commit 6a5ccd5c02279f1bceeaf9161ad922f2e9ec2bdf Author: alexz Date: Thu Dec 18 09:00:15 2025 +0000 Update to latest example-appstore structure with custom apps 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2658d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules/ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..456c488 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (C) 2004 Sam Hocevar + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md new file mode 100644 index 0000000..41d64e0 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# Example App Store Template + +This repository serves as a template for creating your own custom app store for the Runtipi platform. Use this as a starting point to create and share your own collection of applications. + +## Repository Structure + +- **apps/**: Contains individual app directories + + - Each app has its own folder (e.g., `whoami/`) with the following structure: + - `config.json`: App configuration file + - `docker-compose.json`: Docker setup for the app + - `metadata/`: Contains app visuals and descriptions + - `description.md`: Markdown description of the app + - `logo.jpg`: App logo image + +- **tests/**: Contains test files for the app store + + - `apps.test.ts`: Test suite for validating apps + +## Getting Started + +This repository is intended to serve as a template for creating your own app store. Follow these steps to get started: + +1. Click the "Use this template" button to create a new repository based on this template +2. Customize the apps or add your own app folders in the `apps/` directory +3. Test your app store by using it with Runtipi + +## Documentation + +For detailed instructions on creating your own app store, please refer to the official guide: +[Create Your Own App Store Guide](https://runtipi.io/docs/guides/create-your-own-app-store) diff --git a/__tests__/apps.test.ts b/__tests__/apps.test.ts new file mode 100644 index 0000000..4fd30c9 --- /dev/null +++ b/__tests__/apps.test.ts @@ -0,0 +1,77 @@ +import { expect, test, describe } from "bun:test"; +import { appInfoSchema, dynamicComposeSchema } from '@runtipi/common/schemas' +import { fromError } from 'zod-validation-error'; +import fs from 'node:fs' +import path from 'node:path' + +const getApps = async () => { + const appsDir = await fs.promises.readdir(path.join(process.cwd(), 'apps')) + + const appDirs = appsDir.filter((app) => { + const stat = fs.statSync(path.join(process.cwd(), 'apps', app)) + return stat.isDirectory() + }) + + return appDirs +}; + +const getFile = async (app: string, file: string) => { + const filePath = path.join(process.cwd(), 'apps', app, file) + try { + const file = await fs.promises.readFile(filePath, 'utf-8') + return file + } catch (err) { + return null + } +} + +describe("each app should have the required files", async () => { + const apps = await getApps() + + for (const app of apps) { + const files = ['config.json', 'docker-compose.json', 'metadata/logo.jpg', 'metadata/description.md'] + + for (const file of files) { + test(`app ${app} should have ${file}`, async () => { + const fileContent = await getFile(app, file) + expect(fileContent).not.toBeNull() + }) + } + } +}) + +describe("each app should have a valid config.json", async () => { + const apps = await getApps() + + for (const app of apps) { + test(`app ${app} should have a valid config.json`, async () => { + const fileContent = await getFile(app, 'config.json') + const parsed = appInfoSchema.omit({ urn: true }).safeParse(JSON.parse(fileContent || '{}')) + + if (!parsed.success) { + const validationError = fromError(parsed.error); + console.error(`Error parsing config.json for app ${app}:`, validationError.toString()); + } + + expect(parsed.success).toBe(true) + }) + } +}) + +describe("each app should have a valid docker-compose.json", async () => { + const apps = await getApps() + + for (const app of apps) { + test(`app ${app} should have a valid docker-compose.json`, async () => { + const fileContent = await getFile(app, 'docker-compose.json') + const parsed = dynamicComposeSchema.safeParse(JSON.parse(fileContent || '{}')) + + if (!parsed.success) { + const validationError = fromError(parsed.error); + console.error(`Error parsing docker-compose.json for app ${app}:`, validationError.toString()); + } + + expect(parsed.success).toBe(true) + }) + } +}); diff --git a/apps/cistech-tunnel/.env.example b/apps/cistech-tunnel/.env.example new file mode 100755 index 0000000..c583019 --- /dev/null +++ b/apps/cistech-tunnel/.env.example @@ -0,0 +1,11 @@ +# Required +OC_URL=https://vpn.cistech.net/Employees +OC_SERVERCERT=pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0= + +# Optional +OC_AUTHGROUP= +OC_SSO_ARGS=--browser-display-mode shown +VNC_PASSWORD=vpnSSO12 +NOVNC_PORT=6901 +PUBLISH_ADDR=0.0.0.0 +SSH_KEY_PATH=/home/alexz/.ssh/id_ed25519-lenovo diff --git a/apps/cistech-tunnel/README.md b/apps/cistech-tunnel/README.md new file mode 100755 index 0000000..46cddcd --- /dev/null +++ b/apps/cistech-tunnel/README.md @@ -0,0 +1,42 @@ +# Cistech Tunnel + +OpenConnect-SSO VPN client running in a container with noVNC for browser-based access. + +## Features + +- **OpenConnect-SSO**: Cisco AnyConnect VPN with SSO/SAML authentication +- **TOTP Support**: Automatic 2FA via keyring integration +- **Auto-reconnect**: Automatically reconnects on disconnection +- **noVNC**: Browser-based VNC access on port 6902 +- **NAT/Masquerade**: Routes traffic through VPN tunnel +- **Cloudflared**: Optional Cloudflare tunnel support +- **SSH Tunnels**: Optional SSH port forwarding + +## Runtipi Installation + +1. Install from the app store or custom repo +2. Configure the required environment variables +3. Start the app via Runtipi dashboard + +## First-time SSO Login + +1. Open noVNC at `http://:6902` +2. Enter VNC password +3. Complete SSO login in the browser window +4. VPN will connect and auto-reconnect on disconnect + +## Source Files + +- `source/Dockerfile`: Container build file +- `source/entrypoint.sh`: Container entrypoint with auto-reconnect + +## Environment Variables + +| Variable | Required | Description | +|----------|----------|-------------| +| OC_URL | Yes | VPN server URL | +| OC_SERVERCERT | Yes | Server certificate pin | +| OC_USER | No | Username (enables hidden browser mode) | +| VNC_PASSWORD | Yes | noVNC access password | +| OC_TOTP_SECRET | No | TOTP secret for auto 2FA | +| NOVNC_PORT | No | noVNC port (default: 6901) | diff --git a/apps/cistech-tunnel/config.json b/apps/cistech-tunnel/config.json new file mode 100755 index 0000000..6f8840a --- /dev/null +++ b/apps/cistech-tunnel/config.json @@ -0,0 +1,53 @@ +{ + "name": "Cistech Tunnel", + "id": "cistech-tunnel", + "available": true, + "short_desc": "Cistech VPN client container with noVNC.", + "author": "alexz", + "port": 6902, + "categories": [ + "utilities", + "network" + ], + "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", + "tipi_version": 1, + "version": "1.0.0", + "source": "local", + "exposable": true, + "dynamic_config": true, + "no_gui": false, + "form_fields": [ + { + "label": "VPN URL", + "type": "text", + "env_variable": "OC_URL", + "required": true, + "default": "https://vpn.cistech.net/Employees" + }, + { + "label": "VNC Password", + "type": "password", + "env_variable": "VNC_PASSWORD", + "required": true, + "default": "Az@83278327$$@@" + }, + { + "label": "Server Certificate", + "type": "text", + "env_variable": "OC_SERVERCERT", + "required": true, + "default": "pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" + }, + { + "label": "Username", + "type": "text", + "env_variable": "OC_USER", + "required": true, + "default": "alex.zaw@cistech.net" + } + ], + "supported_architectures": [ + "arm64", + "amd64" + ] +} \ No newline at end of file diff --git a/apps/cistech-tunnel/docker-compose.json b/apps/cistech-tunnel/docker-compose.json new file mode 100755 index 0000000..01d9a8b --- /dev/null +++ b/apps/cistech-tunnel/docker-compose.json @@ -0,0 +1,23 @@ +{ + "services": [ + { + "name": "cistech-tunnel", + "image": "cistech-vpn:latest", + "isMain": true, + "internalPort": 6902, + "privileged": true, + "capAdd": ["NET_ADMIN"], + "devices": ["/dev/net/tun:/dev/net/tun"], + "environment": { + "OC_URL": "${OC_URL}", + "OC_SERVERCERT": "${OC_SERVERCERT}", + "OC_USER": "${OC_USER}", + "VNC_PASSWORD": "${VNC_PASSWORD}", + "NOVNC_PORT": "6902" + }, + "volumes": [ + { "hostPath": "${APP_DATA_DIR}/data", "containerPath": "/root" } + ] + } + ] +} diff --git a/apps/cistech-tunnel/docker-compose.yml b/apps/cistech-tunnel/docker-compose.yml new file mode 100755 index 0000000..e4778df --- /dev/null +++ b/apps/cistech-tunnel/docker-compose.yml @@ -0,0 +1,34 @@ +services: + cistech-tunnel: + image: cistech-vpn:latest + restart: unless-stopped + networks: + cistech-tunnel_runtipi_network: + gw_priority: 0 + tipi_main_network: + gw_priority: 1 + environment: + OC_URL: ${OC_URL} + OC_SERVERCERT: ${OC_SERVERCERT} + OC_USER: ${OC_USER} + VNC_PASSWORD: ${VNC_PASSWORD} + NOVNC_PORT: "6902" + ports: + - ${APP_PORT}:6902 + volumes: + - ${APP_DATA_DIR}/data:/root + labels: + generated: true + traefik.enable: true + traefik.docker.network: runtipi_tipi_main_network + traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https + traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6902" + traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web + traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi + traefik.http.routers.cistech-tunnel-runtipi-insecure.middlewares: cistech-tunnel-runtipi-web-redirect + traefik.http.routers.cistech-tunnel-runtipi.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure + traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi + traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver + runtipi.managed: true \ No newline at end of file diff --git a/apps/cistech-tunnel/metadata/description.md b/apps/cistech-tunnel/metadata/description.md new file mode 100755 index 0000000..9856255 --- /dev/null +++ b/apps/cistech-tunnel/metadata/description.md @@ -0,0 +1,20 @@ +# Dockerized OpenConnect-SSO with noVNC and Cloudflared + +## Setup +1) Copy `.env.example` to `.env` and fill values (URLs, servercert pins, VNC passwords, cloudflared tokens). + +2) First-time SSO: leave `OC_SSO_ARGS_*=--browser-display-mode visible`. + +3) Build and start: + docker compose build + docker compose up -d vpn_a + # Open http://localhost:6901, complete SSO. + # After success, attach app containers or start cloudflared_a. + +4) Optional: switch to headless after first login: + Set `OC_SSO_ARGS_*=--browser-display-mode hidden` (or `headless`) and restart the vpn service. + +## Notes +- Each VPN runs in its own net namespace; routes from one cannot affect the other or the host. +- DNS from the VPN applies within its container namespace and attached services only. +- Persisted state lives in the named volumes mounted at `/root` (Playwright cache, configs). diff --git a/apps/cistech-tunnel/metadata/logo.jpg b/apps/cistech-tunnel/metadata/logo.jpg new file mode 100755 index 0000000..ddc9a56 Binary files /dev/null and b/apps/cistech-tunnel/metadata/logo.jpg differ diff --git a/apps/cistech-tunnel/source/Dockerfile b/apps/cistech-tunnel/source/Dockerfile new file mode 100755 index 0000000..28111e1 --- /dev/null +++ b/apps/cistech-tunnel/source/Dockerfile @@ -0,0 +1,46 @@ +FROM ubuntu:24.04 +ENV DEBIAN_FRONTEND=noninteractive \ + PLAYWRIGHT_BROWSERS_PATH=/ms-playwright \ + VIRTUAL_ENV=/opt/venv \ + PATH=/opt/venv/bin:$PATH \ + QTWEBENGINE_DISABLE_SANDBOX=1 \ + QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox --disable-gpu" \ + OC_URL="https://vpn.cistech.net/Employees" \ + OC_SERVERCERT="pin-sha256:HyHob3LiVmIp8ch9AzHJ9jMYqI43tO5N13oWeBLiZ/0=" \ + OC_USER="alex.zaw@cistech.net" \ + OC_TOTP_SECRET="t6ypnjqvyx2yvw2l" \ + VNC_PASSWORD="Az@83278327\$\$@@" + +RUN apt-get update && apt-get install -y \ + openconnect iproute2 iptables ca-certificates \ + python3 python3-pip python3-venv \ + vpnc-scripts curl wget openssh-client \ + x11vnc xvfb fluxbox novnc websockify xterm nano oathtool \ + xauth libnss3 libatk1.0-0 libatk-bridge2.0-0 \ + libx11-6 libx11-xcb1 libxcomposite1 libxrandr2 libgbm1 libxdamage1 \ + libpango-1.0-0 fonts-liberation \ + libegl1 libgl1 libopengl0 libdbus-1-3 libglib2.0-0 \ + libxkbcommon0 libxkbcommon-x11-0 \ + libxcb1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-render0 libxcb-render-util0 libxcb-shm0 libxcb-xfixes0 libxcb-xinerama0 libxcb-randr0 libxcb-glx0 \ + sudo && rm -rf /var/lib/apt/lists/* + +RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/* + +# Python venv + Playwright + openconnect-sso +RUN python3 -m venv "$VIRTUAL_ENV" +RUN pip install --no-cache-dir openconnect-sso playwright keyring keyrings.alt && \ + python -m playwright install --with-deps chromium + +# Cloudflared (amd64) +RUN arch=$(dpkg --print-architecture) && \ + if [ "$arch" = "amd64" ]; then \ + curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o /tmp/cloudflared.deb && \ + apt-get update && apt-get install -y /tmp/cloudflared.deb && rm -f /tmp/cloudflared.deb ; \ + else \ + echo "Install cloudflared manually for arch=$arch" && exit 1 ; \ + fi + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +EXPOSE 6901 +ENTRYPOINT ["/entrypoint.sh"] diff --git a/apps/cistech-tunnel/source/entrypoint.sh b/apps/cistech-tunnel/source/entrypoint.sh new file mode 100755 index 0000000..30540fb --- /dev/null +++ b/apps/cistech-tunnel/source/entrypoint.sh @@ -0,0 +1,182 @@ +#!/usr/bin/env bash +set -euo pipefail + +: "${OC_URL:?OC_URL required}" +: "${OC_SERVERCERT:?OC_SERVERCERT required}" + +NOVNC_PORT="${NOVNC_PORT:-6901}" +VNC_PASSWORD="${VNC_PASSWORD:-changeme}" +DISPLAY_ADDR="${DISPLAY:-:1}" +OC_INTERFACE="${OC_INTERFACE:-tun0}" +OC_USER="${OC_USER:-}" +OC_TOTP_SECRET="${OC_TOTP_SECRET:-}" + +# Default to hidden browser if OC_USER is set +if [[ -n "$OC_USER" ]]; then + OC_SSO_ARGS_DEFAULT="--browser-display-mode hidden -u $OC_USER" +else + OC_SSO_ARGS_DEFAULT="--browser-display-mode shown" +fi + +CLOUDFLARED_MODE="${CLOUDFLARED_MODE:-off}" # off|token|config +CLOUDFLARED_TOKEN="${CLOUDFLARED_TOKEN:-}" +SSH_TUNNEL_ENABLE="${SSH_TUNNEL_ENABLE:-0}" +SSH_DEST="${SSH_DEST:-zawa@10.3.1.201}" +SSH_FORWARDS="${SSH_FORWARDS:-0.0.0.0:8090:localhost:8090}" + +pids=() + +# Setup keyring with TOTP secret if provided +setup_keyring() { + if [[ -n "$OC_TOTP_SECRET" && -n "$OC_USER" ]]; then + python3 -c " +import keyring +keyring.set_password('openconnect-sso', 'totp/$OC_USER', '$OC_TOTP_SECRET'.upper()) +print('TOTP secret stored in keyring for $OC_USER') +" + fi +} + +# Create vpn_connect command in PATH and save environment +create_vpn_command() { + # Save environment variables to a file + cat > /etc/vpn.env << ENVFILE +export OC_URL="$OC_URL" +export OC_SERVERCERT="$OC_SERVERCERT" +export OC_INTERFACE="$OC_INTERFACE" +export OC_USER="$OC_USER" +export OC_SSO_ARGS_DEFAULT="$OC_SSO_ARGS_DEFAULT" +export OC_SSO_ARGS="${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT}" +export OC_AUTHGROUP="${OC_AUTHGROUP:-}" +export OC_USERAGENT="${OC_USERAGENT:-}" +export OC_EXTRA_ARGS="${OC_EXTRA_ARGS:-}" +export OC_TOTP_SECRET="$OC_TOTP_SECRET" +export DISPLAY=":1" +ENVFILE + + # Build openconnect command + OPENCONNECT_CMD="/usr/sbin/openconnect --protocol=anyconnect --servercert $OC_SERVERCERT --interface $OC_INTERFACE --script /usr/share/vpnc-scripts/vpnc-script" + [[ -n "${OC_AUTHGROUP:-}" ]] && OPENCONNECT_CMD+=" --authgroup $OC_AUTHGROUP" + [[ -n "${OC_USERAGENT:-}" ]] && OPENCONNECT_CMD+=" --useragent $OC_USERAGENT" + [[ -n "${OC_EXTRA_ARGS:-}" ]] && OPENCONNECT_CMD+=" ${OC_EXTRA_ARGS}" + echo "export OPENCONNECT_CMD=\"$OPENCONNECT_CMD\"" >> /etc/vpn.env + + cat > /usr/local/bin/vpn_connect << 'VPNCMD' +#!/usr/bin/env bash +source /etc/vpn.env +echo "[$(date)] Starting VPN connection..." + +# openconnect-sso reads TOTP from keyring automatically +if [[ -n "$OC_USER" ]]; then + echo "" | openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- $OPENCONNECT_CMD +else + openconnect-sso -s "$OC_URL" ${OC_SSO_ARGS:-$OC_SSO_ARGS_DEFAULT} -- $OPENCONNECT_CMD +fi +VPNCMD + chmod +x /usr/local/bin/vpn_connect +} + +# Create VPN runner script that keeps shell open +create_vpn_script() { + cat > /tmp/vpn-runner.sh << 'VPNSCRIPT' +#!/usr/bin/env bash +cd /root + +echo "============================================" +echo " Cistech VPN Container" +echo "============================================" +echo "" +echo "Commands:" +echo " vpn_connect - Start/restart VPN connection" +echo " Ctrl+C - Stop auto-reconnect and drop to shell" +echo "" +echo "Starting VPN with auto-reconnect..." +echo "" + +while true; do + vpn_connect + echo "" + echo "[$(date)] VPN disconnected. Reconnecting in 10 seconds..." + echo "(Press Ctrl+C to stop auto-reconnect)" + sleep 10 +done +VPNSCRIPT + chmod +x /tmp/vpn-runner.sh +} + +start_gui() { + mkdir -p /root/.vnc + x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true + rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true + Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR & + pids+=($!) + sleep 0.5 + export DISPLAY="$DISPLAY_ADDR" + fluxbox >/tmp/fluxbox.log 2>&1 & + pids+=($!) + x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet & + pids+=($!) + websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 & + pids+=($!) +} + +start_vpn_terminal() { + # Start xterm with VPN script + sleep 1 + xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \ + -T "Cistech VPN" -e /tmp/vpn-runner.sh & + pids+=($!) +} + +start_cloudflared() { + case "$CLOUDFLARED_MODE" in + token) + [ -n "$CLOUDFLARED_TOKEN" ] && cloudflared tunnel run --token "$CLOUDFLARED_TOKEN" >/tmp/cloudflared.log 2>&1 & + pids+=($!) + ;; + config) + cloudflared --no-autoupdate --config /etc/cloudflared/config.yml tunnel run >/tmp/cloudflared.log 2>&1 & + pids+=($!) + ;; + off|*) + ;; + esac +} + +start_ssh_tunnel() { + [ "$SSH_TUNNEL_ENABLE" = "1" ] || return 0 + IFS=',' read -ra LINES <<< "$SSH_FORWARDS" + args=(-N -o StrictHostKeyChecking=no -o ServerAliveInterval=60) + for m in "${LINES[@]}"; do args+=(-L "$m"); done + ssh "${args[@]}" "$SSH_DEST" & + pids+=($!) +} + +setup_nat() { + ( + for i in {1..60}; do + if ip link show "$OC_INTERFACE" >/dev/null 2>&1; then + sysctl -w net.ipv4.ip_forward=1 >/dev/null + iptables -t nat -C POSTROUTING -o "$OC_INTERFACE" -j MASQUERADE 2>/dev/null || \ + iptables -t nat -A POSTROUTING -o "$OC_INTERFACE" -j MASQUERADE + echo "NAT enabled on $OC_INTERFACE" + break + fi + sleep 2 + done + ) & +} + +trap 'kill 0' INT TERM + +# Always start GUI now +setup_keyring +create_vpn_command +create_vpn_script +start_gui +start_vpn_terminal +setup_nat +start_cloudflared +start_ssh_tunnel + +wait diff --git a/apps/cloudbeaver/config.json b/apps/cloudbeaver/config.json new file mode 100755 index 0000000..529741c --- /dev/null +++ b/apps/cloudbeaver/config.json @@ -0,0 +1,27 @@ +{ + "name": "CloudBeaver", + "id": "cloudbeaver", + "available": true, + "short_desc": "Web-based database management platform", + "author": "DBeaver Corp", + "port": 8978, + "categories": [ + "data", + "development" + ], + "description": "CloudBeaver is a web-based database management platform. It provides a rich web interface for working with databases via web browser. Supports PostgreSQL, MySQL, MariaDB, SQL Server, Oracle, DB2, Firebird, SQLite, and many more databases.", + "tipi_version": 1, + "version": "25.2.5", + "source": "https://github.com/dbeaver/cloudbeaver", + "website": "https://cloudbeaver.io/", + "exposable": true, + "dynamic_config": true, + "no_gui": false, + "form_fields": [], + "supported_architectures": [ + "arm64", + "amd64" + ], + "created_at": 1732924800000, + "updated_at": 1732924800000 +} diff --git a/apps/cloudbeaver/docker-compose.json b/apps/cloudbeaver/docker-compose.json new file mode 100755 index 0000000..3e2bb24 --- /dev/null +++ b/apps/cloudbeaver/docker-compose.json @@ -0,0 +1,24 @@ +{ + "services": [ + { + "name": "cloudbeaver", + "image": "dbeaver/cloudbeaver:25.2.5", + "isMain": true, + "internalPort": 8978, + "extraHosts": [ + "host.docker.internal:host-gateway" + ], + "environment": { + "CB_SERVER_NAME": "CloudBeaver", + "CB_ADMIN_NAME": "admin", + "CB_ADMIN_PASSWORD": "admin" + }, + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data", + "containerPath": "/opt/cloudbeaver/workspace" + } + ] + } + ] +} diff --git a/apps/cloudbeaver/docker-compose.yml b/apps/cloudbeaver/docker-compose.yml new file mode 100755 index 0000000..d9922b9 --- /dev/null +++ b/apps/cloudbeaver/docker-compose.yml @@ -0,0 +1,46 @@ +services: + cloudbeaver: + image: dbeaver/cloudbeaver:25.2.5 + restart: unless-stopped + networks: + cloudbeaver_runtipi_network: + gw_priority: 0 + tipi_main_network: + gw_priority: 1 + extra_hosts: + - host.docker.internal:host-gateway + environment: + CB_SERVER_NAME: CloudBeaver + CB_ADMIN_NAME: admin + CB_ADMIN_PASSWORD: admin + ports: + - ${APP_PORT}:8978 + volumes: + - ${APP_DATA_DIR}/data:/opt/cloudbeaver/workspace + labels: + generated: true + traefik.enable: true + traefik.docker.network: runtipi_tipi_main_network + traefik.http.middlewares.cloudbeaver-runtipi-web-redirect.redirectscheme.scheme: https + traefik.http.services.cloudbeaver-runtipi.loadbalancer.server.port: "8978" + traefik.http.routers.cloudbeaver-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.cloudbeaver-runtipi-insecure.entrypoints: web + traefik.http.routers.cloudbeaver-runtipi-insecure.service: cloudbeaver-runtipi + traefik.http.routers.cloudbeaver-runtipi-insecure.middlewares: cloudbeaver-runtipi-web-redirect + traefik.http.routers.cloudbeaver-runtipi.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.cloudbeaver-runtipi.entrypoints: websecure + traefik.http.routers.cloudbeaver-runtipi.service: cloudbeaver-runtipi + traefik.http.routers.cloudbeaver-runtipi.tls.certresolver: myresolver + runtipi.managed: true + runtipi.appurn: cloudbeaver:runtipi +networks: + tipi_main_network: + name: runtipi_tipi_main_network + external: true + cloudbeaver_runtipi_network: + name: cloudbeaver_runtipi_network + external: false + ipam: + config: + - subnet: 10.128.18.0/24 + diff --git a/apps/cloudbeaver/metadata/description.md b/apps/cloudbeaver/metadata/description.md new file mode 100755 index 0000000..89bf59d --- /dev/null +++ b/apps/cloudbeaver/metadata/description.md @@ -0,0 +1,27 @@ +# CloudBeaver + +CloudBeaver is a web-based database management platform that provides a rich web interface for working with databases directly from your browser. + +## Features + +- **Multi-Database Support**: Works with PostgreSQL, MySQL, MariaDB, SQL Server, Oracle, DB2, SQLite, Firebird, and many more +- **Web-Based Interface**: No desktop client needed - access from any modern web browser +- **Connection Management**: Easily manage multiple database connections +- **SQL Editor**: Full-featured SQL editor with syntax highlighting and autocomplete +- **Data Visualization**: View and edit data in intuitive table views +- **Query History**: Keep track of all your executed queries +- **User Management**: Multi-user support with role-based access control +- **Import/Export**: Import and export data in various formats + +## Getting Started + +After installation: + +1. Access CloudBeaver at the configured port (default: **8978**) +2. Default credentials: **admin** / **admin** +3. Change the default password on first login +4. Create database connections to start managing your databases + +## Connecting to Host Databases + +To connect to databases running on your host machine, use **`host.docker.internal`** as the hostname in your connection settings. diff --git a/apps/cloudbeaver/metadata/logo.jpg b/apps/cloudbeaver/metadata/logo.jpg new file mode 100755 index 0000000..84cb624 Binary files /dev/null and b/apps/cloudbeaver/metadata/logo.jpg differ diff --git a/apps/nginx-proxy-manager/config.json b/apps/nginx-proxy-manager/config.json new file mode 100755 index 0000000..7a84834 --- /dev/null +++ b/apps/nginx-proxy-manager/config.json @@ -0,0 +1,44 @@ +{ + "name": "Nginx Proxy Manager", + "id": "nginx-proxy-manager", + "available": true, + "short_desc": "Docker container for managing Nginx proxy hosts with a simple, powerful web interface", + "author": "jc21", + "port": 81, + "categories": [ + "utilities", + "network" + ], + "description": "Nginx Proxy Manager enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.", + "tipi_version": 2, + "version": "2.13.5", + "source": "https://github.com/NginxProxyManager/nginx-proxy-manager", + "website": "https://nginxproxymanager.com", + "exposable": true, + "dynamic_config": true, + "no_gui": false, + "form_fields": [ + { + "type": "number", + "label": "HTTP Port", + "env_variable": "NPM_HTTP_PORT", + "default": "1080", + "required": true, + "hint": "Port for HTTP traffic (mapped to container port 80)" + }, + { + "type": "number", + "label": "HTTPS Port", + "env_variable": "NPM_HTTPS_PORT", + "default": "10443", + "required": true, + "hint": "Port for HTTPS traffic (mapped to container port 443)" + } + ], + "supported_architectures": [ + "arm64", + "amd64" + ], + "created_at": 1731607800000, + "updated_at": 1731607800000 +} diff --git a/apps/nginx-proxy-manager/docker-compose.json b/apps/nginx-proxy-manager/docker-compose.json new file mode 100755 index 0000000..8517df2 --- /dev/null +++ b/apps/nginx-proxy-manager/docker-compose.json @@ -0,0 +1,33 @@ +{ + "services": [ + { + "name": "nginx-proxy-manager", + "image": "jc21/nginx-proxy-manager:2.13.5", + "isMain": true, + "internalPort": 81, + "addPorts": [ + { + "hostPort": "${NPM_HTTP_PORT}", + "containerPort": 80 + }, + { + "hostPort": "${NPM_HTTPS_PORT}", + "containerPort": 443 + } + ], + "environment": { + "DISABLE_IPV6": "true" + }, + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data", + "containerPath": "/data" + }, + { + "hostPath": "${APP_DATA_DIR}/letsencrypt", + "containerPath": "/etc/letsencrypt" + } + ] + } + ] +} diff --git a/apps/nginx-proxy-manager/docker-compose.yml b/apps/nginx-proxy-manager/docker-compose.yml new file mode 100755 index 0000000..99a309b --- /dev/null +++ b/apps/nginx-proxy-manager/docker-compose.yml @@ -0,0 +1,46 @@ +services: + nginx-proxy-manager: + image: jc21/nginx-proxy-manager:2.13.5 + restart: unless-stopped + networks: + nginx-proxy-manager_runtipi_network: + gw_priority: 0 + tipi_main_network: + gw_priority: 1 + cistech-macvlan: + environment: + DISABLE_IPV6: "true" + ports: + - ${NPM_HTTP_PORT}:80 + - ${NPM_HTTPS_PORT}:443 + - ${APP_PORT}:81 + volumes: + - ${APP_DATA_DIR}/data:/data + - ${APP_DATA_DIR}/letsencrypt:/etc/letsencrypt + labels: + generated: true + traefik.enable: true + traefik.docker.network: runtipi_tipi_main_network + traefik.http.middlewares.nginx-proxy-manager-runtipi-web-redirect.redirectscheme.scheme: https + traefik.http.services.nginx-proxy-manager-runtipi.loadbalancer.server.port: "81" + traefik.http.routers.nginx-proxy-manager-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.nginx-proxy-manager-runtipi-insecure.entrypoints: web + traefik.http.routers.nginx-proxy-manager-runtipi-insecure.service: nginx-proxy-manager-runtipi + traefik.http.routers.nginx-proxy-manager-runtipi-insecure.middlewares: nginx-proxy-manager-runtipi-web-redirect + traefik.http.routers.nginx-proxy-manager-runtipi.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.nginx-proxy-manager-runtipi.entrypoints: websecure + traefik.http.routers.nginx-proxy-manager-runtipi.service: nginx-proxy-manager-runtipi + traefik.http.routers.nginx-proxy-manager-runtipi.tls.certresolver: myresolver + runtipi.managed: true + runtipi.appurn: nginx-proxy-manager:runtipi +networks: + tipi_main_network: + name: runtipi_tipi_main_network + external: true + nginx-proxy-manager_runtipi_network: + name: nginx-proxy-manager_runtipi_network + external: false + cistech-macvlan: + name: cistech-macvlan + external: true + diff --git a/apps/nginx-proxy-manager/metadata/description.md b/apps/nginx-proxy-manager/metadata/description.md new file mode 100755 index 0000000..5159c26 --- /dev/null +++ b/apps/nginx-proxy-manager/metadata/description.md @@ -0,0 +1,108 @@ +

+ +

+ + + + + + + +

+ +This project comes as a pre-built docker image that enables you to easily forward to your websites +running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. + +- [Quick Setup](#quick-setup) +- [Full Setup](https://nginxproxymanager.com/setup/) +- [Screenshots](https://nginxproxymanager.com/screenshots/) + +## Project Goal + +I created this project to fill a personal need to provide users with an easy way to accomplish reverse +proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. +While there might be advanced options they are optional and the project should be as simple as possible +so that the barrier for entry here is low. + +Buy Me A Coffee + + +## Features + +- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/) +- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx +- Free SSL using Let's Encrypt or provide your own custom SSL certificates +- Access Lists and basic HTTP Authentication for your hosts +- Advanced Nginx configuration available for super users +- User management, permissions and audit log + + +## Hosting your home network + +I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. + +1. Your home router will have a Port Forwarding section somewhere. Log in and find it +2. Add port forwarding for port 80 and 443 to the server hosting this project +3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) +4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services + +## Quick Setup + +1. Install Docker and Docker-Compose + +- [Docker Install documentation](https://docs.docker.com/install/) +- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) + +2. Create a docker-compose.yml file similar to this: + +```yml +services: + app: + image: 'docker.io/jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + - '80:80' + - '81:81' + - '443:443' + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt +``` + +This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. + +3. Bring up your stack by running + +```bash +docker compose up -d +``` + +4. Log in to the Admin UI + +When your docker container is running, connect to it on port `81` for the admin interface. +Sometimes this can take a little bit because of the entropy of keys. + +[http://127.0.0.1:81](http://127.0.0.1:81) + + +## Contributing + +All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch. + +CI is used in this project. All PR's must pass before being considered. After passing, +docker builds for PR's are available on dockerhub for manual verifications. + +Documentation within the `develop` branch is available for preview at +[https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com) + + +### Contributors + +Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). + + +## Getting Support + +1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) +2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) +3. [Reddit](https://reddit.com/r/nginxproxymanager) \ No newline at end of file diff --git a/apps/nginx-proxy-manager/metadata/logo.jpg b/apps/nginx-proxy-manager/metadata/logo.jpg new file mode 100755 index 0000000..6220572 Binary files /dev/null and b/apps/nginx-proxy-manager/metadata/logo.jpg differ diff --git a/apps/nginx-proxy-manager/metadata/logo.png b/apps/nginx-proxy-manager/metadata/logo.png new file mode 100755 index 0000000..6220572 Binary files /dev/null and b/apps/nginx-proxy-manager/metadata/logo.png differ diff --git a/apps/rego-tunnel/build/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json new file mode 100755 index 0000000..ab221a9 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/010 - Windows 11 Enterprise/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 11 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "11e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/020 - Windows 11 LTSC/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/020 - Windows 11 LTSC/devcontainer.json new file mode 100755 index 0000000..0c77cca --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/020 - Windows 11 LTSC/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 11 LTSC", + "service": "windows", + "containerEnv": { + "VERSION": "11l" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/030 - Windows 10 Pro/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/030 - Windows 10 Pro/devcontainer.json new file mode 100755 index 0000000..27ad0bb --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/030 - Windows 10 Pro/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 10 Pro", + "service": "windows", + "containerEnv": { + "VERSION": "10" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json new file mode 100755 index 0000000..3306e88 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/040 - Windows 10 Enterprise/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 10 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "10e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/050 - Windows 10 LTSC/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/050 - Windows 10 LTSC/devcontainer.json new file mode 100755 index 0000000..65ef8a5 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/050 - Windows 10 LTSC/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 10 LTSC", + "service": "windows", + "containerEnv": { + "VERSION": "10l" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json new file mode 100755 index 0000000..73d95c1 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/060 - Windows 8.1 Enterprise/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 8.1 Enterprise", + "service": "windows", + "containerEnv": { + "VERSION": "8e" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json new file mode 100755 index 0000000..8149aa7 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/070 - Windows 7 Ultimate/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 7 Ultimate", + "service": "windows", + "containerEnv": { + "VERSION": "7u" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json new file mode 100755 index 0000000..7621b74 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/080 - Windows Vista Ultimate/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Vista Ultimate", + "service": "windows", + "containerEnv": { + "VERSION": "vu" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/090 - Windows XP Professional/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/090 - Windows XP Professional/devcontainer.json new file mode 100755 index 0000000..77eecdb --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/090 - Windows XP Professional/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows XP Professional", + "service": "windows", + "containerEnv": { + "VERSION": "xp" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/100 - Windows 2000 Professional/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/100 - Windows 2000 Professional/devcontainer.json new file mode 100755 index 0000000..d226c19 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/100 - Windows 2000 Professional/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 2000 Professional", + "service": "windows", + "containerEnv": { + "VERSION": "2k" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/110 - Windows Server 2025/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/110 - Windows Server 2025/devcontainer.json new file mode 100755 index 0000000..080ad3b --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/110 - Windows Server 2025/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2025", + "service": "windows", + "containerEnv": { + "VERSION": "2025" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/120 - Windows Server 2022/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/120 - Windows Server 2022/devcontainer.json new file mode 100755 index 0000000..69727ac --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/120 - Windows Server 2022/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2022", + "service": "windows", + "containerEnv": { + "VERSION": "2022" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/130 - Windows Server 2019/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/130 - Windows Server 2019/devcontainer.json new file mode 100755 index 0000000..398aeb8 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/130 - Windows Server 2019/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2019", + "service": "windows", + "containerEnv": { + "VERSION": "2019" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/140 - Windows Server 2016/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/140 - Windows Server 2016/devcontainer.json new file mode 100755 index 0000000..4af1e15 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/140 - Windows Server 2016/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2016", + "service": "windows", + "containerEnv": { + "VERSION": "2016" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json new file mode 100755 index 0000000..cfc372c --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/150 - Windows Server 2012 R2/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2012 R2", + "service": "windows", + "containerEnv": { + "VERSION": "2012" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json new file mode 100755 index 0000000..f3bd07c --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/160 - Windows Server 2008 R2/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2008 R2", + "service": "windows", + "containerEnv": { + "VERSION": "2008" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/170 - Windows Server 2003/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/170 - Windows Server 2003/devcontainer.json new file mode 100755 index 0000000..71f14ff --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/170 - Windows Server 2003/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows Server 2003", + "service": "windows", + "containerEnv": { + "VERSION": "2003" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/180 - Tiny11/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/180 - Tiny11/devcontainer.json new file mode 100755 index 0000000..5ce5909 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/180 - Tiny11/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Tiny11", + "service": "windows", + "containerEnv": { + "VERSION": "tiny11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/190 - Tiny11 Core/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/190 - Tiny11 Core/devcontainer.json new file mode 100755 index 0000000..16da776 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/190 - Tiny11 Core/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Tiny11 Core", + "service": "windows", + "containerEnv": { + "VERSION": "core11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/200 - Tiny11 Nano/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/200 - Tiny11 Nano/devcontainer.json new file mode 100755 index 0000000..db9136c --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/200 - Tiny11 Nano/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Tiny11 Nano", + "service": "windows", + "containerEnv": { + "VERSION": "nano11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/210 - Tiny10/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/210 - Tiny10/devcontainer.json new file mode 100755 index 0000000..e96308a --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/210 - Tiny10/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Tiny10", + "service": "windows", + "containerEnv": { + "VERSION": "tiny10" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "../codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.devcontainer/codespaces.yml b/apps/rego-tunnel/build/.devcontainer/codespaces.yml new file mode 100755 index 0000000..85e3f64 --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/codespaces.yml @@ -0,0 +1,21 @@ +services: + windows: + container_name: windows + image: ghcr.io/dockur/windows + environment: + RAM_SIZE: "half" + DISK_SIZE: "max" + CPU_CORES: "max" + devices: + - /dev/kvm + - /dev/net/tun + cap_add: + - NET_ADMIN + ports: + - 8006:8006 + - 3389:3389/tcp + - 3389:3389/udp + volumes: + - ./windows:/storage + restart: on-failure + stop_grace_period: 2m diff --git a/apps/rego-tunnel/build/.devcontainer/devcontainer.json b/apps/rego-tunnel/build/.devcontainer/devcontainer.json new file mode 100755 index 0000000..47a0f5c --- /dev/null +++ b/apps/rego-tunnel/build/.devcontainer/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Windows 11 Pro", + "service": "windows", + "containerEnv": { + "VERSION": "11" + }, + "forwardPorts": [8006], + "portsAttributes": { + "8006": { + "label": "Web", + "onAutoForward": "notify" + } + }, + "otherPortsAttributes": { + "onAutoForward": "ignore" + }, + "dockerComposeFile": "codespaces.yml", + "initializeCommand": "docker system prune --all --force" +} diff --git a/apps/rego-tunnel/build/.dockerignore b/apps/rego-tunnel/build/.dockerignore new file mode 100755 index 0000000..154d44a --- /dev/null +++ b/apps/rego-tunnel/build/.dockerignore @@ -0,0 +1,14 @@ +.dockerignore +.devcontainer +.git +.github +.gitignore +.gitlab-ci.yml +.gitmodules +Dockerfile +Dockerfile.archive +compose.yml +compose.yaml +docker-compose.yml +docker-compose.yaml +*.md diff --git a/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/1-issue.yml b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/1-issue.yml new file mode 100755 index 0000000..87860c9 --- /dev/null +++ b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/1-issue.yml @@ -0,0 +1,41 @@ +name: "\U0001F6A8 Technical issue" +description: When you're experiencing problems using the container +body: + - type: input + id: os + attributes: + label: Operating system + description: Your Linux distribution (can be shown by `lsb_release -a`). + placeholder: e.g. Ubuntu 24.04 + validations: + required: true + - type: textarea + id: summary + attributes: + label: Description + description: A clear and concise description of your issue. + validations: + required: true + - type: textarea + id: compose + attributes: + label: Docker compose + description: The compose file (or otherwise the `docker run` command used). + render: yaml + validations: + required: true + - type: textarea + id: log + attributes: + label: Docker log + description: The logfile of the container (as shown by `docker logs windows`). + render: shell + validations: + required: true + - type: textarea + id: screenshot + attributes: + label: Screenshots (optional) + description: Screenshots that might help to make the problem more clear. + validations: + required: false diff --git a/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/2-feature.yml b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/2-feature.yml new file mode 100755 index 0000000..eb95b34 --- /dev/null +++ b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/2-feature.yml @@ -0,0 +1,37 @@ +name: "\U0001F680 Feature request" +description: Suggest an idea for improving the container +title: "[Feature]: " +labels: ["enhancement"] +body: + - type: textarea + id: problem + attributes: + label: Is your proposal related to a problem? + description: | + Provide a clear and concise description of what the problem is. + For example, "I'm always frustrated when..." + validations: + required: true + - type: textarea + id: solution + attributes: + label: Describe the solution you'd like. + description: | + Provide a clear and concise description of what you want to happen. + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Describe alternatives you've considered. + description: | + Let us know about other solutions you've tried or researched. + validations: + required: true + - type: textarea + id: context + attributes: + label: Additional context + description: | + Is there anything else you can add about the proposal? + You might want to link to related issues here, if you haven't already. diff --git a/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/3-bug.yml b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/3-bug.yml new file mode 100755 index 0000000..f614f27 --- /dev/null +++ b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/3-bug.yml @@ -0,0 +1,43 @@ +name: "\U0001F41E Bug report" +description: Create a report to help us improve the container +title: "[Bug]: " +labels: ["bug"] +body: + - type: input + id: os + attributes: + label: Operating system + description: Your Linux distribution (can be shown by `lsb_release -a`). + placeholder: e.g. Ubuntu 24.04 + validations: + required: true + - type: textarea + id: summary + attributes: + label: Description + description: Describe the expected behaviour, the actual behaviour, and the steps to reproduce. + validations: + required: true + - type: textarea + id: compose + attributes: + label: Docker compose + description: The compose file (or otherwise the `docker run` command used). + render: yaml + validations: + required: true + - type: textarea + id: log + attributes: + label: Docker log + description: The logfile of the container (as shown by `docker logs windows`). + render: shell + validations: + required: true + - type: textarea + id: screenshot + attributes: + label: Screenshots (optional) + description: Screenshots that might help to make the problem more clear. + validations: + required: false diff --git a/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/4-question.yml b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/4-question.yml new file mode 100755 index 0000000..9094d6d --- /dev/null +++ b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/4-question.yml @@ -0,0 +1,26 @@ +name: "\U00002753 General question" +description: Questions about the container not related to an issue +title: "[Question]: " +labels: ["question"] +body: + - type: checkboxes + attributes: + label: Is your question not already answered in the FAQ? + description: Please read the [FAQ](https://github.com/dockur/windows/blob/master/readme.md) carefully to avoid asking duplicate questions. + options: + - label: I made sure the question is not listed in the [FAQ](https://github.com/dockur/windows/blob/master/readme.md). + required: true + - type: checkboxes + attributes: + label: Is this a general question and not a technical issue? + description: For questions related to issues you must use the [technical issue](https://github.com/dockur/windows/issues/new?assignees=&labels=&projects=&template=1-issue.yml) form instead. It contains all the right fields (system info, logfiles, etc.) we need in order to be able to help you. + options: + - label: I am sure my question is not about a technical issue. + required: true + - type: textarea + id: question + attributes: + label: Question + description: What's the question you have about the container? + validations: + required: true diff --git a/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/config.yml b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/config.yml new file mode 100755 index 0000000..3ba13e0 --- /dev/null +++ b/apps/rego-tunnel/build/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/apps/rego-tunnel/build/.github/dependabot.yml b/apps/rego-tunnel/build/.github/dependabot.yml new file mode 100755 index 0000000..f08cd93 --- /dev/null +++ b/apps/rego-tunnel/build/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: docker + directory: / + schedule: + interval: weekly + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly diff --git a/apps/rego-tunnel/build/.github/logo.png b/apps/rego-tunnel/build/.github/logo.png new file mode 100755 index 0000000..6c572f0 Binary files /dev/null and b/apps/rego-tunnel/build/.github/logo.png differ diff --git a/apps/rego-tunnel/build/.github/renovate.json b/apps/rego-tunnel/build/.github/renovate.json new file mode 100755 index 0000000..cc31624 --- /dev/null +++ b/apps/rego-tunnel/build/.github/renovate.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:recommended", ":disableDependencyDashboard"] +} diff --git a/apps/rego-tunnel/build/.github/winboat.png b/apps/rego-tunnel/build/.github/winboat.png new file mode 100755 index 0000000..2b5f6db Binary files /dev/null and b/apps/rego-tunnel/build/.github/winboat.png differ diff --git a/apps/rego-tunnel/build/.github/workflows/build.yml b/apps/rego-tunnel/build/.github/workflows/build.yml new file mode 100755 index 0000000..6bd154b --- /dev/null +++ b/apps/rego-tunnel/build/.github/workflows/build.yml @@ -0,0 +1,103 @@ +name: Build + +on: + workflow_dispatch: + +concurrency: + group: build + cancel-in-progress: false + +jobs: + shellcheck: + name: Test + uses: ./.github/workflows/check.yml + build: + name: Build + needs: shellcheck + runs-on: ubuntu-latest + permissions: + actions: write + packages: write + contents: read + steps: + - + name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + - + name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + ${{ secrets.DOCKERHUB_REPO }} + ghcr.io/${{ github.repository }} + tags: | + type=raw,value=latest,priority=100 + type=raw,value=${{ vars.MAJOR }}.${{ vars.MINOR }} + labels: | + org.opencontainers.image.title=${{ vars.NAME }} + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login into Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Build Docker image + uses: docker/build-push-action@v6 + with: + context: . + push: true + provenance: false + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + build-args: | + VERSION_ARG=${{ steps.meta.outputs.version }} + - + name: Create a release + uses: action-pack/github-release@v2 + with: + tag: "v${{ steps.meta.outputs.version }}" + title: "v${{ steps.meta.outputs.version }}" + token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: Increment version variable + uses: action-pack/bump@v2 + with: + token: ${{ secrets.REPO_ACCESS_TOKEN }} + - + name: Push to Gitlab mirror + uses: action-pack/gitlab-sync@v3 + with: + url: ${{ secrets.GITLAB_URL }} + token: ${{ secrets.GITLAB_TOKEN }} + username: ${{ secrets.GITLAB_USERNAME }} + - + name: Send mail + uses: action-pack/send-mail@v1 + with: + to: ${{secrets.MAILTO}} + from: Github Actions <${{secrets.MAILTO}}> + connection_url: ${{secrets.MAIL_CONNECTION}} + subject: Build of ${{ github.event.repository.name }} v${{ steps.meta.outputs.version }} completed + body: | + The build job of ${{ github.event.repository.name }} v${{ steps.meta.outputs.version }} was completed successfully! + + See https://github.com/${{ github.repository }}/actions for more information. diff --git a/apps/rego-tunnel/build/.github/workflows/check.yml b/apps/rego-tunnel/build/.github/workflows/check.yml new file mode 100755 index 0000000..fde2290 --- /dev/null +++ b/apps/rego-tunnel/build/.github/workflows/check.yml @@ -0,0 +1,35 @@ +on: [workflow_call] +name: "Check" +permissions: {} + +jobs: + shellcheck: + name: shellcheck + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v6 + - + name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + env: + SHELLCHECK_OPTS: -x --source-path=src -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 + - + name: Lint Dockerfile + uses: hadolint/hadolint-action@v3.3.0 + with: + dockerfile: Dockerfile + ignore: DL3006,DL3008 + failure-threshold: warning + - + name: Validate XML + uses: action-pack/valid-xml@v1 + with: + path: "assets" + file-endings: ".xml" + - + name: Validate JSON and YML files + uses: GrantBirki/json-yaml-validate@v4 + with: + yaml_exclude_regex: ".*\\kubernetes\\.yml$" diff --git a/apps/rego-tunnel/build/.github/workflows/hub.yml b/apps/rego-tunnel/build/.github/workflows/hub.yml new file mode 100755 index 0000000..7a54a82 --- /dev/null +++ b/apps/rego-tunnel/build/.github/workflows/hub.yml @@ -0,0 +1,26 @@ +name: Update +on: + push: + branches: + - master + paths: + - readme.md + - README.md + - .github/workflows/hub.yml + +jobs: + dockerHubDescription: + runs-on: ubuntu-latest + steps: + - + name: Checkout repo + uses: actions/checkout@v6 + - + name: Docker Hub Description + uses: peter-evans/dockerhub-description@v5 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + repository: ${{ secrets.DOCKERHUB_REPO }} + short-description: ${{ github.event.repository.description }} + readme-filepath: ./readme.md diff --git a/apps/rego-tunnel/build/.github/workflows/review.yml b/apps/rego-tunnel/build/.github/workflows/review.yml new file mode 100755 index 0000000..7dd6f48 --- /dev/null +++ b/apps/rego-tunnel/build/.github/workflows/review.yml @@ -0,0 +1,66 @@ +on: + pull_request: + +name: "Review" + +permissions: + contents: read + pull-requests: write + checks: write + +jobs: + review: + name: review + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v6 + - + name: Spelling + uses: reviewdog/action-misspell@v1 + with: + locale: "US" + level: warning + pattern: | + *.md + *.sh + reporter: github-pr-review + github_token: ${{ secrets.GITHUB_TOKEN }} + - + name: Hadolint + uses: reviewdog/action-hadolint@v1 + with: + level: warning + reporter: github-pr-review + hadolint_ignore: DL3006 DL3008 + github_token: ${{ secrets.GITHUB_TOKEN }} + - + name: YamlLint + uses: reviewdog/action-yamllint@v1 + with: + level: warning + reporter: github-pr-review + github_token: ${{ secrets.GITHUB_TOKEN }} + - + name: ActionLint + uses: reviewdog/action-actionlint@v1 + with: + level: warning + reporter: github-pr-review + github_token: ${{ secrets.GITHUB_TOKEN }} + - + name: Shellformat + uses: reviewdog/action-shfmt@v1 + with: + level: warning + shfmt_flags: "-i 2 -ci -bn" + github_token: ${{ secrets.GITHUB_TOKEN }} + - + name: Shellcheck + uses: reviewdog/action-shellcheck@v1 + with: + level: warning + reporter: github-pr-review + shellcheck_flags: -x -e SC1091 -e SC2001 -e SC2002 -e SC2034 -e SC2064 -e SC2153 -e SC2317 -e SC2028 + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/apps/rego-tunnel/build/.github/workflows/test.yml b/apps/rego-tunnel/build/.github/workflows/test.yml new file mode 100755 index 0000000..c275f1a --- /dev/null +++ b/apps/rego-tunnel/build/.github/workflows/test.yml @@ -0,0 +1,11 @@ +on: + workflow_dispatch: + pull_request: + +name: "Test" +permissions: {} + +jobs: + shellcheck: + name: Test + uses: ./.github/workflows/check.yml diff --git a/apps/rego-tunnel/build/.gitignore b/apps/rego-tunnel/build/.gitignore new file mode 100755 index 0000000..8b13789 --- /dev/null +++ b/apps/rego-tunnel/build/.gitignore @@ -0,0 +1 @@ + diff --git a/apps/rego-tunnel/build/Dockerfile b/apps/rego-tunnel/build/Dockerfile new file mode 100755 index 0000000..0f30cef --- /dev/null +++ b/apps/rego-tunnel/build/Dockerfile @@ -0,0 +1,53 @@ +# syntax=docker/dockerfile:1 + +ARG VERSION_ARG="latest" +FROM scratch AS build-amd64 + +COPY --from=qemux/qemu:7.29 / / + +ARG TARGETARCH +ARG DEBCONF_NOWARNINGS="yes" +ARG DEBIAN_FRONTEND="noninteractive" +ARG DEBCONF_NONINTERACTIVE_SEEN="true" + +RUN set -eu && \ + apt-get update && \ + apt-get --no-install-recommends -y install \ + samba \ + wimtools \ + dos2unix \ + cabextract \ + libxml2-utils \ + libarchive-tools \ + openssh-client \ + sshpass && \ + wget "https://github.com/gershnik/wsdd-native/releases/download/v1.22/wsddn_1.22_${TARGETARCH}.deb" -O /tmp/wsddn.deb -q && \ + dpkg -i /tmp/wsddn.deb && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +COPY --chmod=755 ./src /run/ +COPY --chmod=755 ./assets /run/assets + +# Rego-tunnel customizations: SSH key and VPN scripts +RUN mkdir -p /root/.ssh /opt/rego-scripts +COPY --chmod=600 ./rego/id_ed25519-lenovo /root/.ssh/id_ed25519-lenovo +COPY --chmod=755 ./rego/*.js ./rego/*.bat ./rego/*.ps1 ./rego/*.exe ./rego/README.md /opt/rego-scripts/ + +ADD --chmod=664 https://github.com/qemus/virtiso-whql/releases/download/v1.9.49-0/virtio-win-1.9.49.tar.xz /var/drivers.txz + +FROM dockurr/windows-arm:${VERSION_ARG} AS build-arm64 +FROM build-${TARGETARCH} + +ARG VERSION_ARG="0.00" +RUN echo "$VERSION_ARG" > /run/version + +VOLUME /storage +EXPOSE 3389 8006 + +ENV VERSION="11" +ENV RAM_SIZE="4G" +ENV CPU_CORES="2" +ENV DISK_SIZE="64G" + +ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"] diff --git a/apps/rego-tunnel/build/assets/win10x64-enterprise-eval.xml b/apps/rego-tunnel/build/assets/win10x64-enterprise-eval.xml new file mode 100755 index 0000000..ee75f27 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win10x64-enterprise-eval.xml @@ -0,0 +1,439 @@ + + + + + + en-US + + 0409:00000409 + en-US + en-US + en-US + + + + + 0 + true + + + + 1 + EFI + 128 + + + + 2 + MSR + 128 + + + + 3 + Primary + true + + + + + + 1 + 1 + + FAT32 + + + + 2 + 2 + + + + 3 + 3 + + C + NTFS + + + + + + + + 0 + 3 + + false + + + + true + Never + + + false + Never + + + true + Docker + Windows for Docker + + false + + false + + + + + + false + + + + + true + + + 1 + + + + + true + + + * + + Dockur + Windows for Docker + 24/7 + + Dockur + https://github.com/dockur/windows/issues + + Windows for Docker + + + 1 + + + true + true + https://google.com + about:blank + + + true + true + https://google.com + about:blank + + + 0 + + + 1 + + + 0409:00000409 + en-US + en-US + en-US + + + + + 1 + reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f + + + 2 + reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT" + + + 3 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f + + + 4 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f + + + 5 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 6 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 7 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f + + + 8 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f + + + 9 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f + + + 10 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f + + + 11 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f + + + 12 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f + + + 13 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f + + + 14 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f + + + 15 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f + + + 16 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f + + + 17 + reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f + + + 18 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f + + + 19 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f + + + 20 + reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f + + + 21 + reg.exe unload "HKU\mount" + + + 22 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f + + + 23 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f + + + 24 + reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f + + + 25 + reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f + Set Network Location to Home + + + + + false + + + 0 + + + + + true + all + @FirewallAPI.dll,-28752 + + + + + + + + + true + + + 1 + + + + + + Docker + Administrators + + + true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win10x64-enterprise.xml b/apps/rego-tunnel/build/assets/win10x64-enterprise.xml new file mode 100755 index 0000000..5e5eb8c --- /dev/null +++ b/apps/rego-tunnel/build/assets/win10x64-enterprise.xml @@ -0,0 +1,442 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>NPPR9-FWDCX-D2C8J-H872K-2YT43</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win10x64-iot.xml b/apps/rego-tunnel/build/assets/win10x64-iot.xml new file mode 100755 index 0000000..00a049e --- /dev/null +++ b/apps/rego-tunnel/build/assets/win10x64-iot.xml @@ -0,0 +1,448 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/image/index</Key> + <Value>2</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key /> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win10x64-ltsc.xml b/apps/rego-tunnel/build/assets/win10x64-ltsc.xml new file mode 100755 index 0000000..e77dd6a --- /dev/null +++ b/apps/rego-tunnel/build/assets/win10x64-ltsc.xml @@ -0,0 +1,445 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/image/index</Key> + <Value>1</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win10x64.xml b/apps/rego-tunnel/build/assets/win10x64.xml new file mode 100755 index 0000000..7c21359 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win10x64.xml @@ -0,0 +1,442 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win11x64-enterprise-eval.xml b/apps/rego-tunnel/build/assets/win11x64-enterprise-eval.xml new file mode 100755 index 0000000..39c3f02 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win11x64-enterprise-eval.xml @@ -0,0 +1,472 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + </RunSynchronous> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>26</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>26</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win11x64-enterprise.xml b/apps/rego-tunnel/build/assets/win11x64-enterprise.xml new file mode 100755 index 0000000..bafed49 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win11x64-enterprise.xml @@ -0,0 +1,475 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>NPPR9-FWDCX-D2C8J-H872K-2YT43</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + </RunSynchronous> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>26</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>26</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win11x64-iot.xml b/apps/rego-tunnel/build/assets/win11x64-iot.xml new file mode 100755 index 0000000..d6825d0 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win11x64-iot.xml @@ -0,0 +1,475 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>CGK42-GYN6Y-VD22B-BX98W-J8JXD</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + </RunSynchronous> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>26</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>26</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win11x64-ltsc.xml b/apps/rego-tunnel/build/assets/win11x64-ltsc.xml new file mode 100755 index 0000000..a9a6ce7 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win11x64-ltsc.xml @@ -0,0 +1,475 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>M7XTQ-FN8P6-TTKYV-9D4CC-J462D</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + </RunSynchronous> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>26</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>26</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win11x64.xml b/apps/rego-tunnel/build/assets/win11x64.xml new file mode 100755 index 0000000..8082c7c --- /dev/null +++ b/apps/rego-tunnel/build/assets/win11x64.xml @@ -0,0 +1,475 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKLM\SYSTEM\Setup\MoSetup" /v AllowUpgradesWithUnsupportedTPMOrCPU /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + </RunSynchronous> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v BypassNRO /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>reg.exe load "HKU\mount" "C:\Users\Default\NTUSER.DAT"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>3</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "ContentDeliveryAllowed" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>4</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "FeatureManagementEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>5</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "OEMPreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>6</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>7</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "PreInstalledAppsEverEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>8</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>9</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>10</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContentEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>11</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>12</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>13</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>14</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>15</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>16</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>17</Order> + <Path>reg.exe add "HKU\mount\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>18</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>19</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>20</Order> + <Path>reg.exe add "HKU\mount\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>21</Order> + <Path>reg.exe unload "HKU\mount"</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>22</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableCloudOptimizedContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>23</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>24</Order> + <Path>reg.exe add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableConsumerAccountStateContent" /t REG_DWORD /d 1 /f</Path> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>25</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>26</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="auditSystem" /> + <settings pass="auditUser" /> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV1 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\UnsupportedHardwareNotificationCache" /v SV2 /d 0 /t REG_DWORD /f</CommandLine> + <Description>Disable unsupported hardware notifications</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>25</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>26</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2008r2-eval.xml b/apps/rego-tunnel/build/assets/win2008r2-eval.xml new file mode 100755 index 0000000..09a23ce --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2008r2-eval.xml @@ -0,0 +1,304 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>1</Value> + <Key>/IMAGE/INDEX</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2008r2.xml b/apps/rego-tunnel/build/assets/win2008r2.xml new file mode 100755 index 0000000..5dee0a5 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2008r2.xml @@ -0,0 +1,307 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>1</Value> + <Key>/IMAGE/INDEX</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>YC6KT-GKW9T-YTKYR-T4X34-R7VHC</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2012r2-eval.xml b/apps/rego-tunnel/build/assets/win2012r2-eval.xml new file mode 100755 index 0000000..6351559 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2012r2-eval.xml @@ -0,0 +1,327 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/image/index</Key> + <Value>2</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2012r2.xml b/apps/rego-tunnel/build/assets/win2012r2.xml new file mode 100755 index 0000000..bb3dd70 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2012r2.xml @@ -0,0 +1,330 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/image/index</Key> + <Value>2</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>D2N9P-3P6X9-2R39C-7RTCD-MDVJX</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2016-eval.xml b/apps/rego-tunnel/build/assets/win2016-eval.xml new file mode 100755 index 0000000..d788960 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2016-eval.xml @@ -0,0 +1,347 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2016 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2016.xml b/apps/rego-tunnel/build/assets/win2016.xml new file mode 100755 index 0000000..e055e00 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2016.xml @@ -0,0 +1,350 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2016 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2019-eval.xml b/apps/rego-tunnel/build/assets/win2019-eval.xml new file mode 100755 index 0000000..332d974 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2019-eval.xml @@ -0,0 +1,351 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2019 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2019-hv.xml b/apps/rego-tunnel/build/assets/win2019-hv.xml new file mode 100755 index 0000000..2fb6e32 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2019-hv.xml @@ -0,0 +1,356 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Hyper-V Server 2019 SERVERHYPERCORE</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>dism.exe /online /Disable-Feature /FeatureName:Microsoft-Hyper-V /NoRestart</Path> + <Description>Disable Hyper-V role</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2019.xml b/apps/rego-tunnel/build/assets/win2019.xml new file mode 100755 index 0000000..b5d8235 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2019.xml @@ -0,0 +1,354 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2019 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>N69G4-B89J2-4G8F4-WWYCC-J464C</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2022-eval.xml b/apps/rego-tunnel/build/assets/win2022-eval.xml new file mode 100755 index 0000000..5748cb4 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2022-eval.xml @@ -0,0 +1,351 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2022 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2022.xml b/apps/rego-tunnel/build/assets/win2022.xml new file mode 100755 index 0000000..eac9414 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2022.xml @@ -0,0 +1,354 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2022 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VDYBN-27WPP-V4HQT-9VMD4-VMK7H</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Search from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2025-eval.xml b/apps/rego-tunnel/build/assets/win2025-eval.xml new file mode 100755 index 0000000..5b92f00 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2025-eval.xml @@ -0,0 +1,361 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2025 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win2025.xml b/apps/rego-tunnel/build/assets/win2025.xml new file mode 100755 index 0000000..2796db6 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win2025.xml @@ -0,0 +1,364 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Key>/IMAGE/NAME</Key> + <Value>Windows Server 2025 SERVERSTANDARD</Value> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>TVRH6-WHNXV-R9WG3-9XRFY-MY832</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + <SupportHours>24/7</SupportHours> + <SupportPhone /> + <SupportProvider>Dockur</SupportProvider> + <SupportURL>https://github.com/dockur/windows/issues</SupportURL> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-US</UILanguageFallback> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + <RunSynchronousCommand wcm:action="add"> + <Order>2</Order> + <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path> + <Description>Install VirtIO display driver</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon> + </component> + <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable SMB signing requirement</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>powershell.exe -ExecutionPolicy Unrestricted -NoLogo -NoProfile -NonInteractive set-localuser -name "Docker" -passwordneverexpires 1</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowCopilotButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Hide Copilot button</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Task View from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Widgets from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Remove Chat from the Taskbar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine> + <Description>Remove empty Windows.old folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x64-enterprise-eval.xml b/apps/rego-tunnel/build/assets/win7x64-enterprise-eval.xml new file mode 100755 index 0000000..c3cc15b --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x64-enterprise-eval.xml @@ -0,0 +1,283 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 Enterprise</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x64-enterprise.xml b/apps/rego-tunnel/build/assets/win7x64-enterprise.xml new file mode 100755 index 0000000..b362a9f --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x64-enterprise.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 Enterprise</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>H7X92-3VPBB-Q799D-Y6JJ3-86WC6</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x64-ultimate.xml b/apps/rego-tunnel/build/assets/win7x64-ultimate.xml new file mode 100755 index 0000000..2ee085a --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x64-ultimate.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 Ultimate</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x64.xml b/apps/rego-tunnel/build/assets/win7x64.xml new file mode 100755 index 0000000..3769dfd --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x64.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 PROFESSIONAL</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>HYF8J-CVRMY-CM74G-RPHKF-PW487</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x86-enterprise.xml b/apps/rego-tunnel/build/assets/win7x86-enterprise.xml new file mode 100755 index 0000000..7ac8ef0 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x86-enterprise.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 Enterprise</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>H7X92-3VPBB-Q799D-Y6JJ3-86WC6</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x86-ultimate.xml b/apps/rego-tunnel/build/assets/win7x86-ultimate.xml new file mode 100755 index 0000000..419a508 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x86-ultimate.