{"id":14064246,"url":"https://github.com/rgl/windows-vagrant","last_synced_at":"2025-05-15T23:03:04.172Z","repository":{"id":40592845,"uuid":"79057598","full_name":"rgl/windows-vagrant","owner":"rgl","description":"Windows 11/2022/2025 Base Vagrant Box (https://app.vagrantup.com/rgl)","archived":false,"fork":false,"pushed_at":"2025-05-15T21:14:04.000Z","size":484,"stargazers_count":384,"open_issues_count":8,"forks_count":105,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-15T22:25:21.550Z","etag":null,"topics":["hyperv","kvm","libvirt","packer","proxmox","vagrant","vsphere","windows"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-01-15T20:29:41.000Z","updated_at":"2025-05-15T21:14:08.000Z","dependencies_parsed_at":"2023-12-19T08:38:56.953Z","dependency_job_id":"c875b0c8-486c-4dc2-9ac9-5d51b2a010c5","html_url":"https://github.com/rgl/windows-vagrant","commit_stats":{"total_commits":387,"total_committers":4,"mean_commits":96.75,"dds":"0.012919896640826822","last_synced_commit":"b2848c6f0e92a61c2f3ac89a31ecb2f87588c115"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fwindows-vagrant","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fwindows-vagrant/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fwindows-vagrant/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fwindows-vagrant/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/windows-vagrant/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254436933,"owners_count":22070944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hyperv","kvm","libvirt","packer","proxmox","vagrant","vsphere","windows"],"created_at":"2024-08-13T07:03:46.385Z","updated_at":"2025-05-15T23:03:04.151Z","avatar_url":"https://github.com/rgl.png","language":"PowerShell","readme":"This builds Windows 11/2022/2025 base Vagrant boxes using [Packer](https://www.packer.io/) and Hyper-V/libvirt/QEMU/Proxmox VE/VMware vSphere.\r\n\r\n\r\n# Usage\r\n\r\nInstall a supported hypervisor (e.g. [libvirt](https://libvirt.org/)), [packer 1.10+](https://www.packer.io/) and [vagrant](https://www.vagrantup.com/).\r\nIf you are using Windows and [Chocolatey](https://chocolatey.org/), you can install the tools (you still need to install Hyper-V) from an administrative PowerShell session with:\r\n\r\n```powershell\r\nchoco install -y packer vagrant msys2\r\n\r\n# configure the msys2 launcher to let the shell inherit the PATH.\r\n$msys2BasePath = 'C:\\tools\\msys64'\r\n$msys2ConfigPath = \"$msys2BasePath\\msys2.ini\"\r\n[IO.File]::WriteAllText(\r\n    $msys2ConfigPath,\r\n    ([IO.File]::ReadAllText($msys2ConfigPath) `\r\n        -replace '#?(MSYS2_PATH_TYPE=).+','$1inherit')\r\n)\r\n\r\n# define a function for easing the execution of bash scripts.\r\n$bashPath = \"$msys2BasePath\\usr\\bin\\bash.exe\"\r\nfunction Bash($script) {\r\n    $eap = $ErrorActionPreference\r\n    $ErrorActionPreference = 'Continue'\r\n    try {\r\n        # we also redirect the stderr to stdout because PowerShell\r\n        # oddly interleaves them.\r\n        # see https://www.gnu.org/software/bash/manual/bash.html#The-Set-Builtin\r\n        echo 'exec 2\u003e\u00261;set -eu;export PATH=\"/usr/bin:$PATH\";export HOME=$USERPROFILE;' $script | \u0026$bashPath\r\n        if ($LASTEXITCODE) {\r\n            throw \"bash execution failed with exit code $LASTEXITCODE\"\r\n        }\r\n    } finally {\r\n        $ErrorActionPreference = $eap\r\n    }\r\n}\r\n\r\nBash 'pacman --noconfirm -Sy make zip unzip tar p7zip dos2unix xorriso'\r\n```\r\n\r\nOpen a bash shell by starting `C:\\tools\\msys64\\mingw64.exe` and execute the\r\nremaining commands inside it.\r\n\r\nTo build the base box based on the [Windows Server 2022 Evaluation](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022) ISO run:\r\n\r\n```bash\r\nmake build-windows-2022-libvirt\r\n```\r\n\r\nIf you want to use your own ISO, you need to manually run the `packer` command, e.g.:\r\n\r\n```bash\r\n# NB when the windows product key does not match the windows version and edition\r\n#    inside the iso file, the windows setup will fail with the error message:\r\n#       No images are available.