-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathautounattend.xml
More file actions
193 lines (167 loc) · 21.4 KB
/
autounattend.xml
File metadata and controls
193 lines (167 loc) · 21.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage><UILanguage>en-GB</UILanguage></SetupUILanguage>
<InputLocale>0409:00000409</InputLocale>
<UILanguage>en-GB</UILanguage>
</component>
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<!-- virtio-win ISO: try both attestation and standard layout, on D: and E: -->
<PathAndCredentials wcm:action="add" wcm:keyValue="1"><Path>D:\Win11\amd64\viostor</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="2"><Path>E:\Win11\amd64\viostor</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="3"><Path>D:\Win11\amd64\NetKvm</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="4"><Path>E:\Win11\amd64\NetKvm</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="5"><Path>D:\Win11\amd64\Balloon</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="6"><Path>E:\Win11\amd64\Balloon</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="7"><Path>D:\viostor\w11\amd64</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="8"><Path>E:\viostor\w11\amd64</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="9"><Path>D:\NetKVM\w11\amd64</Path></PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="10"><Path>E:\NetKVM\w11\amd64</Path></PathAndCredentials>
</DriverPaths>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<DiskID>0</DiskID><WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<CreatePartition wcm:action="add"><Order>1</Order><Size>100</Size><Type>EFI</Type></CreatePartition>
<CreatePartition wcm:action="add"><Order>2</Order><Size>16</Size><Type>MSR</Type></CreatePartition>
<CreatePartition wcm:action="add"><Order>3</Order><Extend>true</Extend><Type>Primary</Type></CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add"><Order>1</Order><PartitionID>1</PartitionID><Format>FAT32</Format><Label>System</Label></ModifyPartition>
<ModifyPartition wcm:action="add"><Order>2</Order><PartitionID>2</PartitionID></ModifyPartition>
<ModifyPartition wcm:action="add"><Order>3</Order><PartitionID>3</PartitionID><Format>NTFS</Format><Label>Windows</Label><Letter>C</Letter></ModifyPartition>
</ModifyPartitions>
</Disk>
</DiskConfiguration>
<ImageInstall><OSImage><InstallFrom><MetaData wcm:action="add"><Key>/IMAGE/INDEX</Key><Value>6</Value></MetaData></InstallFrom><InstallTo><DiskID>0</DiskID><PartitionID>3</PartitionID></InstallTo></OSImage></ImageInstall>
<UserData><AcceptEula>true</AcceptEula><ProductKey><Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key><WillShowUI>OnError</WillShowUI></ProductKey></UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add"><Order>1</Order><Path>reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f</Path></RunSynchronousCommand>
</RunSynchronous>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>COCOON-VM</ComputerName><TimeZone>Pacific Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE><HideEULAPage>true</HideEULAPage><HideOnlineAccountScreens>true</HideOnlineAccountScreens><HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE><ProtectYourPC>3</ProtectYourPC></OOBE>
<UserAccounts><LocalAccounts><LocalAccount wcm:action="add"><Name>cocoon</Name><Group>Administrators</Group><Password><Value>QwBAAGMAIwBvAG4AMQA2ADAAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></Password></LocalAccount></LocalAccounts></UserAccounts>
<AutoLogon><Enabled>true</Enabled><Username>cocoon</Username><Password><Value>QwBAAGMAIwBvAG4AMQA2ADAAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></Password><LogonCount>9999</LogonCount></AutoLogon>
<FirstLogonCommands>
<!-- Disable QuickEdit so VNC mouse events cannot freeze the console during install -->
<SynchronousCommand wcm:action="add"><Order>1</Order><CommandLine>reg add "HKCU\Console" /v QuickEdit /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<!-- RDP -->
<SynchronousCommand wcm:action="add"><Order>2</Order><CommandLine>powershell -Command "Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>3</Order><CommandLine>powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'"</CommandLine></SynchronousCommand>
<!-- SSH (FoD via WU) -->
<SynchronousCommand wcm:action="add"><Order>4</Order><CommandLine>powershell -Command "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | Out-Null; Start-Service sshd; Set-Service -Name sshd -StartupType Automatic"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>5</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"</CommandLine></SynchronousCommand>
<!-- Firewall / ICMP -->
<SynchronousCommand wcm:action="add"><Order>6</Order><CommandLine>netsh advfirewall firewall add rule name="Allow ICMPv4" protocol=icmpv4:8,any dir=in action=allow</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>7</Order><CommandLine>netsh advfirewall set allprofiles state off</CommandLine></SynchronousCommand>
<!-- Power / hibernate -->
<SynchronousCommand wcm:action="add"><Order>8</Order><CommandLine>powercfg /h off</CommandLine></SynchronousCommand>
<!-- EMS boot flags -->