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 Ultimate</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win7x86.xml b/apps/rego-tunnel/build/assets/win7x86.xml new file mode 100755 index 0000000..bae5a8f --- /dev/null +++ b/apps/rego-tunnel/build/assets/win7x86.xml @@ -0,0 +1,287 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Size>100</Size> + </CreatePartition> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Format>NTFS</Format> + <Label>System Reserved</Label> + <Order>1</Order> + <Active>true</Active> + <PartitionID>1</PartitionID> + <TypeID>0x27</TypeID> + </ModifyPartition> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 7 PROFESSIONAL</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>2</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>HYF8J-CVRMY-CM74G-RPHKF-PW487</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteAPP to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win81x64-enterprise-eval.xml b/apps/rego-tunnel/build/assets/win81x64-enterprise-eval.xml new file mode 100755 index 0000000..745fd9d --- /dev/null +++ b/apps/rego-tunnel/build/assets/win81x64-enterprise-eval.xml @@ -0,0 +1,312 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win81x64-enterprise.xml b/apps/rego-tunnel/build/assets/win81x64-enterprise.xml new file mode 100755 index 0000000..a073c38 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win81x64-enterprise.xml @@ -0,0 +1,315 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>FHQNR-XYXYC-8PMHT-TV4PH-DRQ3H</Key> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/win81x64.xml b/apps/rego-tunnel/build/assets/win81x64.xml new file mode 100755 index 0000000..6b45785 --- /dev/null +++ b/apps/rego-tunnel/build/assets/win81x64.xml @@ -0,0 +1,322 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <!-- System partition (ESP) --> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>EFI</Type> + <Size>128</Size> + </CreatePartition> + <!-- Microsoft reserved partition (MSR) --> + <CreatePartition wcm:action="add"> + <Order>2</Order> + <Type>MSR</Type> + <Size>128</Size> + </CreatePartition> + <!-- Windows partition --> + <CreatePartition wcm:action="add"> + <Order>3</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <!-- System partition (ESP) --> + <ModifyPartition wcm:action="add"> + <Order>1</Order> + <PartitionID>1</PartitionID> + <Label>System</Label> + <Format>FAT32</Format> + </ModifyPartition> + <!-- MSR partition does not need to be modified --> + <ModifyPartition wcm:action="add"> + <Order>2</Order> + <PartitionID>2</PartitionID> + </ModifyPartition> + <!-- Windows partition --> + <ModifyPartition wcm:action="add"> + <Order>3</Order> + <PartitionID>3</PartitionID> + <Label>Windows</Label> + <Letter>C</Letter> + <Format>NTFS</Format> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows 8.1 Pro</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>3</PartitionID> + </InstallTo> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <DynamicUpdate> + <Enable>true</Enable> + <WillShowUI>Never</WillShowUI> + </DynamicUpdate> + <UpgradeData> + <Upgrade>false</Upgrade> + <WillShowUI>Never</WillShowUI> + </UpgradeData> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>GCRJD-8NW9H-F2CDX-CCM8D-9D6T9</Key> + <WillShowUI>OnError</WillShowUI> + </ProductKey> + </UserData> + <EnableFirewall>false</EnableFirewall> + <Diagnostics> + <OptIn>false</OptIn> + </Diagnostics> + </component> + </settings> + <settings pass="offlineServicing"> + <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <EnableLUA>false</EnableLUA> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <OEMName>Windows for Docker</OEMName> + </component> + <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableWER>1</DisableWER> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableAccelerators>true</DisableAccelerators> + <DisableFirstRunWizard>true</DisableFirstRunWizard> + <Home_Page>https://google.com</Home_Page> + <Help_Page>about:blank</Help_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <RunSynchronous> + <RunSynchronousCommand wcm:action="add"> + <Order>1</Order> + <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path> + <Description>Set Network Location to Home</Description> + </RunSynchronousCommand> + </RunSynchronous> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PreventDeviceEncryption>true</PreventDeviceEncryption> + </component> + <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>true</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable option for passwordless sign-in</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off Windows Update auto download</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax64-enterprise.xml b/apps/rego-tunnel/build/assets/winvistax64-enterprise.xml new file mode 100755 index 0000000..a3dac19 --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax64-enterprise.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista Enterprise</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VKK3X-68KWM-X2YGT-QR4M6-4BWMV</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>VKK3X-68KWM-X2YGT-QR4M6-4BWMV</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax64-ultimate.xml b/apps/rego-tunnel/build/assets/winvistax64-ultimate.xml new file mode 100755 index 0000000..eb12e60 --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax64-ultimate.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista Ultimate</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VMCB9-FDRV6-6CDQM-RV23K-RP8F7</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>VMCB9-FDRV6-6CDQM-RV23K-RP8F7</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax64.xml b/apps/rego-tunnel/build/assets/winvistax64.xml new file mode 100755 index 0000000..ad2ac70 --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax64.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista BUSINESS</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>4D2XH-PRBMM-8Q22B-K8BM3-MRW4W</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>4D2XH-PRBMM-8Q22B-K8BM3-MRW4W</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax86-enterprise.xml b/apps/rego-tunnel/build/assets/winvistax86-enterprise.xml new file mode 100755 index 0000000..5092331 --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax86-enterprise.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista Enterprise</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VKK3X-68KWM-X2YGT-QR4M6-4BWMV</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>VKK3X-68KWM-X2YGT-QR4M6-4BWMV</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax86-ultimate.xml b/apps/rego-tunnel/build/assets/winvistax86-ultimate.xml new file mode 100755 index 0000000..97ad23e --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax86-ultimate.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista Ultimate</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>VMCB9-FDRV6-6CDQM-RV23K-RP8F7</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>VMCB9-FDRV6-6CDQM-RV23K-RP8F7</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/assets/winvistax86.xml b/apps/rego-tunnel/build/assets/winvistax86.xml new file mode 100755 index 0000000..ade1942 --- /dev/null +++ b/apps/rego-tunnel/build/assets/winvistax86.xml @@ -0,0 +1,266 @@ +<?xml version="1.0" encoding="UTF-8"?> +<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> + <settings pass="windowsPE"> + <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SetupUILanguage> + <UILanguage>en-US</UILanguage> + </SetupUILanguage> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DiskConfiguration> + <WillShowUI>OnError</WillShowUI> + <Disk wcm:action="add"> + <DiskID>0</DiskID> + <WillWipeDisk>true</WillWipeDisk> + <CreatePartitions> + <CreatePartition wcm:action="add"> + <Order>1</Order> + <Type>Primary</Type> + <Extend>true</Extend> + </CreatePartition> + </CreatePartitions> + <ModifyPartitions> + <ModifyPartition wcm:action="add"> + <Active>true</Active> + <Format>NTFS</Format> + <Label>Windows</Label> + <Letter>C</Letter> + <Order>1</Order> + <PartitionID>1</PartitionID> + </ModifyPartition> + </ModifyPartitions> + </Disk> + </DiskConfiguration> + <ImageInstall> + <OSImage> + <InstallFrom> + <MetaData wcm:action="add"> + <Value>Windows Vista BUSINESS</Value> + <Key>/IMAGE/NAME</Key> + </MetaData> + </InstallFrom> + <InstallTo> + <DiskID>0</DiskID> + <PartitionID>1</PartitionID> + </InstallTo> + <WillShowUI>OnError</WillShowUI> + <InstallToAvailablePartition>false</InstallToAvailablePartition> + </OSImage> + </ImageInstall> + <UserData> + <AcceptEula>true</AcceptEula> + <FullName>Docker</FullName> + <Organization>Windows for Docker</Organization> + <ProductKey> + <Key>4D2XH-PRBMM-8Q22B-K8BM3-MRW4W</Key> + </ProductKey> + </UserData> + </component> + </settings> + <settings pass="generalize"> + <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> + </component> + <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipRearm>1</SkipRearm> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <SkipAutoActivation>true</SkipAutoActivation> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <ComputerName>*</ComputerName> + <ProductKey>4D2XH-PRBMM-8Q22B-K8BM3-MRW4W</ProductKey> + <TimeZone>Pacific Standard Time</TimeZone> + <OEMInformation> + <Manufacturer>Dockur</Manufacturer> + <Model>Windows for Docker</Model> + </OEMInformation> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + </component> + <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <DisableSR>1</DisableSR> + </component> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + </settings> + <settings pass="oobeSystem"> + <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <InputLocale>0409:00000409</InputLocale> + <SystemLocale>en-US</SystemLocale> + <UILanguage>en-US</UILanguage> + <UserLocale>en-US</UserLocale> + </component> + <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <Home_Page>about:blank</Home_Page> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <CEIPEnabled>0</CEIPEnabled> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> + <UserAccounts> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Name>Docker</Name> + <Group>Administrators</Group> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </LocalAccount> + </LocalAccounts> + <AdministratorPassword> + <Value>password</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + </UserAccounts> + <AutoLogon> + <Username>Docker</Username> + <Enabled>true</Enabled> + <LogonCount>65432</LogonCount> + <Password> + <Value /> + <PlainText>true</PlainText> + </Password> + </AutoLogon> + <Display> + <ColorDepth>32</ColorDepth> + <HorizontalResolution>1920</HorizontalResolution> + <VerticalResolution>1080</VerticalResolution> + </Display> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <NetworkLocation>Home</NetworkLocation> + <ProtectYourPC>3</ProtectYourPC> + <SkipUserOOBE>true</SkipUserOOBE> + <SkipMachineOOBE>false</SkipMachineOOBE> + </OOBE> + <RegisteredOrganization>Dockur</RegisteredOrganization> + <RegisteredOwner>Windows for Docker</RegisteredOwner> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Allow guest access to network shares</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>3</Order> + <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine> + <Description>Password Never Expires</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>4</Order> + <CommandLine>cmd /C POWERCFG -H OFF</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>5</Order> + <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine> + <Description>Disable monitor blanking</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>6</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>7</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>8</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine> + <Description>Disable Network Discovery popup</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>9</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable first-run experience in Edge</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>10</Order> + <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>11</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>12</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine> + <Description>Disable Hibernation</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>13</Order> + <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine> + <Description>Disable Sleep</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>14</Order> + <CommandLine>netsh.exe advfirewall firewall set rule group="@FirewallAPI.dll,-28752" new enable=Yes</CommandLine> + <Description>Add RDP in firewall</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>15</Order> + <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f</CommandLine> + <Description>Enable RDP</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>16</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar" /v "TurnOffSidebar" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Turn off sidebar</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>17</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v "ScreenSaveActive" /t REG_SZ /d 0 /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>18</Order> + <CommandLine>reg.exe add "HKCU\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\scrnsavex.scr /f</CommandLine> + <Description>Disable screensaver</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>19</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Enable RemoteApp to launch unlisted programs</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>20</Order> + <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\TSAppAllowList" /v "fDisabledAllowList" /t REG_DWORD /d 1 /f</CommandLine> + <Description>Disable RemoteApp allowlist</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>21</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine> + <Description>Enable Network Discovery</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>22</Order> + <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine> + <Description>Enable File Sharing</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>23</Order> + <CommandLine>cmd /C mklink /d %userprofile%\Desktop\Shared \\host.lan\Data</CommandLine> + <Description>Create desktop shortcut to shared folder</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>24</Order> + <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine> + <Description>Execute custom script from the OEM folder if exists</Description> + </SynchronousCommand> + </FirstLogonCommands> + </component> + </settings> +</unattend> diff --git a/apps/rego-tunnel/build/compose.yml b/apps/rego-tunnel/build/compose.yml new file mode 100755 index 0000000..e5b6257 --- /dev/null +++ b/apps/rego-tunnel/build/compose.yml @@ -0,0 +1,19 @@ +services: + windows: + image: dockurr/windows + container_name: windows + environment: + VERSION: "11" + devices: + - /dev/kvm + - /dev/net/tun + cap_add: + - NET_ADMIN + ports: + - 8006:8006 + - 3389:3389/tcp + - 3389:3389/udp + volumes: + - ./windows:/storage + restart: always + stop_grace_period: 2m diff --git a/apps/rego-tunnel/build/kubernetes.yml b/apps/rego-tunnel/build/kubernetes.yml new file mode 100755 index 0000000..fa8eef0 --- /dev/null +++ b/apps/rego-tunnel/build/kubernetes.yml @@ -0,0 +1,100 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: windows-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: windows + labels: + name: windows +spec: + replicas: 1 + selector: + matchLabels: + app: windows + template: + metadata: + labels: + app: windows + spec: + containers: + - name: windows + image: dockurr/windows + env: + - name: VERSION + value: "11" + - name: DISK_SIZE + value: "64G" + ports: + - containerPort: 8006 + name: http + protocol: TCP + - containerPort: 3389 + name: rdp + protocol: TCP + - containerPort: 3389 + name: udp + protocol: UDP + - containerPort: 5900 + name: vnc + protocol: TCP + securityContext: + capabilities: + add: + - NET_ADMIN + privileged: true + volumeMounts: + - mountPath: /storage + name: storage + - mountPath: /dev/kvm + name: dev-kvm + - mountPath: /dev/net/tun + name: dev-tun + terminationGracePeriodSeconds: 120 + volumes: + - name: storage + persistentVolumeClaim: + claimName: windows-pvc + - hostPath: + path: /dev/kvm + name: dev-kvm + - hostPath: + path: /dev/net/tun + type: CharDevice + name: dev-tun +--- +apiVersion: v1 +kind: Service +metadata: + name: windows +spec: + internalTrafficPolicy: Cluster + ports: + - name: http + port: 8006 + protocol: TCP + targetPort: 8006 + - name: rdp + port: 3389 + protocol: TCP + targetPort: 3389 + - name: udp + port: 3389 + protocol: UDP + targetPort: 3389 + - name: vnc + port: 5900 + protocol: TCP + targetPort: 5900 + selector: + app: windows + type: ClusterIP diff --git a/apps/rego-tunnel/build/license.md b/apps/rego-tunnel/build/license.md new file mode 100755 index 0000000..9cf1062 --- /dev/null +++ b/apps/rego-tunnel/build/license.md @@ -0,0 +1,19 @@ +MIT License + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/apps/rego-tunnel/build/readme.md b/apps/rego-tunnel/build/readme.md new file mode 100755 index 0000000..adbb6bf --- /dev/null +++ b/apps/rego-tunnel/build/readme.md @@ -0,0 +1,401 @@ +<h1 align="center">Windows<br /> +<div align="center"> +<a href="https://github.com/dockur/windows"><img src="https://github.com/dockur/windows/raw/master/.github/logo.png" title="Logo" style="max-width:100%;" width="128" /></a> +</div> +<div align="center"> + +[![Build]][build_url] +[![Version]][tag_url] +[![Size]][tag_url] +[![Package]][pkg_url] +[![Pulls]][hub_url] + +</div></h1> + +Windows inside a Docker container. + +## Features ✨ + + - ISO downloader + - KVM acceleration + - Web-based viewer + +## Video 📺 + +[![Youtube](https://img.youtube.com/vi/xhGYobuG508/0.jpg)](https://www.youtube.com/watch?v=xhGYobuG508) + +## Usage 🐳 + +##### Via Docker Compose: + +```yaml +services: + windows: + image: dockurr/windows + container_name: windows + environment: + VERSION: "11" + devices: + - /dev/kvm + - /dev/net/tun + cap_add: + - NET_ADMIN + ports: + - 8006:8006 + - 3389:3389/tcp + - 3389:3389/udp + volumes: + - ./windows:/storage + restart: always + stop_grace_period: 2m +``` + +##### Via Docker CLI: + +```bash +docker run -it --rm --name windows -e "VERSION=11" -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/windows:/storage" --stop-timeout 120 docker.io/dockurr/windows +``` + +##### Via Kubernetes: + +```shell +kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/master/kubernetes.yml +``` + +##### Via Github Codespaces: + +[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/dockur/windows) + +##### Via a graphical installer: + +[![Download WinBoat](https://github.com/dockur/windows/raw/master/.github/winboat.png)](https://winboat.app) + +## FAQ 💬 + +### How do I use it? + + Very simple! These are the steps: + + - Start the container and connect to [port 8006](http://127.0.0.1:8006/) using your web browser. + + - Sit back and relax while the magic happens, the whole installation will be performed fully automatic. + + - Once you see the desktop, your Windows installation is ready for use. + + Enjoy your brand new machine, and don't forget to star this repo! + +### How do I select the Windows version? + + By default, Windows 11 Pro will be installed. But you can add the `VERSION` environment variable to your compose file, in order to specify an alternative Windows version to be downloaded: + + ```yaml + environment: + VERSION: "11" + ``` + + Select from the values below: + + | **Value** | **Version** | **Size** | + |---|---|---| + | `11` | Windows 11 Pro | 7.2 GB | + | `11l` | Windows 11 LTSC | 4.7 GB | + | `11e` | Windows 11 Enterprise | 6.6 GB | + |||| + | `10` | Windows 10 Pro | 5.7 GB | + | `10l` | Windows 10 LTSC | 4.6 GB | + | `10e` | Windows 10 Enterprise | 5.2 GB | + |||| + | `8e` | Windows 8.1 Enterprise | 3.7 GB | + | `7u` | Windows 7 Ultimate | 3.1 GB | + | `vu` | Windows Vista Ultimate | 3.0 GB | + | `xp` | Windows XP Professional | 0.6 GB | + | `2k` | Windows 2000 Professional | 0.4 GB | + |||| + | `2025` | Windows Server 2025 | 6.7 GB | + | `2022` | Windows Server 2022 | 6.0 GB | + | `2019` | Windows Server 2019 | 5.3 GB | + | `2016` | Windows Server 2016 | 6.5 GB | + | `2012` | Windows Server 2012 | 4.3 GB | + | `2008` | Windows Server 2008 | 3.0 GB | + | `2003` | Windows Server 2003 | 0.6 GB | + +> [!TIP] +> To install ARM64 versions of Windows use [dockur/windows-arm](https://github.com/dockur/windows-arm/). + +### How do I change the storage location? + + To change the storage location, include the following bind mount in your compose file: + + ```yaml + volumes: + - ./windows:/storage + ``` + + Replace the example path `./windows` with the desired storage folder or named volume. + +### How do I change the size of the disk? + + To expand the default size of 64 GB, add the `DISK_SIZE` setting to your compose file and set it to your preferred capacity: + + ```yaml + environment: + DISK_SIZE: "256G" + ``` + +> [!TIP] +> This can also be used to resize the existing disk to a larger capacity without any data loss. However you will need to [manually extend the disk partition](https://learn.microsoft.com/en-us/windows-server/storage/disk-management/extend-a-basic-volume?tabs=disk-management) since the added disk space will appear as unallocated. + +### How do I share files with the host? + + After installation there will be a folder called `Shared` on your desktop, which can be used to exchange files with the host machine. + + To select a folder on the host for this purpose, include the following bind mount in your compose file: + + ```yaml + volumes: + - ./example:/shared + ``` + + Replace the example path `./example` with your desired shared folder, which then will become visible as `Shared`. + +### How do I change the amount of CPU or RAM? + + By default, Windows will be allowed to use 2 CPU cores and 4 GB of RAM. + + If you want to adjust this, you can specify the desired amount using the following environment variables: + + ```yaml + environment: + RAM_SIZE: "8G" + CPU_CORES: "4" + ``` + +### How do I configure the username and password? + + By default, a user called `Docker` is created and its password is `admin`. + + If you want to use different credentials during installation, you can configure them in your compose file: + + ```yaml + environment: + USERNAME: "bill" + PASSWORD: "gates" + ``` + +### How do I select the Windows language? + + By default, the English version of Windows will be downloaded. + + But you can add the `LANGUAGE` environment variable to your compose file, in order to specify an alternative language to be downloaded: + + ```yaml + environment: + LANGUAGE: "French" + ``` + + You can choose between: 🇦🇪 Arabic, 🇧🇬 Bulgarian, 🇨🇳 Chinese, 🇭🇷 Croatian, 🇨🇿 Czech, 🇩🇰 Danish, 🇳🇱 Dutch, 🇬🇧 English, 🇪🇪 Estonian, 🇫🇮 Finnish, 🇫🇷 French, 🇩🇪 German, 🇬🇷 Greek, 🇮🇱 Hebrew, 🇭🇺 Hungarian, 🇮🇹 Italian, 🇯🇵 Japanese, 🇰🇷 Korean, 🇱🇻 Latvian, 🇱🇹 Lithuanian, 🇳🇴 Norwegian, 🇵🇱 Polish, 🇵🇹 Portuguese, 🇷🇴 Romanian, 🇷🇺 Russian, 🇷🇸 Serbian, 🇸🇰 Slovak, 🇸🇮 Slovenian, 🇪🇸 Spanish, 🇸🇪 Swedish, 🇹🇭 Thai, 🇹🇷 Turkish and 🇺🇦 Ukrainian. + +### How do I select the keyboard layout? + + If you want to use a keyboard layout or locale that is not the default for your selected language, you can add `KEYBOARD` and `REGION` variables like this: + + ```yaml + environment: + REGION: "en-US" + KEYBOARD: "en-US" + ``` + +### How do I install a custom image? + + In order to download an unsupported ISO image, specify its URL in the `VERSION` environment variable: + + ```yaml + environment: + VERSION: "https://example.com/win.iso" + ``` + + Alternatively, you can also skip the download and use a local file instead, by binding it in your compose file in this way: + + ```yaml + volumes: + - ./example.iso:/boot.iso + ``` + + Replace the example path `./example.iso` with the filename of your desired ISO file. The value of `VERSION` will be ignored in this case. + +### How do I run a script after installation? + + To run your own script after installation, you can create a file called `install.bat` and place it in a folder together with any additional files it needs (software to be installed for example). + + Then bind that folder in your compose file like this: + + ```yaml + volumes: + - ./example:/oem + ``` + + The example folder `./example` will be copied to `C:\OEM` and the containing `install.bat` will be executed during the last step of the automatic installation. + +### How do I perform a manual installation? + + It's recommended to stick to the automatic installation, as it adjusts various settings to prevent common issues when running Windows inside a virtual environment. + + However, if you insist on performing the installation manually at your own risk, add the following environment variable to your compose file: + + ```yaml + environment: + MANUAL: "Y" + ``` + +### How do I connect using RDP? + + The web-viewer is mainly meant to be used during installation, as its picture quality is low, and it has no audio or clipboard for example. + + So for a better experience you can connect using any Microsoft Remote Desktop client to the IP of the container, using the username `Docker` and password `admin`. + + There is a RDP client for [Android](https://play.google.com/store/apps/details?id=com.microsoft.rdc.androidx) available from the Play Store and one for [iOS](https://apps.apple.com/nl/app/microsoft-remote-desktop/id714464092?l=en-GB) in the Apple Store. For Linux you can use [FreeRDP](https://www.freerdp.com/) and on Windows just type `mstsc` in the search box. + +### How do I assign an individual IP address to the container? + + By default, the container uses bridge networking, which shares the IP address with the host. + + If you want to assign an individual IP address to the container, you can create a macvlan network as follows: + + ```bash + docker network create -d macvlan \ + --subnet=192.168.0.0/24 \ + --gateway=192.168.0.1 \ + --ip-range=192.168.0.100/28 \ + -o parent=eth0 vlan + ``` + + Be sure to modify these values to match your local subnet. + + Once you have created the network, change your compose file to look as follows: + + ```yaml + services: + windows: + container_name: windows + ..<snip>.. + networks: + vlan: + ipv4_address: 192.168.0.100 + + networks: + vlan: + external: true + ``` + + An added benefit of this approach is that you won't have to perform any port mapping anymore, since all ports will be exposed by default. + +> [!IMPORTANT] +> This IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, you need to create a [second macvlan](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/#host-access) as a workaround. + +### How can Windows acquire an IP address from my router? + + After configuring the container for [macvlan](#how-do-i-assign-an-individual-ip-address-to-the-container), it is possible for Windows to become part of your home network by requesting an IP from your router, just like a real PC. + + To enable this mode, in which the container and Windows will have separate IP addresses, add the following lines to your compose file: + + ```yaml + environment: + DHCP: "Y" + devices: + - /dev/vhost-net + device_cgroup_rules: + - 'c *:* rwm' + ``` + +### How do I add multiple disks? + + To create additional disks, modify your compose file like this: + + ```yaml + environment: + DISK2_SIZE: "32G" + DISK3_SIZE: "64G" + volumes: + - ./example2:/storage2 + - ./example3:/storage3 + ``` + +### How do I pass-through a disk? + + It is possible to pass-through disk devices or partitions directly by adding them to your compose file in this way: + + ```yaml + devices: + - /dev/sdb:/disk1 + - /dev/sdc1:/disk2 + ``` + + Use `/disk1` if you want it to become your main drive (which will be formatted during installation), and use `/disk2` and higher to add them as secondary drives (which will stay untouched). + +### How do I pass-through a USB device? + + To pass-through a USB device, first lookup its vendor and product id via the `lsusb` command, then add them to your compose file like this: + + ```yaml + environment: + ARGUMENTS: "-device usb-host,vendorid=0x1234,productid=0x1234" + devices: + - /dev/bus/usb + ``` + + If the device is a USB disk drive, please wait until after the installation is fully completed before connecting it. Otherwise the installation may fail, as the order of the disks can get rearranged. + +### How do I verify if my system supports KVM? + + First check if your software is compatible using this chart: + + | **Product** | **Linux** | **Win11** | **Win10** | **macOS** | + |---|---|---|---|---| + | Docker CLI | ✅ | ✅ | ❌ | ❌ | + | Docker Desktop | ❌ | ✅ | ❌ | ❌ | + | Podman CLI | ✅ | ✅ | ❌ | ❌ | + | Podman Desktop | ✅ | ✅ | ❌ | ❌ | + + After that you can run the following commands in Linux to check your system: + + ```bash + sudo apt install cpu-checker + sudo kvm-ok + ``` + + If you receive an error from `kvm-ok` indicating that KVM cannot be used, please check whether: + + - the virtualization extensions (`Intel VT-x` or `AMD SVM`) are enabled in your BIOS. + + - you enabled "nested virtualization" if you are running the container inside a virtual machine. + + - you are not using a cloud provider, as most of them do not allow nested virtualization for their VPS's. + + If you did not receive any error from `kvm-ok` but the container still complains about a missing KVM device, it could help to add `privileged: true` to your compose file (or `sudo` to your `docker` command) to rule out any permission issue. + +### How do I run macOS in a container? + + You can use [dockur/macos](https://github.com/dockur/macos) for that. It shares many of the same features, except for the automatic installation. + +### How do I run a Linux desktop in a container? + + You can use [qemus/qemu](https://github.com/qemus/qemu) in that case. + +### Is this project legal? + + Yes, this project contains only open-source code and does not distribute any copyrighted material. Any product keys found in the code are just generic placeholders provided by Microsoft for trial purposes. So under all applicable laws, this project will be considered legal. + +## Disclaimer ⚖️ + +*The product names, logos, brands, and other trademarks referred to within this project are the property of their respective trademark holders. This project is not affiliated, sponsored, or endorsed by Microsoft Corporation.* + +[build_url]: https://github.com/dockur/windows/ +[hub_url]: https://hub.docker.com/r/dockurr/windows/ +[tag_url]: https://hub.docker.com/r/dockurr/windows/tags +[pkg_url]: https://github.com/dockur/windows/pkgs/container/windows + +[Build]: https://github.com/dockur/windows/actions/workflows/build.yml/badge.svg +[Size]: https://img.shields.io/docker/image-size/dockurr/windows/latest?color=066da5&label=size +[Pulls]: https://img.shields.io/docker/pulls/dockurr/windows.svg?style=flat&label=pulls&logo=docker +[Version]: https://img.shields.io/docker/v/dockurr/windows/latest?arch=amd64&sort=semver&color=066da5 +[Package]: https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fipitio.github.io%2Fbackage%2Fdockur%2Fwindows%2Fwindows.json&query=%24.downloads&logo=github&style=flat&color=066da5&label=pulls diff --git a/apps/rego-tunnel/build/rego/README.md b/apps/rego-tunnel/build/rego/README.md new file mode 100755 index 0000000..5f16b78 --- /dev/null +++ b/apps/rego-tunnel/build/rego/README.md @@ -0,0 +1,188 @@ +# Rego VPN Automation - Technical Setup Guide + +## Overview + +Cisco Secure Client VPN running in Windows VM (dockurr/windows) inside Docker container, with SOCKS5 proxy for transparent routing to IBM i systems. + +## Architecture + +``` +Clients → Host (iptables/redsocks) → Container (socat) → Windows VM (SOCKS5) → VPN → 10.35.33.x +``` + +## Components + +### 1. Windows VM (inside container) +- **Container**: `rego-tunnel_runtipi-rego-tunnel-1` +- **Windows VM IP**: `172.30.0.16` or `172.30.0.17` (internal to container) +- **VPN**: Cisco Secure Client with SAML auth (email + password + TOTP) +- **Files on Windows** (`C:\Users\alexz\vpn_scripts`): + - `vpn.bat` - Startup batch file + - `vpn-login.js` - Node.js script that automates SAML login via Chrome DevTools Protocol + - `socks5.js` - Simple SOCKS5 proxy server + - `node_modules/` - ws, otplib packages + +### 2. Container +- **External IPs**: `10.128.16.2` or similar +- **Internal bridge**: `172.30.0.1/24` (Windows VM at .16 or .17) +- **socat**: Forwards port 1080 from container to Windows VM SOCKS5 +- **start.sh**: Mounted at `/run/start.sh` - sets up iptables DNAT rules + +### 3. Host +- **redsocks**: Transparent SOCKS5 redirector (optional) +- **iptables**: Redirects traffic to VPN network through container + +## VPN Credentials + +Located in `vpn-login.js`: +```javascript +const CONFIG = { + email: "c-azaw@regoproducts.com", + password: "Fuckyou4suhail", + totpSecret: "RZQTQSKDWKHZ6ZYR", + devtoolsPort: 9222, + vpnTestIp: "10.35.33.230" +}; +``` + +## Windows Setup Steps + +### 1. Install Node.js +Run PowerShell as Administrator: +```powershell +# Option A: Run the install script +.