<?xml version="1.0" encoding="utf-8"?>
<unattend
xmlns="urn:schemas-microsoft-com:unattend"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<!--https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&Locale=en-US&Keyboard=00000409&GeoLocation=244&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&ComputerNameMode=Custom&ComputerName=test&TimeZoneMode=Implicit&PartitionMode=Unattended&EspSize=300&PartitionLayout=MBR&RecoveryMode=Partition&RecoverySize=1000&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=user&AccountPassword0=password&AccountGroup0=Administrators&AccountName1=&AccountName2=&AccountName3=&AccountName4=&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Disabled&DisableDefender=true&DisableDefenderPE=true&DisableSystemRestore=true&EnableLongPaths=true&EnableRemoteDesktop=true&AllowPowerShellScripts=true&TurnOffSystemSounds=true&DisableAppSuggestions=true&DisableWidgets=true&PreventDeviceEncryption=true&ClassicContextMenu=true&VBoxGuestAdditions=true&WifiMode=Skip&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveBingSearch=true&RemoveCalculator=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveZuneVideo=true&RemoveNews=true&RemoveNotepadClassic=true&RemoveNotepad=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&SystemScript0=bcdedit+%2Fdebug+on%0D%0Abcdedit+%2Fdbgsettings+serial+debugport%3A1+baudrate%3A115200%0D%0Abcdedit.exe+-set+TESTSIGNING+ON%0D%0A&SystemScriptType0=Ps1&FirstLogonScript0=%24RegistryPath+%3D+%27HKLM%3A%5CSOFTWARE%5CMicrosoft%5CWindows+NT%5CCurrentVersion%5CWinlogon%27%0D%0ASet-ItemProperty+%24RegistryPath+%27AutoAdminLogon%27+-Value+%221%22+-Type+String+%0D%0ASet-ItemProperty+%24RegistryPath+%27DefaultUsername%27+-Value+%22user%22+-type+String+%0D%0ASet-ItemProperty+%24RegistryPath+%27DefaultPassword%27+-Value+%22password%22+-type+String%0D%0AAdd-WindowsCapability+-Online+-Name+OpenSSH.Server%7E%7E%7E%7E0.0.1.0%0D%0ASet-Service+-Name+sshd+-StartupType+%27Automatic%27%0D%0ANew-ItemProperty+-Path+%22HKLM%3A%5CSOFTWARE%5COpenSSH%22+-Name+DefaultShell+-Value+%22C%3A%5CWindows%5CSystem32%5CWindowsPowerShell%5Cv1.0%5Cpowershell.exe%22+-PropertyType+String+-Force%0D%0Ashutdown+-r&FirstLogonScriptType0=Ps1&WdacMode=Configure&WdacAuditMode=Auditing&WdacScriptMode=Unrestricted-->
<settings pass="offlineServicing"></settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
<Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key>
</ProductKey>
<AcceptEula>true</AcceptEula>
</UserData>
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo SELECT DISK=0"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo CLEAN"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY SIZE=100"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="System Reserved""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo ACTIVE"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>6</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>7</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo SHRINK MINIMUM=1000"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>8</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="Windows""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>9</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo CREATE PARTITION PRIMARY"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>10</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo FORMAT QUICK FS=NTFS LABEL="Recovery""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>11</Order>
<Path>cmd.exe /c ">>"X:\diskpart.txt" echo SET ID=27"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>12</Order>
<Path>cmd.exe /c "diskpart.exe /s "X:\diskpart.txt" >>"X:\diskpart.log" || ( type "X:\diskpart.log" & echo diskpart encountered an error. & pause & exit /b 1 )"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>13</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>14</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>15</Order>
<Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>16</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo @ECHO OFF"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>17</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo SET file=C:\$Windows.~BT\NewOS\Windows\System32\config\SYSTEM"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>18</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo FOR /L ^%^%i IN (0) DO ("</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>19</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo CALL :sleep"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>20</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo IF EXIST ^%file^% ("</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>21</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo CALL :load"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>22</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo FOR ^%^%s IN (Sense WdBoot WdFilter WdNisDrv WdNisSvc WinDefend) DO reg.exe ADD HKLM\mount\ControlSet001\Services\^%^%s /v Start /t REG_DWORD /d 4 /f"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>23</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo reg.exe UNLOAD HKLM\mount"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>24</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo EXIT ) )"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>25</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>26</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo :load"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>27</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo reg.exe LOAD HKLM\mount ^%file^%"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>28</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo IF ^%errorlevel^% GTR 0 GOTO load"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>29</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>30</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo :sleep"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>31</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo ping.exe -n 1 127.0.0.1 ^> NUL"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>32</Order>
<Path>cmd.exe /c ">>"X:\disable-defender.cmd" echo GOTO :eof"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>33</Order>
<Path>cmd.exe /c "start /MIN X:\disable-defender.cmd"</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
<settings pass="generalize"></settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Runonce" /v "UninstallCopilot" /t REG_SZ /d "powershell.exe -NoProfile -Command \"Get-AppxPackage -Name 'Microsoft.Windows.Ai.Copilot.Provider' | Remove-AppxPackage;\"" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>3</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>4</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>5</Order>
<Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\DevHomeUpdate" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>6</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>7</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Notepad" /v ShowStoreBanner /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>8</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>9</Order>
<Path>cmd.exe /c "del "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>10</Order>
<Path>cmd.exe /c "del "C:\Windows\System32\OneDriveSetup.exe""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>11</Order>
<Path>cmd.exe /c "del "C:\Windows\SysWOW64\OneDriveSetup.exe""</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>12</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>13</Order>
<Path>reg.exe delete "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>14</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>15</Order>
<Path>reg.exe delete "HKLM\SOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\OutlookUpdate" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>16</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications" /v ConfigureChatAutoInstall /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>17</Order>
<Path>powershell.exe -NoProfile -Command "$xml = [xml]::new(); $xml.Load('C:\Windows\Panther\unattend.xml'); $sb = [scriptblock]::Create( $xml.unattend.Extensions.ExtractScript ); Invoke-Command -ScriptBlock $sb -ArgumentList $xml;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>18</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-packages.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>19</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-caps.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>20</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Temp\remove-features.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>21</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>22</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_ProviderSet /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>23</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Start" /v ConfigureStartPins_WinningProvider /t REG_SZ /d B5292708-1619-419B-9923-E5D9F3925E71 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>24</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins /t REG_SZ /d "{ \"pinnedList\": [] }" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>25</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\PolicyManager\providers\B5292708-1619-419B-9923-E5D9F3925E71\default\Device\Start" /v ConfigureStartPins_LastWrite /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>26</Order>
