[MicroWin] Preparation for 2025

functions/microwin/Invoke-Microwin.ps1

@@ -55,6 +55,8 @@ public class PowerManagement {
     $injectDrivers = $sync.MicrowinInjectDrivers.IsChecked
     $importDrivers = $sync.MicrowinImportDrivers.IsChecked
 
+    $importVirtIO = $sync.MicrowinCopyVirtIO.IsChecked
+
     $mountDir = $sync.MicrowinMountDir.Text
     $scratchDir = $sync.MicrowinScratchDir.Text
 
@@ -109,7 +111,7 @@ public class PowerManagement {
         Write-Host "Mounting Windows image. This may take a while."
         Mount-WindowsImage -ImagePath "$mountDir\sources\install.wim" -Index $index -Path "$scratchDir"
         if ($?) {
-            Write-Host "Mounting complete! Performing removal of applications..."
+            Write-Host "The Windows image has been mounted successfully. Continuing processing..."
         } else {
             Write-Host "Could not mount image. Exiting..."
             Set-WinUtilTaskbaritem -state "Error" -value 1 -overlay "warning"
@@ -155,6 +157,11 @@ public class PowerManagement {
             }
         }
 
+        if ($importVirtIO) {
+            Write-Host "Copying VirtIO drivers..."
+            Microwin-CopyVirtIO
+        }
+
         Write-Host "Remove Features from the image"
         Microwin-RemoveFeatures
         Write-Host "Removing features complete!"
@@ -189,8 +196,6 @@ public class PowerManagement {
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\DiagTrack" -Directory
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\InboxApps" -Directory
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\System32\LocationNotificationWindows.exe"
-        Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Photo Viewer" -Directory
-        Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Windows Photo Viewer" -Directory
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Media Player" -Directory
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Windows Media Player" -Directory
         Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Mail" -Directory
@@ -280,20 +285,22 @@ public class PowerManagement {
         reg add "HKLM\zSYSTEM\Setup\LabConfig" /v "BypassTPMCheck" /t REG_DWORD /d 1 /f
         reg add "HKLM\zSYSTEM\Setup\MoSetup" /v "AllowUpgradesWithUnsupportedTPMOrCPU" /t REG_DWORD /d 1 /f
 
-        # Prevent Windows Update Installing so called Expedited Apps
-        @(
-            'EdgeUpdate',
-            'DevHomeUpdate',
-            'OutlookUpdate',
-            'CrossDeviceUpdate'
-        ) | ForEach-Object {
-            Write-Host "Removing Windows Expedited App: $_"
-
-            # Copied here After Installation (Online)
-            # reg delete "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\$_" /f | Out-Null
-
-            # When in Offline Image
-            reg delete "HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\$_" /f | Out-Null
+        # Prevent Windows Update Installing so called Expedited Apps - 24H2 and newer
+        if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,26100,1))) -eq $true) {
+            @(
+                'EdgeUpdate',
+                'DevHomeUpdate',
+                'OutlookUpdate',
+                'CrossDeviceUpdate'
+            ) | ForEach-Object {
+                Write-Host "Removing Windows Expedited App: $_"
+
+                # Copied here After Installation (Online)
+                # reg delete "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\$_" /f | Out-Null
+
+                # When in Offline Image
+                reg delete "HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\$_" /f | Out-Null
+            }
         }
 
         reg add "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f

functions/microwin/Invoke-MicrowinGetIso.ps1

@@ -169,7 +169,7 @@ function Invoke-MicrowinGetIso {
     try {
         Write-Host "Mounting Iso. Please wait."
         $mountedISO = Mount-DiskImage -PassThru "$filePath"
-        Write-Host "Done mounting Iso $mountedISO"
+        Write-Host "Done mounting Iso `"$($mountedISO.ImagePath)`""
         $driveLetter = (Get-Volume -DiskImage $mountedISO).DriveLetter
         Write-Host "Iso mounted to '$driveLetter'"
     } catch {
@@ -223,7 +223,7 @@ function Invoke-MicrowinGetIso {
     $mountDir = Join-Path $env:TEMP $randomMicrowin
     $scratchDir = Join-Path $env:TEMP $randomMicrowinScratch
     } else {
-        $scratchDir = $sync.MicrowinScratchDirBox.Text+"Scrach"
+        $scratchDir = $sync.MicrowinScratchDirBox.Text+"Scratch"
         $mountDir = $sync.MicrowinScratchDirBox.Text+"micro"
     }
 