<SynchronousCommand wcm:action="add"><Order>9</Order><CommandLine>bcdedit /emssettings emsport:1 emsbaudrate:115200</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>10</Order><CommandLine>bcdedit /ems on</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>11</Order><CommandLine>bcdedit /bootems on</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>12</Order><CommandLine>sc config TermService start=auto</CommandLine></SynchronousCommand>
<!-- EMS-SAC FoD (required for real SAC on Win11 client; bcdedit alone is not enough) -->
<SynchronousCommand wcm:action="add"><Order>13</Order><CommandLine>powershell -Command "$cap = Get-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0; if ($cap.State -ne 'Installed') { Add-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0 | Out-Null }"</CommandLine></SynchronousCommand>
<!-- WinRM (Enable-PSRemoting sets Delayed Start; override to plain Automatic) -->
<SynchronousCommand wcm:action="add"><Order>14</Order><CommandLine>powershell -Command "Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>15</Order><CommandLine>powershell -Command "Enable-PSRemoting -Force -SkipNetworkProfileCheck"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>16</Order><CommandLine>sc.exe config WinRM start= auto</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>17</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>18</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\Auth\Basic -Value True"</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>19</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name winrm -DisplayName 'WinRM HTTP' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 5985"</CommandLine></SynchronousCommand>
<!-- Hostname (specialize ComputerName unreliable on 25H2) -->
<SynchronousCommand wcm:action="add"><Order>20</Order><CommandLine>powershell -Command "Rename-Computer -NewName 'COCOON-VM' -Force"</CommandLine></SynchronousCommand>
<!-- virtio-win guest tools -->
<SynchronousCommand wcm:action="add"><Order>21</Order><CommandLine>cmd /c "if exist D:\virtio-win-guest-tools.exe (D:\virtio-win-guest-tools.exe /S) else if exist E:\virtio-win-guest-tools.exe (E:\virtio-win-guest-tools.exe /S)"</CommandLine></SynchronousCommand>
<!-- ACPI power button = Shut down (unhide first, then set by GUID) -->
<SynchronousCommand wcm:action="add"><Order>22</Order><CommandLine>powercfg /attributes 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 -ATTRIB_HIDE</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>23</Order><CommandLine>powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>24</Order><CommandLine>powercfg /setdcvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>25</Order><CommandLine>powercfg /setactive SCHEME_CURRENT</CommandLine></SynchronousCommand>
<!-- Shutdown optimization -->
<SynchronousCommand wcm:action="add"><Order>26</Order><CommandLine>reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 5000 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>27</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableShutdownNamedPipeCheck /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>28</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v shutdownwithoutlogon /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
<!-- VM performance: disable visual effects and UI overhead -->
<SynchronousCommand wcm:action="add"><Order>29</Order><CommandLine>reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v VisualFXSetting /t REG_DWORD /d 2 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>30</Order><CommandLine>reg add "HKCU\Control Panel\Desktop" /v UserPreferencesMask /t REG_BINARY /d 9012038010000000 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>31</Order><CommandLine>reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v EnableTransparency /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>32</Order><CommandLine>reg add "HKCU\Control Panel\Desktop" /v MenuShowDelay /t REG_SZ /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>33</Order><CommandLine>powershell -Command "Set-ItemProperty 'HKCU:\Control Panel\Desktop' -Name Wallpaper -Value ''"</CommandLine></SynchronousCommand>
<!-- VM performance: high perf power plan, no sleep/display timeout -->
<SynchronousCommand wcm:action="add"><Order>34</Order><CommandLine>powershell -Command "powercfg /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c; powercfg /change monitor-timeout-ac 0; powercfg /change standby-timeout-ac 0"</CommandLine></SynchronousCommand>
<!-- VM performance: disable unnecessary services -->
<SynchronousCommand wcm:action="add"><Order>35</Order><CommandLine>powershell -Command "Set-Service SysMain -StartupType Disabled -EA SilentlyContinue; Stop-Service SysMain -Force -EA SilentlyContinue; Set-Service WSearch -StartupType Disabled -EA SilentlyContinue; Stop-Service WSearch -Force -EA SilentlyContinue"</CommandLine></SynchronousCommand>
<!-- VM performance: disable bloat features -->
<SynchronousCommand wcm:action="add"><Order>36</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v AllowGameDVR /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>37</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Dsh" /v AllowNewsAndInterests /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>38</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v NoLockScreen /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