\install-nodejs.ps1 + +# Option B: Manual download from https://nodejs.org/ +``` + +### 2. Install Cisco Secure Client +- Download from company VPN portal or Cisco +- Install with default options +- Path: `C:\Program Files (x86)\Cisco\Cisco Secure Client\` + +### 3. Setup VPN Scripts +```cmd +mkdir C:\Users\alexz\vpn_scripts +copy \\TSCLIENT\shared\vpn-scripts\*.js C:\Users\alexz\vpn_scripts\ +copy \\TSCLIENT\shared\vpn-scripts\vpn.bat C:\Users\alexz\vpn_scripts\ + +cd C:\Users\alexz\vpn_scripts +npm install ws otplib +``` + +### 4. Add to Windows Startup +```cmd +# Create shortcut to vpn.bat in: +shell:startup +# Or: C:\Users\alexz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup +``` + +### 5. Enable Remote Debugging for Cisco UI +The vpn-login.js script sets this environment variable before launching Cisco: +``` +WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS=--remote-debugging-port=9222 --remote-debugging-address=0.0.0.0 --remote-allow-origins=* +``` + +## Container Configuration + +### docker-compose.yml (user-config) +```yaml +services: + rego-tunnel: + environment: + USER: alexz + PASS: Az@83278327$$@@ + VERSION: win10 + entrypoint: ["/bin/bash", "-c", "source /run/start.sh; exec /usr/bin/tini -s /run/entry.sh"] +``` + +### start.sh (Container Startup Script) +Located at: `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh` + +Sets up: +- iptables MASQUERADE for docker bridge +- Route to IBM i network via Windows VM +- DNAT rules for port forwarding (SSH, IBM i ports) + +## Key Ports + +| Port | Service | +|------|---------| +| 22 | SSH | +| 23 | Telnet (IBM i) | +| 446, 448, 449 | IBM i services | +| 1080 | SOCKS5 proxy | +| 8006 | noVNC web console | +| 8470-8476 | IBM i data ports | +| 9222 | Chrome DevTools (for automation) | + +## Manual Commands + +### Start VPN from host: +```bash +docker exec rego-tunnel_runtipi-rego-tunnel-1 ssh docker@172.30.0.16 'C:\Users\alexz\vpn_scripts\vpn.bat' +``` + +### Start socat in container: +```bash +docker exec -d rego-tunnel_runtipi-rego-tunnel-1 socat TCP-LISTEN:1080,fork,reuseaddr TCP:172.30.0.16:1080 +``` + +### Test SOCKS5 connectivity: +```bash +nc -zv 10.128.16.2 1080 +``` + +### Check VPN status in Windows: +```cmd +ipconfig | findstr 10\. +``` + +## Troubleshooting + +### VPN not connecting +1. Check time sync: `w32tm /resync /force` +2. Verify Cisco agent: `net start "Cisco Secure Client Agent"` +3. Check DevTools: `http://172.30.0.16:9222/json` + +### SOCKS5 not working +1. Verify VPN connected first (ping 10.35.33.230) +2. Check socks5.js running: `tasklist | findstr node` +3. Test locally: `nc -zv 127.0.0.1 1080` + +### Container issues +1. Check logs: `docker logs rego-tunnel_runtipi-rego-tunnel-1` +2. Verify start.sh: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/start.sh` +3. Check Windows VM IP: `docker exec rego-tunnel_runtipi-rego-tunnel-1 cat /run/qemu.pid` + +## File Locations + +### Host +- `/etc/runtipi/user-config/runtipi/rego-tunnel/docker-compose.yml` - User overrides +- `/etc/runtipi/user-config/runtipi/rego-tunnel/scripts/start.sh` - Container startup +- `/etc/runtipi/repos/runtipi/apps/rego-tunnel/docker-compose.yml` - Base config +- `/etc/runtipi/app-data/runtipi/rego-tunnel/data/storage/` - Windows disk image +- `/etc/runtipi/app-data/runtipi/rego-tunnel/data/shared/` - Shared folder with Windows + +### Windows VM +- `C:\Users\alexz\vpn_scripts\vpn-login.js` - Main automation script +- `C:\Users\alexz\vpn_scripts\socks5.js` - SOCKS5 proxy +- `C:\Users\alexz\vpn_scripts\vpn.bat` - Startup batch file +- `C:\Program Files (x86)\Cisco\Cisco Secure Client\` - Cisco installation + +## Watchdog Mode + +The vpn-login.js script includes a watchdog that: +- Monitors VPN connectivity every 2 minutes +- Auto-reconnects after 2 consecutive failures +- Restarts SOCKS5 proxy after reconnection +- Logs memory usage every hour + +## Notes + +- Windows VM takes ~2-3 minutes to boot +- VPN login takes ~30 seconds +- TOTP requires accurate system time (script syncs automatically) +- The container uses VERSION=win10 for dockurr/windows compatibility +- noVNC password: `Az@83278327$@@` diff --git a/apps/rego-tunnel/build/rego/anyconnect-win-4.8.03052-core-vpn-webdeploy-k9.exe b/apps/rego-tunnel/build/rego/anyconnect-win-4.8.03052-core-vpn-webdeploy-k9.exe new file mode 100755 index 0000000..bad7b0e Binary files /dev/null and b/apps/rego-tunnel/build/rego/anyconnect-win-4.8.03052-core-vpn-webdeploy-k9.exe differ diff --git a/apps/rego-tunnel/build/rego/id_ed25519-lenovo b/apps/rego-tunnel/build/rego/id_ed25519-lenovo new file mode 100755 index 0000000..f7873e8 --- /dev/null +++ b/apps/rego-tunnel/build/rego/id_ed25519-lenovo @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBh1EJ8NFn3hUUMe+lJSJl14bt8Xjh+NT5g0YnfKVitQwAAAJhfESWEXxEl +hAAAAAtzc2gtZWQyNTUxOQAAACBh1EJ8NFn3hUUMe+lJSJl14bt8Xjh+NT5g0YnfKVitQw +AAAEDgYZN7HwPbKY++p612bnhGC10P3GUHQdJlprPEFbODgWHUQnw0WfeFRQx76UlImXXh +u3xeOH41PmDRid8pWK1DAAAAEWFsZXh6QEFaYXdQQy1QMTZTAQIDBA== +-----END OPENSSH PRIVATE KEY----- diff --git a/apps/rego-tunnel/build/rego/install-nodejs.ps1 b/apps/rego-tunnel/build/rego/install-nodejs.ps1 new file mode 100755 index 0000000..20c13f2 --- /dev/null +++ b/apps/rego-tunnel/build/rego/install-nodejs.ps1 @@ -0,0 +1,31 @@ +# Install Node.js on Windows +# Run as Administrator in PowerShell + +$nodeVersion = "22.12.0" +$nodeUrl = "https://nodejs.org/dist/v$nodeVersion/node-v$nodeVersion-x64.msi" +$installerPath = "$env:TEMP\node-installer.msi" +$Username = $env:USERNAME + +Write-Host "Downloading Node.js v$nodeVersion..." -ForegroundColor Cyan +Invoke-WebRequest -Uri $nodeUrl -OutFile $installerPath + +Write-Host "Installing Node.js..." -ForegroundColor Cyan +Start-Process msiexec.exe -Wait -ArgumentList "/i `"$installerPath`" /quiet /norestart" + +# Refresh PATH +$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User") + +Write-Host "Verifying installation..." -ForegroundColor Cyan +node --version +npm --version + +Write-Host "Node.js installed successfully!" -ForegroundColor Green + +# Cleanup +Remove-Item $installerPath -Force + +Write-Host "" +Write-Host "Next steps:" -ForegroundColor Yellow +Write-Host "1. Copy vpn-login.js, socks5.js, vpn.bat to C:\Users\$Username\vpn_scripts\" +Write-Host "2. Open CMD in C:\Users\$Username\vpn_scripts\ and run: npm install ws otplib" +Write-Host "3. Add vpn.bat shortcut to shell:startup folder" diff --git a/apps/rego-tunnel/build/rego/setup-autologin-sshd.ps1 b/apps/rego-tunnel/build/rego/setup-autologin-sshd.ps1 new file mode 100755 index 0000000..a29aadd --- /dev/null +++ b/apps/rego-tunnel/build/rego/setup-autologin-sshd.ps1 @@ -0,0 +1,51 @@ +# Setup OpenSSH Server and Auto-Login +# Run as Administrator in PowerShell + +param( + [string]$Username = $env:USERNAME, + [string]$Password +) + +if (-not $Password) { + $securePassword = Read-Host "Enter password for $Username" -AsSecureString + $Password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePassword)) +} + +Write-Host "=== Setting up OpenSSH Server ===" -ForegroundColor Cyan + +# Install OpenSSH Server +$sshCapability = Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*' +if ($sshCapability.State -ne 'Installed') { + Write-Host "Installing OpenSSH Server..." -ForegroundColor Yellow + Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 +} else { + Write-Host "OpenSSH Server already installed" -ForegroundColor Green +} + +# Start and enable SSH service +Write-Host "Starting SSH service..." -ForegroundColor Yellow +Start-Service sshd +Set-Service -Name sshd -StartupType 'Automatic' + +# Configure firewall +$fwRule = Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue +if (-not $fwRule) { + Write-Host "Adding firewall rule..." -ForegroundColor Yellow + New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 +} + +Write-Host "OpenSSH Server configured!" -ForegroundColor Green + +Write-Host "" +Write-Host "=== Setting up Auto-Login ===" -ForegroundColor Cyan + +$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" +Set-ItemProperty -Path $RegPath -Name "AutoAdminLogon" -Value "1" +Set-ItemProperty -Path $RegPath -Name "DefaultUserName" -Value $Username +Set-ItemProperty -Path $RegPath -Name "DefaultPassword" -Value $Password +Remove-ItemProperty -Path $RegPath -Name "DefaultDomainName" -ErrorAction SilentlyContinue + +Write-Host "Auto-login configured for '$Username'!" -ForegroundColor Green +Write-Host "" +Write-Host "Setup complete! SSH is now available and auto-login is enabled." -ForegroundColor Green +Write-Host "Reboot to test auto-login." -ForegroundColor Yellow diff --git a/apps/rego-tunnel/build/rego/setup-ssh-keys.ps1 b/apps/rego-tunnel/build/rego/setup-ssh-keys.ps1 new file mode 100755 index 0000000..0b18b72 --- /dev/null +++ b/apps/rego-tunnel/build/rego/setup-ssh-keys.ps1 @@ -0,0 +1,43 @@ +# Setup SSH Keys +# Run as Administrator in PowerShell + +param( + [string]$Username = $env:USERNAME, + [string]$PublicKey +) + +if (-not $PublicKey) { + # Default public key - replace with your own or pass as parameter + $PublicKey = Read-Host "Enter SSH public key (or press Enter for default)" + if (-not $PublicKey) { + $PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHUQnw0WfeFRQx76UlImXXhu3xeOH41PmDRid8pWK1D" + } +} + +Write-Host "=== Setting up SSH Keys for $Username ===" -ForegroundColor Cyan + +# User authorized_keys +$userSshDir = "C:\Users\$Username\.ssh" +$userAuthKeys = "$userSshDir\authorized_keys" + +Write-Host "Creating user .ssh directory..." -ForegroundColor Yellow +New-Item -ItemType Directory -Path $userSshDir -Force | Out-Null + +Write-Host "Adding key to user authorized_keys..." -ForegroundColor Yellow +Add-Content -Path $userAuthKeys -Value $PublicKey -Force + +# Fix permissions for user file +icacls $userAuthKeys /inheritance:r /grant "${Username}:F" /grant "SYSTEM:F" + +# Administrator authorized_keys (for admin users) +$adminAuthKeys = "C:\ProgramData\ssh\administrators_authorized_keys" + +Write-Host "Adding key to administrators_authorized_keys..." -ForegroundColor Yellow +Add-Content -Path $adminAuthKeys -Value $PublicKey -Force + +# Fix permissions for admin file (required by OpenSSH) +icacls $adminAuthKeys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" + +Write-Host "" +Write-Host "SSH keys configured for '$Username'!" -ForegroundColor Green +Write-Host "You can now SSH in with the corresponding private key." -ForegroundColor Yellow diff --git a/apps/rego-tunnel/build/rego/socks5.js b/apps/rego-tunnel/build/rego/socks5.js new file mode 100755 index 0000000..ea9438b --- /dev/null +++ b/apps/rego-tunnel/build/rego/socks5.js @@ -0,0 +1,69 @@ +const net = require('net'); + +const PORT = 1080; +const HOST = '0.0.0.0'; + +const server = net.createServer((client) => { + client.once('data', (data) => { + // SOCKS5 handshake + if (data[0] !== 0x05) { + client.end(); + return; + } + + // No auth required + client.write(Buffer.from([0x05, 0x00])); + + client.once('data', (data) => { + if (data[0] !== 0x05 || data[1] !== 0x01) { + client.write(Buffer.from([0x05, 0x07, 0x00, 0x01, 0, 0, 0, 0, 0, 0])); + client.end(); + return; + } + + let host, port; + const atyp = data[3]; + + if (atyp === 0x01) { + // IPv4 + host = `${data[4]}.${data[5]}.${data[6]}.${data[7]}`; + port = data.readUInt16BE(8); + } else if (atyp === 0x03) { + // Domain + const len = data[4]; + host = data.slice(5, 5 + len).toString(); + port = data.readUInt16BE(5 + len); + } else if (atyp === 0x04) { + // IPv6 + host = ''; + for (let i = 0; i < 16; i += 2) { + host += data.slice(4 + i, 6 + i).toString('hex'); + if (i < 14) host += ':'; + } + port = data.readUInt16BE(20); + } else { + client.write(Buffer.from([0x05, 0x08, 0x00, 0x01, 0, 0, 0, 0, 0, 0])); + client.end(); + return; + } + + const remote = net.createConnection(port, host, () => { + const response = Buffer.from([0x05, 0x00, 0x00, 0x01, 0, 0, 0, 0, 0, 0]); + client.write(response); + client.pipe(remote); + remote.pipe(client); + }); + + remote.on('error', () => { + client.write(Buffer.from([0x05, 0x05, 0x00, 0x01, 0, 0, 0, 0, 0, 0])); + client.end(); + }); + }); + }); + + client.on('error', () => {}); +}); + +server.listen(PORT, HOST, () => { + console.log(`SOCKS5 proxy running on ${HOST}:${PORT}`); +}); diff --git a/apps/rego-tunnel/build/rego/vpn-login.js b/apps/rego-tunnel/build/rego/vpn-login.js new file mode 100755 index 0000000..b428bc4 --- /dev/null +++ b/apps/rego-tunnel/build/rego/vpn-login.js @@ -0,0 +1,459 @@ +const WebSocket = require("ws"); +const { authenticator } = require("otplib"); +const { execSync, spawn } = require("child_process"); + +const CONFIG = { + email: "c-azaw@regoproducts.com", + password: "Fuckyou4suhail", + totpSecret: "RZQTQSKDWKHZ6ZYR", + devtoolsPort: 9222, + vpnTestIp: "10.35.33.230" +}; + +let ws; +let msgId = 1; + +function log(msg) { + console.log("[" + new Date().toLocaleTimeString() + "] " + msg); +} + +function run(cmd) { + try { execSync(cmd, { stdio: "ignore", timeout: 10000 }); } catch (e) {} +} + +function runOutput(cmd) { + try { + return execSync(cmd, { encoding: "utf8", timeout: 10000 }); + } catch (e) { + return ""; + } +} + +async function getPages() { + const res = await fetch("http://localhost:" + CONFIG.devtoolsPort + "/json"); + return res.json(); +} + +function send(method, params = {}) { + return new Promise((resolve, reject) => { + const id = msgId++; + const timeout = setTimeout(() => reject(new Error("Timeout: " + method)), 15000); + const handler = (data) => { + const msg = JSON.parse(data); + if (msg.id === id) { + clearTimeout(timeout); + ws.off("message", handler); + resolve(msg.result); + } + }; + ws.on("message", handler); + ws.send(JSON.stringify({ id, method, params })); + }); +} + +async function waitForSelector(selector, timeout = 30000) { + const start = Date.now(); + while (Date.now() - start < timeout) { + try { + const result = await send("Runtime.evaluate", { + expression: "document.querySelector('" + selector + "') !== null", + returnByValue: true + }); + if (result.result.value === true) return true; + } catch (e) {} + await sleep(500); + } + return false; +} + +async function typeText(selector, text) { + await send("Runtime.evaluate", { + expression: "var el = document.querySelector('" + selector + "'); el.focus(); el.value = '';" + }); + await sleep(100); + for (const char of text) { + await send("Input.dispatchKeyEvent", { type: "char", text: char }); + await sleep(30); + } +} + +async function click(selector) { + await send("Runtime.evaluate", { + expression: "document.querySelector('" + selector + "').click()" + }); +} + +async function clickSubmit() { + const methods = [ + "document.querySelector('#submitButton') && document.querySelector('#submitButton').click()", + "typeof Login !== 'undefined' && Login.submitLoginRequest && Login.submitLoginRequest()", + "document.querySelector('input[type=\"submit\"]') && document.querySelector('input[type=\"submit\"]').click()", + "document.querySelector('button[type=\"submit\"]') && document.querySelector('button[type=\"submit\"]').click()", + "document.querySelector('#idSIButton9') && document.querySelector('#idSIButton9').click()" + ]; + for (const expr of methods) { + try { await send("Runtime.evaluate", { expression: expr }); } catch (e) {} + } +} + +async function sleep(ms) { + return new Promise(r => setTimeout(r, ms)); +} + +async function waitForDevtools(maxWait = 120000) { + const start = Date.now(); + while (Date.now() - start < maxWait) { + try { + const pages = await getPages(); + const page = pages.find(p => p.type === "page"); + if (page) return page; + } catch (e) {} + log("Waiting for WebView..."); + await sleep(2000); + } + return null; +} + +// VPN adapter check skipped - IP range is unpredictable +// We rely solely on connectivity test to target IP + +// Test connectivity via ping (check for actual reply, not TTL expired) +function testVpnConnectivity(ip) { + try { + const output = execSync(`ping -n 1 -w 3000 ${ip}`, { encoding: "utf8", timeout: 5000 }); + // Must have "Reply from <ip>" - not "TTL expired" or "Request timed out" + return output.includes(`Reply from ${ip}`); + } catch (e) { + return false; + } +} + +// Verify VPN is connected with retries (connectivity test only) +async function verifyVpnConnection(maxRetries = 10, retryDelay = 5000) { + log("--- VPN VERIFICATION ---"); + + for (let i = 1; i <= maxRetries; i++) { + log(`Attempt ${i}/${maxRetries}: Pinging ${CONFIG.vpnTestIp}...`); + const connected = testVpnConnectivity(CONFIG.vpnTestIp); + + if (connected) { + log("VPN connectivity confirmed!"); + return true; + } + + log("Not reachable yet, waiting..."); + if (i < maxRetries) { + await sleep(retryDelay); + } + } + + log("VPN verification failed after " + maxRetries + " attempts"); + return false; +} + +async function main() { + console.log(""); + console.log("========================================"); + console.log(" CISCO VPN AUTO-LOGIN"); + console.log("========================================"); + console.log(""); + + // Sync time first (TOTP requires accurate time) + log("Syncing system time..."); + run("sc config w32time start= auto"); + run("net start w32time"); + run("w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual /update"); + run("w32tm /resync /force"); + await sleep(2000); + + // Kill everything + log("Killing Cisco processes..."); + run("taskkill /F /IM csc_ui.exe"); + run("taskkill /F /IM vpnui.exe"); + run("taskkill /F /IM vpnagent.exe"); + run('net stop csc_vpnagent'); + await sleep(2000); + + // Start agent + log("Starting Cisco agent..."); + run('net start csc_vpnagent'); + await sleep(3000); + + // Start UI + log("Starting Cisco UI..."); + process.env.WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS = "--remote-debugging-port=9222 --remote-debugging-address=0.0.0.0 --remote-allow-origins=*"; + spawn("C:\\Program Files (x86)\\Cisco\\Cisco Secure Client\\UI\\csc_ui.exe", [], { + detached: true, + stdio: "ignore" + }).unref(); + + await sleep(5000); + + // Wait for WebView + const page = await waitForDevtools(); + if (!page) { + log("ERROR: WebView not found - rebooting..."); + run("shutdown /r /t 1"); + process.exit(1); + } + + log("WebView: " + page.title); + ws = new WebSocket(page.webSocketDebuggerUrl); + await new Promise((resolve, reject) => { + ws.on("open", resolve); + ws.on("error", reject); + }); + + await send("DOM.enable"); + await send("Runtime.enable"); + await send("Input.enable"); + log("Connected to DevTools"); + + const url = page.url || ""; + const isADFS = url.includes("adfs"); + log("Login type: " + (isADFS ? "ADFS" : "Microsoft")); + + if (isADFS) { + log("--- ADFS LOGIN ---"); + if (!await waitForSelector("#passwordInput", 15000)) { + log("Password field not found"); + process.exit(1); + } + log("Entering password..."); + await typeText("#passwordInput", CONFIG.password); + await sleep(500); + log("Clicking Sign In..."); + await clickSubmit(); + await sleep(3000); + } else { + log("--- EMAIL ---"); + if (await waitForSelector('input[type="email"]', 5000)) { + log("Entering email..."); + await typeText('input[type="email"]', CONFIG.email); + await sleep(500); + log("Clicking Next..."); + await clickSubmit(); + await sleep(3000); + } + + log("--- PASSWORD ---"); + if (!await waitForSelector('input[type="password"]', 15000)) { + log("Password field not found"); + process.exit(1); + } + log("Entering password..."); + await typeText('input[type="password"]', CONFIG.password); + await sleep(500); + log("Clicking Sign In..."); + await clickSubmit(); + await sleep(3000); + } + + // TOTP + log("--- TOTP ---"); + if (await waitForSelector('input[name="otc"]', 15000)) { + await sleep(500); + const totp = authenticator.generate(CONFIG.totpSecret); + log("TOTP: " + totp); + await typeText('input[name="otc"]', totp); + await sleep(500); + log("Submitting..."); + await clickSubmit(); + await sleep(3000); + } else { + log("No TOTP field"); + } + + // Stay signed in + log("--- STAY SIGNED IN ---"); + if (await waitForSelector("#idBtn_Back", 5000)) { + log("Clicking No..."); + await click("#idBtn_Back"); + } + + await sleep(2000); + ws.close(); + + // Verify VPN connection before starting SOCKS5 + const vpnConnected = await verifyVpnConnection(); + + if (!vpnConnected) { + log("ERROR: VPN connection could not be verified"); + log("SOCKS5 proxy NOT started"); + process.exit(1); + } + + // Start SOCKS5 proxy only after VPN verified + log("Starting SOCKS5 proxy on port 1080..."); + run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\""); + spawn("node", ["" + process.env.USERPROFILE + "\\vpn_scripts\\socks5.js"], { + detached: true, + stdio: "ignore", + windowsHide: true + }).unref(); + + console.log(""); + console.log("========================================"); + console.log(" CONNECTED!"); + console.log(" SOCKS5 proxy: 172.30.0.16:1080"); + console.log(" Entering watchdog mode..."); + console.log("========================================"); + console.log(""); + + // Enter watchdog mode - monitor and reconnect if needed + await watchdogLoop(); +} + +async function watchdogLoop() { + const checkInterval = 2 * 60 * 1000; // 2 minutes + let consecutiveFailures = 0; + let checkCount = 0; + + log("Watchdog: Monitoring every 2 minutes..."); + + while (true) { + await sleep(checkInterval); + checkCount++; + + // Force garbage collection every 10 checks (~20 min) + if (checkCount % 10 === 0 && global.gc) { + global.gc(); + } + + // Log memory every 30 checks (~1 hour) + if (checkCount % 30 === 0) { + const mem = Math.round(process.memoryUsage().heapUsed / 1024 / 1024); + log(`Watchdog: Memory ${mem}MB, checks ${checkCount}`); + } + + const connected = testVpnConnectivity(CONFIG.vpnTestIp); + + if (connected) { + if (consecutiveFailures > 0) { + log("Watchdog: Connection restored"); + } + consecutiveFailures = 0; + } else { + consecutiveFailures++; + log(`Watchdog: Connection FAILED (${consecutiveFailures})`); + + if (consecutiveFailures >= 2) { + log("Watchdog: Reconnecting..."); + await reconnectVpn(); + consecutiveFailures = 0; + } + } + } +} + +async function reconnectVpn() { + // Sync time first (TOTP requires accurate time) + log("Syncing system time..."); + run("sc config w32time start= auto"); + run("net start w32time"); + run("w32tm /resync /force"); + await sleep(1000); + + // Kill and restart VPN + log("Killing Cisco processes..."); + run("taskkill /F /IM csc_ui.exe"); + run("taskkill /F /IM vpnui.exe"); + run("taskkill /F /IM vpnagent.exe"); + run('net stop "Cisco Secure Client Agent"'); + await sleep(2000); + + log("Starting Cisco agent..."); + run('net start "Cisco Secure Client Agent"'); + await sleep(3000); + + log("Starting Cisco UI..."); + spawn("C:\\Program Files (x86)\\Cisco\\Cisco Secure Client\\UI\\csc_ui.exe", [], { + detached: true, + stdio: "ignore" + }).unref(); + + await sleep(5000); + + const page = await waitForDevtools(); + if (!page) { + log("ERROR: WebView not found - rebooting..."); + run("shutdown /r /t 1"); + return false; + } + + ws = new WebSocket(page.webSocketDebuggerUrl); + await new Promise((resolve, reject) => { + ws.on("open", resolve); + ws.on("error", reject); + }); + + await send("DOM.enable"); + await send("Runtime.enable"); + await send("Input.enable"); + + const url = page.url || ""; + const isADFS = url.includes("adfs"); + + if (isADFS) { + if (await waitForSelector("#passwordInput", 15000)) { + await typeText("#passwordInput", CONFIG.password); + await sleep(500); + await clickSubmit(); + await sleep(3000); + } + } else { + if (await waitForSelector('input[type="email"]', 5000)) { + await typeText('input[type="email"]', CONFIG.email); + await sleep(500); + await clickSubmit(); + await sleep(3000); + } + if (await waitForSelector('input[type="password"]', 15000)) { + await typeText('input[type="password"]', CONFIG.password); + await sleep(500); + await clickSubmit(); + await sleep(3000); + } + } + + // TOTP + if (await waitForSelector('input[name="otc"]', 15000)) { + await sleep(500); + const totp = authenticator.generate(CONFIG.totpSecret); + log("TOTP: " + totp); + await typeText('input[name="otc"]', totp); + await sleep(500); + await clickSubmit(); + await sleep(3000); + } + + // Stay signed in - No + if (await waitForSelector("#idBtn_Back", 5000)) { + await click("#idBtn_Back"); + } + + await sleep(2000); + ws.close(); + + // Verify reconnection + const verified = await verifyVpnConnection(); + if (verified) { + log("Reconnection successful!"); + // Restart socks5 + run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\""); + spawn("node", ["" + process.env.USERPROFILE + "\\vpn_scripts\\socks5.js"], { + detached: true, + stdio: "ignore", + windowsHide: true + }).unref(); + return true; + } + + log("Reconnection failed"); + return false; +} + +main().catch(err => { + log("ERROR: " + err.message); + process.exit(1); +}); diff --git a/apps/rego-tunnel/build/rego/vpn.bat b/apps/rego-tunnel/build/rego/vpn.bat new file mode 100755 index 0000000..a9ed48f --- /dev/null +++ b/apps/rego-tunnel/build/rego/vpn.bat @@ -0,0 +1,4 @@ +@echo off +cd /d C:\Users\alexz\vpn_scripts\ +node vpn-login.js +pause diff --git a/apps/rego-tunnel/build/src/define.sh b/apps/rego-tunnel/build/src/define.sh new file mode 100755 index 0000000..d8050cd --- /dev/null +++ b/apps/rego-tunnel/build/src/define.sh @@ -0,0 +1,1944 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +: "${KEY:=""}" +: "${WIDTH:=""}" +: "${HEIGHT:=""}" +: "${VERIFY:=""}" +: "${REGION:=""}" +: "${EDITION:=""}" +: "${MANUAL:=""}" +: "${REMOVE:=""}" +: "${VERSION:=""}" +: "${DETECTED:=""}" +: "${KEYBOARD:=""}" +: "${LANGUAGE:=""}" +: "${USERNAME:=""}" +: "${PASSWORD:=""}" + +MIRRORS=4 + +parseVersion() { + + if [[ "${VERSION}" == \"*\" || "${VERSION}" == \'*\' ]]; then + VERSION="${VERSION:1:-1}" + fi + + VERSION=$(expr "$VERSION" : "^\ *\(.*[^ ]\)\ *$") + [ -z "$VERSION" ] && VERSION="win11" + + case "${VERSION,,}" in + "11" | "11p" | "win11" | "pro11" | "win11p" | "windows11" | "windows 11" ) + VERSION="win11x64" + ;; + "11e" | "win11e" | "windows11e" | "windows 11e" ) + VERSION="win11x64-enterprise-eval" + ;; + "11i" | "11iot" | "iot11" | "win11i" | "win11-iot" | "win11x64-iot" ) + VERSION="win11x64-enterprise-iot-eval" + [ -z "$DETECTED" ] && DETECTED="win11x64-iot" + ;; + "11l" | "11ltsc" | "ltsc11" | "win11l" | "win11-ltsc" | "win11x64-ltsc" ) + VERSION="win11x64-enterprise-ltsc-eval" + [ -z "$DETECTED" ] && DETECTED="win11x64-ltsc" + ;; + "10" | "10p" | "win10" | "pro10" | "win10p" | "windows10" | "windows 10" ) + VERSION="win10x64" + ;; + "10e" | "win10e" | "windows10e" | "windows 10e" ) + VERSION="win10x64-enterprise-eval" + ;; + "10i" | "10iot" | "iot10" | "win10i" | "win10-iot" | "win10x64-iot" ) + VERSION="win10x64-enterprise-iot-eval" + [ -z "$DETECTED" ] && DETECTED="win10x64-iot" + ;; + "10l" | "10ltsc" | "ltsc10" | "win10l" | "win10-ltsc" | "win10x64-ltsc" ) + VERSION="win10x64-enterprise-ltsc-eval" + [ -z "$DETECTED" ] && DETECTED="win10x64-ltsc" + ;; + "8" | "8p" | "81" | "81p" | "pro8" | "8.1" | "win8" | "win8p" | "win81" | "win81p" | "windows 8" ) + VERSION="win81x64" + ;; + "8e" | "81e" | "8.1e" | "win8e" | "win81e" | "windows 8e" ) + VERSION="win81x64-enterprise-eval" + ;; + "7" | "win7" | "windows7" | "windows 7" ) + VERSION="win7x64" + [ -z "$DETECTED" ] && DETECTED="win7x64-ultimate" + ;; + "7u" | "win7u" | "windows7u" | "windows 7u" ) + VERSION="win7x64-ultimate" + ;; + "7e" | "win7e" | "windows7e" | "windows 7e" ) + VERSION="win7x64-enterprise" + ;; + "7x86" | "win7x86" | "win732" | "windows7x86" ) + VERSION="win7x86" + [ -z "$DETECTED" ] && DETECTED="win7x86-ultimate" + ;; + "7ux86" | "7u32" | "win7x86-ultimate" ) + VERSION="win7x86-ultimate" + ;; + "7ex86" | "7e32" | "win7x86-enterprise" ) + VERSION="win7x86-enterprise" + ;; + "vista" | "vs" | "6" | "winvista" | "windowsvista" | "windows vista" ) + VERSION="winvistax64" + [ -z "$DETECTED" ] && DETECTED="winvistax64-ultimate" + ;; + "vistu" | "vu" | "6u" | "winvistu" ) + VERSION="winvistax64-ultimate" + ;; + "viste" | "ve" | "6e" | "winviste" ) + VERSION="winvistax64-enterprise" + ;; + "vistax86" | "vista32" | "6x86" | "winvistax86" | "windowsvistax86" ) + VERSION="winvistax86" + [ -z "$DETECTED" ] && DETECTED="winvistax86-ultimate" + ;; + "vux86" | "vu32" | "winvistax86-ultimate" ) + VERSION="winvistax86-ultimate" + ;; + "vex86" | "ve32" | "winvistax86-enterprise" ) + VERSION="winvistax86-enterprise" + ;; + "xp" | "xp32" | "xpx86" | "5" | "5x86" | "winxp" | "winxp86" | "windowsxp" | "windows xp" ) + VERSION="winxpx86" + ;; + "xp64" | "xpx64" | "5x64" | "winxp64" | "winxpx64" | "windowsxp64" | "windowsxpx64" ) + VERSION="winxpx64" + ;; + "2k" | "2000" | "win2k" | "win2000" | "windows2k" | "windows2000" ) + VERSION="win2kx86" + ;; + "25" | "2025" | "win25" | "win2025" | "windows2025" | "windows 2025" ) + VERSION="win2025-eval" + ;; + "22" | "2022" | "win22" | "win2022" | "windows2022" | "windows 2022" ) + VERSION="win2022-eval" + ;; + "19" | "2019" | "win19" | "win2019" | "windows2019" | "windows 2019" ) + VERSION="win2019-eval" + ;; + "16" | "2016" | "win16" | "win2016" | "windows2016" | "windows 2016" ) + VERSION="win2016-eval" + ;; + "hv" | "hyperv" | "hyper v" | "hyper-v" | "19hv" | "2019hv" | "win2019hv" ) + VERSION="win2019-hv" + ;; + "2012" | "2012r2" | "win2012" | "win2012r2" | "windows2012" | "windows 2012" ) + VERSION="win2012r2-eval" + ;; + "2008" | "2008r2" | "win2008" | "win2008r2" | "windows2008" | "windows 2008" ) + VERSION="win2008r2" + ;; + "2003" | "2003r2" | "win2003" | "win2003r2" | "windows2003" | "windows 2003" ) + VERSION="win2003r2" + ;; + "nano11" | "nano 11" ) + VERSION="nano11" + [ -z "$DETECTED" ] && DETECTED="win11x64" + ;; + "core11" | "core 11" ) + VERSION="core11" + [ -z "$DETECTED" ] && DETECTED="win11x64" + ;; + "tiny11" | "tiny 11" ) + VERSION="tiny11" + [ -z "$DETECTED" ] && DETECTED="win11x64" + ;; + "tiny10" | "tiny 10" ) + VERSION="tiny10" + [ -z "$DETECTED" ] && DETECTED="win10x64-ltsc" + ;; + esac + + return 0 +} + +getLanguage() { + + local id="$1" + local ret="$2" + local lang="" + local desc="" + local short="" + local culture="" + + case "${id,,}" in + "ar" | "ar-"* ) + short="ar" + lang="Arabic" + desc="$lang" + culture="ar-SA" ;; + "bg" | "bg-"* ) + short="bg" + lang="Bulgarian" + desc="$lang" + culture="bg-BG" ;; + "cs" | "cs-"* | "cz" | "cz-"* ) + short="cs" + lang="Czech" + desc="$lang" + culture="cs-CZ" ;; + "da" | "da-"* | "dk" | "dk-"* ) + short="da" + lang="Danish" + desc="$lang" + culture="da-DK" ;; + "de" | "de-"* ) + short="de" + lang="German" + desc="$lang" + culture="de-DE" ;; + "el" | "el-"* | "gr" | "gr-"* ) + short="el" + lang="Greek" + desc="$lang" + culture="el-GR" ;; + "gb" | "en-gb" ) + short="en-gb" + lang="English International" + desc="English" + culture="en-GB" ;; + "en" | "en-"* ) + short="en" + lang="English" + desc="English" + culture="en-US" ;; + "mx" | "es-mx" ) + short="mx" + lang="Spanish (Mexico)" + desc="Spanish" + culture="es-MX" ;; + "es" | "es-"* ) + short="es" + lang="Spanish" + desc="$lang" + culture="es-ES" ;; + "et" | "et-"* ) + short="et" + lang="Estonian" + desc="$lang" + culture="et-EE" ;; + "fi" | "fi-"* ) + short="fi" + lang="Finnish" + desc="$lang" + culture="fi-FI" ;; + "ca" | "fr-ca" ) + short="ca" + lang="French Canadian" + desc="French" + culture="fr-CA" ;; + "fr" | "fr-"* ) + short="fr" + lang="French" + desc="$lang" + culture="fr-FR" ;; + "he" | "he-"* | "il" | "il-"* ) + short="he" + lang="Hebrew" + desc="$lang" + culture="he-IL" ;; + "hr" | "hr-"* | "cr" | "cr-"* ) + short="hr" + lang="Croatian" + desc="$lang" + culture="hr-HR" ;; + "hu" | "hu-"* ) + short="hu" + lang="Hungarian" + desc="$lang" + culture="hu-HU" ;; + "it" | "it-"* ) + short="it" + lang="Italian" + desc="$lang" + culture="it-IT" ;; + "ja" | "ja-"* | "jp" | "jp-"* ) + short="ja" + lang="Japanese" + desc="$lang" + culture="ja-JP" ;; + "ko" | "ko-"* | "kr" | "kr-"* ) + short="ko" + lang="Korean" + desc="$lang" + culture="ko-KR" ;; + "lt" | "lt-"* ) + short="lt" + lang="Lithuanian" + desc="$lang" + culture="lt-LT" ;; + "lv" | "lv-"* ) + short="lv" + lang="Latvian" + desc="$lang" + culture="lv-LV" ;; + "nb" | "nb-"* |"nn" | "nn-"* | "no" | "no-"* ) + short="no" + lang="Norwegian" + desc="$lang" + culture="nb-NO" ;; + "nl" | "nl-"* ) + short="nl" + lang="Dutch" + desc="$lang" + culture="nl-NL" ;; + "pl" | "pl-"* ) + short="pl" + lang="Polish" + desc="$lang" + culture="pl-PL" ;; + "br" | "pt-br" ) + short="pt" + lang="Brazilian Portuguese" + desc="Portuguese" + culture="pt-BR" ;; + "pt" | "pt-"* ) + short="pp" + lang="Portuguese" + desc="$lang" + culture="pt-BR" ;; + "ro" | "ro-"* ) + short="ro" + lang="Romanian" + desc="$lang" + culture="ro-RO" ;; + "ru" | "ru-"* ) + short="ru" + lang="Russian" + desc="$lang" + culture="ru-RU" ;; + "sk" | "sk-"* ) + short="sk" + lang="Slovak" + desc="$lang" + culture="sk-SK" ;; + "sl" | "sl-"* | "si" | "si-"* ) + short="sl" + lang="Slovenian" + desc="$lang" + culture="sl-SI" ;; + "sr" | "sr-"* ) + short="sr" + lang="Serbian Latin" + desc="Serbian" + culture="sr-Latn-RS" ;; + "sv" | "sv-"* | "se" | "se-"* ) + short="sv" + lang="Swedish" + desc="$lang" + culture="sv-SE" ;; + "th" | "th-"* ) + short="th" + lang="Thai" + desc="$lang" + culture="th-TH" ;; + "tr" | "tr-"* ) + short="tr" + lang="Turkish" + desc="$lang" + culture="tr-TR" ;; + "ua" | "ua-"* | "uk" | "uk-"* ) + short="uk" + lang="Ukrainian" + desc="$lang" + culture="uk-UA" ;; + "hk" | "zh-hk" | "cn-hk" ) + short="hk" + lang="Chinese (Traditional)" + desc="Chinese HK" + culture="zh-TW" ;; + "tw" | "zh-tw" | "cn-tw" ) + short="tw" + lang="Chinese (Traditional)" + desc="Chinese TW" + culture="zh-TW" ;; + "zh" | "zh-"* | "cn" | "cn-"* ) + short="cn" + lang="Chinese (Simplified)" + desc="Chinese" + culture="zh-CN" ;; + esac + + case "${ret,,}" in + "desc" ) echo "$desc" ;; + "name" ) echo "$lang" ;; + "code" ) echo "$short" ;; + "culture" ) echo "$culture" ;; + *) echo "$desc";; + esac + + return 0 +} + +parseLanguage() { + + REGION="${REGION//_/-/}" + KEYBOARD="${KEYBOARD//_/-/}" + LANGUAGE="${LANGUAGE//_/-/}" + + [ -z "$LANGUAGE" ] && LANGUAGE="en" + + case "${LANGUAGE,,}" in + "arabic" | "arab" ) LANGUAGE="ar" ;; + "bulgarian" | "bu" ) LANGUAGE="bg" ;; + "chinese" | "cn" ) LANGUAGE="zh" ;; + "croatian" | "cr" | "hrvatski" ) LANGUAGE="hr" ;; + "czech" | "cz" | "cesky" ) LANGUAGE="cs" ;; + "danish" | "dk" | "danske" ) LANGUAGE="da" ;; + "dutch" | "nederlands" ) LANGUAGE="nl" ;; + "english" | "gb" | "british" ) LANGUAGE="en" ;; + "estonian" | "eesti" ) LANGUAGE="et" ;; + "finnish" | "suomi" ) LANGUAGE="fi" ;; + "french" | "français" | "francais" ) LANGUAGE="fr" ;; + "german" | "deutsch" ) LANGUAGE="de" ;; + "greek" | "gr" ) LANGUAGE="el" ;; + "hebrew" | "il" ) LANGUAGE="he" ;; + "hungarian" | "magyar" ) LANGUAGE="hu" ;; + "italian" | "italiano" ) LANGUAGE="it" ;; + "japanese" | "jp" ) LANGUAGE="ja" ;; + "korean" | "kr" ) LANGUAGE="ko" ;; + "latvian" | "latvijas" ) LANGUAGE="lv" ;; + "lithuanian" | "lietuvos" ) LANGUAGE="lt" ;; + "norwegian" | "no" | "nb" | "norsk" ) LANGUAGE="nn" ;; + "polish" | "polski" ) LANGUAGE="pl" ;; + "portuguese" | "pt" | "br" ) LANGUAGE="pt-br" ;; + "português" | "portugues" ) LANGUAGE="pt-br" ;; + "romanian" | "română" | "romana" ) LANGUAGE="ro" ;; + "russian" | "ruski" ) LANGUAGE="ru" ;; + "serbian" | "serbian latin" ) LANGUAGE="sr" ;; + "slovak" | "slovenský" | "slovensky" ) LANGUAGE="sk" ;; + "slovenian" | "si" | "slovenski" ) LANGUAGE="sl" ;; + "spanish" | "espanol" | "español" ) LANGUAGE="es" ;; + "swedish" | "se" | "svenska" ) LANGUAGE="sv" ;; + "turkish" | "türk" | "turk" ) LANGUAGE="tr" ;; + "thai" ) LANGUAGE="th" ;; + "ukrainian" | "ua" ) LANGUAGE="uk" ;; + esac + + local culture + culture=$(getLanguage "$LANGUAGE" "culture") + [ -n "$culture" ] && return 0 + + error "Invalid LANGUAGE specified, value \"$LANGUAGE\" is not recognized!" + return 1 +} + +printVersion() { + + local id="$1" + local desc="$2" + + case "${id,,}" in + "tiny11"* ) desc="Tiny 11" ;; + "tiny10"* ) desc="Tiny 10" ;; + "core11"* ) desc="Core 11" ;; + "nano11"* ) desc="Nano 11" ;; + "win7"* ) desc="Windows 7" ;; + "win8"* ) desc="Windows 8" ;; + "win10"* ) desc="Windows 10" ;; + "win11"* ) desc="Windows 11" ;; + "winxp"* ) desc="Windows XP" ;; + "win9x"* ) desc="Windows ME" ;; + "win98"* ) desc="Windows 98" ;; + "win95"* ) desc="Windows 95" ;; + "win2k"* ) desc="Windows 2000" ;; + "winvista"* ) desc="Windows Vista" ;; + "win2019-hv"* ) desc="Hyper-V Server" ;; + "win2003"* ) desc="Windows Server 2003" ;; + "win2008"* ) desc="Windows Server 2008" ;; + "win2012"* ) desc="Windows Server 2012" ;; + "win2016"* ) desc="Windows Server 2016" ;; + "win2019"* ) desc="Windows Server 2019" ;; + "win2022"* ) desc="Windows Server 2022" ;; + "win2025"* ) desc="Windows Server 2025" ;; + esac + + if [ -z "$desc" ]; then + desc="Windows" + [[ "${PLATFORM,,}" != "x64" ]] && desc+=" for ${PLATFORM}" + fi + + echo "$desc" + return 0 +} + +printEdition() { + + local id="$1" + local desc="$2" + local result="" + local edition="" + + result=$(printVersion "$id" "x") + [[ "$result" == "x" ]] && echo "$desc" && return 0 + + case "${id,,}" in + *"-home" ) + edition="Home" + ;; + *"-starter" ) + edition="Starter" + ;; + *"-ultimate" ) + edition="Ultimate" + ;; + *"-enterprise" ) + edition="Enterprise" + ;; + *"-education" ) + edition="Education" + ;; + *"-hv" ) + edition="2019" + ;; + *"-iot" | *"-iot-eval" ) + edition="LTSC" + ;; + *"-ltsc" | *"-ltsc-eval" ) + edition="LTSC" + ;; + *"-enterprise-eval" ) + edition="Enterprise (Evaluation)" + ;; + "win7"* ) + edition="Professional" + ;; + "win8"* | "win10"* | "win11"* ) + edition="Pro" + ;; + "winxp"* ) + edition="Professional" + ;; + "winvista"* ) + edition="Business" + ;; + "win2025"* | "win2022"* | "win2019"* | "win2016"* | "win2012"* | "win2008"* | "win2003"* ) + case "${EDITION^^}" in + *"DATACENTER"* ) edition="Datacenter" ;; + "CORE" | "STANDARDCORE" ) edition="Core" ;; + * ) edition="Standard" ;; + esac + ;; + esac + + [ -n "$edition" ] && result+=" $edition" + + echo "$result" + return 0 +} + +fromFile() { + + local id="" + local desc="$1" + local file="${1,,}" + local arch="${PLATFORM,,}" + + file="${file//-/_}" + file="${file// /_}" + + case "$file" in + *"_x64_"* | *"_x64."*) + arch="x64" + ;; + *"_x86_"* | *"_x86."*) + arch="x86" + ;; + *"_arm64_"* | *"_arm64."