSWhere ${pkg_version} installation";
return;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing VSWhere ${pkg_version}..."
Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "${env:WINDIR}\vswhere.exe";
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
};
#
# VisualStudio 2026 Community or Buildtools
#
&amp; {
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.VisualStudio;
# VS edition, one of: 'community' | 'buildtools'
$vs_edition = 'buildtools';
if (-not [string]::IsNullOrWhiteSpace($pkg_config.edition)) {
$vs_edition = $pkg_config.edition;
}
# VS version, only '18' supported
$vs_version = '18';
# if (-not [string]::IsNullOrWhiteSpace($pkg_config.version)) {
# $vs_version = $pkg_config.version;
# }
if (($pkg_config.install -ne $true) -or [string]::IsNullOrWhiteSpace($vs_edition) -or -not (@('community', 'buildtools') -contains $vs_edition)) {
Write-Output "Skipping VisualStudio ${vs_version} ${vs_edition} installation";
return;
}
#
# VS 2026 buildtools (default) or community edition
#
if ($vs_edition -eq "buildtools") {
#
# VS2026 Buildtools
#
$pkg_version = "${vs_version}";
$pkg_file = "vs_buildtools-${pkg_version}.exe";
$pkg_url = "https://aka.ms/vs/${pkg_version}/Stable/vs_buildtools.exe";
$pkg_layout = "z:\vs_buildtools-${pkg_version}";
$pkg_options = @(
'--add Microsoft.VisualStudio.Workload.VCTools',
'--add Microsoft.VisualStudio.Component.VC.ATLMFC',
'--add Microsoft.VisualStudio.Component.VC.Tools.ARM64',
'--add Microsoft.VisualStudio.Component.VC.ATL.ARM64',
'--add Microsoft.VisualStudio.Component.VC.MFC.ARM64',
'--includeRecommended'
);
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
# Use cache device, if available
if (Test-Path -Path "z:") {
if (-not (Test-Path -Path "${pkg_layout}\${pkg_file}")) {
Write-Output "Generating VS 2026 Buildtools layout at '${pkg_layout}'...";
Remove-Item -Path "${pkg_layout}" -Recurse -Force -ErrorAction 'SilentlyContinue' | Out-Null;
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
(@( "--layout `"${pkg_layout}`" --passive --wait --arch all --keepLayoutVersion --lang `"en-US de-DE`"" ) + $pkg_options) `
-Wait -PassThru | Out-Null;
}
}
if (Test-Path -Path "${pkg_layout}\${pkg_file}") {
Write-Output "Installing VS 2026 Buildtools using layout at '${pkg_layout}'...";
Start-Process -FilePath "${pkg_layout}\${pkg_file}" -ArgumentList `
(@( '--passive --wait --norestart --nocache' ) + $pkg_options) `
-Wait -PassThru | Out-Null;
} else {
Write-Output "Installing VisualStudio 2026 Buildtools...";
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
(@( '--passive --wait --norestart --nocache' ) + $pkg_options) `
-Wait -PassThru | Out-Null;
}
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
} elseif ($vs_edition -eq "community") {
#
# VS2026 Community
#
$pkg_version = "${vs_version}";
$pkg_file = "vs_community-${pkg_version}.exe";
$pkg_url = "https://aka.ms/vs/${pkg_version}/Stable/vs_community.exe";
$pkg_layout = "z:\vs_community-${pkg_version}";
$pkg_options = @(
'--add Microsoft.VisualStudio.Workload.NativeDesktop',
'--add Microsoft.VisualStudio.Component.VC.ATLMFC',
'--add Microsoft.VisualStudio.Component.VC.Tools.ARM64',
'--add Microsoft.VisualStudio.Component.VC.ATL.ARM64',
'--add Microsoft.VisualStudio.Component.VC.MFC.ARM64',
'--remove Component.VisualStudio.GitHub.Copilot',
'--remove ComponentGroup.Microsoft.NET.AppModernization',