<!-- VM performance: reduce background I/O -->
<SynchronousCommand wcm:action="add"><Order>39</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>40</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /v AutoDownload /t REG_DWORD /d 2 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>41</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DODownloadMode /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<!-- VM performance: disable Cortana, Copilot, startup delay, tips -->
<SynchronousCommand wcm:action="add"><Order>42</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowCortana /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>43</Order><CommandLine>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>44</Order><CommandLine>reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SubscribedContent-338389Enabled /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>45</Order><CommandLine>reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SubscribedContent-310093Enabled /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>46</Order><CommandLine>reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SilentInstalledAppsEnabled /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>47</Order><CommandLine>reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v StartupDelayInMSec /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
<!-- VM performance: disable DWM animations and smooth scrolling -->
<SynchronousCommand wcm:action="add"><Order>48</Order><CommandLine>reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v MinAnimate /t REG_SZ /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>49</Order><CommandLine>reg add "HKCU\Control Panel\Desktop" /v DragFullWindows /t REG_SZ /d 0 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>50</Order><CommandLine>reg add "HKCU\Control Panel\Desktop" /v FontSmoothing /t REG_SZ /d 2 /f</CommandLine></SynchronousCommand>
<!-- VM performance: disable scheduled tasks that waste CPU -->
<SynchronousCommand wcm:action="add"><Order>51</Order><CommandLine>powershell -Command "Disable-ScheduledTask -TaskName '\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser' -EA SilentlyContinue; Disable-ScheduledTask -TaskName '\Microsoft\Windows\Defrag\ScheduledDefrag' -EA SilentlyContinue; Disable-ScheduledTask -TaskName '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector' -EA SilentlyContinue"</CommandLine></SynchronousCommand>
<!-- viosock driver (virtio-vsock) install. virtio-win-guest-tools.exe /S
does not register the viosock WSP, so cocoon-agent's AF_VSOCK
listener can't bind. Install directly from the virtio-win ISO.
Both attestation (D:\viosock\w11\amd64) and standard layout, on
D: and E:, mirroring the windowsPE DriverPaths. Verified post-
install: "Virtio Vsock STREAM" Provider Path %SystemRoot%\System32
\viosocklib.dll, Address Family 40 in `netsh winsock show catalog`. -->
<SynchronousCommand wcm:action="add"><Order>52</Order><CommandLine>cmd /c "if exist D:\viosock\w11\amd64\viosock.inf (pnputil /add-driver D:\viosock\w11\amd64\viosock.inf /install) else if exist E:\viosock\w11\amd64\viosock.inf (pnputil /add-driver E:\viosock\w11\amd64\viosock.inf /install) else if exist D:\Win11\amd64\viosock\viosock.inf (pnputil /add-driver D:\Win11\amd64\viosock\viosock.inf /install) else if exist E:\Win11\amd64\viosock\viosock.inf (pnputil /add-driver E:\Win11\amd64\viosock\viosock.inf /install)"</CommandLine></SynchronousCommand>
<!-- cocoon-agent install: invoke the bootstrap .ps1 from the install
ISO root (placed there by build-qemu.sh at repack time). It pulls
the pinned v0.1.2 release from GitHub, verifies SHA256, and runs
the bundled install-cocoon-agent.ps1 to register the cocoon-agent
service (LocalSystem, auto-start, restart-on-crash). FirstLogon
SynchronousCommand CommandLine has a tight length limit; inlining
the base64-encoded PowerShell hit it on 25H2, so the body lives
on the ISO instead. -->
<SynchronousCommand wcm:action="add"><Order>53</Order><CommandLine>cmd /c "for %d in (D E) do if exist %d:\install-cocoon-agent-bootstrap.ps1 powershell -NoProfile -ExecutionPolicy Bypass -File %d:\install-cocoon-agent-bootstrap.ps1"</CommandLine></SynchronousCommand>
<!-- NIC auto-heal: copy cocoon-nic-autoheal.ps1 from the install ISO
to C:\CocoonNicAutoHeal.ps1 and register the CocoonNicAutoHeal
scheduled task (1-minute, SYSTEM, HIGHEST). Recovers chained-clone
Win11 guests where vm.restore leaves the NIC bound at the OS layer
but unable to transmit (Status reports 'OK' so a Status='Error'
filter would miss it). -->
<SynchronousCommand wcm:action="add"><Order>54</Order><CommandLine>cmd /c "for %d in (D E) do if exist %d:\setup-cocoon-nic-autoheal.ps1 powershell -NoProfile -ExecutionPolicy Bypass -File %d:\setup-cocoon-nic-autoheal.ps1"</CommandLine></SynchronousCommand>
<!-- Restore QuickEdit and mark completion -->
<SynchronousCommand wcm:action="add"><Order>55</Order><CommandLine>reg add "HKCU\Console" /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
<SynchronousCommand wcm:action="add"><Order>56</Order><CommandLine>cmd /c "echo %date% %time% > C:\install.success"</CommandLine></SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
</unattend>