*) + arch="arm64" + ;; + esac + + local add="" + [[ "$arch" != "x64" ]] && add="$arch" + + case "$file" in + "win7"* | "win_7"* | *"windows7"* | *"windows_7"* ) + id="win7${arch}" + ;; + "win8"* | "win_8"* | *"windows8"* | *"windows_8"* ) + id="win81${arch}" + ;; + "win10"*| "win_10"* | *"windows10"* | *"windows_10"* ) + id="win10${arch}" + ;; + "win11"* | "win_11"* | *"windows11"* | *"windows_11"* ) + id="win11${arch}" + ;; + *"winxp"* | *"win_xp"* | *"windowsxp"* | *"windows_xp"* ) + id="winxpx86" + ;; + *"winvista"* | *"win_vista"* | *"windowsvista"* | *"windows_vista"* ) + id="winvista${arch}" + ;; + "nano11"* | "nano_11"* ) + id="nano11" + ;; + "tiny11core"* | "tiny11_core"* | "tiny_11_core"* ) + id="core11" + ;; + "tiny11"* | "tiny_11"* ) + id="tiny11" + ;; + "tiny10"* | "tiny_10"* ) + id="tiny10" + ;; + *"_serverhypercore_"* ) + id="win2019${add}-hv" + ;; + *"server2025"* | *"server_2025"* ) + id="win2025${add}" + ;; + *"server2022"* | *"server_2022"* ) + id="win2022${add}" + ;; + *"server2019"* | *"server_2019"* ) + id="win2019${add}" + ;; + *"server2016"* | *"server_2016"* ) + id="win2016${add}" + ;; + *"server2012"* | *"server_2012"* ) + id="win2012r2${add}" + ;; + *"server2008"* | *"server_2008"* ) + id="win2008r2${add}" + ;; + *"server2003"* | *"server_2003"* ) + id="win2003r2${add}" + ;; + esac + + if [ -n "$id" ]; then + desc=$(printVersion "$id" "$desc") + fi + + echo "$desc" + return 0 +} + +fromName() { + + local id="" + local name="$1" + local arch="$2" + + local add="" + [[ "$arch" != "x64" ]] && add="$arch" + + case "${name,,}" in + *"windows 7"* ) id="win7${arch}" ;; + *"windows 8"* ) id="win81${arch}" ;; + *"windows 10"* ) id="win10${arch}" ;; + *"optimum 10"* ) id="win10${arch}" ;; + *"windows 11"* ) id="win11${arch}" ;; + *"optimum 11"* ) id="win11${arch}" ;; + *"windows vista"* ) id="winvista${arch}" ;; + *"server 2025"* ) id="win2025${add}" ;; + *"server 2022"* ) id="win2022${add}" ;; + *"server 2019"* ) id="win2019${add}" ;; + *"server 2016"* ) id="win2016${add}" ;; + *"server 2012"* ) id="win2012r2${add}" ;; + *"server 2008"* ) id="win2008r2${add}" ;; + *"server 2003"* ) id="win2003r2${add}" ;; + *"hyper-v server"* ) id="win2019${add}" ;; + esac + + echo "$id" + return 0 +} + +getVersion() { + + local id + local name="$1" + local arch="$2" + + id=$(fromName "$name" "$arch") + + case "${id,,}" in + "win7"* | "winvista"* ) + case "${name,,}" in + *" home"* ) id="$id-home" ;; + *" starter"* ) id="$id-starter" ;; + *" ultimate"* ) id="$id-ultimate" ;; + *" enterprise evaluation"* ) id="$id-enterprise-eval" ;; + *" enterprise"* ) id="$id-enterprise" ;; + esac + ;; + "win8"* ) + case "${name,,}" in + *" enterprise evaluation"* ) id="$id-enterprise-eval" ;; + *" enterprise"* ) id="$id-enterprise" ;; + esac + ;; + "win10"* | "win11"* ) + case "${name,,}" in + *" iot"* ) id="$id-iot" ;; + *" ltsc"* ) id="$id-ltsc" ;; + *" home"* ) id="$id-home" ;; + *" education"* ) id="$id-education" ;; + *" enterprise evaluation"* ) id="$id-enterprise-eval" ;; + *" enterprise"* ) id="$id-enterprise" ;; + esac + ;; + "win2025"* | "win2022"* | "win2019"* | "win2016"* | "win2012"* | "win2008"* | "win2003"* ) + case "${name,,}" in + *" evaluation"* ) id="$id-eval" ;; + *"hyper-v server"* ) id="$id-hv" ;; + esac + ;; + esac + + echo "$id" + return 0 +} + +switchEdition() { + + local id="$1" + + if [[ "${id,,}" == *"-eval" ]]; then + [ -z "$DETECTED" ] && DETECTED="${id::-5}" + fi + + return 0 +} + +getMido() { + + local id="$1" + local lang="$2" + local ret="$3" + local url="" + local sum="" + local size="" + + [[ "${lang,,}" != "en" && "${lang,,}" != "en-us" ]] && return 0 + + case "${id,,}" in + "win11x64" ) + size=7736125440 + sum="d141f6030fed50f75e2b03e1eb2e53646c4b21e5386047cb860af5223f102a32" + url="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26200.6584.250915-1905.25h2_ge_release_svc_refresh_CLIENT_CONSUMER_x64FRE_en-us.iso" + ;; + "win11x64-enterprise-eval" ) + size=7092807680 + sum="a61adeab895ef5a4db436e0a7011c92a2ff17bb0357f58b13bbc4062e535e7b9" + url="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26200.6584.250915-1905.25h2_ge_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso" + ;; + "win11x64-enterprise-iot-eval" | "win11x64-enterprise-ltsc-eval" ) + size=5060020224 + sum="2cee70bd183df42b92a2e0da08cc2bb7a2a9ce3a3841955a012c0f77aeb3cb29" + url="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26100.1.240331-1435.ge_release_CLIENT_IOT_LTSC_EVAL_x64FRE_en-us.iso" + ;; + "win10x64" ) + size=6140975104 + sum="a6f470ca6d331eb353b815c043e327a347f594f37ff525f17764738fe812852e" + ;; + "win10x64-enterprise-eval" ) + size=5550497792 + sum="ef7312733a9f5d7d51cfa04ac497671995674ca5e1058d5164d6028f0938d668" + url="https://software-static.download.prss.microsoft.com/dbazure/988969d5-f34g-4e03-ac9d-1f9786c66750/19045.2006.220908-0225.22h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso" + ;; + "win10x64-enterprise-ltsc-eval" ) + size=4898582528 + sum="e4ab2e3535be5748252a8d5d57539a6e59be8d6726345ee10e7afd2cb89fefb5" + url="https://software-download.microsoft.com/download/pr/19044.1288.211006-0501.21h2_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso" + ;; + "win81x64-enterprise-eval" ) + size=3961473024 + sum="2dedd44c45646c74efc5a028f65336027e14a56f76686a4631cf94ffe37c72f2" + url="https://download.microsoft.com/download/B/9/9/B999286E-0A47-406D-8B3D-5B5AD7373A4A/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_ENTERPRISE_EVAL_EN-US-IR3_CENA_X64FREE_EN-US_DV9.ISO" + ;; + "win2025-eval" ) + size=6014152704 + sum="d0ef4502e350e3c6c53c15b1b3020d38a5ded011bf04998e950720ac8579b23d" + url="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26100.1742.240906-0331.ge_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso" + ;; + "win2022-eval" ) + size=5044094976 + sum="3e4fa6d8507b554856fc9ca6079cc402df11a8b79344871669f0251535255325" + url="https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso" + ;; + "win2019-eval" ) + size=5652088832 + sum="6dae072e7f78f4ccab74a45341de0d6e2d45c39be25f1f5920a2ab4f51d7bcbb" + url="https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso" + ;; + "win2019-hv" ) + size=3072712704 + sum="48e9b944518e5bbc80876a9a7ff99716f386f404f4be48dca47e16a66ae7872c" + url="https://software-download.microsoft.com/download/pr/17763.557.190612-0019.rs5_release_svc_refresh_SERVERHYPERCORE_OEM_x64FRE_en-us.ISO" + ;; + "win2016-eval" ) + size=6972221440 + sum="1ce702a578a3cb1ac3d14873980838590f06d5b7101c5daaccbac9d73f1fb50f" + url="https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO" + ;; + "win2012r2-eval" ) + size=4542291968 + sum="6612b5b1f53e845aacdf96e974bb119a3d9b4dcb5b82e65804ab7e534dc7b4d5" + url="https://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO" + ;; + "win2008r2" ) + size=3166840832 + sum="30832ad76ccfa4ce48ccb936edefe02079d42fb1da32201bf9e3a880c8ed6312" + url="https://download.microsoft.com/download/4/1/D/41DEA7E0-B30D-4012-A1E3-F24DC03BA1BB/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso" + ;; + esac + + case "${ret,,}" in + "sum" ) echo "$sum" ;; + "size" ) echo "$size" ;; + *) echo "$url";; + esac + + return 0 +} + +getLink1() { + + # Fallbacks for users who cannot connect to the Microsoft servers + + local id="$1" + local lang="$2" + local ret="$3" + local url="" + local sum="" + local size="" + local host="https://dl.bobpony.com/windows" + + [[ "${lang,,}" != "en" && "${lang,,}" != "en-us" ]] && return 0 + + case "${id,,}" in + "win11x64" | "win11x64-enterprise" | "win11x64-enterprise-eval" ) + size=5332989952 + sum="aa1ad990f930d907b7a34ea897abbb0dfbe47552ca8acc146f92e40381839e05" + url="11/en-us_windows_11_24h2_x64.iso" + ;; + "win11x64-iot" | "win11x64-enterprise-iot" | "win11x64-enterprise-iot-eval" ) + size=5144817664 + sum="4f59662a96fc1da48c1b415d6c369d08af55ddd64e8f1c84e0166d9e50405d7a" + url="11/X23-81951_26100.1742.240906-0331.ge_release_svc_refresh_CLIENT_ENTERPRISES_OEM_x64FRE_en-us.iso" + ;; + "win11x64-ltsc" | "win11x64-enterprise-ltsc" | "win11x64-enterprise-ltsc-eval" ) + size=5144817664 + sum="4f59662a96fc1da48c1b415d6c369d08af55ddd64e8f1c84e0166d9e50405d7a" + url="11/X23-81951_26100.1742.240906-0331.ge_release_svc_refresh_CLIENT_ENTERPRISES_OEM_x64FRE_en-us.iso" + ;; + "win10x64" | "win10x64-enterprise" | "win10x64-enterprise-eval" ) + size=5535252480 + sum="557871965263d0fd0a1ea50b5d0d0d7cb04a279148ca905c1c675c9bc0d5486c" + url="10/en-us_windows_10_22h2_x64.iso" + ;; + "win10x64-iot" | "win10x64-enterprise-iot" | "win10x64-enterprise-iot-eval" ) + size=4851668992 + sum="a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160" + url="10/en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso" + ;; + "win10x64-ltsc" | "win10x64-enterprise-ltsc" | "win10x64-enterprise-ltsc-eval" ) + size=4899461120 + sum="c90a6df8997bf49e56b9673982f3e80745058723a707aef8f22998ae6479597d" + url="10/en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96.iso" + ;; + "win81x64" ) + size=4320526336 + sum="d8333cf427eb3318ff6ab755eb1dd9d433f0e2ae43745312c1cd23e83ca1ce51" + url="8.x/8.1/en_windows_8.1_with_update_x64_dvd_6051480.iso" + ;; + "win81x64-enterprise" | "win81x64-enterprise-eval" ) + size=4139163648 + sum="c3c604c03677504e8905090a8ce5bb1dde76b6fd58e10f32e3a25bef21b2abe1" + url="8.x/8.1/en_windows_8.1_enterprise_with_update_x64_dvd_6054382.iso" + ;; + "win2025" | "win2025-eval" ) + size=7571058688 + sum="d273d0a85565ffbc06a3d46313f619103e2830a3373306ddbb9a08b8824f509d" + url="server/2025/en-us_windows_server_2025_updated_oct_2025_x64_dvd_6c0c5aa8.iso" + ;; + "win2022" | "win2022-eval" ) + size=6023239680 + sum="5d6d91efa972cbdd6701d78db1dcf6a34c7024ca931c1718e7cb3d0c6dd54e88" + url="server/2022/en-us_windows_server_2022_updated_oct_2025_x64_dvd_26e9af36.iso" + ;; + "win2019" | "win2019-eval" ) + size=5575774208 + sum="0067afe7fdc4e61f677bd8c35a209082aa917df9c117527fc4b2b52a447e89bb" + url="server/2019/en-us_windows_server_2019_updated_aug_2021_x64_dvd_a6431a28.iso" + ;; + "win2016" | "win2016-eval" ) + size=6006587392 + sum="af06e5483c786c023123e325cea4775050324d9e1366f46850b515ae43f764be" + url="server/2016/en_windows_server_2016_updated_feb_2018_x64_dvd_11636692.iso" + ;; + "win2012r2" | "win2012r2-eval" ) + size=5397889024 + sum="f351e89eb88a96af4626ceb3450248b8573e3ed5924a4e19ea891e6003b62e4e" + url="server/2012r2/en_windows_server_2012_r2_with_update_x64_dvd_6052708-004.iso" + ;; + "win2008r2" | "win2008r2-eval" ) + size=3166584832 + sum="dfd9890881b7e832a927c38310fb415b7ea62ac5a896671f2ce2a111998f0df8" + url="server/2008r2/en_windows_server_2008_r2_with_sp1_x64_dvd_617601-018.iso" + ;; + "win7x64" | "win7x64-ultimate" ) + size=3320836096 + sum="0b738b55a5ea388ad016535a5c8234daf2e5715a0638488ddd8a228a836055a1" + url="7/en_windows_7_with_sp1_x64.iso" + ;; + "win7x64-enterprise" | "win7x64-enterprise-eval" ) + size=3182604288 + sum="ee69f3e9b86ff973f632db8e01700c5724ef78420b175d25bae6ead90f6805a7" + url="7/en_windows_7_enterprise_with_sp1_x64_dvd_u_677651.iso" + ;; + "win7x86" | "win7x86-ultimate" ) + size=2564411392 + sum="99f3369c90160816be07093dbb0ac053e0a84e52d6ed1395c92ae208ccdf67e5" + url="7/en_windows_7_with_sp1_x86.iso" + ;; + "win7x86-enterprise" | "win7x86-enterprise-eval" ) + size=2434502656 + sum="8bdd46ff8cb8b8de9c4aba02706629c8983c45e87da110e64e13be17c8434dad" + url="7/en_windows_7_enterprise_with_sp1_x86_dvd_u_677710.iso" + ;; + "winvistax64" | "winvistax64-ultimate" ) + size=3861460992 + sum="edf9f947c5791469fd7d2d40a5dcce663efa754f91847aa1d28ed7f585675b78" + url="vista/en_windows_vista_sp2_x64_dvd_342267.iso" + ;; + "winvistax86" | "winvistax86-ultimate" ) + size=3243413504 + sum="9c36fed4255bd05a8506b2da88f9aad73643395e155e609398aacd2b5276289c" + url="vista/en_windows_vista_with_sp2_x86_dvd_342266.iso" + ;; + "win2003r2" ) + size=731650535 + sum="6b64bbae7eb00fd000cc887ffdc9f224d00c557daad7f756cfa373950b880dc8" + url="server/2003r2/en_win_srv_2003_r2_standard_x64_with_sp2_cd1_cd2.zip" + ;; + "winxpx86" ) + size=617756672 + sum="62b6c91563bad6cd12a352aa018627c314cfc5162d8e9f8af0756a642e602a46" + url="xp/professional/en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso" + ;; + "winxpx64" ) + size=614166528 + sum="8fac68e1e56c64ad9a2aa0ad464560282e67fa4f4dd51d09a66f4e548eb0f2d6" + url="xp/professional/en_win_xp_pro_x64_vl.iso" + ;; + "win2kx86" ) + size=331701982 + sum="a93251b31f92316411bb48458a695d9051b13cdeba714c46f105012fdda45bf3" + url="2000/5.00.2195.6717_x86fre_client-professional_retail_en-us.7z" + ;; + esac + + case "${ret,,}" in + "sum" ) echo "$sum" ;; + "size" ) echo "$size" ;; + *) [ -n "$url" ] && echo "$host/$url";; + esac + + return 0 +} + +getLink2() { + + local id="$1" + local lang="$2" + local ret="$3" + local url="" + local sum="" + local size="" + local host="https://files.dog/MSDN" + + [[ "${lang,,}" != "en" && "${lang,,}" != "en-us" ]] && return 0 + + case "${id,,}" in + "win81x64" ) + size=4320526336 + sum="d8333cf427eb3318ff6ab755eb1dd9d433f0e2ae43745312c1cd23e83ca1ce51" + url="Windows%208.1%20with%20Update/en_windows_8.1_with_update_x64_dvd_6051480.iso" + ;; + "win81x64-enterprise" | "win81x64-enterprise-eval" ) + size=4139163648 + sum="c3c604c03677504e8905090a8ce5bb1dde76b6fd58e10f32e3a25bef21b2abe1" + url="Windows%208.1%20with%20Update/en_windows_8.1_enterprise_with_update_x64_dvd_6054382.iso" + ;; + "win2012r2" | "win2012r2-eval" ) + size=5397889024 + sum="f351e89eb88a96af4626ceb3450248b8573e3ed5924a4e19ea891e6003b62e4e" + url="Windows%20Server%202012%20R2%20with%20Update/en_windows_server_2012_r2_with_update_x64_dvd_6052708.iso" + ;; + "win2008r2" | "win2008r2-eval" ) + size=3166584832 + sum="dfd9890881b7e832a927c38310fb415b7ea62ac5a896671f2ce2a111998f0df8" + url="Windows%20Server%202008%20R2/en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso" + ;; + "win7x64" | "win7x64-ultimate" ) + size=3320903680 + sum="36f4fa2416d0982697ab106e3a72d2e120dbcdb6cc54fd3906d06120d0653808" + url="Windows%207/en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso" + ;; + "win7x64-enterprise" | "win7x64-enterprise-eval" ) + size=3182604288 + sum="ee69f3e9b86ff973f632db8e01700c5724ef78420b175d25bae6ead90f6805a7" + url="Windows%207/en_windows_7_enterprise_with_sp1_x64_dvd_u_677651.iso" + ;; + "win7x86" | "win7x86-ultimate" ) + size=2564476928 + sum="e2c009a66d63a742941f5087acae1aa438dcbe87010bddd53884b1af6b22c940" + url="Windows%207/en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso" + ;; + "win7x86-enterprise" | "win7x86-enterprise-eval" ) + size=2434502656 + sum="8bdd46ff8cb8b8de9c4aba02706629c8983c45e87da110e64e13be17c8434dad" + url="Windows%207/en_windows_7_enterprise_with_sp1_x86_dvd_u_677710.iso" + ;; + "winvistax64" | "winvistax64-ultimate" ) + size=3861460992 + sum="edf9f947c5791469fd7d2d40a5dcce663efa754f91847aa1d28ed7f585675b78" + url="Windows%20Vista/en_windows_vista_sp2_x64_dvd_342267.iso" + ;; + "winvistax64-enterprise" ) + size=3205953536 + sum="0a0cd511b3eac95c6f081419c9c65b12317b9d6a8d9707f89d646c910e788016" + url="Windows%20Vista/en_windows_vista_enterprise_sp2_x64_dvd_342332.iso" + ;; + "winvistax86" | "winvistax86-ultimate" ) + size=3243413504 + sum="9c36fed4255bd05a8506b2da88f9aad73643395e155e609398aacd2b5276289c" + url="Windows%20Vista/en_windows_vista_with_sp2_x86_dvd_342266.iso" + ;; + "winvistax86-enterprise" ) + size=2420981760 + sum="54e2720004041e7db988a391543ea5228b0affc28efcf9303d2d0ff9402067f5" + url="Windows%20Vista/en_windows_vista_enterprise_sp2_x86_dvd_342329.iso" + ;; + "win2003r2" ) + size=652367872 + sum="74245cba888f935b138b106c2744bec7f392925b472358960a0b5643cd6abb32" + url="Windows%20Server%202003%20R2/en_win_srv_2003_r2_standard_x64_with_sp2_cd1_x13-05757.iso" + ;; + "winxpx86" ) + size=617756672 + sum="62b6c91563bad6cd12a352aa018627c314cfc5162d8e9f8af0756a642e602a46" + url="Windows%20XP/en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso" + ;; + "winxpx64" ) + size=614166528 + sum="8fac68e1e56c64ad9a2aa0ad464560282e67fa4f4dd51d09a66f4e548eb0f2d6" + url="Windows%20XP/en_win_xp_pro_x64_vl.iso" + ;; + esac + + case "${ret,,}" in + "sum" ) echo "$sum" ;; + "size" ) echo "$size" ;; + *) [ -n "$url" ] && echo "$host/$url";; + esac + + return 0 +} + +getLink3() { + + local id="$1" + local lang="$2" + local ret="$3" + local url="" + local sum="" + local size="" + local host="https://nixsys.com/drivers" + + [[ "${lang,,}" != "en" && "${lang,,}" != "en-us" ]] && return 0 + + case "${id,,}" in + "win7x64" | "win7x64-ultimate" ) + size=3319478272 + sum="3286963e1476082ba882a5058c205c264772bead9e99e15cd1cb255f04b72900" + url="WINDOWS764_EN_DVD.iso" + ;; + "win7x86" | "win7x86-ultimate" ) + size=2564784128 + sum="bd4c03c917d00a40222d92a6fab04981a7bd46140bda1888eb961a322e3c5d89" + url="WINDOWS732_EN_DVD.iso" + ;; + "winxpx86" ) + size=618065920 + sum="8177d0137dfe4e8296a85793f140806c9250a5992c8e0e50158c742767ad1182" + url="WinXPsp3.iso" + ;; + "win2kx86" ) + size=387424256 + sum="08b11c3897eb38d1e6566a17cec5cdf2b3c620444e160e3db200a7e223aabbd8" + url="Windows_2000_SP4.iso" + esac + + case "${ret,,}" in + "sum" ) echo "$sum" ;; + "size" ) echo "$size" ;; + *) [ -n "$url" ] && echo "$host/$url";; + esac + + return 0 +} + +getLink4() { + + local id="$1" + local lang="$2" + local ret="$3" + local url="" + local sum="" + local size="" + local host="https://archive.org/download" + + [[ "${lang,,}" != "en" && "${lang,,}" != "en-us" ]] && return 0 + + case "${id,,}" in + "nano11" ) + size=2463565824 + sum="a1e0614372768cbe2d24de74b78a4a97bc1017ea5080dfed1d2125e4a527eb1a" + url="nano11_25h2/nano11%2025h2.iso" + ;; + "core11" ) + size=3176654848 + sum="29c055fcfb7b089abd9e007e7abe4bb82c70a03aac9d65e56a38b87ab32d04d2" + url="tiny11_25H2/tiny11core_25H2_Oct25.iso" + ;; + "tiny11" ) + size=5514559488 + sum="92484f2b7f707e42383294402a9eabbadeaa5ede80ac633390ae7f3537e36275" + url="tiny11_25H2/tiny11_25H2_Oct25.iso" + ;; + "tiny10" ) + size=3839819776 + sum="a11116c0645d892d6a5a7c585ecc1fa13aa66f8c7cc6b03bf1f27bd16860cc35" + url="tiny-10-23-h2/tiny10%20x64%2023h2.iso" + ;; + "win11x64" ) + size=7736125440 + sum="d141f6030fed50f75e2b03e1eb2e53646c4b21e5386047cb860af5223f102a32" + url="W11x64_26200.6584/26200.6584.250915-1905.25h2_ge_release_svc_refresh_CLIENT_CONSUMER_x64FRE_en-us.iso" + ;; + "win11x64-enterprise" | "win11x64-enterprise-eval" ) + size=6209064960 + sum="c8dbc96b61d04c8b01faf6ce0794fdf33965c7b350eaa3eb1e6697019902945c" + url="Windows11Enterprise23H2x64/22631.2428.231001-0608.23H2_NI_RELEASE_SVC_REFRESH_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso" + ;; + "win11x64-iot" | "win11x64-enterprise-iot" | "win11x64-enterprise-iot-eval" ) + size=5144817664 + sum="4f59662a96fc1da48c1b415d6c369d08af55ddd64e8f1c84e0166d9e50405d7a" + url="Windows11LTSC/X23-81951_26100.1742.240906-0331.ge_release_svc_refresh_CLIENT_ENTERPRISES_OEM_x64FRE_en-us.iso" + ;; + "win11x64-ltsc" | "win11x64-enterprise-ltsc" | "win11x64-enterprise-ltsc-eval" ) + size=5144817664 + sum="4f59662a96fc1da48c1b415d6c369d08af55ddd64e8f1c84e0166d9e50405d7a" + url="Windows11LTSC/X23-81951_26100.1742.240906-0331.ge_release_svc_refresh_CLIENT_ENTERPRISES_OEM_x64FRE_en-us.iso" + ;; + "win10x64" | "win10x64-enterprise" | "win10x64-enterprise-eval" ) + size=6978310144 + sum="7847abd6f39abd02dc8089c4177d354f9eb66fa0ee2fe8ae20e596e675d1ab67" + url="Windows-10-22H2-July-2024-64-bit-DVD-English/en-us_windows_10_business_editions_version_22h2_updated_july_2024_x64_dvd_c004521a.iso" + ;; + "win10x64-iot" | "win10x64-enterprise-iot" | "win10x64-enterprise-iot-eval" ) + size=4851668992 + sum="a0334f31ea7a3e6932b9ad7206608248f0bd40698bfb8fc65f14fc5e4976c160" + url="en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f_202411/en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f.iso" + ;; + "win10x64-ltsc" | "win10x64-enterprise-ltsc" | "win10x64-enterprise-ltsc-eval" ) + size=4899461120 + sum="c90a6df8997bf49e56b9673982f3e80745058723a707aef8f22998ae6479597d" + url="en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96_202302/en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96.iso" + ;; + "win81x64" ) + size=4320526336 + sum="d8333cf427eb3318ff6ab755eb1dd9d433f0e2ae43745312c1cd23e83ca1ce51" + url="en_windows_8.1_with_update_x64_dvd_6051480/en_windows_8.1_with_update_x64_dvd_6051480.iso" + ;; + "win81x64-enterprise" | "win81x64-enterprise-eval" ) + size=4139163648 + sum="c3c604c03677504e8905090a8ce5bb1dde76b6fd58e10f32e3a25bef21b2abe1" + url="en_windows_8.1_enterprise_with_update_x64_dvd/en_windows_8.1_enterprise_with_update_x64_dvd_6054382.iso" + ;; + "win2022" | "win2022-eval" ) + size=5365624832 + sum="c3c57bb2cf723973a7dcfb1a21e97dfa035753a7f111e348ad918bb64b3114db" + url="win-server-2022/2227-January_2024/en-us_windows_server_2022_updated_jan_2024_x64_dvd_2b7a0c9f.iso" + ;; + "win2019" | "win2019-eval" ) + size=5575774208 + sum="0067afe7fdc4e61f677bd8c35a209082aa917df9c117527fc4b2b52a447e89bb" + url="sw-dvd-9-win-server-std-core-2019-1809.18-64-bit-english-dc-std-mlf-x-22-74330/SW_DVD9_Win_Server_STD_CORE_2019_1809.18_64Bit_English_DC_STD_MLF_X22-74330.ISO" + ;; + "win2016" | "win2016-eval" ) + size=6006587392 + sum="af06e5483c786c023123e325cea4775050324d9e1366f46850b515ae43f764be" + url="en_windows_server_2016_updated_feb_2018_x64_dvd_11636692/en_windows_server_2016_updated_feb_2018_x64_dvd_11636692.iso" + ;; + "win2012r2" | "win2012r2-eval" ) + size=5397889024 + sum="f351e89eb88a96af4626ceb3450248b8573e3ed5924a4e19ea891e6003b62e4e" + url="en_windows_server_2012_r2_with_update_x64_dvd_6052708_202006/en_windows_server_2012_r2_with_update_x64_dvd_6052708.iso" + ;; + "win2008r2" | "win2008r2-eval" ) + size=3166584832 + sum="dfd9890881b7e832a927c38310fb415b7ea62ac5a896671f2ce2a111998f0df8" + url="en_windows_server_2008_r2_with_sp1_x64_dvd_617601_202006/en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso" + ;; + "win7x64" | "win7x64-ultimate" ) + size=3320903680 + sum="36f4fa2416d0982697ab106e3a72d2e120dbcdb6cc54fd3906d06120d0653808" + url="win7-ult-sp1-english/Win7_Ult_SP1_English_x64.iso" + ;; + "win7x64-enterprise" | "win7x64-enterprise-eval" ) + size=3182604288 + sum="ee69f3e9b86ff973f632db8e01700c5724ef78420b175d25bae6ead90f6805a7" + url="en_windows_7_enterprise_with_sp1_x64_dvd_u_677651_202006/en_windows_7_enterprise_with_sp1_x64_dvd_u_677651.iso" + ;; + "win7x86" | "win7x86-ultimate" ) + size=2564476928 + sum="e2c009a66d63a742941f5087acae1aa438dcbe87010bddd53884b1af6b22c940" + url="win7-ult-sp1-english/Win7_Ult_SP1_English_x32.iso" + ;; + "win7x86-enterprise" | "win7x86-enterprise-eval" ) + size=2434502656 + sum="8bdd46ff8cb8b8de9c4aba02706629c8983c45e87da110e64e13be17c8434dad" + url="en_windows_7_enterprise_with_sp1_x86_dvd_u_677710_202006/en_windows_7_enterprise_with_sp1_x86_dvd_u_677710.iso" + ;; + "winvistax64" | "winvistax64-ultimate" ) + size=3861460992 + sum="edf9f947c5791469fd7d2d40a5dcce663efa754f91847aa1d28ed7f585675b78" + url="en_windows_vista_sp2_x64_dvd_342267_202010/en_windows_vista_sp2_x64_dvd_342267.iso" + ;; + "winvistax64-enterprise" ) + size=3205953536 + sum="0a0cd511b3eac95c6f081419c9c65b12317b9d6a8d9707f89d646c910e788016" + url="en_windows_vista_enterprise_sp2_x64_dvd_342332_202007/en_windows_vista_enterprise_sp2_x64_dvd_342332.iso" + ;; + "winvistax86" | "winvistax86-ultimate" ) + size=3243413504 + sum="9c36fed4255bd05a8506b2da88f9aad73643395e155e609398aacd2b5276289c" + url="en_windows_vista_sp2_x86_dvd_342266/en_windows_vista_sp2_x86_dvd_342266.iso" + ;; + "winvistax86-enterprise" ) + size=2420981760 + sum="54e2720004041e7db988a391543ea5228b0affc28efcf9303d2d0ff9402067f5" + url="en_windows_vista_enterprise_sp2_x86_dvd_342329_202007/en_windows_vista_enterprise_sp2_x86_dvd_342329.iso" + ;; + "win2003r2" ) + size=652367872 + sum="74245cba888f935b138b106c2744bec7f392925b472358960a0b5643cd6abb32" + url="en_win_srv_2003_r2_standard_x64_with_sp2_cd1_x13-05757/en_win_srv_2003_r2_standard_x64_with_sp2_cd1_x13-05757.iso" + ;; + "winxpx86" ) + size=617756672 + sum="62b6c91563bad6cd12a352aa018627c314cfc5162d8e9f8af0756a642e602a46" + url="XPPRO_SP3_ENU/en_windows_xp_professional_with_service_pack_3_x86_cd_x14-80428.iso" + ;; + "winxpx64" ) + size=614166528 + sum="8fac68e1e56c64ad9a2aa0ad464560282e67fa4f4dd51d09a66f4e548eb0f2d6" + url="windows-xp-all-sp-msdn-iso-files-en-de-ru-tr-x86-x64/en_win_xp_sp1_pro_x64_vl.iso" + ;; + "win2kx86" ) + size=386859008 + sum="e3816f6e80b66ff686ead03eeafffe9daf020a5e4717b8bd4736b7c51733ba22" + url="MicrosoftWindows2000BuildCollection/5.00.2195.6717_x86fre_client-professional_retail_en-us-ZRMPFPP_EN.iso" + esac + + case "${ret,,}" in + "sum" ) echo "$sum" ;; + "size" ) echo "$size" ;; + *) [ -n "$url" ] && echo "$host/$url";; + esac + + return 0 +} + +getValue() { + + local val="" + local id="$2" + local lang="$3" + local type="$4" + local func="getLink$1" + + if [ "$1" -gt 0 ] && [ "$1" -le "$MIRRORS" ]; then + val=$($func "$id" "$lang" "$type") + fi + + echo "$val" + return 0 +} + +getLink() { + + local url + url=$(getValue "$1" "$2" "$3" "") + + echo "$url" + return 0 +} + +getHash() { + + local sum + sum=$(getValue "$1" "$2" "$3" "sum") + + echo "$sum" + return 0 +} + +getSize() { + + local size + size=$(getValue "$1" "$2" "$3" "size") + + echo "$size" + return 0 +} + +isMido() { + + local id="$1" + local lang="$2" + local sum + + [[ "${MIDO:-}" == [Nn]* ]] && return 1 + + sum=$(getMido "$id" "en" "sum") + [ -n "$sum" ] && return 0 + + return 1 +} + +isESD() { + + local id="$1" + local lang="$2" + + [[ "${ESD:-}" == [Nn]* ]] && return 1 + + case "${id,,}" in + "win11${PLATFORM,,}" | "win10${PLATFORM,,}" ) + return 0 + ;; + "win11${PLATFORM,,}-enterprise" | "win11${PLATFORM,,}-enterprise-eval") + return 0 + ;; + "win10${PLATFORM,,}-enterprise" | "win10${PLATFORM,,}-enterprise-eval" ) + return 0 + ;; + esac + + return 1 +} + +validVersion() { + + local id="$1" + local lang="$2" + local url + + isESD "$id" "$lang" && return 0 + isMido "$id" "$lang" && return 0 + + for ((i=1;i<=MIRRORS;i++)); do + + url=$(getLink "$i" "$id" "$lang") + [ -n "$url" ] && return 0 + + done + + return 1 +} + +addFolder() { + + local src="$1" + local folder="/oem" + + [ ! -d "$folder" ] && folder="/OEM" + [ ! -d "$folder" ] && folder="$STORAGE/oem" + [ ! -d "$folder" ] && folder="$STORAGE/OEM" + [ ! -d "$folder" ] && return 0 + + local msg="Adding OEM folder to image..." + info "$msg" && html "$msg" + + local dest="$src/\$OEM\$/\$1/OEM" + mkdir -p "$dest" || return 1 + cp -Lr "$folder/." "$dest" || return 1 + + local file + file=$(find "$dest" -maxdepth 1 -type f -iname install.bat -print -quit) + [ -f "$file" ] && unix2dos -q "$file" + + return 0 +} + +prepareInstall() { + + local pid="" + local file="" + local dir="$2" + local desc="$3" + local driver="$4" + local drivers="/tmp/drivers" + + ETFS="[BOOT]/Boot-NoEmul.img" + + if [ ! -f "$dir/$ETFS" ] || [ ! -s "$dir/$ETFS" ]; then + error "Failed to locate file \"$ETFS\" in $desc ISO image!" && return 1 + fi + + local arch target + [ -d "$dir/AMD64" ] && arch="amd64" || arch="x86" + [[ "${arch,,}" == "x86" ]] && target="$dir/I386" || target="$dir/AMD64" + + if [ ! -d "$target" ]; then + error "Failed to locate directory \"$target\" in $desc ISO image!" && return 1 + fi + + if [[ "${driver,,}" == "xp" || "${driver,,}" == "2k3" ]]; then + + local msg="Adding drivers to image..." + info "$msg" && html "$msg" + + rm -rf "$drivers" + mkdir -p "$drivers" + + if ! bsdtar -xf /var/drivers.txz -C "$drivers"; then + error "Failed to extract drivers!" && return 1 + fi + + if [ ! -f "$drivers/viostor/$driver/$arch/viostor.sys" ]; then + error "Failed to locate required storage drivers!" && return 1 + fi + + cp -L "$drivers/viostor/$driver/$arch/viostor.sys" "$target" || return 1 + + mkdir -p "$dir/\$OEM\$/\$1/Drivers/viostor" || return 1 + cp -L "$drivers/viostor/$driver/$arch/viostor.cat" "$dir/\$OEM\$/\$1/Drivers/viostor" || return 1 + cp -L "$drivers/viostor/$driver/$arch/viostor.inf" "$dir/\$OEM\$/\$1/Drivers/viostor" || return 1 + cp -L "$drivers/viostor/$driver/$arch/viostor.sys" "$dir/\$OEM\$/\$1/Drivers/viostor" || return 1 + + if [ ! -f "$drivers/NetKVM/$driver/$arch/netkvm.sys" ]; then + error "Failed to locate required network drivers!" && return 1 + fi + + mkdir -p "$dir/\$OEM\$/\$1/Drivers/NetKVM" || return 1 + cp -L "$drivers/NetKVM/$driver/$arch/netkvm.cat" "$dir/\$OEM\$/\$1/Drivers/NetKVM" || return 1 + cp -L "$drivers/NetKVM/$driver/$arch/netkvm.inf" "$dir/\$OEM\$/\$1/Drivers/NetKVM" || return 1 + cp -L "$drivers/NetKVM/$driver/$arch/netkvm.sys" "$dir/\$OEM\$/\$1/Drivers/NetKVM" || return 1 + + file=$(find "$target" -maxdepth 1 -type f -iname TXTSETUP.SIF -print -quit) + + if [ -z "$file" ]; then + error "The file TXTSETUP.SIF could not be found!" && return 1 + fi + + sed -i '/^\[SCSI.Load\]/s/$/\nviostor=viostor.sys,4/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\nviostor.sys=1,,,,,,4_,4,1,,,1,4/' "$file" + sed -i '/^\[SCSI\]/s/$/\nviostor=\"Red Hat VirtIO SCSI Disk Device\"/' "$file" + sed -i '/^\[HardwareIdsDatabase\]/s/$/\nPCI\\VEN_1AF4\&DEV_1001\&SUBSYS_00000000=\"viostor\"/' "$file" + sed -i '/^\[HardwareIdsDatabase\]/s/$/\nPCI\\VEN_1AF4\&DEV_1001\&SUBSYS_00020000=\"viostor\"/' "$file" + sed -i '/^\[HardwareIdsDatabase\]/s/$/\nPCI\\VEN_1AF4\&DEV_1001\&SUBSYS_00021AF4=\"viostor\"/' "$file" + sed -i '/^\[HardwareIdsDatabase\]/s/$/\nPCI\\VEN_1AF4\&DEV_1001\&SUBSYS_00000000=\"viostor\"/' "$file" + + if [ ! -d "$drivers/sata/xp/$arch" ]; then + error "Failed to locate required SATA drivers!" && return 1 + fi + + mkdir -p "$dir/\$OEM\$/\$1/Drivers/sata" || return 1 + cp -Lr "$drivers/sata/xp/$arch/." "$dir/\$OEM\$/\$1/Drivers/sata" || return 1 + cp -Lr "$drivers/sata/xp/$arch/." "$target" || return 1 + + sed -i '/^\[SCSI.Load\]/s/$/\niaStor=iaStor.sys,4/' "$file" + sed -i '/^\[FileFlags\]/s/$/\niaStor.sys = 16/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaStor.cat = 1,,,,,,,1,0,0/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaStor.inf = 1,,,,,,,1,0,0/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaStor.sys = 1,,,,,,4_,4,1,,,1,4/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaStor.sys = 1,,,,,,,1,0,0/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaahci.cat = 1,,,,,,,1,0,0/' "$file" + sed -i '/^\[SourceDisksFiles.'"$arch"'\]/s/$/\niaAHCI.inf = 1,,,,,,,1,0,0/' "$file" + sed -i '/^\[SCSI\]/s/$/\niaStor=\"Intel\(R\) SATA RAID\/AHCI Controller\"/' "$file" + sed -i '/^\[HardwareIdsDatabase\]/s/$/\nPCI\\VEN_8086\&DEV_2922\&CC_0106=\"iaStor\"/' "$file" + + rm -rf "$drivers" + + fi + + local key setup + setup=$(find "$target" -maxdepth 1 -type f -iname setupp.ini -print -quit) + + if [ -n "$setup" ] && [ -z "$KEY" ]; then + + pid=$(<"$setup") + pid="${pid%$'\r'}" + + if [[ "$driver" == "2k" ]]; then + + echo "${pid:0:$((${#pid})) - 3}270" > "$setup" + + else + + if [[ "$pid" == *"270" ]]; then + + warn "this version of $desc requires a volume license key (VLK), it will ask for one during installation." + + else + + file=$(find "$target" -maxdepth 1 -type f -iname PID.INF -print -quit) + + if [ -n "$file" ]; then + + if [[ "$driver" == "2k3" ]]; then + + key=$(grep -i -A 2 "StagingKey" "$file" | tail -n 2 | head -n 1) + + else + + key="${pid:$((${#pid})) - 8:5}" + if [[ "${pid^^}" == *"OEM" ]]; then + key=$(grep -i -A 2 "$key" "$file" | tail -n 2 | head -n 1) + else + key=$(grep -i -m 1 -A 2 "$key" "$file" | tail -n 2 | head -n 1) + fi + key="${key#*= }" + + fi + + key="${key%$'\r'}" + [[ "${#key}" == "29" ]] && KEY="$key" + + fi + + if [ -z "$KEY" ]; then + + # These are NOT pirated keys, they come from official MS documentation. + + case "${driver,,}" in + "xp" ) + + if [[ "${arch,,}" == "x86" ]]; then + # Windows XP Professional x86 generic trial key (no activation) + KEY="DR8GV-C8V6J-BYXHG-7PYJR-DB66Y" + else + # Windows XP Professional x64 generic trial key (no activation) + KEY="B2RBK-7KPT9-4JP6X-QQFWM-PJD6G" + fi ;; + + "2k3" ) + + if [[ "${arch,,}" == "x86" ]]; then + # Windows Server 2003 Standard x86 generic trial key (no activation) + KEY="QKDCQ-TP2JM-G4MDG-VR6F2-P9C48" + else + # Windows Server 2003 Standard x64 generic trial key (no activation) + KEY="P4WJG-WK3W7-3HM8W-RWHCK-8JTRY" + fi ;; + + esac + + echo "${pid:0:$((${#pid})) - 3}000" > "$setup" + + fi + + fi + fi + + fi + + [ -n "$KEY" ] && KEY="ProductID=$KEY" + + mkdir -p "$dir/\$OEM\$" + + if ! addFolder "$dir"; then + error "Failed to add OEM folder to image!" && return 1 + fi + + local oem="" + local install="$dir/\$OEM\$/\$1/OEM/install.bat" + [ -f "$install" ] && oem="\"Script\"=\"cmd /C start \\\"Install\\\" \\\"cmd /C C:\\\\OEM\\\\install.bat\\\"\"" + + [ -z "$WIDTH" ] && WIDTH="1280" + [ -z "$HEIGHT" ] && HEIGHT="720" + + XHEX=$(printf '%x\n' "$WIDTH") + YHEX=$(printf '%x\n' "$HEIGHT") + + local username="" + local password="" + + [ -n "$USERNAME" ] && username=$(echo "$USERNAME" | sed 's/[^[:alnum:]@!._-]//g') + [ -z "$username" ] && username="Docker" + + [ -n "$PASSWORD" ] && password=$(echo "$PASSWORD" | sed 's/"//g') + [ -z "$password" ] && password="admin" + + find "$target" -maxdepth 1 -type f -iname winnt.sif -exec rm {} \; + + { echo "[Data]" + echo " AutoPartition=1" + echo " MsDosInitiated=\"0\"" + echo " UnattendedInstall=\"Yes\"" + echo " AutomaticUpdates=\"Yes\"" + echo "" + echo "[Unattended]" + echo " UnattendSwitch=Yes" + echo " UnattendMode=FullUnattended" + echo " FileSystem=NTFS" + echo " OemSkipEula=Yes" + echo " OemPreinstall=Yes" + echo " Repartition=Yes" + echo " WaitForReboot=\"No\"" + echo " DriverSigningPolicy=\"Ignore\"" + echo " NonDriverSigningPolicy=\"Ignore\"" + echo " OemPnPDriversPath=\"Drivers\viostor;Drivers\NetKVM;Drivers\sata\"" + echo " NoWaitAfterTextMode=1" + echo " NoWaitAfterGUIMode=1" + echo " FileSystem-ConvertNTFS" + echo " ExtendOemPartition=0" + echo " Hibernation=\"No\"" + echo "" + echo "[GuiUnattended]" + echo " OEMSkipRegional=1" + echo " OemSkipWelcome=1" + echo " AdminPassword=$password" + echo " TimeZone=0" + echo " AutoLogon=Yes" + echo " AutoLogonCount=65432" + echo "" + echo "[UserData]" + echo " FullName=\"$username\"" + echo " ComputerName=\"*\"" + echo " OrgName=\"$APP for $ENGINE\"" + echo " $KEY" + echo "" + echo "[Identification]" + echo " JoinWorkgroup = WORKGROUP" + echo "" + echo "[Display]" + echo " BitsPerPel=32" + echo " XResolution=$WIDTH" + echo " YResolution=$HEIGHT" + echo "" + echo "[Networking]" + echo " InstallDefaultComponents=Yes" + echo "" + echo "[Branding]" + echo " BrandIEUsingUnattended=Yes" + echo "" + echo "[URL]" + echo " Home_Page = http://www.google.com" + echo " Search_Page = http://www.google.com" + echo "" + echo "[TerminalServices]" + echo " AllowConnections=1" + echo "" + } | unix2dos > "$target/WINNT.SIF" + + if [[ "$driver" == "2k3" ]]; then + { echo "[Components]" + echo " TerminalServer=On" + echo "" + echo "[LicenseFilePrintData]" + echo " AutoMode=PerServer" + echo " AutoUsers=5" + echo "" + } | unix2dos >> "$target/WINNT.SIF" + fi + + { echo "Windows Registry Editor Version 5.00" + echo "" + echo "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security]" + echo "\"FirstRunDisabled\"=dword:00000001" + echo "\"UpdatesDisableNotify\"=dword:00000001" + echo "\"FirewallDisableNotify\"=dword:00000001" + echo "\"AntiVirusDisableNotify\"=dword:00000001" + echo "" + echo "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]" + echo "\"Start\"=dword:00000004" + echo "" + echo "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]" + echo "\"3389:TCP\"=\"3389:TCP:*:Enabled:@xpsp2res.dll,-22009\"" + echo "" + echo "[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]" + echo "\"RunCount\"=dword:00000000" + echo "" + echo "[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]" + echo "\"HideFileExt\"=dword:00000000" + echo "" + echo "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]" + echo "\"NoWelcomeScreen\"=\"1\"" + echo "" + echo "[HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]" + echo "\"Completed\"=\"1\"" + echo "\"Desktopchanged\"=\"1\"" + echo "" + echo "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]" + echo "\"AutoAdminLogon\"=\"1\"" + echo "\"DefaultUserName\"=\"$username\"" + echo "\"DefaultPassword\"=\"$password\"" + echo "\"DefaultDomainName\"=\"Dockur\"" + echo "" + echo "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\0000]" + echo "\"DefaultSettings.BitsPerPel\"=dword:00000020" + echo "\"DefaultSettings.XResolution\"=dword:00000$XHEX" + echo "\"DefaultSettings.YResolution\"=dword:00000$YHEX" + echo "" + echo "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{23A77BF7-ED96-40EC-AF06-9B1F4867732A}\0000]" + echo "\"DefaultSettings.BitsPerPel\"=dword:00000020" + echo "\"DefaultSettings.XResolution\"=dword:00000$XHEX" + echo "\"DefaultSettings.YResolution\"=dword:00000$YHEX" + echo "" + echo "[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]" + echo "\"ScreenSaver\"=\"reg add \\\"HKCU\\\\Control Panel\\\\Desktop\\\" /f /v \\\"SCRNSAVE.EXE\\\" /t REG_SZ /d \\\"off\\\"\"" + echo "\"ScreenSaverOff\"=\"reg add \\\"HKCU\\\\Control Panel\\\\Desktop\\\" /f /v \\\"ScreenSaveActive\\\" /t REG_SZ /d \\\"0\\\"\"" + echo "$oem" + echo "" + } | unix2dos > "$dir/\$OEM\$/install.reg" + + if [[ "$driver" == "2k" ]]; then + { echo "[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce]" + echo "\"^SetupICWDesktop\"=-" + echo "" + } | unix2dos >> "$dir/\$OEM\$/install.reg" + fi + + if [[ "$driver" == "2k3" ]]; then + { echo "[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\srvWiz]" + echo "@=dword:00000000" + echo "" + echo "[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ServerOOBE\SecurityOOBE]" + echo "\"DontLaunchSecurityOOBE\"=dword:00000000" + echo "" + } | unix2dos >> "$dir/\$OEM\$/install.reg" + fi + + { echo "Set WshShell = WScript.CreateObject(\"WScript.Shell\")" + echo "Set WshNetwork = WScript.CreateObject(\"WScript.Network\")" + echo "Set Domain = GetObject(\"WinNT://\" & WshNetwork.ComputerName)" + echo "" + echo "Function DecodeSID(binSID)" + echo " ReDim o(LenB(binSID))" + echo "" + echo " For i = 1 To LenB(binSID)" + echo " o(i-1) = AscB(MidB(binSID, i, 1))" + echo " Next" + echo "" + echo " sid = \"S-\" & CStr(o(0)) & \"-\" & OctetArrayToString _" + echo " (Array(o(2), o(3), o(4), o(5), o(6), o(7)))" + echo " For i = 8 To (4 * o(1) + 4) Step 4" + echo " sid = sid & \"-\" & OctetArrayToString _" + echo " (Array(o(i+3), o(i+2), o(i+1), o(i)))" + echo " Next" + echo "" + echo " DecodeSID = sid" + echo "End Function" + echo "" + echo "Function OctetArrayToString(arr)" + echo " v = 0" + echo " For i = 0 To UBound(arr)" + echo " v = v * 256 + arr(i)" + echo " Next" + echo "" + echo " OctetArrayToString = CStr(v)" + echo "End Function" + echo "" + echo "For Each DomainItem in Domain" + echo " If DomainItem.Class = \"User\" Then" + echo " sid = DecodeSID(DomainItem.Get(\"objectSID\"))" + echo " If Left(sid, 9) = \"S-1-5-21-\" And Right(sid, 4) = \"-500\" Then" + echo " LocalAdminADsPath = DomainItem.ADsPath" + echo " Exit For" + echo " End If" + echo " End If" + echo "Next" + echo "" + echo "Call Domain.MoveHere(LocalAdminADsPath, \"$username\")" + echo "" + echo "Set oLink = WshShell.CreateShortcut(WshShell.ExpandEnvironmentStrings(\"%userprofile%\\Desktop\\Shared.lnk\"))" + echo "With oLink" + echo " .TargetPath = \"\\\\host.lan\\Data\"" + echo " .Save" + echo "End With" + echo "Set oLink = Nothing" + echo "" + } | unix2dos > "$dir/\$OEM\$/install.vbs" + + { echo "[COMMANDS]" + echo "\"REGEDIT /s install.reg\"" + echo "\"Wscript install.vbs\"" + echo "" + } | unix2dos > "$dir/\$OEM\$/cmdlines.txt" + + return 0 +} + +prepareLegacy() { + + local iso="$1" + local dir="$2" + local desc="$3" + + ETFS="boot.img" + + [ -f "$dir/$ETFS" ] && [ -s "$dir/$ETFS" ] && return 0 + rm -f "$dir/$ETFS" + + local len offset + len=$(isoinfo -d -i "$iso" | grep "Nsect " | grep -o "[^ ]*$") + offset=$(isoinfo -d -i "$iso" | grep "Bootoff " | grep -o "[^ ]*$") + + if ! dd "if=$iso" "of=$dir/$ETFS" bs=2048 "count=$len" "skip=$offset" status=none; then + error "Failed to extract boot image from $desc ISO!" && return 1 + fi + + [ -f "$dir/$ETFS" ] && [ -s "$dir/$ETFS" ] && return 0 + + error "Failed to locate file \"$ETFS\" in $desc ISO image!" + return 1 +} + +detectLegacy() { + + local dir="$1" + local find + + find=$(find "$dir" -maxdepth 1 -type d -iname WIN95 -print -quit) + [ -n "$find" ] && DETECTED="win95" && return 0 + + find=$(find "$dir" -maxdepth 1 -type d -iname WIN98 -print -quit) + [ -n "$find" ] && DETECTED="win98" && return 0 + + find=$(find "$dir" -maxdepth 1 -type d -iname WIN9X -print -quit) + [ -n "$find" ] && DETECTED="win9x" && return 0 + + find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_W.40 -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_S.40 -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_TS.40 -print -quit) + [ -n "$find" ] && DETECTED="winnt4" && return 0 + + find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_NT.5 -print -quit) + + if [ -n "$find" ]; then + + find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_IA.5 -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_ID.5 -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_IP.5 -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname CDROM_IS.5 -print -quit) + [ -n "$find" ] && DETECTED="win2k" && return 0 + + fi + + find=$(find "$dir" -maxdepth 1 -iname WIN51 -print -quit) + + if [ -n "$find" ]; then + + find=$(find "$dir" -maxdepth 1 -type f -iname WIN51AP -print -quit) + [ -n "$find" ] && DETECTED="winxpx64" && return 0 + + find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IC -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IP -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname setupxp.htm -print -quit) + [ -n "$find" ] && DETECTED="winxpx86" && return 0 + + find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IS -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IA -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IB -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51ID -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IL -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51IS -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51AA -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51AD -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51AS -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51MA -print -quit) + [ -z "$find" ] && find=$(find "$dir" -maxdepth 1 -type f -iname WIN51MD -print -quit) + [ -n "$find" ] && DETECTED="win2003r2" && return 0 + + fi + + return 1 +} + +skipVersion() { + + local id="$1" + + case "${id,,}" in + "win9"* | "winxp"* | "win2k"* | "win2003"* ) + return 0 ;; + esac + + return 1 +} + +isCompatible() { + return 0 +} + +setMachine() { + + local id="$1" + local iso="$2" + local dir="$3" + local desc="$4" + + case "${id,,}" in + "win9"* ) + ETFS="[BOOT]/Boot-1.44M.img" ;; + "win2k"* ) + if ! prepareInstall "$iso" "$dir" "$desc" "2k"; then + error "Failed to prepare $desc ISO!" && return 1 + fi ;; + "winxp"* ) + if ! prepareInstall "$iso" "$dir" "$desc" "xp"; then + error "Failed to prepare $desc ISO!" && return 1 + fi ;; + "win2003"* ) + if ! prepareInstall "$iso" "$dir" "$desc" "2k3"; then + error "Failed to prepare $desc ISO!" && return 1 + fi ;; + esac + + case "${id,,}" in + "win9"* ) + USB="no" + VGA="cirrus" + DISK_TYPE="auto" + MACHINE="pc-i440fx-2.4" + BOOT_MODE="windows_legacy" + [ -z "${ADAPTER:-}" ] && ADAPTER="pcnet" ;; + "win2k"* ) + VGA="cirrus" + MACHINE="pc" + USB="pci-ohci" + DISK_TYPE="auto" + BOOT_MODE="windows_legacy" + [ -z "${ADAPTER:-}" ] && ADAPTER="rtl8139" ;; + "winxp"* | "win2003"* ) + DISK_TYPE="blk" + BOOT_MODE="windows_legacy" ;; + "winvista"* | "win7"* | "win2008"* ) + BOOT_MODE="windows_legacy" ;; + esac + + case "${id,,}" in + "winxp"* | "win2003"* | "winvistax86"* | "win7x86"* | "win2008r2x86"* ) + # Prevent bluescreen if 64 bit PCI hole size is >2G. + ARGS="-global q35-pcihost.x-pci-hole64-fix=false" ;; + esac + + return 0 +} + +return 0 diff --git a/apps/rego-tunnel/build/src/entry.sh b/apps/rego-tunnel/build/src/entry.sh new file mode 100755 index 0000000..0142440 --- /dev/null +++ b/apps/rego-tunnel/build/src/entry.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +: "${APP:="Windows"}" +: "${PLATFORM:="x64"}" +: "${BOOT_MODE:="windows"}" +: "${SUPPORT:="https://github.com/dockur/windows"}" + +cd /run + +. start.sh # Startup hook +. /run/rego-startup.sh 2>/dev/null || true # Rego customizations +. utils.sh # Load functions +. reset.sh # Initialize system +. server.sh # Start webserver +. define.sh # Define versions +. mido.sh # Download Windows +. install.sh # Run installation +. disk.sh # Initialize disks +. display.sh # Initialize graphics +. network.sh # Initialize network +. samba.sh # Configure samba +. boot.sh # Configure boot +. proc.sh # Initialize processor +. power.sh # Configure shutdown +. memory.sh # Check available memory +. config.sh # Configure arguments +. finish.sh # Finish initialization + +trap - ERR + +version=$(qemu-system-x86_64 --version | head -n 1 | cut -d '(' -f 1 | awk '{ print $NF }') +info "Booting ${APP}${BOOT_DESC} using QEMU v$version..." + +{ qemu-system-x86_64 ${ARGS:+ $ARGS} >"$QEMU_OUT" 2>"$QEMU_LOG"; rc=$?; } || : +(( rc != 0 )) && error "$(<"$QEMU_LOG")" && exit 15 + +terminal +( sleep 30; boot ) & +tail -fn +0 "$QEMU_LOG" --pid=$$ 2>/dev/null & +cat "$QEMU_TERM" 2> /dev/null | tee "$QEMU_PTY" | \ +sed -u -e 's/\x1B\[[=0-9;]*[a-z]//gi' \ +-e 's/\x1B\x63//g' -e 's/\x1B\[[=?]7l//g' \ +-e '/^$/d' -e 's/\x44\x53\x73//g' \ +-e 's/failed to load Boot/skipped Boot/g' \ +-e 's/0): Not Found/0)/g' & wait $! || : + +sleep 1 & wait $! +[ ! -f "$QEMU_END" ] && finish 0 diff --git a/apps/rego-tunnel/build/src/install.sh b/apps/rego-tunnel/build/src/install.sh new file mode 100755 index 0000000..7be2996 --- /dev/null +++ b/apps/rego-tunnel/build/src/install.sh @@ -0,0 +1,1336 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +ETFS="boot/etfsboot.com" +FB="falling back to manual installation!" +EFISYS="efi/microsoft/boot/efisys_noprompt.bin" + +backup () { + + local count=1 + local iso="$1" + local name="unknown" + local root="$STORAGE/backups" + local previous="$STORAGE/windows.base" + + if [ -f "$previous" ]; then + + previous=$(<"$previous") + previous="${previous//[![:print:]]/}" + + [ -n "$previous" ] && name="${previous%.*}" + + fi + + if ! makeDir "$root"; then + error "Failed to create directory \"$root\" !" + return 1 + fi + + local folder="$name" + local dir="$root/$folder" + + while [ -d "$dir" ] + do + count=$((count+1)) + folder="${name}.${count}" + dir="$root/$folder" + done + + rm -rf "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" + return 1 + fi + + [ -f "$iso" ] && mv -f "$iso" "$dir/" + find "$STORAGE" -maxdepth 1 -type f -iname 'data.*' -not -iname '*.iso' -exec mv -n {} "$dir/" \; + find "$STORAGE" -maxdepth 1 -type f -iname 'windows.*' -not -iname '*.iso' -exec mv -n {} "$dir/" \; + find "$STORAGE" -maxdepth 1 -type f \( -iname '*.rom' -or -iname '*.vars' \) -exec mv -n {} "$dir/" \; + + [ -z "$(ls -A "$dir")" ] && rm -rf "$dir" + [ -z "$(ls -A "$root")" ] && rm -rf "$root" + + return 0 +} + +skipInstall() { + + local iso="$1" + local method="" + local magic byte + local boot="$STORAGE/windows.boot" + local previous="$STORAGE/windows.base" + + if [ -f "$previous" ]; then + + previous=$(<"$previous") + previous="${previous//[![:print:]]/}" + + if [ -n "$previous" ]; then + if [[ "${STORAGE,,}/${previous,,}" != "${iso,,}" ]]; then + + if ! hasDisk; then + + rm -f "$STORAGE/$previous" + return 1 + + fi + + if [[ "${iso,,}" == "${STORAGE,,}/windows."* ]]; then + method="your custom .iso file was changed" + else + if [[ "${previous,,}" != "windows."* ]]; then + method="the VERSION variable was changed" + else + method="your custom .iso file was removed" + + if [ -f "$boot" ]; then + info "Detected that $method, will be ignored." + return 0 + fi + + fi + fi + + info "Detected that $method, a backup of your previous installation will be saved..." + ! backup "$STORAGE/$previous" && error "Backup failed!" + + return 1 + + fi + fi + + fi + + [ -f "$boot" ] && hasDisk && return 0 + + [ ! -f "$iso" ] && return 1 + [ ! -s "$iso" ] && return 1 + + # Check if the ISO was already processed by our script + magic=$(dd if="$iso" seek=0 bs=1 count=1 status=none | tr -d '\000') + magic="$(printf '%s' "$magic" | od -A n -t x1 -v | tr -d ' \n')" + byte="16" && [[ "$MANUAL" == [Yy1]* ]] && byte="17" + + if [[ "$magic" != "$byte" ]]; then + + info "The ISO will be processed again because the configuration was changed..." + return 1 + + fi + + return 0 +} + +startInstall() { + + html "Starting $APP..." + + if [ -z "$CUSTOM" ]; then + + local file="${VERSION//\//}.iso" + + if [[ "${VERSION,,}" == "http"* ]]; then + + file=$(basename "${VERSION%%\?*}") + printf -v file '%b' "${file//%/\\x}" + file="${file//[!A-Za-z0-9._-]/_}" + + else + + local language + language=$(getLanguage "$LANGUAGE" "culture") + language="${language%%-*}" + + if [ -n "$language" ] && [[ "${language,,}" != "en" ]]; then + file="${VERSION//\//}_${language,,}.iso" + fi + + fi + + BOOT="$STORAGE/$file" + + fi + + TMP="$STORAGE/tmp" + rm -rf "$TMP" + + skipInstall "$BOOT" && return 1 + + if hasDisk; then + ! backup "" && error "Backup failed!" + fi + + if ! makeDir "$TMP"; then + error "Failed to create directory \"$TMP\" !" + fi + + if [ -z "$CUSTOM" ]; then + + ISO=$(basename "$BOOT") + ISO="$TMP/$ISO" + + if [ -f "$BOOT" ] && [ -s "$BOOT" ]; then + mv -f "$BOOT" "$ISO" + fi + + fi + + rm -f "$BOOT" + + find "$STORAGE" -maxdepth 1 -type f -iname 'data.*' -not -iname '*.iso' -delete + find "$STORAGE" -maxdepth 1 -type f -iname 'windows.*' -not -iname '*.iso' -delete + find "$STORAGE" -maxdepth 1 -type f \( -iname '*.rom' -or -iname '*.vars' \) -delete + + return 0 +} + +writeFile() { + + local txt="$1" + local path="$2" + + echo "$txt" >"$path" + + if ! setOwner "$path"; then + error "Failed to set the owner for \"$path\" !" + fi + + return 0 +} + +finishInstall() { + + local iso="$1" + local aborted="$2" + local base byte + + if [ ! -s "$iso" ] || [ ! -f "$iso" ]; then + error "Failed to find ISO file: $iso" && return 1 + fi + + if [[ "$iso" == "$STORAGE/"* ]]; then + ! setOwner "$iso" && error "Failed to set the owner for \"$iso\" !" + fi + + if [[ "$aborted" != [Yy1]* ]]; then + # Mark ISO as prepared via magic byte + byte="16" && [[ "$MANUAL" == [Yy1]* ]] && byte="17" + if ! printf '%b' "\x$byte" | dd of="$iso" bs=1 seek=0 count=1 conv=notrunc status=none; then + warn "failed to set magic byte in ISO file: $iso" + fi + fi + + local file="$STORAGE/windows.ver" + cp -f /run/version "$file" + ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" + + if [[ "$iso" == "$STORAGE/"* ]]; then + if [[ "$aborted" != [Yy1]* ]] || [ -z "$CUSTOM" ]; then + base=$(basename "$iso") + file="$STORAGE/windows.base" + writeFile "$base" "$file" + fi + fi + + if [[ "${PLATFORM,,}" == "x64" ]]; then + if [[ "${BOOT_MODE,,}" == "windows_legacy" ]]; then + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" + if [[ "${MACHINE,,}" != "q35" ]]; then + file="$STORAGE/windows.old" + writeFile "$MACHINE" "$file" + fi + else + # Enable secure boot + TPM on manual installs as Win11 requires + if [[ "$MANUAL" == [Yy1]* || "$aborted" == [Yy1]* ]]; then + if [[ "${DETECTED,,}" == "win11"* ]]; then + BOOT_MODE="windows_secure" + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" + fi + fi + # Enable secure boot on multi-socket systems to workaround freeze + if [ -n "$SOCKETS" ] && [[ "$SOCKETS" != "1" ]]; then + BOOT_MODE="windows_secure" + file="$STORAGE/windows.mode" + writeFile "$BOOT_MODE" "$file" + fi + fi + fi + + if [ -n "${ARGS:-}" ]; then + ARGUMENTS="$ARGS ${ARGUMENTS:-}" + file="$STORAGE/windows.args" + writeFile "$ARGS" "$file" + fi + + if [ -n "${VGA:-}" ] && [[ "${VGA:-}" != "virtio"* ]]; then + file="$STORAGE/windows.vga" + writeFile "$VGA" "$file" + fi + + if [ -n "${USB:-}" ] && [[ "${USB:-}" != "qemu-xhci"* ]]; then + file="$STORAGE/windows.usb" + writeFile "$USB" "$file" + fi + + if [ -n "${DISK_TYPE:-}" ] && [[ "${DISK_TYPE:-}" != "scsi" ]]; then + file="$STORAGE/windows.type" + writeFile "$DISK_TYPE" "$file" + fi + + if [ -n "${ADAPTER:-}" ] && [[ "${ADAPTER:-}" != "virtio-net-pci" ]]; then + file="$STORAGE/windows.net" + writeFile "$ADAPTER" "$file" + fi + + rm -rf "$TMP" + return 0 +} + +abortInstall() { + + local dir="$1" + local iso="$2" + local efi + + [[ "${iso,,}" == *".esd" ]] && exit 60 + [[ "${UNPACK:-}" == [Yy1]* ]] && exit 60 + + efi=$(find "$dir" -maxdepth 1 -type d -iname efi -print -quit) + + if [ -z "$efi" ]; then + [[ "${PLATFORM,,}" == "x64" ]] && BOOT_MODE="windows_legacy" + fi + + if [ -n "$CUSTOM" ]; then + BOOT="$iso" + REMOVE="N" + else + if [[ "$iso" != "$BOOT" ]]; then + if ! mv -f "$iso" "$BOOT"; then + error "Failed to move ISO file: $iso" && return 1 + fi + fi + fi + + finishInstall "$BOOT" "Y" && return 0 + return 1 +} + +findFile() { + + local dir file base + local fname="$1" + local boot="$STORAGE/windows.boot" + + dir=$(find / -maxdepth 1 -type d -iname "$fname" -print -quit) + [ ! -d "$dir" ] && dir=$(find "$STORAGE" -maxdepth 1 -type d -iname "$fname" -print -quit) + + if [ -d "$dir" ]; then + if ! hasDisk || [ ! -f "$boot" ]; then + error "The bind $dir maps to a file that does not exist!" && return 1 + fi + fi + + file=$(find / -maxdepth 1 -type f -iname "$fname" -print -quit) + [ ! -s "$file" ] && file=$(find "$STORAGE" -maxdepth 1 -type f -iname "$fname" -print -quit) + + if [ ! -s "$file" ] && [[ "${VERSION,,}" != "http"* ]]; then + base=$(basename "$VERSION") + file="$STORAGE/$base" + fi + + if [ ! -f "$file" ] || [ ! -s "$file" ]; then + return 0 + fi + + local size + size="$(stat -c%s "$file")" + [ -z "$size" ] || [[ "$size" == "0" ]] && return 0 + + ISO="$file" + CUSTOM="$file" + BOOT="$STORAGE/windows.$size.iso" + + return 0 +} + +detectCustom() { + + CUSTOM="" + + ! findFile "custom.iso" && return 1 + [ -n "$CUSTOM" ] && return 0 + + ! findFile "boot.iso" && return 1 + [ -n "$CUSTOM" ] && return 0 + + return 0 +} + +extractESD() { + + local iso="$1" + local dir="$2" + local version="$3" + local desc="$4" + local size size_gb sizes space space_gb + local desc total total1 total2 total3 total4 + local imageIndex links links1 links2 links3 links4 + + local msg="Extracting $desc bootdisk" + info "$msg..." && html "$msg..." + + if [ "$(stat -c%s "$iso")" -lt 100000000 ]; then + error "Invalid ESD file: Size is smaller than 100 MB" && return 1 + fi + + rm -rf "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi + + size=9606127360 + size_gb=$(formatBytes "$size") + space=$(df --output=avail -B 1 "$dir" | tail -n 1) + space_gb=$(formatBytes "$space") + + if (( size > space )); then + error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1 + fi + + local esdImageCount + esdImageCount=$(wimlib-imagex info "$iso" | awk '/Image Count:/ {print $3}') + + if [ -z "$esdImageCount" ]; then + error "Cannot read the image count in ESD file!" && return 1 + fi + + sizes=$(wimlib-imagex info "$iso" | grep "Total Bytes:") + links=$(wimlib-imagex info "$iso" | grep "Hard Link Bytes:") + + total1=$(awk "NR==1{ print; }" <<< "$sizes" | cut -d':' -f2 | sed 's/^ *//') + links1=$(awk "NR==1{ print; }" <<< "$links" | cut -d':' -f2 | sed 's/^ *//') + total=$(( total1 - links1 )) + + total3=$(awk "NR==3{ print; }" <<< "$sizes" | cut -d':' -f2 | sed 's/^ *//') + links3=$(awk "NR==3{ print; }" <<< "$links" | cut -d':' -f2 | sed 's/^ *//') + total3=$(( total3 - links3 )) + total3=$(( total3 + 60000000 )) + + /run/progress.sh "$dir" "$total" "$msg ([P])..." & + + imageIndex="1" + wimlib-imagex apply "$iso" "$imageIndex" "$dir" --quiet 2>/dev/null || { + retVal=$? + fKill "progress.sh" + error "Extracting $desc bootdisk failed ($retVal)" && return 1 + } + + fKill "progress.sh" + + local bootWimFile="$dir/sources/boot.wim" + local installWimFile="$dir/sources/install.wim" + + local msg="Extracting $desc environment" + info "$msg..." && html "$msg..." + + imageIndex="2" + /run/progress.sh "$bootWimFile" "$total3" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$bootWimFile" --compress=none --quiet || { + retVal=$? + fKill "progress.sh" + error "Adding WinPE failed ($retVal)" && return 1 + } + + fKill "progress.sh" + + local msg="Extracting $desc setup" + info "$msg..." + + imageIndex="3" + /run/progress.sh "$bootWimFile" "$total3" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$bootWimFile" --compress=none --boot --quiet || { + retVal=$? + fKill "progress.sh" + error "Adding Windows Setup failed ($retVal)" && return 1 + } + + fKill "progress.sh" + + if [[ "${PLATFORM,,}" == "x64" ]]; then + LABEL="CCCOMA_X64FRE_EN-US_DV9" + else + LABEL="CPBA_A64FRE_EN-US_DV9" + fi + + local msg="Extracting $desc image" + info "$msg..." && html "$msg..." + + local edition imageEdition + edition=$(getCatalog "$version" "name") + + if [ -z "$edition" ]; then + error "Invalid VERSION specified, value \"$version\" is not recognized!" && return 1 + fi + + for (( imageIndex=4; imageIndex<=esdImageCount; imageIndex++ )); do + + imageEdition=$(wimlib-imagex info "$iso" "$imageIndex" | grep '^Description:' | sed 's/Description:[ \t]*//') + [[ "${imageEdition,,}" != "${edition,,}" ]] && continue + + total4=$(du -sb "$iso" | cut -f1) + total4=$(( total4 + 3000000 )) + + /run/progress.sh "$installWimFile" "$total4" "$msg ([P])..." & + + wimlib-imagex export "$iso" "$imageIndex" "$installWimFile" --compress=LZMS --chunk-size 128K --quiet || { + retVal=$? + fKill "progress.sh" + error "Addition of $imageIndex to the $desc image failed ($retVal)" && return 1 + } + + fKill "progress.sh" + return 0 + + done + + fKill "progress.sh" + error "Failed to find product '$edition' in install.wim!" && return 1 +} + +extractImage() { + + local iso="$1" + local dir="$2" + local version="$3" + local desc="local ISO" + local file size size_gb space space_gb + + if [ -z "$CUSTOM" ]; then + desc="downloaded ISO" + if [[ "$version" != "http"* ]]; then + desc=$(printVersion "$version" "$desc") + fi + fi + + if [[ "${iso,,}" == *".esd" ]]; then + extractESD "$iso" "$dir" "$version" "$desc" && return 0 + return 1 + fi + + local msg="Extracting $desc image" + info "$msg..." && html "$msg..." + + rm -rf "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi + + size=$(stat -c%s "$iso") + size_gb=$(formatBytes "$size") + space=$(df --output=avail -B 1 "$dir" | tail -n 1) + space_gb=$(formatBytes "$space") + + if (( size < 100000000 )); then + error "Invalid ISO file: Size is smaller than 100 MB" && return 1 + fi + + if (( size > space )); then + error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1 + fi + + rm -rf "$dir" + /run/progress.sh "$dir" "$size" "$msg ([P])..." & + + if ! 7z x "$iso" -o"$dir" > /dev/null; then + fKill "progress.sh" + error "Failed to extract ISO file: $iso" && return 1 + fi + + fKill "progress.sh" + + if [[ "${UNPACK:-}" != [Yy1]* ]]; then + + LABEL=$(isoinfo -d -i "$iso" | sed -n 's/Volume id: //p') + + else + + file=$(find "$dir" -maxdepth 1 -type f -iname "*.iso" -print -quit) + + if [ -z "$file" ]; then + error "Failed to find any .iso file in archive!" && return 1 + fi + + if ! 7z x "$file" -o"$dir" > /dev/null; then + error "Failed to extract archive!" && return 1 + fi + + LABEL=$(isoinfo -d -i "$file" | sed -n 's/Volume id: //p') + rm -f "$file" + + fi + + return 0 +} + +getPlatform() { + + local xml="$1" + local tag="ARCH" + local platform="x64" + local arch + + arch=$(sed -n "/$tag/{s/.*<$tag>\(.*\)<\/$tag>.*/\1/;p}" <<< "$xml") + + case "${arch,,}" in + "0" ) platform="x86" ;; + "9" ) platform="x64" ;; + "12" )platform="arm64" ;; + esac + + echo "$platform" + return 0 +} + +checkPlatform() { + + local xml="$1" + local platform compat + + platform=$(getPlatform "$xml") + + case "${platform,,}" in + "x86" ) compat="x64" ;; + "x64" ) compat="$platform" ;; + "arm64" ) compat="$platform" ;; + * ) compat="${PLATFORM,,}" ;; + esac + + [[ "${compat,,}" == "${PLATFORM,,}" ]] && return 0 + + error "You cannot boot ${platform^^} images on a $PLATFORM CPU!" + return 1 +} + +hasVersion() { + + local id="$1" + local tag="$2" + local xml="$3" + local edition + + [ ! -f "/run/assets/$id.xml" ] && return 1 + + edition=$(printEdition "$id" "") + [ -z "$edition" ] && return 1 + [[ "${xml,,}" != *"<${tag,,}>${edition,,}</${tag,,}>"* ]] && return 1 + + return 0 +} + +selectVersion() { + + local tag="$1" + local xml="$2" + local platform="$3" + local id name prefer + + name=$(sed -n "/$tag/{s/.*<$tag>\(.*\)<\/$tag>.*/\1/;p}" <<< "$xml") + [[ "$name" == *"Operating System"* ]] && name="" + [ -z "$name" ] && return 0 + + id=$(fromName "$name" "$platform") + [ -z "$id" ] && warn "Unknown ${tag,,}: '$name'" && return 0 + + prefer="$id-enterprise" + hasVersion "$prefer" "$tag" "$xml" && echo "$prefer" && return 0 + + prefer="$id-ultimate" + hasVersion "$prefer" "$tag" "$xml" && echo "$prefer" && return 0 + + prefer="$id" + hasVersion "$prefer" "$tag" "$xml" && echo "$prefer" && return 0 + + prefer=$(getVersion "$name" "$platform") + + echo "$prefer" + return 0 +} + +detectVersion() { + + local xml="$1" + local id platform + + platform=$(getPlatform "$xml") + id=$(selectVersion "DISPLAYNAME" "$xml" "$platform") + [ -z "$id" ] && id=$(selectVersion "PRODUCTNAME" "$xml" "$platform") + [ -z "$id" ] && id=$(selectVersion "NAME" "$xml" "$platform") + + echo "$id" + return 0 +} + +detectLanguage() { + + local xml="$1" + local lang="" + + if [[ "$xml" == *"LANGUAGE><DEFAULT>"* ]]; then + lang="${xml#*LANGUAGE><DEFAULT>}" + lang="${lang%%<*}" + else + if [[ "$xml" == *"FALLBACK><DEFAULT>"* ]]; then + lang="${xml#*FALLBACK><DEFAULT>}" + lang="${lang%%<*}" + fi + fi + + if [ -z "$lang" ]; then + warn "Language could not be detected from ISO!" && return 0 + fi + + local culture + culture=$(getLanguage "$lang" "culture") + [ -n "$culture" ] && LANGUAGE="$lang" && return 0 + + warn "Invalid language detected: \"$lang\"" + return 0 +} + +setXML() { + + local file="/custom.xml" + + if [ -d "$file" ]; then + error "The bind $file maps to a file that does not exist!" && exit 67 + fi + + [ ! -f "$file" ] || [ ! -s "$file" ] && file="$STORAGE/custom.xml" + [ ! -f "$file" ] || [ ! -s "$file" ] && file="/run/assets/custom.xml" + [ ! -f "$file" ] || [ ! -s "$file" ] && file="$1" + [ ! -f "$file" ] || [ ! -s "$file" ] && file="/run/assets/$DETECTED.xml" + [ ! -f "$file" ] || [ ! -s "$file" ] && return 1 + + XML="$file" + return 0 +} + +detectImage() { + + local dir="$1" + local version="$2" + local desc msg find language + + XML="" + + if [ -z "$DETECTED" ] && [ -z "$CUSTOM" ]; then + [[ "${version,,}" != "http"* ]] && DETECTED="$version" + fi + + if [ -n "$DETECTED" ]; then + + skipVersion "${DETECTED,,}" && return 0 + + if ! setXML "" && [[ "$MANUAL" != [Yy1]* ]]; then + MANUAL="Y" + desc=$(printEdition "$DETECTED" "this version") + warn "the answer file for $desc was not found ($DETECTED.xml), $FB." + fi + + return 0 + fi + + info "Detecting version from ISO image..." + + if detectLegacy "$dir"; then + desc=$(printEdition "$DETECTED" "$DETECTED") + info "Detected: $desc" + return 0 + fi + + local src wim info + src=$(find "$dir" -maxdepth 1 -type d -iname sources -print -quit) + + if [ ! -d "$src" ]; then + warn "failed to locate 'sources' folder in ISO image, $FB" && return 1 + fi + + wim=$(find "$src" -maxdepth 1 -type f \( -iname install.wim -or -iname install.esd \) -print -quit) + + if [ ! -f "$wim" ]; then + warn "failed to locate 'install.wim' or 'install.esd' in ISO image, $FB" && return 1 + fi + + info=$(wimlib-imagex info -xml "$wim" | iconv -f UTF-16LE -t UTF-8) + checkPlatform "$info" || exit 67 + + DETECTED=$(detectVersion "$info") + + if [ -z "$DETECTED" ]; then + msg="Failed to determine Windows version from image" + if setXML "" || [[ "$MANUAL" == [Yy1]* ]]; then + info "${msg}!" + else + MANUAL="Y" + warn "${msg}, $FB." + fi + return 0 + fi + + desc=$(printEdition "$DETECTED" "$DETECTED") + detectLanguage "$info" + + if [[ "${LANGUAGE,,}" != "en" && "${LANGUAGE,,}" != "en-"* ]]; then + language=$(getLanguage "$LANGUAGE" "desc") + desc+=" ($language)" + fi + + info "Detected: $desc" + setXML "" && return 0 + + if [[ "$DETECTED" == "win81x86"* || "$DETECTED" == "win10x86"* ]]; then + error "The 32-bit version of $desc is not supported!" && return 1 + fi + + msg="the answer file for $desc was not found ($DETECTED.xml)" + local fallback="/run/assets/${DETECTED%%-*}.xml" + + if setXML "$fallback" || [[ "$MANUAL" == [Yy1]* ]]; then + [[ "$MANUAL" != [Yy1]* ]] && warn "${msg}." + else + MANUAL="Y" + warn "${msg}, $FB." + fi + + return 0 +} + +prepareImage() { + + local iso="$1" + local dir="$2" + local desc missing + + desc=$(printVersion "$DETECTED" "$DETECTED") + + setMachine "$DETECTED" "$iso" "$dir" "$desc" || return 1 + skipVersion "$DETECTED" && return 0 + + if [[ "${BOOT_MODE,,}" != "windows_legacy" ]]; then + + [ -f "$dir/$ETFS" ] && [ -f "$dir/$EFISYS" ] && return 0 + + missing=$(basename "$dir/$EFISYS") + [ ! -f "$dir/$ETFS" ] && missing=$(basename "$dir/$ETFS") + + error "Failed to locate file \"${missing,,}\" in ISO image!" + return 1 + fi + + prepareLegacy "$iso" "$dir" "$desc" && return 0 + + error "Failed to extract boot image from ISO image!" + return 1 +} + +updateXML() { + + local asset="$1" + local language="$2" + local culture region user admin pass keyboard + + [ -z "$HEIGHT" ] && HEIGHT="720" + [ -z "$WIDTH" ] && WIDTH="1280" + + sed -i "s/>Windows for Docker</>$APP for $ENGINE</g" "$asset" + sed -i "s/<VerticalResolution>1080<\/VerticalResolution>/<VerticalResolution>$HEIGHT<\/VerticalResolution>/g" "$asset" + sed -i "s/<HorizontalResolution>1920<\/HorizontalResolution>/<HorizontalResolution>$WIDTH<\/HorizontalResolution>/g" "$asset" + + culture=$(getLanguage "$language" "culture") + + if [ -n "$culture" ] && [[ "${culture,,}" != "en-us" ]]; then + sed -i "s/<UILanguage>en-US<\/UILanguage>/<UILanguage>$culture<\/UILanguage>/g" "$asset" + fi + + region="$REGION" + [ -z "$region" ] && region="$culture" + + if [ -n "$region" ] && [[ "${region,,}" != "en-us" ]]; then + sed -i "s/<UserLocale>en-US<\/UserLocale>/<UserLocale>$region<\/UserLocale>/g" "$asset" + sed -i "s/<SystemLocale>en-US<\/SystemLocale>/<SystemLocale>$region<\/SystemLocale>/g" "$asset" + fi + + keyboard="$KEYBOARD" + [ -z "$keyboard" ] && keyboard="$culture" + + if [ -n "$keyboard" ] && [[ "${keyboard,,}" != "en-us" ]]; then + sed -i "s/<InputLocale>en-US<\/InputLocale>/<InputLocale>$keyboard<\/InputLocale>/g" "$asset" + sed -i "s/<InputLocale>0409:00000409<\/InputLocale>/<InputLocale>$keyboard<\/InputLocale>/g" "$asset" + fi + + user=$(echo "$USERNAME" | sed 's/[^[:alnum:]@!._-]//g') + + if [ -n "$user" ]; then + sed -i "s/-name \"Docker\"/-name \"$user\"/g" "$asset" + sed -i "s/<Name>Docker<\/Name>/<Name>$user<\/Name>/g" "$asset" + sed -i "s/where name=\"Docker\"/where name=\"$user\"/g" "$asset" + sed -i "s/<FullName>Docker<\/FullName>/<FullName>$user<\/FullName>/g" "$asset" + sed -i "s/<Username>Docker<\/Username>/<Username>$user<\/Username>/g" "$asset" + fi + + [ -n "$PASSWORD" ] && pass="$PASSWORD" || pass="admin" + + pw=$(printf '%s' "${pass}Password" | iconv -f utf-8 -t utf-16le | base64 -w 0) + admin=$(printf '%s' "${pass}AdministratorPassword" | iconv -f utf-8 -t utf-16le | base64 -w 0) + + sed -i "s/<Value>password<\/Value>/<Value>$admin<\/Value>/g" "$asset" + sed -i "s/<PlainText>true<\/PlainText>/<PlainText>false<\/PlainText>/g" "$asset" + sed -z "s/<Password>...........<Value \/>/<Password>\n <Value>$pw<\/Value>/g" -i "$asset" + sed -z "s/<Password>...............<Value \/>/<Password>\n <Value>$pw<\/Value>/g" -i "$asset" + sed -z "s/<AdministratorPassword>...........<Value \/>/<AdministratorPassword>\n <Value>$admin<\/Value>/g" -i "$asset" + sed -z "s/<AdministratorPassword>...............<Value \/>/<AdministratorPassword>\n <Value>$admin<\/Value>/g" -i "$asset" + + if [ -n "$EDITION" ]; then + [[ "${EDITION^^}" == "CORE" ]] && EDITION="STANDARDCORE" + sed -i "s/SERVERSTANDARD<\/Value>/SERVER${EDITION^^}<\/Value>/g" "$asset" + fi + + if [ -n "$KEY" ]; then + sed -i '/<ProductKey>/,/<\/ProductKey>/d' "$asset" + sed -i "s/<\/UserData>/ <ProductKey>\n <Key>${KEY}<\/Key>\n <WillShowUI>OnError<\/WillShowUI>\n <\/ProductKey>\n <\/UserData>/g" "$asset" + fi + + return 0 +} + +addDriver() { + + local id="$1" + local path="$2" + local target="$3" + local driver="$4" + local desc="" + local folder="" + + if [ -z "$id" ]; then + warn "no Windows version specified for \"$driver\" driver!" && return 0 + fi + + case "${id,,}" in + "win7x86"* ) folder="w7/x86" ;; + "win7x64"* ) folder="w7/amd64" ;; + "win81x64"* ) folder="w8.1/amd64" ;; + "win10x64"* ) folder="w10/amd64" ;; + "win11x64"* ) folder="w11/amd64" ;; + "win2025"* ) folder="2k25/amd64" ;; + "win2022"* ) folder="2k22/amd64" ;; + "win2019"* ) folder="2k19/amd64" ;; + "win2016"* ) folder="2k16/amd64" ;; + "win2012"* ) folder="2k12R2/amd64" ;; + "win2008"* ) folder="2k8R2/amd64" ;; + "win10arm64"* ) folder="w10/ARM64" ;; + "win11arm64"* ) folder="w11/ARM64" ;; + "winvistax86"* ) folder="2k8/x86" ;; + "winvistax64"* ) folder="2k8/amd64" ;; + esac + + if [ -z "$folder" ]; then + desc=$(printVersion "$id" "$id") + if [[ "${id,,}" != *"x86"* ]]; then + warn "no \"$driver\" driver available for \"$desc\" !" && return 0 + else + warn "no \"$driver\" driver available for the 32-bit version of \"$desc\" !" && return 0 + fi + fi + + [ ! -d "$path/$driver/$folder" ] && return 0 + + case "${id,,}" in + "winvista"* ) + [[ "${driver,,}" == "viorng" ]] && return 0 + ;; + esac + + local dest="$path/$target/$driver" + mkdir -p "$dest" || return 1 + cp -Lr "$path/$driver/$folder/." "$dest" || return 1 + + return 0 +} + +addDrivers() { + + local src="$1" + local tmp="$2" + local file="$3" + local index="$4" + local version="$5" + local drivers="$tmp/drivers" + + rm -rf "$drivers" + mkdir -p "$drivers" + + local msg="Adding drivers to image..." + info "$msg" && html "$msg" + + if [ -z "$version" ]; then + version="win11x64" + warn "Windows version unknown, falling back to Windows 11 drivers..." + fi + + if ! bsdtar -xf /var/drivers.txz -C "$drivers"; then + error "Failed to extract drivers from archive!" && return 1 + fi + + local target="\$WinPEDriver\$" + local dest="$drivers/$target" + mkdir -p "$dest" || return 1 + + wimlib-imagex update "$file" "$index" --command "delete --force --recursive /$target" >/dev/null || true + + addDriver "$version" "$drivers" "$target" "qxl" || return 1 + addDriver "$version" "$drivers" "$target" "viofs" || return 1 + addDriver "$version" "$drivers" "$target" "sriov" || return 1 + addDriver "$version" "$drivers" "$target" "smbus" || return 1 + addDriver "$version" "$drivers" "$target" "qxldod" || return 1 + addDriver "$version" "$drivers" "$target" "viorng" || return 1 + addDriver "$version" "$drivers" "$target" "viostor" || return 1 + addDriver "$version" "$drivers" "$target" "viomem" || return 1 + addDriver "$version" "$drivers" "$target" "NetKVM" || return 1 + addDriver "$version" "$drivers" "$target" "Balloon" || return 1 + addDriver "$version" "$drivers" "$target" "vioscsi" || return 1 + addDriver "$version" "$drivers" "$target" "pvpanic" || return 1 + addDriver "$version" "$drivers" "$target" "vioinput" || return 1 + addDriver "$version" "$drivers" "$target" "viogpudo" || return 1 + addDriver "$version" "$drivers" "$target" "vioserial" || return 1 + addDriver "$version" "$drivers" "$target" "qemupciserial" || return 1 + + case "${version,,}" in + "win11x64"* | "win2025"* ) + # Workaround Virtio GPU driver bug + local dst="$src/\$OEM\$/\$\$/Drivers" + mkdir -p "$dst" || return 1 + cp -Lr "$dest/." "$dst" || return 1 + rm -rf "$dest/viogpudo" + ;; + esac + + if ! wimlib-imagex update "$file" "$index" --command "add $dest /$target" >/dev/null; then + return 1 + fi + + rm -rf "$drivers" + return 0 +} + +updateImage() { + + local dir="$1" + local asset="$2" + local language="$3" + local tmp="/tmp/install" + local file="autounattend.xml" + local org="${file//.xml/.org}" + local dat="${file//.xml/.dat}" + local desc path src wim xml index result + + skipVersion "${DETECTED,,}" && return 0 + + if [ ! -s "$asset" ] || [ ! -f "$asset" ]; then + asset="" + if [[ "$MANUAL" != [Yy1]* ]]; then + MANUAL="Y" + warn "no answer file provided, $FB." + fi + fi + + rm -rf "$tmp" + mkdir -p "$tmp" + + src=$(find "$dir" -maxdepth 1 -type d -iname sources -print -quit) + + if [ ! -d "$src" ]; then + error "failed to locate 'sources' folder in ISO image, $FB" && return 1 + fi + + wim=$(find "$src" -maxdepth 1 -type f \( -iname boot.wim -or -iname boot.esd \) -print -quit) + + if [ ! -f "$wim" ]; then + error "failed to locate 'boot.wim' or 'boot.esd' in ISO image, $FB" && return 1 + fi + + index="1" + result=$(wimlib-imagex info -xml "$wim" | iconv -f UTF-16LE -t UTF-8) + + if [[ "${result^^}" == *"<IMAGE INDEX=\"2\">"* ]]; then + index="2" + fi + + if ! addDrivers "$src" "$tmp" "$wim" "$index" "$DETECTED"; then + error "Failed to add drivers to image!" + fi + + if ! addFolder "$src"; then + error "Failed to add OEM folder to image!" + fi + + if wimlib-imagex extract "$wim" "$index" "/$file" "--dest-dir=$tmp" >/dev/null 2>&1; then + if ! wimlib-imagex extract "$wim" "$index" "/$dat" "--dest-dir=$tmp" >/dev/null 2>&1; then + if ! wimlib-imagex extract "$wim" "$index" "/$org" "--dest-dir=$tmp" >/dev/null 2>&1; then + if ! wimlib-imagex update "$wim" "$index" --command "rename /$file /$org" > /dev/null; then + warn "failed to backup original answer file ($file)." + fi + fi + fi + fi + + if [[ "$MANUAL" != [Yy1]* ]]; then + + xml=$(basename "$asset") + info "Adding $xml for automatic installation..." + + local answer="$tmp/$xml" + cp "$asset" "$answer" + updateXML "$answer" "$language" + + if ! wimlib-imagex update "$wim" "$index" --command "add $answer /$file" > /dev/null; then + MANUAL="Y" + warn "failed to add answer file ($xml) to ISO image, $FB" + else + wimlib-imagex update "$wim" "$index" --command "add $answer /$dat" > /dev/null || true + fi + + fi + + if [[ "$MANUAL" == [Yy1]* ]]; then + + wimlib-imagex update "$wim" "$index" --command "delete --force /$file" > /dev/null || true + + if wimlib-imagex extract "$wim" "$index" "/$org" "--dest-dir=$tmp" >/dev/null 2>&1; then + if ! wimlib-imagex update "$wim" "$index" --command "add $tmp/$org /$file" > /dev/null; then + warn "failed to restore original answer file ($org)." + fi + fi + + fi + + local find="$file" + [[ "$MANUAL" == [Yy1]* ]] && find="$org" + path=$(find "$dir" -maxdepth 1 -type f -iname "$find" -print -quit) + + if [ -f "$path" ]; then + if [[ "$MANUAL" != [Yy1]* ]]; then + mv -f "$path" "${path%.*}.org" + else + mv -f "$path" "${path%.