<%# kind: provision name: unattend.xml oses: - Windows 2012 64Bit - Windows 2016 64Bit - Windows 2019 64Bit - Windows 10 Enterprise 64Bit %> Windows Server> true OnError true IT true true Restart en-us en-us en-us en-us en-us en-us en-us en-us en-us en-us en-us true true true true true Work true true 1 <%= host_param('windows_password') %> true</PlainText> </AdministratorPassword> </UserAccounts> <AutoLogon> <Enabled>true</Enabled> <Username>Administrator</Username> <LogonCount>1</LogonCount> <Password> <Value><%= host_param('windows_password') %></Value> <PlainText>true</PlainText> </Password> <Domain><%= @host.domain %></Domain> </AutoLogon> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "netsh advfirewall firewall add rule name=\"WinRM-HTTP\" dir=in localport=5985 protocol=TCP action=allow"</CommandLine> <Description>"Set the winrm firewall rules"</Description> <Order>1</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "winrm set winrm/config/client/auth '@{Basic=\"true\"}'"</CommandLine> <Description>"Set winrm config"</Description> <Order>2</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "winrm set winrm/config/service/auth '@{Basic=\"true\"}'"</CommandLine> <Description>"Set winrm config"</Description> <Order>3</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "winrm set winrm/config/service '@{AllowUnencrypted=\"true\"}'"</CommandLine> <Description>"Set winrm config"</Description> <Order>4</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "net user <%= host_param('ansible_user') %> <%= host_param('ansible_ssh_pass') %> /add /comment:\"Ansible Login Service User\" /passwordchg:no /fullname:\"Ansible User\""</CommandLine> <Description>"Add local ansible user"</Description> <Order>5</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "net localgroup administrators <%= host_param('ansible_user') %> /add"</CommandLine> <Description>"Add local ansible user to Admin Group in ENG"</Description> <Order>6</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "net localgroup administratoren <%= host_param('ansible_user') %> /add"</CommandLine> <Description>"Add local ansible user to Admin Group in DE"</Description> <Order>7</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name <%= host_param('ansible_user') %> -passwordneverexpires 1</CommandLine> <Description>"Add local ansible user passwordexpire"</Description> <Order>8</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "Enable-PSRemoting"</CommandLine> <Description>"Enable Remote Desktop"</Description> <Order>9</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "netsh advfirewall firewall add rule name=\"Enable IPv4 ICMP\" dir=in protocol=icmpv4 action=allow"</CommandLine> <Description>"Enable Ping"</Description> <Order>10</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes"</CommandLine> <Description>"Enable Remote Desktop"</Description> <Order>11</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "reg add \"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"</CommandLine> <Description>"Enable Remote Desktop"</Description> <Order>12</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive -Command "reg add \"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff\" /f"</CommandLine> <Description>"Enable Remote Desktop"</Description> <Order>13</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive New-Item -ItemType directory -Path C:\bginfo</CommandLine> <Description>"Set BGinfo"</Description> <Order>14</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive Copy-Item <%= host_param('windows_share') %>bginfo\* -Destination C:\bginfo</CommandLine> <Description>"Set BGinfo"</Description> <Order>15</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive Move-Item C:\bginfo\Bginfo-autostart.lnk -Destination '%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo-autostart.lnk'</CommandLine> <Description>"Set BGinfo"</Description> <Order>16</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "invoke-webrequest -Uri http://downloads.puppet.com/windows/puppet5/puppet-agent-x64-latest.msi -OutFile C:\puppet-agent-x64-latest.msi"</CommandLine> <Order>17</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "echo \"[main]\" &gt; C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf "</CommandLine> <Order>18</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "echo \"server=http://orcharhino:8000/unattended/built?token=cae2cc74\" &gt;&gt; C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf "</CommandLine> <Order>19</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "echo \"autoflush=true\" &gt;&gt; C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf "</CommandLine> <Order>20</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "msiexec /qn /norestart /i C:\puppet-agent-x64-latest.msi PUPPET_MASTER_SERVER=orcharhino"</CommandLine> <Order>21</Order> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -Command "copy \"C:\bginfo\Bginfo-autostart.lnk\" \"%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo-autostart.lnk\""</CommandLine> <Description>"Reboot"</Description> <Order>22</Order> </SynchronousCommand> </FirstLogonCommands> <ProductKey><%= host_param('windows_serial') %></ProductKey> <TimeZone>GMT Standard Time</TimeZone> <ShowWindowsLive>false</ShowWindowsLive> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ComputerName><%= @host.shortname %></ComputerName> </component> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain><%= @host.domain %></Domain> <Password><%= host_param('ad_join_and_config_password') %></Password> <Username><%= host_param('ad_join_and_config_user') %></Username> </Credentials> <JoinDomain><%= @host.domain %></JoinDomain> </Identification> </component> </settings> <cpi:offlineImage cpi:source="wim:c:/install.wim#Windows Image" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>