<Path>net.exe accounts /lockoutthreshold:0</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>27</Order>
<Path>net.exe accounts /maxpwage:UNLIMITED</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>28</Order>
<Path>regini.exe "%TEMP%\disable-defender.ini"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>29</Order>
<Path>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\FileSystem" /v LongPathsEnabled /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>30</Order>
<Path>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>31</Order>
<Path>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>32</Order>
<Path>powershell.exe -NoProfile -Command "Set-ExecutionPolicy -Scope 'LocalMachine' -ExecutionPolicy 'RemoteSigned' -Force;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>33</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>34</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>35</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\sounds.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>36</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Runonce" /v "NoSounds" /t REG_SZ /d "C:\Windows\System32\reg.exe add \"HKCU\AppEvents\Schemes\" /ve /t REG_SZ /d \".None\" /f" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>37</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>38</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation" /v DisableStartupSound /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>39</Order>
<Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EditionOverrides" /v UserSetting_DisableStartupSound /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>40</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>41</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>42</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>43</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>44</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>45</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>46</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>47</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>48</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>49</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>50</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>51</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>52</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>53</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>54</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>55</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>56</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>57</Order>
<Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 0 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>58</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\VBoxGuestAdditions.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>59</Order>
<Path>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d 1 /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>60</Order>
<Path>reg.exe load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>61</Order>
<Path>reg.exe add "HKU\DefaultUser\Software\Microsoft\Windows\CurrentVersion\Runonce" /v "ClassicContextMenu" /t REG_SZ /d "reg.exe add \"HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32\" /ve /f" /f</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>62</Order>
<Path>reg.exe unload "HKU\DefaultUser"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>63</Order>
<Path>powershell.exe -NoProfile -Command "Get-Content -LiteralPath '%TEMP%\wdac.ps1' -Raw | Invoke-Expression;"</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>64</Order>
<Path>cmd.exe /c "powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\unattend-01.ps1' -Raw | Invoke-Expression;" >>"C:\Windows\Setup\Scripts\unattend-01.log" 2>&1"</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<ComputerName>test</ComputerName>
</component>
</settings>