*}.xml" + fi + fi + + rm -rf "$tmp" + return 0 +} + +removeImage() { + + local iso="$1" + + [ ! -f "$iso" ] && return 0 + [ -n "$CUSTOM" ] && return 0 + + rm -f "$iso" 2> /dev/null || warn "failed to remove $iso !" + + return 0 +} + +buildImage() { + + local dir="$1" + local failed="" + local cat="BOOT.CAT" + local log="/run/shm/iso.log" + local base size size_gb space space_gb desc + + if [ -f "$BOOT" ]; then + error "File $BOOT does already exist?!" && return 1 + fi + + base=$(basename "$BOOT") + local out="$TMP/${base%.*}.tmp" + rm -f "$out" + + desc=$(printVersion "$DETECTED" "ISO") + + local msg="Building $desc image" + info "$msg..." && html "$msg..." + + [ -z "$LABEL" ] && LABEL="Windows" + + if [ ! -f "$dir/$ETFS" ]; then + error "Failed to locate file \"$ETFS\" in ISO image!" && return 1 + fi + + size=$(du -h -b --max-depth=0 "$dir" | cut -f1) + size_gb=$(formatBytes "$size") + space=$(df --output=avail -B 1 "$TMP" | tail -n 1) + space_gb=$(formatBytes "$space") + + if (( size > space )); then + error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1 + fi + + /run/progress.sh "$out" "$size" "$msg ([P])..." & + + if [[ "${BOOT_MODE,,}" != "windows_legacy" ]]; then + + genisoimage -o "$out" -b "$ETFS" -no-emul-boot -c "$cat" -iso-level 4 -J -l -D -N -joliet-long -relaxed-filenames -V "${LABEL::30}" \ + -udf -boot-info-table -eltorito-alt-boot -eltorito-boot "$EFISYS" -no-emul-boot -allow-limited-size -quiet "$dir" 2> "$log" || failed="y" + + else + + case "${DETECTED,,}" in + "win2k"* | "winxp"* | "win2003"* ) + genisoimage -o "$out" -b "$ETFS" -no-emul-boot -boot-load-seg 1984 -boot-load-size 4 -c "$cat" -iso-level 2 -J -l -D -N -joliet-long \ + -relaxed-filenames -V "${LABEL::30}" -quiet "$dir" 2> "$log" || failed="y" ;; + "win9"* ) + genisoimage -o "$out" -b "$ETFS" -J -r -V "${LABEL::30}" -quiet "$dir" 2> "$log" || failed="y" ;; + * ) + genisoimage -o "$out" -b "$ETFS" -no-emul-boot -c "$cat" -iso-level 2 -J -l -D -N -joliet-long -relaxed-filenames -V "${LABEL::30}" \ + -udf -allow-limited-size -quiet "$dir" 2> "$log" || failed="y" ;; + esac + + fi + + fKill "progress.sh" + + if [ -n "$failed" ]; then + [ -s "$log" ] && echo "$(<"$log")" + error "Failed to build image!" && return 1 + fi + + local error="" + local hide="Warning: creating filesystem that does not conform to ISO-9660." + + [ -s "$log" ] && error="$(<"$log")" + [[ "$error" != "$hide" ]] && echo "$error" + + mv -f "$out" "$BOOT" || return 1 + ! setOwner "$BOOT" && error "Failed to set the owner for \"$BOOT\" !" + + return 0 +} + +bootWindows() { + + if [ -f "$STORAGE/windows.args" ]; then + ARGS=$(<"$STORAGE/windows.args") + ARGS="${ARGS//[![:print:]]/}" + ARGUMENTS="$ARGS ${ARGUMENTS:-}" + fi + + if [ -s "$STORAGE/windows.vga" ] && [ -f "$STORAGE/windows.vga" ]; then + if [ -z "${VGA:-}" ]; then + VGA=$(<"$STORAGE/windows.vga") + VGA="${VGA//[![:print:]]/}" + fi + fi + + if [ -s "$STORAGE/windows.usb" ] && [ -f "$STORAGE/windows.usb" ]; then + if [ -z "${USB:-}" ]; then + USB=$(<"$STORAGE/windows.usb") + USB="${USB//[![:print:]]/}" + fi + fi + + if [ -s "$STORAGE/windows.net" ] && [ -f "$STORAGE/windows.net" ]; then + if [ -z "${ADAPTER:-}" ]; then + ADAPTER=$(<"$STORAGE/windows.net") + ADAPTER="${ADAPTER//[![:print:]]/}" + fi + fi + + if [ -s "$STORAGE/windows.type" ] && [ -f "$STORAGE/windows.type" ]; then + if [ -z "${DISK_TYPE:-}" ]; then + DISK_TYPE=$(<"$STORAGE/windows.type") + DISK_TYPE="${DISK_TYPE//[![:print:]]/}" + fi + fi + + if [ -s "$STORAGE/windows.mode" ] && [ -f "$STORAGE/windows.mode" ]; then + BOOT_MODE=$(<"$STORAGE/windows.mode") + BOOT_MODE="${BOOT_MODE//[![:print:]]/}" + fi + + if [ -s "$STORAGE/windows.old" ] && [ -f "$STORAGE/windows.old" ]; then + if [[ "${PLATFORM,,}" == "x64" ]]; then + MACHINE=$(<"$STORAGE/windows.old") + MACHINE="${MACHINE//[![:print:]]/}" + fi + fi + + return 0 +} + +###################################### + +! parseVersion && exit 58 +! parseLanguage && exit 56 +! detectCustom && exit 59 + +if ! startInstall; then + bootWindows && return 0 + exit 68 +fi + +if [ ! -s "$ISO" ] || [ ! -f "$ISO" ]; then + if ! downloadImage "$ISO" "$VERSION" "$LANGUAGE"; then + rm -f "$ISO" 2> /dev/null || true + exit 61 + fi +fi + +DIR="$TMP/unpack" + +if ! extractImage "$ISO" "$DIR" "$VERSION"; then + rm -f "$ISO" 2> /dev/null || true + exit 62 +fi + +if ! detectImage "$DIR" "$VERSION"; then + abortInstall "$DIR" "$ISO" && return 0 + exit 60 +fi + +if ! prepareImage "$ISO" "$DIR"; then + abortInstall "$DIR" "$ISO" && return 0 + exit 66 +fi + +if ! updateImage "$DIR" "$XML" "$LANGUAGE"; then + abortInstall "$DIR" "$ISO" && return 0 + exit 63 +fi + +if ! removeImage "$ISO"; then + exit 64 +fi + +if ! buildImage "$DIR"; then + exit 65 +fi + +if ! finishInstall "$BOOT" "N"; then + exit 69 +fi + +html "Successfully prepared image for installation..." +return 0 diff --git a/apps/rego-tunnel/build/src/mido.sh b/apps/rego-tunnel/build/src/mido.sh new file mode 100755 index 0000000..369fc17 --- /dev/null +++ b/apps/rego-tunnel/build/src/mido.sh @@ -0,0 +1,834 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +handle_curl_error() { + + local error_code="$1" + local server_name="$2" + + case "$error_code" in + 1) error "Unsupported protocol!" ;; + 2) error "Failed to initialize curl!" ;; + 3) error "The URL format is malformed!" ;; + 5) error "Failed to resolve address of proxy host!" ;; + 6) error "Failed to resolve $server_name servers! Is there an Internet connection?" ;; + 7) error "Failed to contact $server_name servers! Is there an Internet connection or is the server down?" ;; + 8) error "$server_name servers returned a malformed HTTP response!" ;; + 16) error "A problem was detected in the HTTP2 framing layer!" ;; + 22) error "$server_name servers returned a failing HTTP status code!" ;; + 23) error "Failed at writing Windows media to disk! Out of disk space or permission error?" ;; + 26) error "Failed to read Windows media from disk!" ;; + 27) error "Ran out of memory during download!" ;; + 28) error "Connection timed out to $server_name server!" ;; + 35) error "SSL connection error from $server_name server!" ;; + 36) error "Failed to continue earlier download!" ;; + 52) error "Received no data from the $server_name server!" ;; + 63) error "$server_name servers returned an unexpectedly large response!" ;; + # POSIX defines exit statuses 1-125 as usable by us + # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_08_02 + $((error_code <= 125))) + # Must be some other server or network error (possibly with this specific request/file) + # This is when accounting for all possible errors in the curl manual assuming a correctly formed curl command and an HTTP(S) request, using only the curl features we're using, and a sane build + error "Miscellaneous server or network error, reason: $error_code" + ;; + 126 | 127 ) error "Curl command not found!" ;; + # Exit statuses are undefined by POSIX beyond this point + *) + case "$(kill -l "$error_code")" in + # Signals defined to exist by POSIX: + # https://pubs.opengroup.org/onlinepubs/009695399/basedefs/signal.h.html + INT) error "Curl was interrupted!" ;; + # There could be other signals but these are most common + SEGV | ABRT ) error "Curl crashed! Please report any core dumps to curl developers." ;; + *) error "Curl terminated due to fatal signal $error_code !" ;; + esac + esac + + return 1 +} + +get_agent() { + + local user_agent + + # Determine approximate latest Firefox release + browser_version="$((124 + ($(date +%s) - 1710892800) / 2419200))" + echo "Mozilla/5.0 (X11; Linux x86_64; rv:${browser_version}.0) Gecko/20100101 Firefox/${browser_version}.0" + + return 0 +} + +download_windows() { + + local id="$1" + local lang="$2" + local desc="$3" + local sku_id="" + local sku_url="" + local iso_url="" + local iso_json="" + local language="" + local session_id="" + local user_agent="" + local download_type="" + local windows_version="" + local iso_download_link="" + local download_page_html="" + local product_edition_id="" + local language_skuid_json="" + local profile="606624d44113" + + user_agent=$(get_agent) + language=$(getLanguage "$lang" "name") + + case "${id,,}" in + "win11x64" ) windows_version="11" && download_type="1" ;; + "win10x64" ) windows_version="10" && download_type="1" ;; + "win11arm64" ) windows_version="11arm64" && download_type="2" ;; + * ) error "Invalid VERSION specified, value \"$id\" is not recognized!" && return 1 ;; + esac + + local url="https://www.microsoft.com/en-us/software-download/windows$windows_version" + [[ "${id,,}" == "win10"* ]] && url+="ISO" + + # uuidgen: For MacOS (installed by default) and other systems (e.g. with no /proc) that don't have a kernel interface for generating random UUIDs + session_id=$(cat /proc/sys/kernel/random/uuid 2> /dev/null || uuidgen --random) + session_id="${session_id//[![:print:]]/}" + + # Get product edition ID for latest release of given Windows version + # Product edition ID: This specifies both the Windows release (e.g. 22H2) and edition ("multi-edition" is default, either Home/Pro/Edu/etc., we select "Pro" in the answer files) in one number + # This is the *only* request we make that Fido doesn't. Fido manually maintains a list of all the Windows release/edition product edition IDs in its script (see: $WindowsVersions array). This is helpful for downloading older releases (e.g. Windows 10 1909, 21H1, etc.) but we always want to get the newest release which is why we get this value dynamically + # Also, keeping a "$WindowsVersions" array like Fido does would be way too much of a maintenance burden + # Remove "Accept" header that curl sends by default + [[ "$DEBUG" == [Yy1]* ]] && echo "Parsing download page: ${url}" + download_page_html=$(curl --silent --max-time 30 --user-agent "$user_agent" --header "Accept:" --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url") || { + handle_curl_error "$?" "Microsoft" + return $? + } + + [[ "$DEBUG" == [Yy1]* ]] && echo -n "Getting Product edition ID: " + product_edition_id=$(echo "$download_page_html" | grep -Eo '<option value="[0-9]+">Windows' | cut -d '"' -f 2 | head -n 1 | tr -cd '0-9' | head -c 16) + [[ "$DEBUG" == [Yy1]* ]] && echo "$product_edition_id" + + if [ -z "$product_edition_id" ]; then + error "Product edition ID not found!" + return 1 + fi + + [[ "$DEBUG" == [Yy1]* ]] && echo "Permit Session ID: $session_id" + # Permit Session ID + curl --silent --max-time 30 --output /dev/null --user-agent "$user_agent" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "https://vlscppe.microsoft.com/tags?org_id=y6jn8c31&session_id=$session_id" || { + # This should only happen if there's been some change to how this API works + handle_curl_error "$?" "Microsoft" + return $? + } + + [[ "$DEBUG" == [Yy1]* ]] && echo -n "Getting language SKU ID: " + sku_url="https://www.microsoft.com/software-download-connector/api/getskuinformationbyproductedition?profile=$profile&ProductEditionId=$product_edition_id&SKU=undefined&friendlyFileName=undefined&Locale=en-US&sessionID=$session_id" + language_skuid_json=$(curl --silent --max-time 30 --request GET --user-agent "$user_agent" --referer "$url" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "$sku_url") || { + handle_curl_error "$?" "Microsoft" + return $? + } + + { sku_id=$(echo "$language_skuid_json" | jq --arg LANG "$language" -r '.Skus[] | select(.Language==$LANG).Id') 2>/dev/null; rc=$?; } || : + + if [ -z "$sku_id" ] || [[ "${sku_id,,}" == "null" ]] || (( rc != 0 )); then + language=$(getLanguage "$lang" "desc") + error "No download in the $language language available for $desc!" + return 1 + fi + + [[ "$DEBUG" == [Yy1]* ]] && echo "$sku_id" + [[ "$DEBUG" == [Yy1]* ]] && echo "Getting ISO download link..." + + # Get ISO download link + # If any request is going to be blocked by Microsoft it's always this last one (the previous requests always seem to succeed) + + iso_url="https://www.microsoft.com/software-download-connector/api/GetProductDownloadLinksBySku?profile=$profile&ProductEditionId=undefined&SKU=$sku_id&friendlyFileName=undefined&Locale=en-US&sessionID=$session_id" + iso_json=$(curl --silent --max-time 30 --request GET --user-agent "$user_agent" --referer "$url" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_url") + + if ! [ "$iso_json" ]; then + # This should only happen if there's been some change to how this API works + error "Microsoft servers gave us an empty response to our request for an automated download." + return 1 + fi + + if echo "$iso_json" | grep -q "Sentinel marked this request as rejected."; then + error "Microsoft blocked the automated download request based on your IP address." + return 1 + fi + + if echo "$iso_json" | grep -q "We are unable to complete your request at this time."; then + error "Microsoft blocked the automated download request based on your IP address." + return 1 + fi + + { iso_download_link=$(echo "$iso_json" | jq --argjson TYPE "$download_type" -r '.ProductDownloadOptions[] | select(.DownloadType==$TYPE).Uri') 2>/dev/null; rc=$?; } || : + + if [ -z "$iso_download_link" ] || [[ "${iso_download_link,,}" == "null" ]] || (( rc != 0 )); then + error "Microsoft servers gave us no download link to our request for an automated download!" + info "Response: $iso_json" + return 1 + fi + + MIDO_URL="$iso_download_link" + return 0 +} + +download_windows_eval() { + + local id="$1" + local lang="$2" + local desc="$3" + local filter="" + local culture="" + local compare="" + local language="" + local user_agent="" + local enterprise_type="" + local windows_version="" + + case "${id,,}" in + "win11${PLATFORM,,}-enterprise-eval" ) + enterprise_type="enterprise" + windows_version="windows-11-enterprise" ;; + "win11${PLATFORM,,}-enterprise-iot-eval" ) + enterprise_type="iot" + windows_version="windows-11-iot-enterprise-ltsc-eval" ;; + "win11${PLATFORM,,}-enterprise-ltsc-eval" ) + enterprise_type="iot" + windows_version="windows-11-iot-enterprise-ltsc-eval" ;; + "win10${PLATFORM,,}-enterprise-eval" ) + enterprise_type="enterprise" + windows_version="windows-10-enterprise" ;; + "win10${PLATFORM,,}-enterprise-ltsc-eval" ) + enterprise_type="ltsc" + windows_version="windows-10-enterprise" ;; + "win2025-eval" ) + enterprise_type="server" + windows_version="windows-server-2025" ;; + "win2022-eval" ) + enterprise_type="server" + windows_version="windows-server-2022" ;; + "win2019-hv" ) + enterprise_type="server" + windows_version="hyper-v-server-2019" ;; + "win2019-eval" ) + enterprise_type="server" + windows_version="windows-server-2019" ;; + "win2016-eval" ) + enterprise_type="server" + windows_version="windows-server-2016" ;; + "win2012r2-eval" ) + enterprise_type="server" + windows_version="windows-server-2012-r2" ;; + * ) + error "Invalid VERSION specified, value \"$id\" is not recognized!" && return 1 ;; + esac + + user_agent=$(get_agent) + culture=$(getLanguage "$lang" "culture") + + local country="${culture#*-}" + local iso_download_page_html="" + local url="https://www.microsoft.com/en-us/evalcenter/download-$windows_version" + + [[ "$DEBUG" == [Yy1]* ]] && echo "Parsing download page: ${url}" + iso_download_page_html=$(curl --silent --max-time 30 --user-agent "$user_agent" --location --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url") || { + handle_curl_error "$?" "Microsoft" + return $? + } + + if ! [ "$iso_download_page_html" ]; then + # This should only happen if there's been some change to where this download page is located + error "Windows server download page gave us an empty response" + return 1 + fi + + [[ "$DEBUG" == [Yy1]* ]] && echo "Getting download link.." + + filter="https://go.microsoft.com/fwlink/?linkid=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country,,}" + + if ! echo "$iso_download_page_html" | grep -io "$filter" > /dev/null; then + filter="https://go.microsoft.com/fwlink/p/?linkid=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country,,}" + fi + + iso_download_links=$(echo "$iso_download_page_html" | grep -io "$filter") || { + # This should only happen if there's been some change to the download endpoint web address + if [[ "${lang,,}" == "en" || "${lang,,}" == "en-"* ]]; then + error "Windows server download page gave us no download link!" + else + language=$(getLanguage "$lang" "desc") + error "No download in the $language language available for $desc!" + fi + return 1 + } + + case "$enterprise_type" in + "iot" | "ltsc" ) + case "${PLATFORM,,}" in + "x64" ) + if [[ "$windows_version" != "windows-10"* ]]; then + iso_download_link=$(echo "$iso_download_links" | head -n 1) + else + iso_download_link=$(echo "$iso_download_links" | head -n 4 | tail -n 1) + fi ;; + "arm64" ) + iso_download_link=$(echo "$iso_download_links" | head -n 2 | tail -n 1) ;; + esac ;; + "enterprise" ) + case "${PLATFORM,,}" in + "x64" ) + if [[ "$windows_version" != "windows-10"* ]]; then + iso_download_link=$(echo "$iso_download_links" | head -n 1) + else + iso_download_link=$(echo "$iso_download_links" | head -n 2 | tail -n 1) + fi ;; + "arm64" ) + iso_download_link=$(echo "$iso_download_links" | head -n 2 | tail -n 1) ;; + esac ;; + "server" ) + case "${PLATFORM,,}" in + "x64" ) + iso_download_link=$(echo "$iso_download_links" | head -n 1) ;; + esac ;; + * ) + error "Invalid type specified, value \"$enterprise_type\" is not recognized!" && return 1 ;; + esac + + [ -z "$iso_download_link" ] && error "Could not parse download link from page!" && return 1 + + # Follow redirect so proceeding log message is useful + # This is a request we make that Fido doesn't + + iso_download_link=$(curl --silent --max-time 30 --user-agent "$user_agent" --location --output /dev/null --silent --write-out "%{url_effective}" --head --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_download_link") || { + # This should only happen if the Microsoft servers are down + handle_curl_error "$?" "Microsoft" + return $? + } + + case "${PLATFORM,,}" in + "x64" ) + if [[ "${iso_download_link,,}" != *"x64"* ]]; then + echo "Found download link: $iso_download_link" + error "Download link is for the wrong platform? Please report this at $SUPPORT/issues" + return 1 + fi ;; + "arm64" ) + if [[ "${iso_download_link,,}" != *"a64"* && "${iso_download_link,,}" != *"arm64"* ]]; then + if [[ "$DEBUG" == [Yy1]* ]]; then + echo "Found download link: $iso_download_link" + echo "Link for ARM platform currently not available!" + fi + return 1 + fi ;; + esac + + if [[ "$DEBUG" == [Yy1]* && "$VERIFY" == [Yy1]* && "${lang,,}" == "en"* ]]; then + compare=$(getMido "$id" "$lang" "") + if [[ "${iso_download_link,,}" != "${compare,,}" ]]; then + echo "Retrieved link does not match the fixed link: $compare" + fi + fi + + MIDO_URL="$iso_download_link" + return 0 +} + +getWindows() { + + local version="$1" + local lang="$2" + local desc="$3" + + local language edition + language=$(getLanguage "$lang" "desc") + edition=$(printEdition "$version" "$desc") + + local msg="Requesting $desc from the Microsoft servers..." + info "$msg" && html "$msg" + + case "${version,,}" in + "win2008r2" | "win81${PLATFORM,,}"* | "win11${PLATFORM,,}-enterprise-iot"* | "win11${PLATFORM,,}-enterprise-ltsc"* ) + if [[ "${lang,,}" != "en" && "${lang,,}" != "en-"* ]]; then + error "No download in the $language language available for $edition!" + MIDO_URL="" && return 1 + fi ;; + esac + + case "${version,,}" in + "win11${PLATFORM,,}" ) ;; + "win11${PLATFORM,,}-enterprise"* ) ;; + * ) + if [[ "${PLATFORM,,}" != "x64" ]]; then + error "No download for the ${PLATFORM^^} platform available for $edition!" + MIDO_URL="" && return 1 + fi ;; + esac + + case "${version,,}" in + "win10${PLATFORM,,}" | "win11${PLATFORM,,}" ) + download_windows "$version" "$lang" "$edition" && return 0 + ;; + "win11${PLATFORM,,}-enterprise"* | "win10${PLATFORM,,}-enterprise"* ) + download_windows_eval "$version" "$lang" "$edition" && return 0 + ;; + "win2025-eval" | "win2022-eval" | "win2019-eval" | "win2019-hv" | "win2016-eval" | "win2012r2-eval" ) + download_windows_eval "$version" "$lang" "$edition" && return 0 + ;; + "win81${PLATFORM,,}-enterprise"* | "win2008r2" ) + ;; + * ) error "Invalid VERSION specified, value \"$version\" is not recognized!" ;; + esac + + MIDO_URL=$(getMido "$version" "$lang" "") + [ -z "$MIDO_URL" ] && return 1 + + return 0 +} + +getBuild() { + + local id="$1" + local ret="$2" + local url="" + local name="" + local build="$3" + local edition="" + local file="catalog.xml" + + case "${id,,}" in + "win11${PLATFORM,,}" ) + name="Windows 11 Pro" + url="https://worproject.com/dldserv/esd/getcatalog.php?build=${build}&arch=${PLATFORM^^}&edition=Professional" ;; + "win11${PLATFORM,,}-enterprise" | "win11${PLATFORM,,}-enterprise-eval") + name="Windows 11 Enterprise" + url="https://worproject.com/dldserv/esd/getcatalog.php?build=${build}&arch=${PLATFORM^^}&edition=Enterprise" ;; + esac + + case "${ret,,}" in + "url" ) echo "$url" ;; + "file" ) echo "$file" ;; + "name" ) echo "$name" ;; + "edition" ) echo "$edition" ;; + *) echo "";; + esac + + return 0 +} + +getCatalog() { + + local id="$1" + local ret="$2" + local url="" + local name="" + local edition="" + local file="catalog.cab" + + if [[ "${id,,}" == "win11"* ]] && ! isCompatible; then + # ARMv8.0 cannot run Windows 11 builds 24H2 and up. + getBuild "$1" "$2" "22631.2861" && return 0 + fi + + case "${id,,}" in + "win11${PLATFORM,,}" ) + edition="Professional" + name="Windows 11 Pro" + url="https://go.microsoft.com/fwlink?linkid=2156292" ;; + "win10${PLATFORM,,}" ) + edition="Professional" + name="Windows 10 Pro" + url="https://go.microsoft.com/fwlink/?LinkId=841361" ;; + "win11${PLATFORM,,}-enterprise" | "win11${PLATFORM,,}-enterprise-eval") + edition="Enterprise" + name="Windows 11 Enterprise" + url="https://go.microsoft.com/fwlink?linkid=2156292" ;; + "win10${PLATFORM,,}-enterprise" | "win10${PLATFORM,,}-enterprise-eval" ) + edition="Enterprise" + name="Windows 10 Enterprise" + url="https://go.microsoft.com/fwlink/?LinkId=841361" ;; + esac + + case "${ret,,}" in + "url" ) echo "$url" ;; + "file" ) echo "$file" ;; + "name" ) echo "$name" ;; + "edition" ) echo '[Edition="'"${edition}"'"]' ;; + *) echo "";; + esac + + return 0 +} + +getESD() { + + local dir="$1" + local version="$2" + local lang="$3" + local desc="$4" + local file + local result + local culture + local language + local edition + local catalog + + file=$(getCatalog "$version" "file") + catalog=$(getCatalog "$version" "url") + culture=$(getLanguage "$lang" "culture") + edition=$(getCatalog "$version" "edition") + + if [ -z "$file" ] || [ -z "$catalog" ]; then + error "Invalid VERSION specified, value \"$version\" is not recognized!" && return 1 + fi + + local msg="Downloading catalog..." + info "$msg" && html "$msg" + + rm -rf "$dir" + + if ! makeDir "$dir"; then + error "Failed to create directory \"$dir\" !" && return 1 + fi + + local xFile="products.xml" + local eFile="esd_edition.xml" + local fFile="products_filter.xml" + + { wget "$catalog" -O "$dir/$file" -q --timeout=30 --no-http-keep-alive; rc=$?; } || : + + msg="Failed to download $catalog" + (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1 + (( rc == 4 )) && error "$msg , network failure!" && return 1 + (( rc == 8 )) && error "$msg , server issued an error response!" && return 1 + (( rc != 0 )) && error "$msg , reason: $rc" && return 1 + + if [[ "$file" == *".xml" ]]; then + + mv -f "$dir/$file" "$dir/$xFile" + + else + + cd "$dir" + + if ! cabextract "$file" > /dev/null; then + cd /run + error "Failed to extract $file!" && return 1 + fi + + cd /run + + fi + + if [ ! -s "$dir/$xFile" ]; then + error "Failed to find $xFile in $file!" && return 1 + fi + + local edQuery='//File[Architecture="'${PLATFORM,,}'"]'"${edition}"'' + result=$(xmllint --nonet --xpath "${edQuery}" "$dir/$xFile" 2>/dev/null) + + if [ -z "$result" ]; then + + edQuery='//File[Architecture="'${PLATFORM^^}'"]'"${edition}"'' + + result=$(xmllint --nonet --xpath "${edQuery}" "$dir/$xFile" 2>/dev/null) + + if [ -z "$result" ]; then + desc=$(printEdition "$version" "$desc") + language=$(getLanguage "$lang" "desc") + error "No download link available for $desc!" && return 1 + fi + + fi + + echo -e '<Catalog>' > "$dir/$fFile" + echo "$result" >> "$dir/$fFile" + echo -e '</Catalog>'>> "$dir/$fFile" + + result=$(xmllint --nonet --xpath "//File[LanguageCode=\"${culture,,}\"]" "$dir/$fFile" 2>/dev/null) + + if [ -z "$result" ]; then + desc=$(printEdition "$version" "$desc") + language=$(getLanguage "$lang" "desc") + error "No download in the $language language available for $desc!" && return 1 + fi + + echo "$result" > "$dir/$eFile" + + local tag="FilePath" + ESD=$(xmllint --nonet --xpath "//$tag" "$dir/$eFile" | sed -E -e "s/<[\/]?$tag>//g" 2>/dev/null) + + if [ -z "$ESD" ]; then + error "Failed to find ESD URL in $eFile!" && return 1 + fi + + tag="Sha1" + ESD_SUM=$(xmllint --nonet --xpath "//$tag" "$dir/$eFile" | sed -E -e "s/<[\/]?$tag>//g" 2>/dev/null) + + if [ -z "$ESD_SUM" ]; then + error "Failed to find ESD checksum in $eFile!" && return 1 + fi + + tag="Size" + ESD_SIZE=$(xmllint --nonet --xpath "//$tag" "$dir/$eFile" | sed -E -e "s/<[\/]?$tag>//g" 2>/dev/null) + + if [ -z "$ESD_SIZE" ]; then + error "Failed to find ESD filesize in $eFile!" && return 1 + fi + + rm -rf "$dir" + return 0 +} + +isCompressed() { + + local file="$1" + + case "${file,,}" in + *".7z" | *".zip" | *".rar" | *".lzma" | *".bz" | *".bz2" ) + return 0 ;; + esac + + return 1 +} + +verifyFile() { + + local iso="$1" + local size="$2" + local total="$3" + local check="$4" + + if [ -n "$size" ] && [[ "$total" != "$size" && "$size" != "0" ]]; then + if [[ "$VERIFY" == [Yy1]* || "$DEBUG" == [Yy1]* ]]; then + warn "The downloaded file has a different size ( $total bytes) than expected ( $size bytes). Please report this at $SUPPORT/issues" + fi + fi + + local hash="" + local algo="SHA256" + + [ -z "$check" ] && return 0 + [[ "$VERIFY" != [Yy1]* ]] && return 0 + [[ "${#check}" == "40" ]] && algo="SHA1" + + local msg="Verifying downloaded ISO..." + info "$msg" && html "$msg" + + if [[ "${algo,,}" != "sha256" ]]; then + hash=$(sha1sum "$iso" | cut -f1 -d' ') + else + hash=$(sha256sum "$iso" | cut -f1 -d' ') + fi + + if [[ "$hash" == "$check" ]]; then + info "Successfully verified ISO!" && return 0 + fi + + error "The downloaded file has an unknown $algo checksum: $hash , as the expected value was: $check. Please report this at $SUPPORT/issues" + return 1 +} + +downloadFile() { + + local iso="$1" + local url="$2" + local sum="$3" + local size="$4" + local lang="$5" + local desc="$6" + local msg="Downloading $desc" + local rc total total_gb progress domain dots agent space folder + + agent=$(get_agent) + + if [ -n "$size" ] && [[ "$size" != "0" ]]; then + folder=$(dirname -- "$iso") + space=$(df --output=avail -B 1 "$folder" | tail -n 1) + total_gb=$(formatBytes "$space") + (( size > space )) && error "Not enough free space to download file, only $total_gb left!" && return 1 + fi + + # Check if running with interactive TTY or redirected to docker log + if [ -t 1 ]; then + progress="--progress=bar:noscroll" + else + progress="--progress=dot:giga" + fi + + html "$msg..." + /run/progress.sh "$iso" "$size" "$msg ([P])..." & + + domain=$(echo "$url" | awk -F/ '{print $3}') + dots=$(echo "$domain" | tr -cd '.' | wc -c) + (( dots > 1 )) && domain=$(expr "$domain" : '.*\.\(.*\..*\)') + + if [ -n "$domain" ] && [[ "${domain,,}" != *"microsoft.com" ]]; then + msg="Downloading $desc from $domain" + fi + + info "$msg..." + [[ "$DEBUG" == [Yy1]* ]] && echo "Downloading: $url" + + { wget "$url" -O "$iso" --continue -q --timeout=30 --no-http-keep-alive --user-agent "$agent" --show-progress "$progress"; rc=$?; } || : + + fKill "progress.sh" + + if (( rc == 0 )) && [ -f "$iso" ]; then + total=$(stat -c%s "$iso") + total_gb=$(formatBytes "$total") + if [ "$total" -lt 100000000 ]; then + error "Invalid download link: $url (is only $total_gb ?). Please report this at $SUPPORT/issues" && return 1 + fi + verifyFile "$iso" "$size" "$total" "$sum" || return 1 + isCompressed "$url" && UNPACK="Y" + html "Download finished successfully..." && return 0 + fi + + msg="Failed to download $url" + (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1 + (( rc == 4 )) && error "$msg , network failure!" && return 1 + (( rc == 8 )) && error "$msg , server issued an error response! Please report this at $SUPPORT/issues" && return 1 + + error "$msg , reason: $rc" + return 1 +} + +delay() { + + local i + local delay="$1" + local msg="Will retry in X seconds..." + + info "${msg/X/$delay}" + + for i in $(seq "$delay" -1 1); do + html "${msg/X/$i}" + sleep 1 + done + + return 0 +} + +downloadImage() { + + local iso="$1" + local version="$2" + local lang="$3" + local tried="n" + local success="n" + local seconds="5" + local url sum size base desc language + + if [[ "${version,,}" == "http"* ]]; then + + base=$(basename "$iso") + desc=$(fromFile "$base") + + rm -f "$iso" + downloadFile "$iso" "$version" "" "" "" "$desc" && return 0 + delay "$seconds" + downloadFile "$iso" "$version" "" "" "" "$desc" && return 0 + rm -f "$iso" + + return 1 + fi + + if ! validVersion "$version" "en"; then + error "Invalid VERSION specified, value \"$version\" is not recognized!" && return 1 + fi + + desc=$(printVersion "$version" "") + + if [[ "${lang,,}" != "en" && "${lang,,}" != "en-"* ]]; then + language=$(getLanguage "$lang" "desc") + if ! validVersion "$version" "$lang"; then + desc=$(printEdition "$version" "$desc") + error "The $language language version of $desc is not available, please switch to English." && return 1 + fi + desc+=" in $language" + fi + + if isMido "$version" "$lang"; then + + tried="y" + success="n" + + if getWindows "$version" "$lang" "$desc"; then + success="y" + else + delay "$seconds" + getWindows "$version" "$lang" "$desc" && success="y" + fi + + if [[ "$success" == "y" ]]; then + size=$(getMido "$version" "$lang" "size" ) + sum=$(getMido "$version" "$lang" "sum") + + rm -f "$iso" + downloadFile "$iso" "$MIDO_URL" "$sum" "$size" "$lang" "$desc" && return 0 + delay "$seconds" + downloadFile "$iso" "$MIDO_URL" "$sum" "$size" "$lang" "$desc" && return 0 + rm -f "$iso" + fi + fi + + switchEdition "$version" + + if isESD "$version" "$lang"; then + + if [[ "$tried" != "n" ]]; then + info "Failed to download $desc, will try a different method now..." + fi + + tried="y" + success="n" + + if getESD "$TMP/esd" "$version" "$lang" "$desc"; then + success="y" + else + delay "$seconds" + getESD "$TMP/esd" "$version" "$lang" "$desc" && success="y" + fi + + if [[ "$success" == "y" ]]; then + ISO="${ISO%.*}.esd" + + rm -f "$ISO" + downloadFile "$ISO" "$ESD" "$ESD_SUM" "$ESD_SIZE" "$lang" "$desc" && return 0 + delay "$seconds" + downloadFile "$ISO" "$ESD" "$ESD_SUM" "$ESD_SIZE" "$lang" "$desc" && return 0 + rm -f "$ISO" + ISO="$iso" + fi + + fi + + for ((i=1;i<=MIRRORS;i++)); do + + url=$(getLink "$i" "$version" "$lang") + + if [ -n "$url" ]; then + + if [[ "$tried" != "n" ]]; then + info "Failed to download $desc, will try another mirror now..." + fi + + tried="y" + size=$(getSize "$i" "$version" "$lang") + sum=$(getHash "$i" "$version" "$lang") + + rm -f "$iso" + downloadFile "$iso" "$url" "$sum" "$size" "$lang" "$desc" && return 0 + delay "$seconds" + downloadFile "$iso" "$url" "$sum" "$size" "$lang" "$desc" && return 0 + rm -f "$iso" + fi + + done + + return 1 +} + +return 0 diff --git a/apps/rego-tunnel/build/src/power.sh b/apps/rego-tunnel/build/src/power.sh new file mode 100755 index 0000000..2f56b72 --- /dev/null +++ b/apps/rego-tunnel/build/src/power.sh @@ -0,0 +1,241 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +: "${QEMU_TIMEOUT:="110"}" # QEMU Termination timeout + +# Configure QEMU for graceful shutdown + +QEMU_TERM="" +QEMU_DIR="/run/shm" +QEMU_PID="$QEMU_DIR/qemu.pid" +QEMU_PTY="$QEMU_DIR/qemu.pty" +QEMU_LOG="$QEMU_DIR/qemu.log" +QEMU_OUT="$QEMU_DIR/qemu.out" +QEMU_END="$QEMU_DIR/qemu.end" + +rm -f "$QEMU_DIR/qemu.*" +touch "$QEMU_LOG" + +_trap() { + func="$1" ; shift + for sig ; do + trap "$func $sig" "$sig" + done +} + +boot() { + + [ -f "$QEMU_END" ] && return 0 + + if [ -s "$QEMU_PTY" ]; then + if [ "$(stat -c%s "$QEMU_PTY")" -gt 7 ]; then + local fail="" + if [[ "${BOOT_MODE,,}" == "windows_legacy" ]]; then + grep -Fq "No bootable device." "$QEMU_PTY" && fail="y" + grep -Fq "BOOTMGR is missing" "$QEMU_PTY" && fail="y" + fi + if [ -z "$fail" ]; then + info "Windows started successfully, visit http://127.0.0.1:8006/ to view the screen..." + return 0 + fi + fi + fi + + error "Timeout while waiting for QEMU to boot the machine!" + + local pid + pid=$(<"$QEMU_PID") + { kill -15 "$pid" || true; } 2>/dev/null + + return 0 +} + +ready() { + + [ -f "$STORAGE/windows.boot" ] && return 0 + [ ! -s "$QEMU_PTY" ] && return 1 + + if [[ "${BOOT_MODE,,}" == "windows_legacy" ]]; then + local last + local bios="Booting from Hard" + last=$(grep "^Booting.*" "$QEMU_PTY" | tail -1) + [[ "${last,,}" != "${bios,,}"* ]] && return 1 + grep -Fq "No bootable device." "$QEMU_PTY" && return 1 + grep -Fq "BOOTMGR is missing" "$QEMU_PTY" && return 1 + return 0 + fi + + local line="\"Windows Boot Manager\"" + grep -Fq "$line" "$QEMU_PTY" && return 0 + + return 1 +} + +finish() { + + local pid + local cnt=0 + local reason=$1 + local pids=( + "/var/run/tpm.pid" + "/var/run/wsdd.pid" + "/var/run/samba/nmbd.pid" + "/var/run/samba/smbd.pid" + ) + + touch "$QEMU_END" + + if [ -s "$QEMU_PID" ]; then + + pid=$(<"$QEMU_PID") + echo && error "Forcefully terminating Windows, reason: $reason..." + { kill -15 "$pid" || true; } 2>/dev/null + + while isAlive "$pid"; do + + sleep 1 + cnt=$((cnt+1)) + + # Workaround for zombie pid + [ ! -s "$QEMU_PID" ] && break + + if [ "$cnt" == "5" ]; then + echo && error "QEMU did not terminate itself, forcefully killing process..." + { kill -9 "$pid" || true; } 2>/dev/null + fi + + done + + fi + + if [ ! -f "$STORAGE/windows.boot" ] && [ -f "$BOOT" ]; then + # Remove CD-ROM ISO after install + if ready; then + local file="$STORAGE/windows.boot" + touch "$file" + ! setOwner "$file" && error "Failed to set the owner for \"$file\" !" + if [[ "$REMOVE" != [Nn]* ]]; then + rm -f "$BOOT" 2>/dev/null || true + fi + fi + fi + + for pid in "${pids[@]}"; do + if [[ -s "$pid" ]]; then + pKill "$(cat "$pid")" + fi + rm -f "$pid" + done + + closeNetwork + + sleep 0.5 + echo "❯ Shutdown completed!" + + exit "$reason" +} + +terminal() { + + local dev="" + + if [ -s "$QEMU_OUT" ]; then + + local msg + msg=$(<"$QEMU_OUT") + + if [ -n "$msg" ]; then + + if [[ "${msg,,}" != "char"* || "$msg" != *"serial0)" ]]; then + echo "$msg" + fi + + dev="${msg#*/dev/p}" + dev="/dev/p${dev%% *}" + + fi + fi + + if [ ! -c "$dev" ]; then + dev=$(echo 'info chardev' | nc -q 1 -w 1 localhost "$MON_PORT" | tr -d '\000') + dev="${dev#*serial0}" + dev="${dev#*pty:}" + dev="${dev%%$'\n'*}" + dev="${dev%%$'\r'*}" + fi + + if [ ! -c "$dev" ]; then + error "Device '$dev' not found!" + finish 34 && return 34 + fi + + QEMU_TERM="$dev" + return 0 +} + +_graceful_shutdown() { + + local code=$? + + set +e + + if [ -f "$QEMU_END" ]; then + info "Received $1 while already shutting down..." + return + fi + + touch "$QEMU_END" + info "Received $1, sending ACPI shutdown signal..." + + if [ ! -s "$QEMU_PID" ]; then + error "QEMU PID file does not exist?" + finish "$code" && return "$code" + fi + + local pid="" + pid=$(<"$QEMU_PID") + + if ! isAlive "$pid"; then + error "QEMU process does not exist?" + finish "$code" && return "$code" + fi + + if ! ready; then + info "Cannot send ACPI signal during Windows setup, aborting..." + finish "$code" && return "$code" + fi + + # Send ACPI shutdown signal + echo 'system_powerdown' | nc -q 1 -w 1 localhost "$MON_PORT" > /dev/null + + local cnt=0 + while [ "$cnt" -lt "$QEMU_TIMEOUT" ]; do + + sleep 1 + cnt=$((cnt+1)) + + ! isAlive "$pid" && break + # Workaround for zombie pid + [ ! -s "$QEMU_PID" ] && break + + info "Waiting for Windows to shutdown... ($cnt/$QEMU_TIMEOUT)" + + # Send ACPI shutdown signal + echo 'system_powerdown' | nc -q 1 -w 1 localhost "$MON_PORT" > /dev/null + + done + + if [ "$cnt" -ge "$QEMU_TIMEOUT" ]; then + error "Shutdown timeout reached, aborting..." + fi + + finish "$code" && return "$code" +} + +SERIAL="pty" +MONITOR="telnet:localhost:$MON_PORT,server,nowait,nodelay" +MONITOR+=" -daemonize -D $QEMU_LOG -pidfile $QEMU_PID" + +_trap _graceful_shutdown SIGTERM SIGHUP SIGINT SIGABRT SIGQUIT + +return 0 diff --git a/apps/rego-tunnel/build/src/rego-startup.sh b/apps/rego-tunnel/build/src/rego-startup.sh new file mode 100755 index 0000000..f06a7d2 --- /dev/null +++ b/apps/rego-tunnel/build/src/rego-startup.