-
Notifications
You must be signed in to change notification settings - Fork 95
/
provision.ps1
85 lines (73 loc) · 3.52 KB
/
provision.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
Set-StrictMode -Version Latest
$ProgressPreference = 'SilentlyContinue'
$ErrorActionPreference = 'Stop'
trap {
#Write-Host
#Write-Host 'whoami from autounattend:'
#Get-Content C:\whoami-autounattend.txt | ForEach-Object { Write-Host "whoami from autounattend: $_" }
#Write-Host 'whoami from current WinRM session:'
#whoami /all >C:\whoami-winrm.txt
#Get-Content C:\whoami-winrm.txt | ForEach-Object { Write-Host "whoami from winrm: $_" }
Write-Host
Write-Host "ERROR: $_"
($_.ScriptStackTrace -split '\r?\n') -replace '^(.*)$','ERROR: $1' | Write-Host
($_.Exception.ToString() -split '\r?\n') -replace '^(.*)$','ERROR EXCEPTION: $1' | Write-Host
Write-Host
Write-Host 'Sleeping for 60m to give you time to look around the virtual machine before self-destruction...'
Start-Sleep -Seconds (60*60)
Exit 1
}
# enable TLS 1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol `
-bor [Net.SecurityProtocolType]::Tls12
if (![Environment]::Is64BitProcess) {
throw 'this must run in a 64-bit PowerShell session'
}
if (!(New-Object System.Security.Principal.WindowsPrincipal(
[Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(
[Security.Principal.WindowsBuiltInRole]::Administrator)) {
throw 'this must run with Administrator privileges (e.g. in a elevated shell session)'
}
Add-Type -A System.IO.Compression.FileSystem
# install Guest Additions.
$systemVendor = (Get-CimInstance -ClassName Win32_ComputerSystemProduct -Property Vendor).Vendor
if ($systemVendor -eq 'QEMU') {
# do nothing. this was installed in provision-guest-tools-qemu-kvm.ps1.
} elseif ($systemVendor -eq 'Microsoft Corporation') {
# do nothing. Hyper-V enlightments are already bundled with Windows.
} elseif ($systemVendor -eq 'VMware, Inc.') {
# do nothing. VMware Tools were already installed by provision-vmtools.ps1 (executed from autounattend.xml).
} else {
throw "Cannot install Guest Additions: Unsupported system ($systemVendor)."
}
Write-Host 'Setting the vagrant account properties...'
# see the ADS_USER_FLAG_ENUM enumeration at https://msdn.microsoft.com/en-us/library/aa772300(v=vs.85).aspx
$AdsScript = 0x00001
$AdsAccountDisable = 0x00002
$AdsNormalAccount = 0x00200
$AdsDontExpirePassword = 0x10000
$account = [ADSI]'WinNT://./vagrant'
$account.Userflags = $AdsNormalAccount -bor $AdsDontExpirePassword
$account.SetInfo()
Write-Host 'Setting the Administrator account properties...'
$account = [ADSI]'WinNT://./Administrator'
$account.Userflags = $AdsNormalAccount -bor $AdsDontExpirePassword -bor $AdsAccountDisable
$account.SetInfo()
Write-Host 'Disabling Automatic Private IP Addressing (APIPA)...'
Set-ItemProperty `
-Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' `
-Name IPAutoconfigurationEnabled `
-Value 0
Write-Host 'Disabling IPv6...'
Set-ItemProperty `
-Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters' `
-Name DisabledComponents `
-Value 0xff
Write-Host 'Disabling hibernation...'
powercfg /hibernate off
Write-Host 'Setting the power plan to high performance...'
powercfg /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
Write-Host 'Disabling the Windows Boot Manager menu...'
# NB to have the menu show with a lower timeout, run this instead: bcdedit /timeout 2
# NB with a timeout of 2 you can still press F8 to show the boot manager menu.
bcdedit /set '{bootmgr}' displaybootmenu no