\r\n#    inside the windows setup, press shift+f10 to open a command prompt, then\r\n#    verify the available images with:\r\n#       dism -get-imageinfo -imagefile:d:\\sources\\install.wim\r\n# see https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys\r\nPKR_VAR_iso_url='windows-2022.iso' \\\r\nPKR_VAR_iso_checksum='none' \\\r\nPKR_VAR_windows_product_key='VDYBN-27WPP-V4HQT-9VMD4-VMK7H' \\\r\n  make build-windows-2022-libvirt\r\n```\r\n\r\n**NB** if the build fails with something like `Post-processor failed: write /tmp/packer073329394/packer-windows-2022-amd64-libvirt-1505050546-disk001.vmdk: no space left on device` you need to increase your temporary partition size or change its location [as described in the packer TMPDIR/TMP environment variable documentation](https://www.packer.io/docs/configure#tmpdir).\r\n\r\n**NB** if you are having trouble building the base box due to floppy drive removal errors try adding, as a\r\nworkaround, `\"post_shutdown_delay\": \"30s\",` to the `windows-2022.pkr.hcl` file.\r\n\r\n**NB** the packer logs are saved inside a `*-packer.log` file (e.g. `windows-2022-amd64-libvirt-packer.log`).\r\n\r\nYou can then add the base box to your local vagrant installation with:\r\n\r\n```bash\r\nvagrant box add -f windows-2022-amd64 windows-2022-amd64-libvirt.box\r\n```\r\n\r\nAnd test this base box by launching an example Vagrant environment:\r\n\r\n```bash\r\ncd example\r\nvagrant plugin install vagrant-windows-sysprep\r\nvagrant up --no-destroy-on-error --provider=libvirt\r\nvagrant ssh\r\nexit\r\nvagrant destroy -f\r\ncd ..\r\n```\r\n\r\n**NB** if you are having trouble running the example with the vagrant libvirt provider check the libvirt logs in the host (e.g. `sudo tail -f /var/log/libvirt/qemu/example_default.log`) and in the guest (inside `C:\\Windows\\Temp`).\r\n\r\nThen test with a more complete example:\r\n\r\n```bash\r\ngit clone https://github.com/rgl/customize-windows-vagrant\r\ncd customize-windows-vagrant\r\nvagrant up --no-destroy-on-error --provider=libvirt\r\nvagrant ssh\r\nexit\r\nvagrant destroy -f\r\ncd ..\r\n```\r\n\r\nList this repository dependencies (and which have newer versions):\r\n\r\n```bash\r\nexport GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN'\r\n./renovate.sh\r\n```\r\n\r\n## libvirt\r\n\r\nBuild the base box for the [vagrant-libvirt provider](https://github.com/vagrant-libvirt/vagrant-libvirt) with:\r\n\r\n```bash\r\nmake build-windows-2022-libvirt\r\n```\r\n\r\nIf you want to access the UI run:\r\n\r\n```bash\r\nspicy --uri 'spice+unix:///tmp/packer-windows-2022-amd64-libvirt-spice.socket'\r\n```\r\n\r\n**NB** the packer template file defines `qemuargs` (which overrides the default packer qemu arguments), if you modify it, verify if you also need include the default packer qemu arguments (see [builder/qemu/step_run.go](https://github.com/hashicorp/packer/blob/master/builder/qemu/step_run.go) or start packer without `qemuargs` defined to see how it starts qemu).\r\n\r\n\r\n## Proxmox VE usage\r\n\r\nInstall [Proxmox VE](https://www.proxmox.com/en/proxmox-ve).\r\n\r\n**NB** This assumes Proxmox VE was installed alike [rgl/proxmox-ve](https://github.com/rgl/proxmox-ve).\r\n\r\nSet your Proxmox VE details:\r\n\r\n```bash\r\ncat \u003esecrets-proxmox.sh \u003c\u003cEOF\r\nexport PROXMOX_URL='https://192.168.1.21:8006/api2/json'\r\nexport PROXMOX_USERNAME='root@pam'\r\nexport PROXMOX_PASSWORD='vagrant'\r\nexport PROXMOX_NODE='pve'\r\nEOF\r\nsource secrets-proxmox.sh\r\n```\r\n\r\nCreate the template:\r\n\r\n```bash\r\nmake build-windows-2022-proxmox\r\n```\r\n\r\n**NB** There is no way to use the created template with vagrant (the [vagrant-proxmox plugin](https://github.com/telcat/vagrant-proxmox) is no longer compatible with recent vagrant versions). Instead, use packer (e.g. like in this repository) or terraform (e.g. see [rgl/terraform-proxmox-windows-example](https://github.com/rgl/terraform-proxmox-windows-example)).