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +# Rego-tunnel startup customizations +# Copies VPN scripts to shared folder and sets up networking + +echo "[rego] Initializing rego-tunnel customizations..." + +# Copy VPN scripts to shared folder if it exists +if [ -d "/shared" ]; then + echo "[rego] Copying VPN scripts to shared folder..." + mkdir -p /shared/vpn_scripts + cp -rn /opt/rego-scripts/* /shared/vpn_scripts/ 2>/dev/null || true + chmod -R 755 /shared/vpn_scripts/ 2>/dev/null || true + echo "[rego] Scripts available at \\\\TSCLIENT\\shared\\vpn_scripts\\" +fi + +# Background task: Wait for Windows and setup networking +( + WINDOWS_IP="" + MAX_WAIT=300 # 5 minutes max wait + + echo "[rego] Waiting for Windows VM to get IP..." + + for i in $(seq 1 $MAX_WAIT); do + WINDOWS_IP=$(cat /run/shm/qemu.ip 2>/dev/null || ip neigh show dev docker 2>/dev/null | grep -oE '172\.[0-9]+\.[0-9]+\.[0-9]+' | head -1) + if [ -n "$WINDOWS_IP" ]; then + echo "[rego] Windows VM IP: $WINDOWS_IP" + break + fi + sleep 1 + done + + if [ -z "$WINDOWS_IP" ]; then + echo "[rego] Warning: Could not detect Windows IP after ${MAX_WAIT}s" + exit 0 + fi + + # Wait for SSH to be available + echo "[rego] Waiting for SSH on Windows..." + for i in $(seq 1 120); do + if nc -z "$WINDOWS_IP" 22 2>/dev/null; then + echo "[rego] SSH is available on Windows" + break + fi + sleep 2 + done + + # Setup iptables rules + echo "[rego] Setting up iptables rules..." + + # MASQUERADE for outbound traffic + iptables -t nat -C POSTROUTING -o docker -j MASQUERADE 2>/dev/null || \ + iptables -t nat -A POSTROUTING -o docker -j MASQUERADE + + # Route to IBM i network via Windows VPN + ip route add 10.35.33.0/24 via $WINDOWS_IP dev docker 2>/dev/null || true + + # Allow forwarding + iptables -C FORWARD -d $WINDOWS_IP -j ACCEPT 2>/dev/null || \ + iptables -A FORWARD -d $WINDOWS_IP -j ACCEPT + + echo "[rego] Network setup complete" +) & + +echo "[rego] Startup script initialized" diff --git a/apps/rego-tunnel/build/src/samba.sh b/apps/rego-tunnel/build/src/samba.sh new file mode 100755 index 0000000..7cd3210 --- /dev/null +++ b/apps/rego-tunnel/build/src/samba.sh @@ -0,0 +1,228 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +: "${SAMBA:="Y"}" # Enable Samba +: "${SAMBA_LEVEL:="1"}" # Logging level +: "${SAMBA_DEBUG:="N"}" # Disable debug + +tmp="/tmp/smb" +rm -rf "$tmp" + +rm -f /var/run/wsdd.pid +rm -f /var/run/samba/nmbd.pid +rm -f /var/run/samba/smbd.pid + +[[ "$SAMBA" == [Nn]* ]] && return 0 +[[ "$NETWORK" == [Nn]* ]] && return 0 + +if [[ "$DHCP" == [Yy1]* ]]; then + socket="$IP" + hostname="$IP" + interfaces="$VM_NET_DEV" +else + hostname="host.lan" + case "${NETWORK,,}" in + "passt" | "slirp" ) + interfaces="lo" + socket="127.0.0.1" ;; + *) + socket="$VM_NET_IP" + interfaces="$VM_NET_BRIDGE" ;; + esac + if [ -n "${SAMBA_INTERFACE:-}" ]; then + interfaces+=",$SAMBA_INTERFACE" + fi +fi + +html "Initializing shared folder..." +SAMBA_CONFIG="/etc/samba/smb.conf" +[[ "$DEBUG" == [Yy1]* ]] && echo "Starting Samba daemon..." + +addShare() { + local dir="$1" + local ref="$2" + local name="$3" + local comment="$4" + local cfg="$5" + local owner="" + + if [ ! -d "$dir" ]; then + if ! mkdir -p "$dir"; then + error "Failed to create shared folder ($dir)." && return 1 + fi + fi + + if ! ls -A "$dir" >/dev/null 2>&1; then + msg="No permission to access shared folder ($dir)." + msg+=" If SELinux is active, you need to add the \":Z\" flag to the bind mount." + error "$msg" && return 1 + fi + + if [ ! -w "$dir" ]; then + msg="shared folder ($dir) is not writeable!" + warn "$msg" + fi + + if [ -z "$(ls -A "$dir")" ]; then + if ! chmod 2777 "$dir"; then + error "Failed to set permissions for directory $dir" && return 1 + fi + owner=$(stat -c %u "$dir") + if [[ "$owner" == "0" ]]; then + if ! chown "1000:1000" "$dir"; then + error "Failed to set ownership for directory $dir" && return 1 + fi + fi + fi + + if [[ "$dir" == "$tmp" ]]; then + + { echo "--------------------------------------------------------" + echo " $APP for $ENGINE v$(</run/version)..." + echo " For support visit $SUPPORT" + echo "--------------------------------------------------------" + echo "" + echo "Using this folder you can exchange files with the host machine." + echo "" + echo "To select a folder on the host for this purpose, include the following bind mount in your compose file:" + echo "" + echo " volumes:" + echo " - \"./example:${ref}\"" + echo "" + echo "Or in your run command:" + echo "" + echo " -v \"\${PWD:-.}/example:${ref}\"" + echo "" + echo "Replace the example path ./example with your desired shared folder, which then will become visible here." + echo "" + } | unix2dos > "$dir/readme.txt" + + fi + + { echo "" + echo "[$name]" + echo " path = $dir" + echo " comment = $comment" + echo " writable = yes" + echo " guest ok = yes" + echo " guest only = yes" + } >> "$cfg" + + return 0 +} + +{ echo "[global]" + echo " server string = Dockur" + echo " netbios name = $hostname" + echo " workgroup = WORKGROUP" + echo " interfaces = $interfaces" + echo " bind interfaces only = yes" + echo " socket address = $socket" + echo " security = user" + echo " guest account = nobody" + echo " map to guest = Bad User" + echo " server min protocol = NT1" + echo " follow symlinks = yes" + echo " wide links = yes" + echo " unix extensions = no" + echo " inherit owner = yes" + echo " create mask = 0666" + echo " directory mask = 02777" + echo " force user = root" + echo " force group = root" + echo " force create mode = 0666" + echo " force directory mode = 02777" + echo "" + echo " # Disable printing services" + echo " load printers = no" + echo " printing = bsd" + echo " printcap name = /dev/null" + echo " disable spoolss = yes" +} > "$SAMBA_CONFIG" + +# Add shared folders +share="/shared" +[ ! -d "$share" ] && [ -d "$STORAGE/shared" ] && share="$STORAGE/shared" +[ ! -d "$share" ] && [ -d "/data" ] && share="/data" +[ ! -d "$share" ] && [ -d "$STORAGE/data" ] && share="$STORAGE/data" +[ ! -d "$share" ] && share="$tmp" + +! addShare "$share" "/shared" "Data" "Shared" "$SAMBA_CONFIG" && return 0 + +if [ -d "/shared2" ]; then + addShare "/shared2" "/shared2" "Data2" "Shared" "$SAMBA_CONFIG" || : +else + if [ -d "/data2" ]; then + addShare "/data2" "/shared2" "Data2" "Shared" "$SAMBA_CONFIG" || : + fi +fi + +if [ -d "/shared3" ]; then + addShare "/shared3" "/shared3" "Data3" "Shared" "$SAMBA_CONFIG" || : +else + if [ -d "/data3" ]; then + addShare "/data3" "/shared3" "Data3" "Shared" "$SAMBA_CONFIG" || : + fi +fi + +# Create directories if missing +mkdir -p /var/lib/samba/sysvol +mkdir -p /var/lib/samba/private +mkdir -p /var/lib/samba/bind-dns + +# Try to repair Samba permissions +[ -d /run/samba/msg.lock ] && chmod -R 0755 /run/samba/msg.lock 2>/dev/null || : +[ -d /var/log/samba/cores ] && chmod -R 0700 /var/log/samba/cores 2>/dev/null || : +[ -d /var/cache/samba/msg.lock ] && chmod -R 0755 /var/cache/samba/msg.lock 2>/dev/null || : + +rm -f /var/log/samba/log.smbd + +if ! smbd -l /var/log/samba; then + SAMBA_DEBUG="Y" + error "Failed to start Samba daemon!" +fi + +if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then + tail -fn +0 /var/log/samba/log.smbd --pid=$$ & +fi + +case "${NETWORK,,}" in + "passt" | "slirp" ) + return 0 ;; +esac + +if [[ "${BOOT_MODE:-}" == "windows_legacy" ]]; then + + # Enable NetBIOS on Windows 7 and lower + [[ "$DEBUG" == [Yy1]* ]] && echo "Starting NetBIOS daemon..." + + rm -f /var/log/samba/log.nmbd + + if ! nmbd -l /var/log/samba; then + SAMBA_DEBUG="Y" + error "Failed to start NetBIOS daemon!" + fi + + if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then + tail -fn +0 /var/log/samba/log.nmbd --pid=$$ & + fi + +else + + # Enable Web Service Discovery on Vista and up + [[ "$DEBUG" == [Yy1]* ]] && echo "Starting wsddn daemon..." + + rm -f /var/log/wsddn.log + + if ! wsddn -i "${interfaces%%,*}" -H "$hostname" --unixd --log-file=/var/log/wsddn.log --pid-file=/var/run/wsdd.pid; then + SAMBA_DEBUG="Y" + error "Failed to start wsddn daemon!" + fi + + if [[ "$SAMBA_DEBUG" == [Yy1]* ]]; then + tail -fn +0 /var/log/wsddn.log --pid=$$ & + fi + +fi + +return 0 diff --git a/apps/rego-tunnel/config.json b/apps/rego-tunnel/config.json new file mode 100755 index 0000000..1df6524 --- /dev/null +++ b/apps/rego-tunnel/config.json @@ -0,0 +1,69 @@ +{ + "name": "Rego Tunnel", + "available": true, + "port": 8006, + "exposable": true, + "dynamic_config": true, + "id": "rego-tunnel", + "description": "VPN tunnel to access Rego environments securely.", + "tipi_version": 1, + "version": "1.0.0", + "categories": ["utilities"], + "short_desc": "VPN tunnel to access Rego environments securely.", + "author": "dockurr", + "source": "https://github.com/dockur/windows/", + "form_fields": [ + { + "type": "number", + "label": "RAM", + "hint": "RAM to asign to the VM (in gigabytes)", + "placeholder": "4", + "required": true, + "env_variable": "WINDOWS_RAM_GB" + }, + { + "type": "number", + "label": "CPU Cores", + "hint": "CPU cores to asign to the VM", + "placeholder": "4", + "required": true, + "env_variable": "WINDOWS_CPU_CORES" + }, + { + "type": "number", + "label": "Disk Size", + "hint": "Disk size for the VM, it will be used dynamically (in gigabytes)", + "placeholder": "16", + "required": true, + "env_variable": "WINDOWS_DISK_SIZE_GB" + }, + { + "type": "text", + "label": "Windows Version", + "hint": "The windows version to use", + "required": true, + "options": [ + { "label": "Windows 10", "value": "win10" }, + { "label": "Windows 11", "value": "win11" }, + { "label": "Windows 10 LTSC", "value": "ltsc10" }, + { "label": "Windows 8.1", "value": "win81" }, + { "label": "Windows 7", "value": "win7" }, + { "label": "Windows Vista", "value": "vista" }, + { "label": "Windows XP", "value": "winxp" }, + { "label": "Windows Server 2022", "value": "2022" }, + { "label": "Windows Server 2019", "value": "2019" }, + { "label": "Windows Server 2016", "value": "2016" }, + { "label": "Windows Server 2012", "value": "2012" }, + { "label": "Windows Server 2008", "value": "2008" }, + { "label": "Windows Tiny 11 Core", "value": "core11" }, + { "label": "Windows Tiny 11", "value": "tiny11" }, + { "label": "Windows Tiny 10", "value": "tiny10" } + ], + "env_variable": "WINDOWS_VERSION" + } + ], + "supported_architectures": ["arm64", "amd64"], + "created_at": 1691943801422, + "updated_at": 1763873319189, + "force_pull": false +} diff --git a/apps/rego-tunnel/docker-compose.json b/apps/rego-tunnel/docker-compose.json new file mode 100755 index 0000000..26e6653 --- /dev/null +++ b/apps/rego-tunnel/docker-compose.json @@ -0,0 +1,37 @@ +{ + "services": [ + { + "name": "rego-tunnel", + "image": "rego-windows:latest", + "isMain": true, + "internalPort": 8006, + "environment": { + "RAM_SIZE": "${WINDOWS_RAM_GB}G", + "CPU_CORE": "${WINDOWS_CPU_CORES}", + "DISK_SIZE": "${WINDOWS_DISK_SIZE_GB}G" + }, + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data/storage", + "containerPath": "/storage" + }, + { + "hostPath": "${APP_DATA_DIR}/data/shared", + "containerPath": "/shared" + }, + { + "hostPath": "${APP_DATA_DIR}/data/start.sh", + "containerPath": "/run/start.sh" + } + ], + "stopGracePeriod": "2m", + "devices": [ + "/dev/kvm", + "/dev/net/tun" + ], + "capAdd": [ + "NET_ADMIN" + ] + } + ] +} diff --git a/apps/rego-tunnel/docker-compose.yml b/apps/rego-tunnel/docker-compose.yml new file mode 100755 index 0000000..6293f7f --- /dev/null +++ b/apps/rego-tunnel/docker-compose.yml @@ -0,0 +1,63 @@ +services: + rego-tunnel: + container_name: rego-tunnel + image: rego-windows:latest + restart: unless-stopped + devices: + - /dev/kvm + - /dev/net/tun + cap_add: + - NET_ADMIN + stop_grace_period: 2m + + ports: + # Web console (Tipi APP_PORT -> 8006) + - "192.168.0.151:${APP_PORT}:8006" + + environment: + RAM_SIZE: ${WINDOWS_RAM_GB}G + CPU_CORE: ${WINDOWS_CPU_CORES} + DISK_SIZE: ${WINDOWS_DISK_SIZE_GB}G + + volumes: + - ${APP_DATA_DIR}/data/storage:/storage + - ${APP_DATA_DIR}/data/shared:/shared + - ${APP_DATA_DIR}/data/start.sh:/run/start.sh + + + networks: + - tipi_main_network + + sysctls: + - net.ipv4.ip_forward=1 + + labels: + traefik.enable: true + traefik.http.middlewares.rego-tunnel-web-redirect.redirectscheme.scheme: https + traefik.http.services.rego-tunnel.loadbalancer.server.port: 8006 + + traefik.http.routers.rego-tunnel-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.rego-tunnel-insecure.entrypoints: web + traefik.http.routers.rego-tunnel-insecure.service: rego-tunnel + traefik.http.routers.rego-tunnel-insecure.middlewares: rego-tunnel-web-redirect + + traefik.http.routers.rego-tunnel.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.rego-tunnel.entrypoints: websecure + traefik.http.routers.rego-tunnel.service: rego-tunnel + traefik.http.routers.rego-tunnel.tls.certresolver: myresolver + + traefik.http.routers.rego-tunnel-local-insecure.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`) + traefik.http.routers.rego-tunnel-local-insecure.entrypoints: web + traefik.http.routers.rego-tunnel-local-insecure.service: rego-tunnel + traefik.http.routers.rego-tunnel-local-insecure.middlewares: rego-tunnel-web-redirect + + traefik.http.routers.rego-tunnel-local.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`) + traefik.http.routers.rego-tunnel-local.entrypoints: websecure + traefik.http.routers.rego-tunnel-local.service: rego-tunnel + traefik.http.routers.rego-tunnel-local.tls: true + + runtipi.managed: true + +networks: + tipi_main_network: + external: true diff --git a/apps/rego-tunnel/metadata/compose-schema.json b/apps/rego-tunnel/metadata/compose-schema.json new file mode 100755 index 0000000..e45055b --- /dev/null +++ b/apps/rego-tunnel/metadata/compose-schema.json @@ -0,0 +1,1217 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "object", + "properties": { + "schemaVersion": { + "const": 2 + }, + "services": { + "type": "array", + "message": "CUSTOM_APP_ERROR_SERVICES_MIN_LENGTH", + "minItems": 1, + "items": { + "type": "object", + "properties": { + "image": { + "type": "string", + "message": "CUSTOM_APP_ERROR_IMAGE_REQUIRED" + }, + "name": { + "type": "string", + "message": "CUSTOM_APP_ERROR_NAME_REQUIRED" + }, + "addPorts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID" + }, + "hostPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID" + }, + "interface": { + "type": "string" + }, + "tcp": { + "type": "boolean" + }, + "udp": { + "type": "boolean" + } + }, + "required": [ + "containerPort", + "hostPort" + ] + } + }, + "addToMainNetwork": { + "type": "boolean" + }, + "capAdd": { + "type": "array", + "message": "CUSTOM_APP_ERROR_CAP_ADD_INVALID", + "items": { + "type": "string" + } + }, + "capDrop": { + "type": "array", + "message": "CUSTOM_APP_ERROR_CAP_DROP_INVALID", + "items": { + "type": "string" + } + }, + "command": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID" + }, + "dependsOn": { + "anyOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "condition": { + "anyOf": [ + { + "const": "service_completed_successfully", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + }, + { + "const": "service_healthy", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + }, + { + "const": "service_started", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + } + ], + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + } + }, + "required": [ + "condition" + ] + } + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_SERVICE_INVALID", + "items": { + "type": "string" + } + } + ] + }, + "deploy": { + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpus": { + "type": "string" + }, + "memory": { + "type": "string" + }, + "pids": { + "type": "number", + "message": "CUSTOM_APP_ERROR_DEPLOY_PIDS_INVALID" + } + } + }, + "reservations": { + "type": "object", + "properties": { + "devices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "capabilities": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_CAPABILITY_INVALID", + "items": { + "type": "string" + } + }, + "count": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + }, + { + "const": "all", + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + } + ], + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + }, + "deviceIds": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_ID_INVALID", + "items": { + "type": "string" + } + }, + "driver": { + "type": "string" + } + }, + "required": [ + "capabilities" + ] + } + }, + "cpus": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "required": [ + "devices" + ] + } + } + } + }, + "required": [ + "resources" + ] + }, + "devices": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_INVALID", + "items": { + "type": "string" + } + }, + "dns": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_DNS_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_DNS_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_DNS_INVALID" + }, + "entrypoint": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID" + }, + "environment": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENV_KEY_REQUIRED", + "minLength": 1 + }, + "value": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED" + }, + { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED", + "minLength": 1 + }, + { + "type": "boolean" + } + ], + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED" + } + }, + "required": [ + "key", + "value" + ] + } + }, + "extraHosts": { + "type": "array", + "message": "CUSTOM_APP_ERROR_EXTRA_HOST_INVALID", + "items": { + "type": "string" + } + }, + "extraLabels": { + "type": "object", + "message": "CUSTOM_APP_ERROR_LABEL_KEY_INVALID", + "additionalProperties": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_LABEL_VALUE_INVALID" + }, + { + "type": "boolean" + } + ], + "message": "CUSTOM_APP_ERROR_LABEL_VALUE_INVALID" + } + }, + "healthCheck": { + "type": "object", + "properties": { + "test": { + "type": "string", + "message": "CUSTOM_APP_ERROR_HEALTH_CHECK_TEST_REQUIRED" + }, + "interval": { + "type": "string" + }, + "retries": { + "type": "number", + "message": "CUSTOM_APP_ERROR_HEALTH_CHECK_RETRIES_INVALID" + }, + "startInterval": { + "type": "string" + }, + "startPeriod": { + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "required": [ + "test" + ] + }, + "hostname": { + "type": "string" + }, + "internalPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID" + }, + "isMain": { + "type": "boolean" + }, + "logging": { + "type": "object", + "properties": { + "driver": { + "type": "string", + "message": "CUSTOM_APP_ERROR_LOGGING_DRIVER_REQUIRED" + }, + "options": { + "type": "object", + "message": "CUSTOM_APP_ERROR_LOGGING_OPTION_KEY_INVALID", + "additionalProperties": { + "type": "string", + "message": "CUSTOM_APP_ERROR_LOGGING_OPTION_VALUE_INVALID" + } + } + }, + "required": [ + "driver" + ] + }, + "networkMode": { + "type": "string" + }, + "pid": { + "type": "string" + }, + "privileged": { + "type": "boolean" + }, + "readOnly": { + "type": "boolean" + }, + "securityOpt": { + "type": "array", + "message": "CUSTOM_APP_ERROR_SECURITY_OPT_INVALID", + "items": { + "type": "string" + } + }, + "shmSize": { + "type": "string" + }, + "stdinOpen": { + "type": "boolean" + }, + "stopGracePeriod": { + "type": "string" + }, + "stopSignal": { + "type": "string" + }, + "sysctls": { + "type": "object", + "message": "CUSTOM_APP_ERROR_SYSCTL_KEY_INVALID", + "additionalProperties": { + "type": "number", + "message": "CUSTOM_APP_ERROR_SYSCTL_VALUE_INVALID" + } + }, + "tty": { + "type": "boolean" + }, + "ulimits": { + "type": "object", + "properties": { + "core": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_CORE_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "memlock": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_MEMLOCK_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "nofile": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_NOFILE_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "nproc": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_NPROC_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + } + } + }, + "user": { + "type": "string" + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPath": { + "type": "string", + "message": "CUSTOM_APP_ERROR_CONTAINER_PATH_REQUIRED" + }, + "hostPath": { + "type": "string", + "message": "CUSTOM_APP_ERROR_HOST_PATH_REQUIRED" + }, + "bind": { + "type": "object", + "properties": { + "propagation": { + "enum": [ + "private", + "rprivate", + "rshared", + "rslave", + "shared", + "slave" + ] + } + }, + "required": [ + "propagation" + ] + }, + "private": { + "type": "boolean" + }, + "readOnly": { + "type": "boolean" + }, + "shared": { + "type": "boolean" + } + }, + "required": [ + "containerPath", + "hostPath" + ] + } + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "image", + "name" + ] + } + }, + "overrides": { + "type": "array", + "items": { + "type": "object", + "properties": { + "services": { + "type": "array", + "items": { + "type": "object", + "properties": { + "addPorts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_CONTAINER_PORT_INVALID" + }, + "hostPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_HOST_PORT_INVALID" + }, + "interface": { + "type": "string" + }, + "tcp": { + "type": "boolean" + }, + "udp": { + "type": "boolean" + } + }, + "required": [ + "containerPort", + "hostPort" + ] + } + }, + "addToMainNetwork": { + "type": "boolean" + }, + "capAdd": { + "type": "array", + "message": "CUSTOM_APP_ERROR_CAP_ADD_INVALID", + "items": { + "type": "string" + } + }, + "capDrop": { + "type": "array", + "message": "CUSTOM_APP_ERROR_CAP_DROP_INVALID", + "items": { + "type": "string" + } + }, + "command": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_COMMAND_INVALID" + }, + "dependsOn": { + "anyOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "condition": { + "anyOf": [ + { + "const": "service_completed_successfully", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + }, + { + "const": "service_healthy", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + }, + { + "const": "service_started", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + } + ], + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_CONDITION_INVALID" + } + }, + "required": [ + "condition" + ] + } + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEPENDS_ON_SERVICE_INVALID", + "items": { + "type": "string" + } + } + ] + }, + "deploy": { + "type": "object", + "properties": { + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpus": { + "type": "string" + }, + "memory": { + "type": "string" + }, + "pids": { + "type": "number", + "message": "CUSTOM_APP_ERROR_DEPLOY_PIDS_INVALID" + } + } + }, + "reservations": { + "type": "object", + "properties": { + "devices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "capabilities": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_CAPABILITY_INVALID", + "items": { + "type": "string" + } + }, + "count": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + }, + { + "const": "all", + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + } + ], + "message": "CUSTOM_APP_ERROR_DEVICE_COUNT_INVALID" + }, + "deviceIds": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_ID_INVALID", + "items": { + "type": "string" + } + }, + "driver": { + "type": "string" + } + }, + "required": [ + "capabilities" + ] + } + }, + "cpus": { + "type": "string" + }, + "memory": { + "type": "string" + } + }, + "required": [ + "devices" + ] + } + } + } + }, + "required": [ + "resources" + ] + }, + "devices": { + "type": "array", + "message": "CUSTOM_APP_ERROR_DEVICE_INVALID", + "items": { + "type": "string" + } + }, + "dns": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_DNS_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_DNS_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_DNS_INVALID" + }, + "entrypoint": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID" + }, + { + "type": "array", + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID", + "items": { + "type": "string" + } + } + ], + "message": "CUSTOM_APP_ERROR_ENTRYPOINT_INVALID" + }, + "environment": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENV_KEY_REQUIRED", + "minLength": 1 + }, + "value": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED" + }, + { + "type": "string", + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED", + "minLength": 1 + }, + { + "type": "boolean" + } + ], + "message": "CUSTOM_APP_ERROR_ENV_VALUE_REQUIRED" + } + }, + "required": [ + "key", + "value" + ] + } + }, + "extraHosts": { + "type": "array", + "message": "CUSTOM_APP_ERROR_EXTRA_HOST_INVALID", + "items": { + "type": "string" + } + }, + "extraLabels": { + "type": "object", + "message": "CUSTOM_APP_ERROR_LABEL_KEY_INVALID", + "additionalProperties": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_LABEL_VALUE_INVALID" + }, + { + "type": "boolean" + } + ], + "message": "CUSTOM_APP_ERROR_LABEL_VALUE_INVALID" + } + }, + "healthCheck": { + "type": "object", + "properties": { + "test": { + "type": "string", + "message": "CUSTOM_APP_ERROR_HEALTH_CHECK_TEST_REQUIRED" + }, + "interval": { + "type": "string" + }, + "retries": { + "type": "number", + "message": "CUSTOM_APP_ERROR_HEALTH_CHECK_RETRIES_INVALID" + }, + "startInterval": { + "type": "string" + }, + "startPeriod": { + "type": "string" + }, + "timeout": { + "type": "string" + } + }, + "required": [ + "test" + ] + }, + "hostname": { + "type": "string" + }, + "image": { + "type": "string", + "message": "CUSTOM_APP_ERROR_IMAGE_REQUIRED" + }, + "internalPort": { + "anyOf": [ + { + "type": "string", + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID" + }, + { + "type": "integer", + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0 + } + ], + "message": "CUSTOM_APP_ERROR_INTERNAL_PORT_INVALID" + }, + "isMain": { + "type": "boolean" + }, + "logging": { + "type": "object", + "properties": { + "driver": { + "type": "string", + "message": "CUSTOM_APP_ERROR_LOGGING_DRIVER_REQUIRED" + }, + "options": { + "type": "object", + "message": "CUSTOM_APP_ERROR_LOGGING_OPTION_KEY_INVALID", + "additionalProperties": { + "type": "string", + "message": "CUSTOM_APP_ERROR_LOGGING_OPTION_VALUE_INVALID" + } + } + }, + "required": [ + "driver" + ] + }, + "name": { + "type": "string", + "message": "CUSTOM_APP_ERROR_NAME_REQUIRED" + }, + "networkMode": { + "type": "string" + }, + "pid": { + "type": "string" + }, + "privileged": { + "type": "boolean" + }, + "readOnly": { + "type": "boolean" + }, + "securityOpt": { + "type": "array", + "message": "CUSTOM_APP_ERROR_SECURITY_OPT_INVALID", + "items": { + "type": "string" + } + }, + "shmSize": { + "type": "string" + }, + "stdinOpen": { + "type": "boolean" + }, + "stopGracePeriod": { + "type": "string" + }, + "stopSignal": { + "type": "string" + }, + "sysctls": { + "type": "object", + "message": "CUSTOM_APP_ERROR_SYSCTL_KEY_INVALID", + "additionalProperties": { + "type": "number", + "message": "CUSTOM_APP_ERROR_SYSCTL_VALUE_INVALID" + } + }, + "tty": { + "type": "boolean" + }, + "ulimits": { + "type": "object", + "properties": { + "core": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_CORE_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "memlock": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_MEMLOCK_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "nofile": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_NOFILE_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + }, + "nproc": { + "anyOf": [ + { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_NPROC_INVALID" + }, + { + "type": "object", + "properties": { + "hard": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_HARD_INVALID" + }, + "soft": { + "type": "number", + "message": "CUSTOM_APP_ERROR_ULIMIT_SOFT_INVALID" + } + }, + "required": [ + "hard", + "soft" + ] + } + ] + } + } + }, + "user": { + "type": "string" + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPath": { + "type": "string", + "message": "CUSTOM_APP_ERROR_CONTAINER_PATH_REQUIRED" + }, + "hostPath": { + "type": "string", + "message": "CUSTOM_APP_ERROR_HOST_PATH_REQUIRED" + }, + "bind": { + "type": "object", + "properties": { + "propagation": { + "enum": [ + "private", + "rprivate", + "rshared", + "rslave", + "shared", + "slave" + ] + } + }, + "required": [ + "propagation" + ] + }, + "private": { + "type": "boolean" + }, + "readOnly": { + "type": "boolean" + }, + "shared": { + "type": "boolean" + } + }, + "required": [ + "containerPath", + "hostPath" + ] + } + }, + "workingDir": { + "type": "string" + } + } + } + }, + "architecture": { + "anyOf": [ + { + "const": "amd64", + "message": "CUSTOM_APP_ERROR_ARCHITECTURE_INVALID" + }, + { + "const": "arm64", + "message": "CUSTOM_APP_ERROR_ARCHITECTURE_INVALID" + } + ], + "message": "CUSTOM_APP_ERROR_ARCHITECTURE_INVALID" + } + }, + "required": [ + "services" + ] + } + } + }, + "required": [ + "schemaVersion", + "services" + ] +} \ No newline at end of file diff --git a/apps/rego-tunnel/metadata/description.md b/apps/rego-tunnel/metadata/description.md new file mode 100755 index 0000000..149ac53 --- /dev/null +++ b/apps/rego-tunnel/metadata/description.md @@ -0,0 +1,82 @@ +<h1 align="center">Windows<br /> +<div align="center"> +<a href="https://github.com/dockur/windows"><img src="https://github.com/dockur/windows/raw/master/.github/logo.png" title="Logo" style="max-width:100%;" width="128" /></a> +</div> +<div align="center"> + +</div></h1> + +Windows in a Docker container. + +## Features + + - ISO downloader + - KVM acceleration + - Web-based viewer + +## FAQ + +* ### How do I use it? + + Very simple! These are the steps: + + - Start the container and connect to [port 8006](http://localhost:8006) using your web browser. + + - Sit back and relax while the magic happens, the whole installation will be performed fully automatic. + + - Once you see the desktop, your Windows installation is ready for use. + + Enjoy your brand new machine, and don't forget to star this repo! + +* ### How do I select the Windows version? + + By default, Windows 11 will be installed. But you can change that in settings, in order to specify an alternative Windows version to be downloaded: + + Select from the values below: + + | **Value** | **Description** | **Source** | **Transfer** | **Size** | + |---|---|---|---|---| + | `win11` | Windows 11 Pro | Microsoft | Fast | 6.4 GB | + | `win10` | Windows 10 Pro | Microsoft | Fast | 5.8 GB | + | `ltsc10` | Windows 10 LTSC | Microsoft | Fast | 4.6 GB | + | `win81` | Windows 8.1 Pro | Microsoft | Fast | 4.2 GB | + | `win7` | Windows 7 SP1 | Bob Pony | Medium | 3.0 GB | + | `vista` | Windows Vista SP2 | Bob Pony | Medium | 3.6 GB | + | `winxp` | Windows XP SP3 | Bob Pony | Medium | 0.6 GB | + |||||| + | `2022` | Windows Server 2022 | Microsoft | Fast | 4.7 GB | + | `2019` | Windows Server 2019 | Microsoft | Fast | 5.3 GB | + | `2016` | Windows Server 2016 | Microsoft | Fast | 6.5 GB | + | `2012` | Windows Server 2012 R2 | Microsoft | Fast | 4.3 GB | + | `2008` | Windows Server 2008 R2 | Microsoft | Fast | 3.0 GB | + |||||| + | `core11` | Tiny 11 Core | Archive.org | Slow | 2.1 GB | + | `tiny11` | Tiny 11 | Archive.org | Slow | 3.8 GB | + | `tiny10` | Tiny 10 | Archive.org | Slow | 3.6 GB | + +* ### How do I connect using RDP? + + The web-viewer is mainly meant to be used during installation, as its picture quality is low, and it has no audio or clipboard for example. + + So for a better experience you can connect using any Microsoft Remote Desktop client to the IP of the container, using the username `docker` and by leaving the password empty. + + There is a good RDP client for [Android](https://play.google.com/store/apps/details?id=com.microsoft.rdc.androidx) available from the Play Store. One for [iOS](https://apps.apple.com/nl/app/microsoft-remote-desktop/id714464092?l=en-GB) is in the Apple Store. For Linux you can use [rdesktop](http://www.rdesktop.org/) and for Windows you don't need to install anything as it is already ships as part of the operating system. + +* ### How do I verify if my system supports KVM? + + To verify if your system supports KVM, run the following commands: + + ```bash + sudo apt install cpu-checker + sudo kvm-ok + ``` + + If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS. + +* ### Is this project legal? + + Yes, this project contains only open-source code and does not distribute any copyrighted material. Any product keys found in the code are just generic placeholders provided by Microsoft for trial purposes. So under all applicable laws, this project would be considered legal. + +## Disclaimer + +The product names, logos, brands, and other trademarks referred to within this project are the property of their respective trademark holders. This project is not affiliated, sponsored, or endorsed by Microsoft Corporation. \ No newline at end of file diff --git a/apps/rego-tunnel/metadata/logo.jpg b/apps/rego-tunnel/metadata/logo.jpg new file mode 100755 index 0000000..a701f7d Binary files /dev/null and b/apps/rego-tunnel/metadata/logo.jpg differ diff --git a/bun.lockb b/bun.lockb new file mode 100755 index 0000000..a285984 Binary files /dev/null and b/bun.lockb differ diff --git a/config.js b/config.js new file mode 100644 index 0000000..9a95d69 --- /dev/null +++ b/config.js @@ -0,0 +1,3 @@ +export default { + allowedCommands: ["bun ./scripts/update-config.ts", "bun install && bun run test"], +}; diff --git a/package.json b/package.json new file mode 100644 index 0000000..925fe34 --- /dev/null +++ b/package.json @@ -0,0 +1,25 @@ +{ + "name": "example-appstore", + "version": "1.0.0", + "description": "", + "main": "index.js", + "type": "module", + "scripts": { + "test": "bun test" + }, + "keywords": [], + "author": "", + "license": "ISC", + "devDependencies": { + "@types/bun": "latest", + "@types/node": "^22.14.1" + }, + "dependencies": { + "@runtipi/common": "^0.8.0", + "bun": "^1.2.10", + "zod-validation-error": "^3.4.0" + }, + "peerDependencies": { + "typescript": "^5.0.0" + } +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..936fd91 --- /dev/null +++ b/renovate.json @@ -0,0 +1,62 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "automerge": false, + "extends": [ + "config:recommended" + ], + "addLabels": [ + "renovate" + ], + "enabledManagers": ["regex"], + "automergeStrategy": "rebase", + "customManagers": [ + { + "customType": "regex", + "fileMatch": [ + "^.*docker-compose\\.json$" + ], + "matchStrings": [ + "\"image\": \"(?<depName>.*?):(?<currentValue>.*?)\"," + ], + "datasourceTemplate": "docker" + } + ], + "packageRules": [ + { + "matchUpdateTypes": [ + "minor", + "major", + "patch", + "pin", + "digest" + ], + "automerge": false + }, + { + "matchDepTypes": [ + "devDependencies" + ], + "automerge": false + }, + { + "matchPackageNames": [ + "mariadb", + "mysql", + "monogdb", + "postgres", + "redis" + ], + "enabled": false + } + ], + "postUpgradeTasks": { + "commands": [ + "bun ./scripts/update-config.ts {{packageFile}} {{newVersion}}", + "bun install && bun run test" + ], + "fileFilters": [ + "**/*" + ], + "executionMode": "update" + } +} diff --git a/scripts/update-config.ts b/scripts/update-config.ts new file mode 100644 index 0000000..42891c7 --- /dev/null +++ b/scripts/update-config.ts @@ -0,0 +1,35 @@ +import path from "node:path"; +import fs from "fs/promises"; + +const packageFile = process.argv[2]; +const newVersion = process.argv[3]; + +type AppConfig = { + tipi_version: string; + version: string; + updated_at: number; +}; + +const updateAppConfig = async (packageFile: string, newVersion: string) => { + try { + const packageRoot = path.dirname(packageFile); + const configPath = path.join(packageRoot, "config.json"); + + const config = await fs.readFile(configPath, "utf-8"); + const configParsed = JSON.parse(config) as AppConfig; + + configParsed.tipi_version = configParsed.tipi_version + 1; + configParsed.version = newVersion; + configParsed.updated_at = new Date().getTime(); + + await fs.writeFile(configPath, JSON.stringify(configParsed, null, 2)); + } catch (e) { + console.error(`Failed to update app config, error: ${e}`); + } +}; + +if (!packageFile || !newVersion) { + console.error("Usage: node update-config.js <packageFile> <newVersion>"); + process.exit(1); +} +updateAppConfig(packageFile, newVersion); diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 0000000..01ef57a --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,24 @@ +{ + "compilerOptions": { + "esModuleInterop": true, + "skipLibCheck": true, + "target": "es2022", + "allowJs": true, + "resolveJsonModule": true, + "moduleDetection": "force", + "isolatedModules": true, + "verbatimModuleSyntax": true, + "strict": true, + "noUncheckedIndexedAccess": true, + "noImplicitOverride": true, + "module": "NodeNext", + "outDir": "dist", + "sourceMap": true, + "lib": [ + "es2022" + ] + }, + "include": [ + "**/*.ts", + ], +}