<settings pass="auditSystem"></settings>
<settings pass="auditUser"></settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Name>user</Name>
<Group>Administrators</Group>
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Username>user</Username>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Password>
<Value>password</Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
<OOBE>
<ProtectYourPC>3</ProtectYourPC>
<HideEULAPage>true</HideEULAPage>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
</OOBE>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<CommandLine>powershell.exe -NoProfile -Command "Disable-ComputerRestore -Drive 'C:\';"</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<CommandLine>cmd.exe /c "powershell.exe -NoProfile -Command "Get-Content -LiteralPath 'C:\Windows\Setup\Scripts\unattend-02.ps1' -Raw | Invoke-Expression;" >>"C:\Windows\Setup\Scripts\unattend-02.log" 2>&1"</CommandLine>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<Extensions
xmlns="https://schneegans.de/windows/unattend-generator/">
<ExtractScript>
param(
[xml] $Document
);
$scriptsDir = 'C:\Windows\Setup\Scripts\';
foreach( $file in $Document.unattend.Extensions.File ) {
$path = [System.Environment]::ExpandEnvironmentVariables(
$file.GetAttribute( 'path' )
);
if( $path.StartsWith( $scriptsDir ) ) {
mkdir -Path $scriptsDir -ErrorAction 'SilentlyContinue';
}
$encoding = switch( [System.IO.Path]::GetExtension( $path ) ) {
{ $_ -in '.ps1', '.xml' } { [System.Text.Encoding]::UTF8; }
{ $_ -in '.reg', '.vbs', '.js' } { [System.Text.UnicodeEncoding]::new( $false, $true ); }
default { [System.Text.Encoding]::Default; }
};
[System.IO.File]::WriteAllBytes( $path, ( $encoding.GetPreamble() + $encoding.GetBytes( $file.InnerText.Trim() ) ) );
}
</ExtractScript>
<File path="C:\Windows\Temp\remove-packages.ps1">
$selectors = @(
'Microsoft.Microsoft3DViewer';
'Microsoft.BingSearch';
'Microsoft.WindowsCalculator';
'Microsoft.WindowsCamera';
'Clipchamp.Clipchamp';
'Microsoft.WindowsAlarms';
'Microsoft.549981C3F5F10';
'Microsoft.Windows.DevHome';
'MicrosoftCorporationII.MicrosoftFamily';
'Microsoft.WindowsFeedbackHub';
'Microsoft.GetHelp';
'Microsoft.Getstarted';
'microsoft.windowscommunicationsapps';
'Microsoft.WindowsMaps';
'Microsoft.BingNews';
'Microsoft.WindowsNotepad';
'Microsoft.MicrosoftOfficeHub';
'Microsoft.Office.OneNote';
'Microsoft.OutlookForWindows';
'Microsoft.Paint';
'Microsoft.MSPaint';
'Microsoft.People';
'Microsoft.Windows.Photos';
'Microsoft.PowerAutomateDesktop';
'MicrosoftCorporationII.QuickAssist';
'Microsoft.SkypeApp';
'Microsoft.ScreenSketch';
'Microsoft.MicrosoftSolitaireCollection';
'Microsoft.MicrosoftStickyNotes';
'MSTeams';
'Microsoft.Todos';
'Microsoft.WindowsSoundRecorder';
'Microsoft.BingWeather';
'Microsoft.Xbox.TCUI';
'Microsoft.XboxApp';
'Microsoft.XboxGameOverlay';
'Microsoft.XboxGamingOverlay';
'Microsoft.XboxIdentityProvider';
'Microsoft.XboxSpeechToTextOverlay';
'Microsoft.GamingApp';
'Microsoft.YourPhone';
'Microsoft.ZuneMusic';
'Microsoft.ZuneVideo';
);
$getCommand = { Get-AppxProvisionedPackage -Online; };
$filterCommand = { $_.DisplayName -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-AppxProvisionedPackage -AllUsers -Online -ErrorAction 'Continue';
}
};
$type = 'Package';
$logfile = 'C:\Windows\Temp\remove-packages.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Windows\Temp\remove-caps.ps1">
$selectors = @(
'Browser.InternetExplorer';
'MathRecognizer';
'Microsoft.Windows.Notepad';
'Microsoft.Windows.MSPaint';
'App.Support.QuickAssist';
'Microsoft.Windows.SnippingTool';
'App.StepsRecorder';
'Media.WindowsMediaPlayer';
'Microsoft.Windows.WordPad';
);
$getCommand = { Get-WindowsCapability -Online; };
$filterCommand = { ($_.Name -split '~')[0] -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Remove-WindowsCapability -Online -ErrorAction 'Continue';
}
};
$type = 'Capability';
$logfile = 'C:\Windows\Temp\remove-caps.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Windows\Temp\remove-features.ps1">
$selectors = @(
'Microsoft-SnippingTool';
);
$getCommand = { Get-WindowsOptionalFeature -Online; };
$filterCommand = { $_.FeatureName -eq $selector; };
$removeCommand = {
[CmdletBinding()]
param(
[Parameter( Mandatory, ValueFromPipeline )]
$InputObject
);
process {
$InputObject | Disable-WindowsOptionalFeature -Online -Remove -NoRestart -ErrorAction 'Continue';
}
};
$type = 'Feature';
$logfile = 'C:\Windows\Temp\remove-features.log';
& {
$installed = & $getCommand;