\r\n\r\n\r\n## Hyper-V usage\r\n\r\nInstall [Hyper-V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v).\r\n\r\nMake sure your user is in the `Hyper-V Administrators` group\r\nor you run with Administrative privileges.\r\n\r\nHyper-V automatically creates the `Default Switch` VM Switch and the `vEthernet (Default Switch)` network adapter/interface. It provides DHCP, DNS forwarding, and NAT internet access. But it cannot be configured, and it changes the assigned IP addresses at every boot; this makes it unusable for me. Instead you should run your own DHCP service and [NAT virtual network](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/setup-nat-network#create-a-nat-virtual-network).\r\n\r\nCreate the `Vagrant` vSwitch and NAT network in a PowerShell with Administrative privileges:\r\n\r\n```powershell\r\n$name = 'Vagrant'\r\n$ipAddress = '192.168.192.1'\r\n$ipAddressPrefix = '24'\r\n\r\n# create the vSwitch.\r\n$vmSwitch = New-VMSwitch -SwitchName $name -SwitchType Internal\r\n\r\n# reconfigure the vSwitch IP configuration to use a known IP and network and disable IPv6.\r\n$netAdapterName = \"vEthernet ($name)\"\r\n$netAdapter = Get-NetAdapter -Name $netAdapterName\r\n$netAdapter | Disable-NetAdapterBinding -ComponentID ms_tcpip6\r\n$netAdapter | Remove-NetIPAddress -Confirm:$false\r\n$netAdapter | New-NetIPAddress -IPAddress $ipAddress -PrefixLength $ipAddressPrefix\r\n\r\n# create the NAT network.\r\nNew-NetNat -Name $name -InternalIPInterfaceAddressPrefix \"$ipAddress/$ipAddressPrefix\"\r\n```\r\n\r\nThen, [install and start the WinDHCP DHCP service](https://github.com/rgl/WinDHCP#service-installation).\r\n\r\nMake sure the Virtual Switch (its vEthernet network adapter) is excluded\r\nfrom the Windows Firewall protected network connections by executing the\r\nfollowing commands in a bash shell with Administrative privileges:\r\n\r\n```bash\r\nPowerShell -Command 'Get-NetFirewallProfile | Select-Object -Property Name,DisabledInterfaceAliases'\r\nPowerShell -Command 'Set-NetFirewallProfile -DisabledInterfaceAliases (Get-NetAdapter -name \"vEthernet*\" | Where-Object {$_.ifIndex}).InterfaceAlias'\r\n```\r\n\r\nCreate the base image in a bash shell with Administrative privileges:\r\n\r\n```bash\r\ncat \u003esecrets.sh \u003c\u003c'EOF'\r\n# set this value when you need to set the VM Switch Name.\r\nexport HYPERV_SWITCH_NAME='Vagrant'\r\n\r\n# set this value when you need to set the VM VLAN ID.\r\n#export HYPERV_VLAN_ID=''\r\n\r\n# set the credentials that the guest will use\r\n# to connect to this host smb share.\r\n# NB you should create a new local user named _vagrant_share\r\n#    and use that one here instead of your user credentials.\r\n# NB it would be nice for this user to have its credentials\r\n#    automatically rotated, if you implement that feature,\r\n#    let me known!\r\nexport VAGRANT_SMB_USERNAME='_vagrant_share'\r\nexport VAGRANT_SMB_PASSWORD=''\r\n\r\n# remove the virtual switch from the windows firewall.\r\n# NB execute if the VM fails to obtain an IP address from DHCP.\r\nPowerShell -Command 'Set-NetFirewallProfile -DisabledInterfaceAliases (Get-NetAdapter -name \"vEthernet*\" | Where-Object {$_.ifIndex}).InterfaceAlias'\r\nEOF\r\nsource secrets.sh\r\ntime make build-windows-2022-hyperv\r\n```\r\n\r\nTry the example guest:\r\n\r\n**NB** You will need Administrative privileges to create the SMB share.\r\n\r\n```bash\r\ncd example\r\n# grant $VAGRANT_SMB_USERNAME full permissions to the\r\n# current directory.\r\n# NB you must first install the Carbon PowerShell module\r\n#    with choco install -y carbon.\r\n# TODO set VM screen resolution.