'--remove Microsoft.VisualStudio.Component.IntelliCode',
'--remove Component.Microsoft.VisualStudio.LiveShare.2022',
'--remove Component.Incredibuild',
'--remove Component.IncredibuildMenu',
'--includeRecommended'
);
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
# Use cache device, if available
if (Test-Path -Path "z:") {
if (-not (Test-Path -Path "${pkg_layout}\${pkg_file}")) {
Write-Output "Generating VS 2026 Community layout at '${pkg_layout}'...";
Remove-Item -Path "${pkg_layout}" -Recurse -Force -ErrorAction 'SilentlyContinue' | Out-Null;
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
(@( "--layout `"${pkg_layout}`" --passive --wait --arch all --keepLayoutVersion --lang `"en-US de-DE`"" ) + $pkg_options) `
-Wait -PassThru | Out-Null;
}
}
if (Test-Path -Path "${pkg_layout}\${pkg_file}") {
Write-Output "Installing VS 2026 Community using layout at '${pkg_layout}'...";
Start-Process -FilePath "${pkg_layout}\${pkg_file}" -ArgumentList `
(@( '--passive --wait --norestart --nocache' ) + $pkg_options) `
-Wait -PassThru | Out-Null;
} else {
Write-Output "Installing VisualStudio 2026 Community...";
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
(@( '--passive --wait --norestart --nocache' ) + $pkg_options) `
-Wait -PassThru | Out-Null;
}
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
}
};
</File>
<!--
Windows SDK
-->
<File path="C:\Windows\Setup\Scripts\InstallWindowsSDK.ps1">
# Common
$cacheDrive = @(Get-ChildItem function:[d-z]: -n | ?{Test-Path $_\NvVars})[0];
$pkg_locations = @{
# Win11 28000
"10.0.28000.1839" = "https://go.microsoft.com/fwlink/?linkid=2361309";
# Win11 26100
"10.0.26100.8249" = "https://go.microsoft.com/fwlink/?linkid=2361308";
# Required for Chromium builds (as of 2026-05-30)
"10.0.26100.7705" = "https://go.microsoft.com/fwlink/?linkid=2349110";
};
$pkg_version = "10.0.26100.7705";
$pkg_file = "winsdksetup-${pkg_version}.exe";
$pkg_url = $pkg_locations[$pkg_version];
$pkg_features = @(
# Required for Chromium builds (minumum version: 10.0.26100.3323)
"OptionId.WindowsDesktopDebuggers",
# Useful tools
"OptionId.MSIInstallTools",
"OptionId.SigningTools",
# "OptionId.WindowsPerformanceToolkit",
# "OptionId.AvrfExternal",
# "OptionId.NetFxSoftwareDevelopmentKit",
# "OptionId.WindowsSoftwareLogoToolkit",
# "OptionId.IpOverUsb",
# "OptionId.UWPManaged",
# "OptionId.UWPCPP",
# "OptionId.UWPLocalized",
# "OptionId.DesktopCPPx86",
"" # sentinel
);
$pkg_config = (Get-Content -Raw "$env:WINDIR\Setup\Scripts\config.json" | ConvertFrom-JSON).Packages.WinSDK;
if ($pkg_config.install -ne $true) {
Write-Output "Skipping WinSDK installation";
exit;
}
if (Test-Path -Path "z:\${pkg_file}") {
Write-Output "Reading package '${pkg_file}' from cache...";
Copy-Item -Path "z:\${pkg_file}" -Destination "${env:TEMP}\${pkg_file}";
} else {
Write-Output "Fetching package from '${pkg_url}'...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
if (Test-Path -Path "z:") { Copy-Item -Path "${env:TEMP}\${pkg_file}" -Destination "z:\${pkg_file}" -ErrorAction 'SilentlyContinue'; }
}
Write-Output "Installing Windows SDK ${pkg_version}...";
# additional options /layout [path] /list
$pkg_options = &amp; {
$options = @();
$features = $pkg_features -Join " ";
if (-not ([string]::IsNullOrEmpty($features))) {
$options += "/features `"${features}`"";
}
$options;
};
Start-Process -FilePath "${env:TEMP}\${pkg_file}" -ArgumentList `