@@ -242,8 +242,8 @@ function Invoke-MicrowinGetIso {
 
         # xcopy we can verify files and also not copy files that already exist, but hard to measure
         # xcopy.exe /E /I /H /R /Y /J $DriveLetter":" $mountDir >$null
-        $totalTime = Measure-Command { Copy-Files "$($driveLetter):" $mountDir -Recurse -Force }
-        Write-Host "Copy complete! Total Time: $($totalTime.Minutes)m$($totalTime.Seconds)s"
+        $totalTime = Measure-Command { Copy-Files "$($driveLetter):" "$mountDir" -Recurse -Force }
+        Write-Host "Copy complete! Total Time: $($totalTime.Minutes) minutes, $($totalTime.Seconds) seconds"
 
         $wimFile = "$mountDir\sources\install.wim"
         Write-Host "Getting image information $wimFile"

functions/microwin/Microwin-CopyToUSB.ps1

@@ -16,6 +16,54 @@ function Microwin-CopyToUSB([string]$fileToCopy) {
                 }
 
             Write-Host "File copied to Ventoy drive $($volume.DriveLetter)"
+
+            # Detect if config files are present, move them if they are, and configure the Ventoy drive to not bypass the requirements
+            $customVentoyConfig = @'
+{
+    "control":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ],
+    "control_legacy":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ],
+    "control_uefi":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ],
+    "control_ia32":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ],
+    "control_aa64":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ],
+    "control_mips":[
+        { "VTOY_WIN11_BYPASS_CHECK": "0" },
+        { "VTOY_WIN11_BYPASS_NRO": "0" }
+    ]
+}
+'@
+
+            try {
+                Write-Host "Writing custom Ventoy configuration. Please wait..."
+                if (Test-Path -Path "$($volume.DriveLetter):\ventoy\ventoy.json" -PathType Leaf) {
+                    Write-Host "A Ventoy configuration file exists. Moving it..."
+                    Move-Item -Path "$($volume.DriveLetter):\ventoy\ventoy.json" -Destination "$($volume.DriveLetter):\ventoy\ventoy.json.old" -Force
+                    Write-Host "Existing Ventoy configuration has been moved to `"ventoy.json.old`". Feel free to put your config back into the `"ventoy.json`" file."
+                }
+                if (-not (Test-Path -Path "$($volume.DriveLetter):\ventoy")) {
+                    New-Item -Path "$($volume.DriveLetter):\ventoy" -ItemType Directory -Force | Out-Null
+                }
+                $customVentoyConfig | Out-File -FilePath "$($volume.DriveLetter):\ventoy\ventoy.json" -Encoding utf8 -Force
+                Write-Host "The Ventoy drive has been successfully configured."
+            } catch {
+                Write-Host "Could not configure Ventoy drive. Error: $($_.Exception.Message)`n"
+                Write-Host "Be sure to add the following configuration to the Ventoy drive by either creating a `"ventoy.json`" file in the `"ventoy`" directory (create it if it doesn't exist) or by editing an existing one: `n`n$customVentoyConfig`n"
+                Write-Host "Failure to do this will cause conflicts with your target ISO file."
+            }
             return
         }
     }

functions/microwin/Microwin-CopyVirtIO.ps1

@@ -0,0 +1,40 @@
+function Microwin-CopyVirtIO {
+    <#
+        .SYNOPSIS
+            Downloads and copies the VirtIO Guest Tools drivers to the target MicroWin ISO
+        .NOTES
+            A network connection must be available and the servers of Fedora People must be up. Automatic driver installation will not be added yet - I want this implementation to be reliable.
+    #>
+
+    try {
+        Write-Host "Checking existing files..."
+        if (Test-Path -Path "$($env:TEMP)\virtio.iso" -PathType Leaf) {
+            Write-Host "VirtIO ISO has been detected. Deleting..."
+            Remove-Item -Path "$($env:TEMP)\virtio.iso" -Force
+        }
+        Write-Host "Getting latest VirtIO drivers. Please wait. This can take some time, depending on your network connection speed and the speed of the servers..."
+        Start-BitsTransfer -Source "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso" -Destination "$($env:TEMP)\virtio.iso" -DisplayName "Downloading VirtIO drivers..."
+        # Do everything else if the VirtIO ISO exists
+        if (Test-Path -Path "$($env:TEMP)\virtio.iso" -PathType Leaf) {
+            Write-Host "Mounting ISO. Please wait."
+            $virtIO_ISO = Mount-DiskImage -PassThru "$($env:TEMP)\virtio.iso"
+            $driveLetter = (Get-Volume -DiskImage $virtIO_ISO).DriveLetter
+            # Create new directory for VirtIO on ISO
+            New-Item -Path "$mountDir\VirtIO" -ItemType Directory | Out-Null
+            $totalTime = Measure-Command { Copy-Files "$($driveLetter):" "$mountDir\VirtIO" -Recurse -Force }
+            Write-Host "VirtIO contents have been successfully copied. Time taken: $($totalTime.Minutes) minutes, $($totalTime.Seconds) seconds`n"
+            Get-Volume $driveLetter | Get-DiskImage | Dismount-DiskImage
+            Remove-Item -Path "$($env:TEMP)\virtio.iso" -Force -ErrorAction SilentlyContinue
+            Write-Host "To proceed with installation of the MicroWin image in QEMU/Proxmox VE:"
+            Write-Host "1. Proceed with Setup until you reach the disk selection screen, in which you won't see any drives"
+            Write-Host "2. Click `"Load Driver`" and click Browse"
+            Write-Host "3. In the folder selection dialog, point to this path:`n`n    `"D:\VirtIO\vioscsi\w11\amd64`" (replace amd64 with ARM64 if you are using Windows on ARM, and `"D:`" with the drive letter of the ISO)`n"
+            Write-Host "4. Select all drivers that will appear in the list box and click OK"
+        } else {
+            throw "Could not download VirtIO drivers"
+        }
+    } catch {
+        Write-Host "We could not download and/or prepare the VirtIO drivers. Error information: $_`n"
+        Write-Host "You will need to download these drivers manually. Location: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso"
+    }
+}