foreach( $selector in $selectors ) {
$result = [ordered] @{
Selector = $selector;
};
$found = $installed | Where-Object -FilterScript $filterCommand;
if( $found ) {
$result.Output = $found | & $removeCommand;
if( $? ) {
$result.Message = "$type removed.";
} else {
$result.Message = "$type not removed.";
$result.Error = $Error[0];
}
} else {
$result.Message = "$type not installed.";
}
$result | ConvertTo-Json -Depth 3 -Compress;
}
} *>&1 >> $logfile;
</File>
<File path="C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml">
<![CDATA[
<LayoutModificationTemplate Version="1"
xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"><LayoutOptions StartTileGroupCellWidth="6" /><DefaultLayoutOverride><StartLayoutCollection><StartLayout GroupCellWidth="6"xmlns="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" /></StartLayoutCollection></DefaultLayoutOverride></LayoutModificationTemplate>
]]>
</File>
<File path="%TEMP%\disable-defender.ini">
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
"Start" = REG_DWORD 4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
"Start" = REG_DWORD 4
</File>
<File path="%TEMP%\sounds.ps1">
$mountKey = 'DefaultUser';
New-PSDrive -PSProvider 'Registry' -Root 'HKEY_USERS' -Name 'HKU';
$excludes = Get-ChildItem -LiteralPath "HKU:\${mountKey}\AppEvents\EventLabels" |
Where-Object -FilterScript { ($_ | Get-ItemProperty).ExcludeFromCPL -eq 1; } |
Select-Object -ExpandProperty 'PSChildName';
Get-ChildItem -Path "HKU:\${mountKey}\AppEvents\Schemes\Apps\*\*" |
Where-Object -Property 'PSChildName' -NotIn $excludes |
Get-ChildItem -Include '.Current' | Set-ItemProperty -Name '(default)' -Value '';
Remove-PSDrive -Name 'HKU';
</File>
<File path="%TEMP%\VBoxGuestAdditions.ps1">
& {
foreach( $letter in 'DEFGHIJKLMNOPQRSTUVWXYZ'.ToCharArray() ) {
$exe = "${letter}:\VBoxWindowsAdditions.exe";
if( Test-Path -LiteralPath $exe ) {
$certs = "${letter}:\cert";
Start-Process -FilePath "${certs}\VBoxCertUtil.exe" -ArgumentList "add-trusted-publisher ${certs}\vbox*.cer", "--root ${certs}\vbox*.cer" -Wait;
Start-Process -FilePath $exe -ArgumentList '/with_wddm', '/S' -Wait;
return;
}
}
'VBoxGuestAdditions.iso is not attached to this VM.';
} *>&1 >> "$env:TEMP\VBoxGuestAdditions.log";
</File>
<File path="%TEMP%\wdac.ps1">
Set-StrictMode -Version 'Latest';
$ErrorActionPreference = 'Stop';
$(
try {
$guid = '{d26bff32-33a2-48a3-b037-10357ee48427}';
$xml = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.xml";
$binary = "C:\Windows\System32\CodeIntegrity\CiPolicies\Active\${guid}.cip";
Copy-Item -LiteralPath 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml' -Destination $xml;
Set-RuleOption -FilePath $xml -Option 0;
Set-RuleOption -FilePath $xml -Option 6;
Set-RuleOption -FilePath $xml -Option 9;
Set-RuleOption -FilePath $xml -Option 16;
Set-RuleOption -FilePath $xml -Option 18;
Set-RuleOption -FilePath $xml -Option 5 -Delete;
Set-RuleOption -FilePath $xml -Option 11;
Set-RuleOption -FilePath $xml -Option 3;
Set-RuleOption -FilePath $xml -Option 10;
Merge-CIPolicy -PolicyPaths $xml -OutputFilePath $xml -Rules $(
@(
New-CIPolicyRule -FilePathRule 'C:\Windows\*';
New-CIPolicyRule -FilePathRule 'C:\Program Files\*';
New-CIPolicyRule -FilePathRule 'C:\Program Files (x86)\*';
New-CIPolicyRule -FilePathRule '%WINDIR%\debug\WIA\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Reports\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Rules\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\PLA\Templates\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\Registration\CRMLog\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Com\dmp\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\FxsTmp\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\LogFiles\WMI\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Microsoft\Crypto\RSA\MachineKeys\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\drivers\color\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\PRINTERS\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\spool\SERVERS\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks_Migrated\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\System32\Tasks\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Com\dmp\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\FxsTmp\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\SysWOW64\Tasks\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\Tasks\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\Temp\*' -Deny;
