actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-13 20:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1eb504f4d48c428bf25a4c0fce604e98d8ac6f4c
runner-images/images/win/scripts/Installers/Initialize-VM.ps1
jmos5156 1eb504f4d4 Removing 'ImageVersion' as an env var as we already use 'IMAGE_VERSION' (#2509) 
* Removing 'ImageVersion' as an env var as we already use 'IMAGE_VERSION'. The env var is only used SoftwareReport.Generator script.

* Adding IMAGE_VERISON to SoftwareReport.Generator

* Adding IMAGE_VERISON to SoftwareReport.Generator

* Chnaging the way the env vars are used to floow the same pattern throughout

Co-authored-by: Jose Mosquera <jose.mosquera@dotdigital.com>
2021-01-27 13:12:48 +03:00

138 lines
5.0 KiB
PowerShell
Raw Blame History

################################################################################
## File: Initialize-VM.ps1
## Desc: VM initialization script, machine level configuration
################################################################################
function Disable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force
$ieProcess = Get-Process -Name Explorer -ErrorAction SilentlyContinue
if ($ieProcess){
Stop-Process -Name Explorer -Force -ErrorAction Continue
}
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled."
}
function Disable-InternetExplorerWelcomeScreen {
$AdminKey = "HKLM:\Software\Policies\Microsoft\Internet Explorer\Main"
New-Item -Path $AdminKey -Value 1 -Force
Set-ItemProperty -Path $AdminKey -Name "DisableFirstRunCustomize" -Value 1 -Force
Write-Host "Disabled IE Welcome screen"
}
function Disable-UserAccessControl {
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000 -Force
Write-Host "User Access Control (UAC) has been disabled."
}
# Enable $ErrorActionPreference='Stop' for AllUsersAllHosts
Add-Content -Path $profile.AllUsersAllHosts -Value '$ErrorActionPreference="Stop"'
# Set static env vars
setx ImageVersion $env:IMAGE_VERSION /m
setx ImageOS $env:IMAGE_OS /m
# Set TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor "Tls12"
Write-Host "Disable Antivirus"
Set-MpPreference -DisableRealtimeMonitoring $true
# Disable Windows Update
$AutoUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
If (Test-Path -Path $AutoUpdatePath) {
Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 1
Write-Host "Disabled Windows Update"
}
else {
Write-Host "Windows Update key does not exist"
}
# Install .NET Framework 3.5 (required by Chocolatey)
# Explicitly install all 4.7 sub features to include ASP.Net.
# As of 1/16/2019, WinServer 19 lists .Net 4.7 as NET-Framework-45-Features
Install-WindowsFeature -Name NET-Framework-Features -IncludeAllSubFeature
Install-WindowsFeature -Name NET-Framework-45-Features -IncludeAllSubFeature
if (Test-IsWin16) {
Install-WindowsFeature -Name BITS -IncludeAllSubFeature
Install-WindowsFeature -Name DSC-Service
}
# Install FS-iSCSITarget-Server
$fsResult = Install-WindowsFeature -Name FS-iSCSITarget-Server -IncludeAllSubFeature -IncludeManagementTools
if ( $fsResult.Success ) {
Write-Host "FS-iSCSITarget-Server has been successfully installed"
} else {
Write-Host "Failed to install FS-iSCSITarget-Server"
exit 1
}
Write-Host "Disable UAC"
Disable-UserAccessControl
Write-Host "Disable IE Welcome Screen"
Disable-InternetExplorerWelcomeScreen
Write-Host "Disable IE ESC"
Disable-InternetExplorerESC
Write-Host "Setting local execution policy"
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine -ErrorAction Continue | Out-Null
Get-ExecutionPolicy -List
Write-Host "Enable long path behavior"
# See https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file#maximum-path-length-limitation
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -Value 1
Write-Host "Install chocolatey"
$chocoExePath = 'C:\ProgramData\Chocolatey\bin'
if ($($env:Path).ToLower().Contains($($chocoExePath).ToLower())) {
Write-Host "Chocolatey found in PATH, skipping install..."
Exit
}
# Add to system PATH
$systemPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::Machine)
$systemPath += ';' + $chocoExePath
[Environment]::SetEnvironmentVariable("PATH", $systemPath, [System.EnvironmentVariableTarget]::Machine)
# Update local process' path
$userPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::User)
if ($userPath) {
$env:Path = $systemPath + ";" + $userPath
}
else {
$env:Path = $systemPath
}
# Run the installer
Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
# Turn off confirmation
choco feature enable -n allowGlobalConfirmation
# https://github.com/chocolatey/choco/issues/89
# Remove some of the command aliases, like `cpack` #89
Remove-Item -Path $env:ChocolateyInstall\bin\cpack.exe -Force
if (Test-IsWin16) {
# Install vcredist140
Choco-Install -PackageName vcredist140
}
if (Test-IsWin19) {
# Install vcredist2010
Choco-Install -PackageName vcredist2010
}
# Expand disk size of OS drive
$driveLetter = "C"
$size = Get-PartitionSupportedSize -DriveLetter $driveLetter
Resize-Partition -DriveLetter $driveLetter -Size $size.SizeMax
Get-Volume | Select-Object DriveLetter, SizeRemaining, Size | Sort-Object DriveLetter
Reference in New Issue View Git Blame Copy Permalink