functions/microwin/Microwin-NewFirstRun.ps1

@@ -63,6 +63,22 @@ function Microwin-NewFirstRun {
     {
 
     }
+
+    # Get BCD entries and set bootmgr timeout accordingly
+    try
+    {
+        # Check if the number of occurrences of "path" is 2 - this fixes the Boot Manager screen issue (#2562)
+        if ((bcdedit | Select-String "path").Count -eq 2)
+        {
+            # Set bootmgr timeout to 0
+            bcdedit /set `{bootmgr`} timeout 0
+        }
+    }
+    catch
+    {
+
+    }
+
 '@
     $firstRun | Out-File -FilePath "$env:temp\FirstStartup.ps1" -Force
 }

functions/microwin/Microwin-NewUnattend.ps1

@@ -31,7 +31,7 @@ function Microwin-NewUnattend {
                             <Group>Administrators</Group>
                             <Password>
                                 <Value>PW-REPLACEME</Value>
-                                <PlainText>true</PlainText>
+                                <PlainText>PT-STATUS</PlainText>
                             </Password>
                         </LocalAccount>
                     </LocalAccounts>
@@ -42,7 +42,7 @@ function Microwin-NewUnattend {
                     <LogonCount>1</LogonCount>
                     <Password>
                         <Value>PW-REPLACEME</Value>
-                        <PlainText>true</PlainText>
+                        <PlainText>PT-STATUS</PlainText>
                     </Password>
                 </AutoLogon>
                 <OOBE>
@@ -295,15 +295,40 @@ function Microwin-NewUnattend {
     </settings>
 '@
     if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,22000,1))) -eq $false) {
-    # Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
-    $unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
+        # Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
+        $unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
     } else {
-    # Replace the placeholder text with the Specialize pass
-    $unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
+        # Replace the placeholder text with the Specialize pass
+        $unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
     }
+
+    # User password in Base64. According to Microsoft, this is the way you can hide this sensitive information.
+    # More information can be found here: https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/hide-sensitive-data-in-an-answer-file
+    # Yeah, I know this is not the best way to protect this kind of data, but we all know how Microsoft is - "the Apple of security" (in a sense, it takes them
+    # an eternity to implement basic security features right. Just look at the NTLM and Kerberos situation!)
+
+    $b64pass = ""
+
     # Replace default User and Password values with the provided parameters
     $unattend = $unattend.Replace("USER-REPLACEME", $userName).Trim()
-    $unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
+    try {
+        # I want to play it safe here - I don't want encoding mismatch problems like last time
+
+        # NOTE: "Password" needs to be appended to the password specified by the user. Otherwise, a parse error will occur when processing oobeSystem.
+        # This will not be added to the actual password stored in the target system's SAM file - only the provided password
+        $b64pass = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("$($userPassword)Password"))
+    } catch {
+        $b64pass = ""
+    }
+    if ($b64pass -ne "") {
+        # If we could encode the password with Base64, put it in the answer file and indicate that it's NOT in plain text
+        $unattend = $unattend.Replace("PW-REPLACEME", $b64pass).Trim()
+        $unattend = $unattend.Replace("PT-STATUS", "false").Trim()
+        $b64pass = ""
+    } else {
+        $unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
+        $unattend = $unattend.Replace("PT-STATUS", "true").Trim()
+    }
 