\r\nPowerShell -Command 'Import-Module Carbon; Grant-Permission . $env:VAGRANT_SMB_USERNAME FullControl'\r\nvagrant up --no-destroy-on-error --provider=hyperv\r\nvagrant ssh\r\nexit\r\nvagrant destroy -f\r\n```\r\n\r\n\r\n## VMware vSphere\r\n\r\nDownload the Windows Evaluation ISO (you can find the full iso URL in the [windows-2022-vsphere.pkr.hcl](windows-2022-vsphere.pkr.hcl) file) and place it inside the datastore as defined by the `vsphere_iso_url` user variable that is inside the [packer template](windows-2022-vsphere.pkr.hcl).\r\n\r\nDownload the [VMware Tools VMware-tools-windows-\u0026lt;SAME_VERSION_AS_IN_PACKER_TEMPLATE\u0026gt;.iso](https://packages.vmware.com/tools/releases/) file into the datastore defined by the `vsphere_tools_iso_url` user variable that is inside the [packer template](windows-2022-vsphere.pkr.hcl).\r\n\r\nDownload [govc](https://github.com/vmware/govmomi/releases/latest) and place it inside your `/usr/local/bin` directory.\r\n\r\nInstall the [vsphere vagrant plugin](https://github.com/nsidc/vagrant-vsphere), set your vSphere details, and test the connection to vSphere:\r\n\r\n```bash\r\nsudo apt-get install build-essential patch ruby-dev zlib1g-dev liblzma-dev\r\nvagrant plugin install vagrant-vsphere\r\nvagrant plugin install vagrant-windows-sysprep\r\ncat \u003esecrets.sh \u003c\u003c'EOF'\r\nexport GOVC_INSECURE='1'\r\nexport GOVC_HOST='vsphere.local'\r\nexport GOVC_URL=\"https://$GOVC_HOST/sdk\"\r\nexport GOVC_USERNAME='administrator@vsphere.local'\r\nexport GOVC_PASSWORD='password'\r\nexport GOVC_DATACENTER='Datacenter'\r\nexport GOVC_CLUSTER='Cluster'\r\nexport GOVC_DATASTORE='Datastore'\r\nexport VSPHERE_ESXI_HOST='esxi.local'\r\nexport VSPHERE_TEMPLATE_FOLDER='test/templates'\r\n# NB the VSPHERE_TEMPLATE_NAME last segment MUST match the\r\n#    builders.vm_name property inside the packer template.\r\nexport VSPHERE_TEMPLATE_NAME=\"$VSPHERE_TEMPLATE_FOLDER/windows-2022-amd64-vsphere\"\r\nexport VSPHERE_TEMPLATE_IPATH=\"//$GOVC_DATACENTER/vm/$VSPHERE_TEMPLATE_NAME\"\r\nexport VSPHERE_VM_FOLDER='test'\r\nexport VSPHERE_VM_NAME='windows-2022-vagrant-example'\r\nexport VSPHERE_VLAN='packer'\r\n# set the credentials that the guest will use\r\n# to connect to this host smb share.\r\n# NB you should create a new local user named _vagrant_share\r\n#    and use that one here instead of your user credentials.\r\n# NB it would be nice for this user to have its credentials\r\n#    automatically rotated, if you implement that feature,\r\n#    let me known!\r\nexport VAGRANT_SMB_USERNAME='_vagrant_share'\r\nexport VAGRANT_SMB_PASSWORD=''\r\nEOF\r\nsource secrets.sh\r\n# see https://github.com/vmware/govmomi/blob/master/govc/USAGE.md\r\ngovc version\r\ngovc about\r\ngovc datacenter.info # list datacenters\r\ngovc find # find all managed objects\r\n```\r\n\r\nBuild the base box with:\r\n\r\n```bash\r\nmake build-windows-2022-vsphere\r\n```\r\n\r\nTry the example guest:\r\n\r\n```bash\r\nsource secrets.sh\r\ncd example\r\n# check if you are using the expected template.\r\necho \"$VSPHERE_TEMPLATE_NAME\"\r\n# start the vm.\r\nvagrant up --no-destroy-on-error --provider=vsphere\r\n# using ssh, open a remote shell session.\r\nvagrant ssh\r\n# exit the remove shell session.\r\nexit\r\n# run a command (thru the vmware tools daemon service instead of ssh).\r\nexport GOVC_GUEST_LOGIN='vagrant:vagrant'\r\nVSPHERE_VM_IPATH=\"//$GOVC_DATACENTER/vm/$VSPHERE_VM_FOLDER/$VSPHERE_VM_NAME\"\r\ngovc guest.run -vm.ipath \"$VSPHERE_VM_IPATH\" whoami /all\r\n# destroy the vm.\r\nvagrant destroy -f\r\n```\r\n\r\n### Non-Administrator account\r\n\r\nThe above example uses the administrator account, but you can use a\r\nless privileged account like in the following example.\r\n\r\n#### Example\r\n\r\nFirst, review the glossary:\r\n\r\n\u003cdl\u003e\r\n\u003cdt\u003ePrivilege\u003c/dt\u003e\r\n\u003cdd\u003eThe ability to perform a specific action or read a specific property.\u003c/dd\u003e\r\n\u003cdt\u003eRole\u003c/dt\u003e\r\n\u003cdd\u003eA collection of privileges. Roles provide a way to aggregate all the individual privileges that are required to perform a higher-level task.