{{ ansible_password | b64encode | b64decode }} true</PlainText> </AdministratorPassword> <LocalAccounts> <LocalAccount wcm:action="add"> <Password> <Value>{{ ansible_password | b64encode | b64decode }}</Value> <PlainText>true</PlainText> </Password> <Description>{{ item.user_name | default('vagrant') }} User</Description> <DisplayName>{{ item.user_name | default('vagrant') }}</DisplayName> <Group>Administrators</Group> <Name>{{ item.user_name | default('vagrant') }}</Name> </LocalAccount> </LocalAccounts> </UserAccounts> <OOBE> <HideEULAPage>true</HideEULAPage> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Home</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> {% if not '2008' in (windows_distro_name | default(item.template)) %} <HideLocalAccountScreen>true</HideLocalAccountScreen> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> {% endif %} <SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE> </OOBE> <AutoLogon> <Password> <Value>{{ ansible_password | b64encode | b64decode }}</Value> <PlainText>true</PlainText> </Password> <Username>{{ item.user_name | default('vagrant') }}</Username> <Enabled>true</Enabled> </AutoLogon> <FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> <Description>Set Execution Policy 64 Bit</Description> <Order>1</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% if not '2008' in (windows_distro_name | default(item.template)) %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Set-NetConnectionProfile -NetworkCategory Private"</CommandLine> <Description>Set network connection profile to private</Description> <Order>2</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine> <Description>winrm quickconfig -q</Description> <Order>4</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine> <Description>winrm quickconfig -transport:http</Description> <Order>5</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine> <Description>Win RM MaxTimoutms</Description> <Order>6</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine> <Description>Win RM MaxMemoryPerShellMB</Description> <Order>7</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine> <Description>Win RM AllowUnencrypted</Description> <Order>8</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine> <Description>Win RM auth Basic</Description> <Order>9</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine> <Description>Win RM client auth Basic</Description> <Order>10</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine> <Description>Win RM listener Address/Port</Description> <Order>11</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"</CommandLine> <Description>Win RM port open</Description> <Order>12</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c net stop winrm</CommandLine> <Description>Stop Win RM Service </Description> <Order>13</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine> <Description>Win RM Autostart</Description> <Order>14</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c net start winrm</CommandLine> <Description>Start Win RM Service</Description> <Order>15</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% else %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c reg add "HKLM\System\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine> <Description>Network prompt</Description> <Order>2</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "{{ set_network_to_private }}"</CommandLine> <Description>Set network connection profile to private</Description> <Order>3</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% endif %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "& $([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))) -ForceNewSSLCert -EnableCredSSP"</CommandLine> <Description>Enable winrm</Description> <Order>20</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Enable-WSManCredSSP -Role Server -Force"</CommandLine> <Description>Enable winrm server role</Description> <Order>21</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Set-Item -Path 'WSMan:\localhost\Service\Auth\CredSSP' -Value $true"</CommandLine> <Description>Enable credssp authentication</Description> <Order>22</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Resize-Partition -DriveLetter C -Size (Get-PartitionSupportedSize -DriveLetter C).Sizemax -ErrorAction SilentlyContinue"</CommandLine> <Description>Extend OS disk</Description> <Order>23</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% if item.networks is defined and item.networks[0].ip is defined and item.networks[0].gateway is defined and item.networks[0].netmask is defined %} {% if not '2008' in (windows_distro_name | default(item.template)) %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "New-NetIPAddress –IPAddress {{ item.networks[0].ip }} -DefaultGateway {{ item.networks[0].gateway }} -PrefixLength {{ (item.networks[0].ip + '/' + item.networks[0].netmask) | ipaddr('prefix') }} -InterfaceIndex (Get-NetAdapter | Where-Object { ($_.Name -like '*Ethernet*') -and ($_.Status -like 'Up') })[0].InterfaceIndex"</CommandLine> <Description>Set static ip</Description> <Order>50</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% else %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c netsh int ipv4 set address "Local Area connection" static {{ item.networks[0].ip }} {{ item.networks[0].netmask }} {{ item.networks[0].gateway }}</CommandLine> <Description>Set static ip</Description> <Order>50</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% endif %} {% if item.networks[0].dns_servers is defined %} {% if not '2008' in (windows_distro_name | default(item.template)) %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c powershell -Command "Set-DNSClientServerAddress –InterfaceIndex (Get-NetAdapter | Where-Object { ($_.Name -like '*Ethernet*') -and ($_.Status -like 'Up') })[0].InterfaceIndex –ServerAddresses {{ item.networks[0].dns_servers|join(',') }}"</CommandLine> <Description>Set static ip</Description> <Order>51</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% else %} <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c netsh int ipv4 set dns "Local Area connection" static {{ item.networks[0].dns_servers[0] }}</CommandLine> <Description>Set static ip</Description> <Order>51</Order> <RequiresUserInput>true</RequiresUserInput> </SynchronousCommand> {% endif %} {% endif %} {% endif %} </FirstLogonCommands> <ShowWindowsLive>false</ShowWindowsLive> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> <OEMInformation> <HelpCustomized>false</HelpCustomized> </OEMInformation> <!-- Rename computer here. --> <ComputerName>{{ item.name }}</ComputerName> <TimeZone>Central Standard Time</TimeZone> <RegisteredOwner/> </component> <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> <SkipAutoActivation>true</SkipAutoActivation> </component> <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ExtendOSPartition> <Extend>true</Extend> </ExtendOSPartition> </component> </settings> <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="catalog:d:/sources/install_windows 7 ENTERPRISE.clg"/> </unattend>