${locale}
${locale}
${locale}
${locale}
${locale}
${virtio_drive}:\vioscsi\2k22\amd64
${virtio_drive}:\viostor\2k22\amd64
${virtio_drive}:\NetKVM\2k22\amd64
0
true
1
EFI
100
2
MSR
128
3
Primary
true
1
1
FAT32
2
3
NTFS
C
0
3
/IMAGE/INDEX
${image_index}
true
${product_key}
Never
${virtio_drive}:\vioscsi\2k22\amd64
${virtio_drive}:\viostor\2k22\amd64
${virtio_drive}:\NetKVM\2k22\amd64
${virtio_drive}:\Balloon\2k22\amd64
${virtio_drive}:\pvpanic\2k22\amd64
${virtio_drive}:\qxldod\2k22\amd64
${virtio_drive}:\vioserial\2k22\amd64
${virtio_drive}:\vioinput\2k22\amd64
${virtio_drive}:\viorng\2k22\amd64
*
${timezone}
false
true
${admin_password}
<![CDATA[true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>Administrator</Username>
</AutoLogon>
<UserAccounts>
<AdministratorPassword>
<Value>${admin_password}</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
</UserAccounts>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine
>cmd /c "${virtio_drive}:\virtio-win-guest-tools.exe /install /norestart -q"</CommandLine>
<Description>Install VirtIO drivers and QEMU Guest Agent</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<CommandLine
>powershell -NoProfile -Command "Set-ExecutionPolicy Bypass -Scope LocalMachine -Force"</CommandLine>
<Description>Set execution policy</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<CommandLine
>powershell -NoProfile -Command "Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private"</CommandLine>
<Description>Set network to Private</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>4</Order>
<CommandLine
>powershell -NoProfile -Command "Get-ChildItem WSMan:\localhost\Listener | Remove-Item -Recurse -ErrorAction SilentlyContinue"</CommandLine>
<Description>Remove existing WinRM listeners</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>5</Order>
<CommandLine
>powershell -NoProfile -Command "New-WSManInstance -ResourceURI winrm/config/Listener -SelectorSet @{Address='*';Transport='HTTP'}"</CommandLine>
<Description>Create WinRM HTTP listener</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>6</Order>
<CommandLine
>powershell -NoProfile -Command "Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True"</CommandLine>
<Description>Allow unencrypted WinRM</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>7</Order>
<CommandLine
>powershell -NoProfile -Command "Set-Item WSMan:\localhost\Service\Auth\Basic -Value True"</CommandLine>
<Description>Allow basic auth</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>8</Order>
<CommandLine
>powershell -NoProfile -Command "Set-Item WSMan:\localhost\MaxEnvelopeSizekb -Value 8192"</CommandLine>
<Description>Increase max envelope size</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>9</Order>
<CommandLine
>powershell -NoProfile -Command "Set-Service WinRM -StartupType Automatic"</CommandLine>
<Description>Set WinRM auto-start</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>10</Order>
<CommandLine
>powershell -NoProfile -Command "New-NetFirewallRule -DisplayName WinRM-HTTP -Direction Inbound -Action Allow -Protocol TCP -LocalPort 5985 -Profile Any"</CommandLine>
<Description>Open firewall port 5985</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>11</Order>
<CommandLine
>powershell -NoProfile -Command "Restart-Service WinRM -Force"</CommandLine>
<Description>Restart WinRM service</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>12</Order>
<CommandLine
>powershell -NoProfile -Command "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0"</CommandLine>
<Description>Install OpenSSH Server</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>13</Order>
<CommandLine
>powershell -NoProfile -Command "Set-Service sshd -StartupType Automatic; Start-Service sshd"</CommandLine>
<Description>Enable and start sshd</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>14</Order>
<CommandLine
>powershell -NoProfile -Command "New-NetFirewallRule -DisplayName OpenSSH-Server -Direction Inbound -Action Allow -Protocol TCP -LocalPort 22 -Profile Any"</CommandLine>
<Description>Open firewall port 22</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>15</Order>
<CommandLine
>powershell -NoProfile -Command "$conf = 'C:\ProgramData\ssh\sshd_config'; (Get-Content $conf) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes' -replace 'Match Group administrators','#Match Group administrators' -replace ' AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys','# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys' | Set-Content $conf; Restart-Service sshd"</CommandLine>
<Description>Configure sshd for pubkey auth</Description>
</SynchronousCommand>
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
</component>
<component
name="Microsoft-Windows-International-Core"
processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35"
language="neutral"
versionScope="nonSxS"
>
<InputLocale>${locale}</InputLocale>
<SystemLocale>${locale}</SystemLocale>
<UILanguage>${locale}</UILanguage>
<UserLocale>${locale}</UserLocale>
</component>
</settings>
</unattend>
]]></plaintext></password></autologon></component></settings></unattend>