(@( '/quiet /norestart /ceip off', "/log `"${env:WINDIR}\Setup\Scripts\WinSDK.log`"" ) + $pkg_options) `
-Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
</File>
<!--
WinFSP and Virtio FS installation
-->
<File path="C:\Windows\Setup\Scripts\WinFSP.ps1">
# Download and install WinFSP
$pkg_version = "2.2.26112";
$pkg_file = "winfsp-${pkg_version}.msi";
$pkg_url = "https://github.com/winfsp/winfsp/releases/download/v2.2B1/winfsp-${pkg_version}.msi";
Write-Output "Installing WinFSP ${pkg_version}...";
(New-Object System.Net.WebClient).DownloadFile($pkg_url, "${env:TEMP}\${pkg_file}");
Start-Process "msiexec.exe" `
-ArgumentList "/i `"${env:TEMP}\${pkg_file}`" /log `"${env:WINDIR}\Setup\Scripts\winfsp.log`" /passive /norestart ALLUSERS=1" `
-Wait -PassThru | Out-Null;
Remove-Item -LiteralPath "${env:TEMP}\${pkg_file}" -Force -ErrorAction 'SilentlyContinue';
# Load viofs driver
# Start-Process "PnpUtil.exe" -ArgumentList "/add-driver `"${env:SystemDrive}\Drivers\viofs\viofs.inf`" /install" `
# -Wait -PassThru;
Start-Process "PnpUtil.exe" -ArgumentList "/add-driver `"${env:WINDIR}\ConfigSetRoot\drivers\viofs\viofs.inf`" /install" `
-Wait -PassThru;
# Install VirtioFS service
#New-Service -Name VirtioFsSvc -DisplayName 'Virtio FS Service' `
# -BinaryPathName "${env:SystemDrive}\drivers\viofs\virtiofs.exe" `
# -StartupType 'Automatic' `
# -DependsOn 'WinFsp.Launcher';
New-Service -Name VirtioFsSvc -DisplayName 'Virtio FS Service' `
-BinaryPathName "${env:WINDIR}\ConfigSetRoot\drivers\viofs\virtiofs.exe" `
-StartupType 'Automatic' `
-DependsOn 'WinFsp.Launcher';
Start-Service -Name VirtioFsSvc -PassThru;
</File>
<!--
##### custom scripts end #####
-->
<!--
Finish system and administrator account setup, switch autologin to user account
and reboot the system
-->
<File path="C:\Windows\Setup\Scripts\FinishSystemSetupAndReboot.ps1">
# Autoselection of first drive with autounattend.xml
$unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0];
Write-Output "Resolving user account credentials from '$unattendXmlPath'...";
$xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"][1]/..";
$userName = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText;
$userPass = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Password/ns:Value" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText;
Write-Output "Credentials for user account: '${userName}' / '$(''.PadRight($userPass.Length, '*'))'";
# Resolve SID from username
$userAccount = New-Object System.Security.Principal.NTAccount($userName);
$userSid = $userAccount.Translate([System.Security.Principal.SecurityIdentifier]).value;
Write-Output "Resolved username '${userName}' to SID '${userSid}'";
#
# Set-ExecutionPolicy -ExecutionPolicy 'RemoteSigned' -Scope 'LocalMachine' -ErrorAction 'SilentlyContinue';
# Switch auto-logon to builder user
Write-Output "Switching autologon to user account '$userName'...";
reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'AutoAdminLogon' /t 'REG_SZ' /d '1' /f;
reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'DefaultUserName' /t 'REG_SZ' /d "$userName" /f;
reg.exe add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v 'DefaultPassword' /t 'REG_SZ' /d "$userPass" /f;
# Reboot into user account
Write-Output "Scheduling system reboot to complete '$userName' setup...";
shutdown.exe /r /f /t 30;