\u003c/dd\u003e\r\n\u003cdt\u003ePermission\u003c/dt\u003e\r\n\u003cdd\u003eConsists of a user or group and an assigned role for an inventory object.\u003c/dd\u003e\r\n\u003c/dl\u003e\r\n\r\nThen follow the next steps to create an example configuration.\r\n\r\nIn the vSphere Single Sign-On (SSO) configuration page create a `Vagrants` group and add your non-administrator user to it.\r\n\r\nIn the vSphere Access Control page create a `Vagrant` role with the privileges:\r\n\r\n* Datastore\r\n  * Allocate space\r\n* Network\r\n  * Assign network\r\n* Resource\r\n  * Assign virtual machine to resource pool\r\n* Virtual machine\r\n  * Provisioning\r\n    * Deploy template\r\n\r\nIn vSphere configure the following Inventory Objects permissions:\r\n\r\n| Inventory Object | Role          | Principal (User or Group) | Propagate |\r\n|------------------|---------------|---------------------------|-----------|\r\n| Datacenter       | Vagrant       | VSPHERE.LOCAL\\Vagrants    | yes       |\r\n| test             | Administrator | VSPHERE.LOCAL\\Vagrants    | yes       |\r\n\r\n**NB** `test` is a folder that will store the virtual machines launched by `vagrant`.\r\n\r\nFor more information see the [vSphere Virtual Machine Administration/Required Privileges for Common Tasks document](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-4D0F8E63-2961-4B71-B365-BBFA24673FDB.html) in the [vSphere Virtual Machine Administration manual](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-55238059-912E-411F-A0E9-A7A536972A91.html).\r\n\r\n\r\n## SSH access\r\n\r\nYou can connect to this machine through SSH to run a remote command, e.g.:\r\n\r\n```batch\r\nssh -p 2222 vagrant@localhost \"whoami /all\"\r\n```\r\n\r\n**NB** the exact SSH address and port can be obtained with `vagrant ssh-config`.\r\n\r\n**NB** we cannot use the vagrant SMB shared folder type when using the `winssh`\r\ncommunicator; it will fail to mount the shared folder with the error:\r\n\r\n  ```\r\n  cmdkey /add:192.168.1.xxx /user:xxx /pass:\"*****\"\r\n  CMDKEY: Credentials cannot be saved from this logon session.\r\n  ```\r\n\r\n**NB** this is a [Windows design restriction](https://github.com/PowerShell/Win32-OpenSSH/issues/996#issuecomment-610635377)\r\nthat prevents remote network logon sessions from accessing certain parts of the\r\nsystem.\r\n\r\n**NB** this is why the default vagrant box communicator is `winrm`.\r\n\r\n\r\n### PowerShell Remoting over SSH\r\n\r\nYou can connect to this machine through PowerShell Remoting over SSH. In a\r\nLinux (or Windows) PowerShell 7 session execute, e.g.:\r\n\r\n```powershell\r\nEnter-PSSession -HostName vagrant@localhost:2222\r\n$PSVersionTable\r\nwhoami /all\r\nexit\r\n```\r\n\r\n\r\n## WinRM access\r\n\r\nYou can connect to this machine through WinRM to run a remote command. In a\r\nWindows Command Prompt session execute, e.g.:\r\n\r\n```batch\r\nwinrs -r:localhost:55985 -u:vagrant -p:vagrant \"whoami /all\"\r\n```\r\n\r\n**NB** the exact local WinRM port should be displayed by vagrant, in this case:\r\n\r\n```plain\r\n==\u003e default: Forwarding ports...\r\n    default: 5985 (guest) =\u003e 55985 (host) (adapter 1)\r\n```\r\n\r\n\r\n### PowerShell Remoting over WinRM\r\n\r\nYou can connect to this machine through PowerShell Remoting over WinRM. In a\r\nWindows PowerShell 7 session execute, e.g.:\r\n\r\n```powershell\r\n# Configure this machine WinRM client to trust all remote servers.\r\n# NB Since this local client machine is not in the AD nor its using HTTPS to\r\n#    access the server, we must configure it to trust the server, or in this\r\n#    case, trust all servers.\r\nSet-Item WSMan:\\localhost\\Client\\TrustedHosts -Value '*' -Force\r\n\r\n# Open a session and execute commands remotely.\r\n# NB To open a PowerShell 5 session, remove the -ConfigurationName argument.\r\nEnter-PSSession -ConfigurationName PowerShell.7 -ComputerName localhost -Port 55985 -Credential vagrant\r\nGet-PSSessionConfiguration  # show the available configurations.