New-CIPolicyRule -FilePathRule '%WINDIR%\tracing\*' -Deny;
) | ForEach-Object -Process {
$_;
};
);
$doc = [xml]::new();
$doc.Load( $xml );
$nsmgr = [System.Xml.XmlNamespaceManager]::new( $doc.NameTable );
$nsmgr.AddNamespace( 'pol', 'urn:schemas-microsoft-com:sipolicy' );
$doc.SelectSingleNode( '/pol:SiPolicy/pol:PolicyID', $nsmgr ).InnerText = $guid;
$doc.SelectSingleNode( '/pol:SiPolicy/pol:BasePolicyID', $nsmgr ).InnerText = $guid;
$node = $doc.SelectSingleNode( '//pol:SigningScenario[@Value="12"]/pol:ProductSigners/pol:AllowedSigners', $nsmgr );
$node.ParentNode.RemoveChild( $node );
$doc.Save( $xml );
ConvertFrom-CIPolicy -XmlFilePath $xml -BinaryFilePath $binary;
} catch {
$_;
}
) *>&1 | Out-File -Append -FilePath "$env:TEMP\wdac.log";
</File>
<File path="C:\Windows\Setup\Scripts\unattend-01.ps1">
bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200
bcdedit.exe -set TESTSIGNING ON
</File>
<File path="C:\Windows\Setup\Scripts\unattend-02.ps1">
$RegistryPath = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Set-ItemProperty $RegistryPath 'AutoAdminLogon' -Value "1" -Type String
Set-ItemProperty $RegistryPath 'DefaultUsername' -Value "user" -type String
Set-ItemProperty $RegistryPath 'DefaultPassword' -Value "password" -type String
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType 'Automatic'
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
shutdown -r
</File>
</Extensions>
</unattend>
Created
July 25, 2024 16:48
-
-
Save novafacing/8a5976d1ebc14930310ecd55c9837935 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://schneegans.de/windows/unattend-generator/?LanguageMode=Unattended&UILanguage=en-US&Locale=en-US&Keyboard=00000409&GeoLocation=244&ProcessorArchitecture=amd64&BypassRequirementsCheck=true&ComputerNameMode=Custom&ComputerName=test&TimeZoneMode=Implicit&PartitionMode=Unattended&EspSize=300&PartitionLayout=MBR&RecoveryMode=Partition&RecoverySize=1000&WindowsEditionMode=Unattended&WindowsEdition=pro&UserAccountMode=Unattended&AccountName0=user&AccountPassword0=password&AccountGroup0=Administrators&AccountName1=&AccountName2=&AccountName3=&AccountName4=&AutoLogonMode=Own&PasswordExpirationMode=Unlimited&LockoutMode=Disabled&DisableDefender=true&DisableDefenderPE=true&DisableSystemRestore=true&EnableLongPaths=true&EnableRemoteDesktop=true&AllowPowerShellScripts=true&TurnOffSystemSounds=true&DisableAppSuggestions=true&DisableWidgets=true&PreventDeviceEncryption=true&ClassicContextMenu=true&VBoxGuestAdditions=true&WifiMode=Skip&ExpressSettings=DisableAll&Remove3DViewer=true&RemoveBingSearch=true&RemoveCalculator=true&RemoveCamera=true&RemoveClipchamp=true&RemoveClock=true&RemoveCopilot=true&RemoveCortana=true&RemoveDevHome=true&RemoveFamily=true&RemoveFeedbackHub=true&RemoveGetHelp=true&RemoveInternetExplorer=true&RemoveMailCalendar=true&RemoveMaps=true&RemoveMathInputPanel=true&RemoveZuneVideo=true&RemoveNews=true&RemoveNotepadClassic=true&RemoveNotepad=true&RemoveOffice365=true&RemoveOneDrive=true&RemoveOneNote=true&RemoveOutlook=true&RemovePaint=true&RemovePaint3D=true&RemovePeople=true&RemovePhotos=true&RemovePowerAutomate=true&RemoveQuickAssist=true&RemoveSkype=true&RemoveSnippingTool=true&RemoveSolitaire=true&RemoveStepsRecorder=true&RemoveStickyNotes=true&RemoveTeams=true&RemoveGetStarted=true&RemoveToDo=true&RemoveVoiceRecorder=true&RemoveWeather=true&RemoveWindowsMediaPlayer=true&RemoveZuneMusic=true&RemoveWordPad=true&RemoveXboxApps=true&RemoveYourPhone=true&SystemScript0=bcdedit+%2Fdebug+on%0D%0Abcdedit+%2Fdbgsettings+serial+debugport%3A1+baudrate%3A115200%0D%0Abcdedit.exe+-set+TESTSIGNING+ON%0D%0A&SystemScriptType0=Ps1&FirstLogonScript0=%24RegistryPath+%3D+%27HKLM%3A%5CSOFTWARE%5CMicrosoft%5CWindows+NT%5CCurrentVersion%5CWinlogon%27%0D%0ASet-ItemProperty+%24RegistryPath+%27AutoAdminLogon%27+-Value+%221%22+-Type+String+%0D%0ASet-ItemProperty+%24RegistryPath+%27DefaultUsername%27+-Value+%22user%22+-type+String+%0D%0ASet-ItemProperty+%24RegistryPath+%27DefaultPassword%27+-Value+%22password%22+-type+String%0D%0AAdd-WindowsCapability+-Online+-Name+OpenSSH.Server%7E%7E%7E%7E0.0.1.0%0D%0ASet-Service+-Name+sshd+-StartupType+%27Automatic%27%0D%0ANew-ItemProperty+-Path+%22HKLM%3A%5CSOFTWARE%5COpenSSH%22+-Name+DefaultShell+-Value+%22C%3A%5CWindows%5CSystem32%5CWindowsPowerShell%5Cv1.0%5Cpowershell.exe%22+-PropertyType+String+-Force%0D%0Ashutdown+-r&FirstLogonScriptType0=Ps1&WdacMode=Configure&WdacAuditMode=Auditing&WdacScriptMode=Unrestricted