</File>
<!--
Failed attempts at scheduling a task for the non-admin user from the (admin) firstlogon scripts:
# At-logon scheduled task (works)
# $shutdownTaskName = 'ShutdownAfterInstallation';
# $shutdownTask = New-ScheduledTask -Action (
# (New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "-ExecutionPolicy 'Bypass' -Command `"Unregister-ScheduledTask -TaskName $shutdownTaskName -Confirm:`$false`""),
# (New-ScheduledTaskAction -Execute 'cmd.exe' -Argument "/c `"shutdown /s /t 150`"")
# ) -Trigger (
# New-ScheduledTaskTrigger -AtLogon # -User "$userName"
# ) -Principal (
# New-ScheduledTaskPrincipal -UserId "$userName"
# );
# $shutdownTask.Triggers[0].EndBoundary = [DateTime]::Now.AddSeconds(60).ToString("yyyy-MM-dd'T'HH:mm:ss");
#$shutdownTask.Author = $userName;
#$shutdownTaskReg = $shutdownTask | Register-ScheduledTask -TaskName "$shutdownTaskName" -User "$userName" -Force;
# Attempt to set once flag
#$shutdownTask = Get-ScheduledTask -TaskName "$shutdownTaskName";
# $shutdownTask.Triggers[0].EndBoundary = [DateTime]::Now.AddSeconds(60).ToString("yyyy-MM-dd'T'HH:mm:ss");
#$shutdownTask.Triggers[0].Once = $true;
#$shutdownTask | Set-ScheduledTask;
# Grant target user delete permissions
#$taskScheduler = New-Object -ComObject "Schedule.Service";
#$taskScheduler.Connect();
#$taskHandle = $taskScheduler.GetFolder($shutdownTaskReg.TaskPath).GetTask($shutdownTaskReg.TaskName);
#$taskSecurityDesc = $taskHandle.GetSecurityDescriptor(0xF);
#Write-Output "Before: $taskSecurityDesc";
#if ($taskSecurityDesc -match "A;;FR;;;$userSid") {
# $taskSecurityDesc = $taskSecurityDesc.Replace("A;;FR;;;$userSid", "A;;FA;;;$userSid");
# Write-Output $taskHandle.SetSecurityDescriptor($taskSecurityDesc, 0xF);
#} else {
# $taskSecurityDesc = $taskSecurityDesc + "(A;;FA;;;$userSid)";
# Write-Output $taskHandle.SetSecurityDescriptor($taskSecurityDesc, 0xF);
#}
#Write-Output "After: $taskSecurityDesc";
-->
<File path="C:\Windows\Setup\Scripts\FinishUserSetupAndShutdown.ps1">
# Autoselection of first drive with autounattend.xml
$unattendXmlPath = @(Get-ChildItem function:[d-z]: -n | %{$_ + "\autounattend.xml"} | ?{Test-Path $_})[0];
Write-Output "Resolving user account credentials from '$unattendXmlPath'...";
$xpathSelector = "//ns:settings[@pass=`"oobeSystem`"]/ns:component[@name=`"Microsoft-Windows-Shell-Setup`"]/ns:UserAccounts/ns:LocalAccounts/*/ns:Group[text() = `"Users`"][1]/..";
$userName = (Select-Xml -Path "$unattendXmlPath" -XPath "$xpathSelector/ns:Name" -Namespace @{ns='urn:schemas-microsoft-com:unattend'}).Node.InnerText;
if ($env:USERNAME -eq $userName) {
Write-Output "Scheduling system shutdown to finish setup...";
shutdown.exe /s /t 5;
}
</File>
<File path="C:\Windows\Setup\Scripts\config.json">
{
"packages": {
"Git": {
"install": true,
"version": "2.54.0"
},
"Mesa3dOpenGL": {
"install": true,
"version": "26.1.1"
},
"NodeJS": {
"install": true,
"version": "24.15.0"
},
"OpenSSH": {
"install": true,
"version": "10.0.0.0p2"
},
"Python": {
"install": true,
"version": "3.14.5"
},
"Rust": {
"install": true,
"version": "1.96.0"
},
"VisualStudio": {
"install": true,
"version": "18",
"edition": "buildtools"
},
"VSWhere": {
"install": false
},
"WinSDK": {
"install": true,
"version": "10.0.26100.7705"
},
"Yarn": {
"install": true,
"version": "1.22.22"
}
}
}
</File>
</Extensions>
</unattend>
View Git Blame Copy Permalink