\r\n$PSVersionTable             # show the powershell version.\r\nwhoami /all                 # show the user permissions.\r\nexit                        # exit the session.\r\n```\r\n\r\n\r\n# WinRM and UAC (aka LUA)\r\n\r\nThis base image uses WinRM. WinRM [poses several limitations on remote administration](http://www.hurryupandwait.io/blog/safely-running-windows-automation-operations-that-typically-fail-over-winrm-or-powershell-remoting),\r\nthose were worked around by [disabling User Account Control (UAC)](https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/disable-user-account-control) (aka [Limited User Account (LUA)](https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-lua-settings-enablelua)) in `autounattend.xml`\r\nand [UAC remote restrictions](https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows)\r\n in `provision-winrm.ps1`.\r\n\r\nIf needed, you can later enable them with:\r\n\r\n```powershell\r\nSet-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name EnableLUA -Value 1\r\nSet-ItemProperty -Path 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name EnableLUA -Value 1\r\nRemove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name LocalAccountTokenFilterPolicy\r\nRestart-Computer\r\n```\r\n\r\nOr disable them with:\r\n\r\n```powershell\r\nSet-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name EnableLUA -Value 0\r\nSet-ItemProperty -Path 'HKLM:\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name EnableLUA -Value 0\r\nNew-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name LocalAccountTokenFilterPolicy -Value 1 -Force\r\nRestart-Computer\r\n```\r\n\r\n\r\n# Windows Unattended Installation\r\n\r\nWhen Windows boots from the installation media its Setup application loads the `e:\\autounattend.xml` file.\r\nIt contains all the answers needed to automatically install Windows without any human intervention. For\r\nmore information on how this works see [OEM Windows Deployment and Imaging Walkthrough](https://technet.microsoft.com/en-us/library/dn621895.aspx).\r\n\r\nWhen there is a problem with the setup, you should look into the [Setup log files (Windows Preinstallation Environment phase)](https://learn.microsoft.com/en-us/troubleshoot/windows-client/setup-upgrade-and-drivers/windows-setup-log-file-locations#windows-preinstallation-environment-phase) by pressing `Shift+F10` to open a Command Prompt, and then use `notepad.exe` to open the Setup log files.\r\n\r\n`autounattend.xml` was generated with the Windows System Image Manager (WSIM) application that is\r\nincluded in the Windows Assessment and Deployment Kit (ADK).\r\n\r\n## Windows ADK\r\n\r\nTo create, edit and validate the `e:\\autounattend.xml` file you need to install the Deployment Tools that\r\nare included in the [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit).\r\n\r\nIf you are having trouble installing the ADK (`adksetup`) or running WSIM (`imgmgr`) when your\r\nmachine is on a Windows Domain and the log has:\r\n\r\n```plain\r\nImage path is [\\??\\C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM\\wimmount.sys]\r\nCould not acquire privileges; GLE=0x514\r\nReturning status 0x514\r\n```\r\n\r\nIt means there's a group policy that is restricting your effective permissions, for an workaround,\r\nrun `adksetup` and `imgmgr` from a `SYSTEM` shell, something like:\r\n\r\n```batch\r\npsexec -s -d -i cmd\r\nadksetup\r\ncd \"C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM\"\r\nimgmgr\r\n```\r\n\r\nFor more information see [Error installing Windows ADK](http://blogs.catapultsystems.com/chsimmons/archive/2015/08/17/error-installing-windows-adk/).\r\n","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fwindows-vagrant","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fwindows-vagrant","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fwindows-vagrant/lists"}