     # Save unattended answer file with UTF-8 encoding
     $unattend | Out-File -FilePath "$env:temp\unattend.xml" -Force -Encoding utf8

functions/microwin/Microwin-RemovePackages.ps1

@@ -7,45 +7,18 @@ function Microwin-RemovePackages {
                 $_ -NotLike "*indows-Client-LanguagePack*" -AND
                 $_ -NotLike "*LanguageFeatures-Basic*" -AND
                 $_ -NotLike "*Package_for_ServicingStack*" -AND
-                $_ -NotLike "*.NET*" -AND
-                $_ -NotLike "*Store*" -AND
-                $_ -NotLike "*VCLibs*" -AND
-                $_ -NotLike "*AAD.BrokerPlugin",
-                $_ -NotLike "*LockApp*" -AND
+                $_ -NotLike "*DotNet*" -AND
                 $_ -NotLike "*Notepad*" -AND
-                $_ -NotLike "*immersivecontrolpanel*" -AND
-                $_ -NotLike "*ContentDeliveryManager*" -AND
-                $_ -NotLike "*PinningConfirMationDialog*" -AND
-                $_ -NotLike "*SecHealthUI*" -AND
-                $_ -NotLike "*SecureAssessmentBrowser*" -AND
-                $_ -NotLike "*PrintDialog*" -AND
-                $_ -NotLike "*AssignedAccessLockApp*" -AND
-                $_ -NotLike "*OOBENetworkConnectionFlow*" -AND
-                $_ -NotLike "*Apprep.ChxApp*" -AND
-                $_ -NotLike "*CBS*" -AND
-                $_ -NotLike "*OOBENetworkCaptivePortal*" -AND
-                $_ -NotLike "*PeopleExperienceHost*" -AND
-                $_ -NotLike "*ParentalControls*" -AND
-                $_ -NotLike "*Win32WebViewHost*" -AND
-                $_ -NotLike "*InputApp*" -AND
-                $_ -NotLike "*DirectPlay*" -AND
-                $_ -NotLike "*AccountsControl*" -AND
-                $_ -NotLike "*AsyncTextService*" -AND
-                $_ -NotLike "*CapturePicker*" -AND
-                $_ -NotLike "*CredDialogHost*" -AND
-                $_ -NotLike "*BioEnrollMent*" -AND
-                $_ -NotLike "*ShellExperienceHost*" -AND
-                $_ -NotLike "*DesktopAppInstaller*" -AND
-                $_ -NotLike "*WebMediaExtensions*" -AND
                 $_ -NotLike "*WMIC*" -AND
-                $_ -NotLike "*UI.XaML*" -AND
                 $_ -NotLike "*Ethernet*" -AND
                 $_ -NotLike "*Wifi*" -AND
                 $_ -NotLike "*FodMetadata*" -AND
                 $_ -NotLike "*Foundation*" -AND
                 $_ -NotLike "*LanguageFeatures*" -AND
                 $_ -NotLike "*VBSCRIPT*" -AND
-                $_ -NotLike "*License*"
+                $_ -NotLike "*License*" -AND
+                $_ -NotLike "*Hello-Face*" -AND
+                $_ -NotLike "*ISE*"
             }
 
         $failedCount = 0

functions/private/Copy-Files.ps1

@@ -2,11 +2,17 @@ function Copy-Files {
     <#
 
         .DESCRIPTION
-        This function will make all modifications to the registry
-
+            Copies the contents of a given ISO file to a given destination
+        .PARAMETER Path
+            The source of the files to copy
+        .PARAMETER Destination
+            The destination to copy the files to
+        .PARAMETER Recurse
+            Determines whether or not to copy all files of the ISO file, including those in subdirectories
+        .PARAMETER Force
+            Determines whether or not to overwrite existing files
         .EXAMPLE
-
-        Set-WinUtilRegistry -Name "PublishUserActivities" -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Type "DWord" -Value "0"
+            Copy-Files "D:" "C:\ISOFile" -Recurse -Force
 
     #>
     param (
@@ -23,7 +29,7 @@ function Copy-Files {
 
         foreach ($file in $files) {
             $status = "Copying file {0} of {1}: {2}" -f $counter, $files.Count, $file.Name
-            Write-Progress -Activity "Copy Windows files" -Status $status -PercentComplete ($counter++/$files.count*100)
+            Write-Progress -Activity "Copy disc image files" -Status $status -PercentComplete ($counter++/$files.count*100)
             $restpath = $file.FullName -Replace $path, ''
 
             if ($file.PSIsContainer -eq $true) {
@@ -35,7 +41,7 @@ function Copy-Files {
                 Set-ItemProperty -Path ($destination+$restpath) -Name IsReadOnly -Value $false
             }
         }
-        Write-Progress -Activity "Copy Windows files" -Status "Ready" -Completed
+        Write-Progress -Activity "Copy disc image files" -Status "Ready" -Completed
     } catch {
         Write-Host "Unable to Copy all the files due to an unhandled exception" -ForegroundColor Yellow
         Write-Host "Error information: $($_.Exception.Message)`n" -ForegroundColor Yellow