diff --git a/vm-win/main.tf b/vm-win/main.tf index ffea5e4..86f3437 100644 --- a/vm-win/main.tf +++ b/vm-win/main.tf @@ -142,8 +142,10 @@ resource "null_resource" "post-win-common" { } inline = [ + "powershell.exe -File C:/provision/win-common/disable-ie-sec.ps1", + "powershell.exe -File C:/provision/win-common/resize-disk-tomax.ps1", "powershell.exe -File C:/provision/win-common/chrome-install.ps1", - "powershell.exe -File C:/provision/win-common/vscode-install.ps1" + "powershell.exe -File C:/provision/win-common/vscode-install.ps1", ] } diff --git a/vm-win/scripts/bootstrap.ps1 b/vm-win/scripts/bootstrap.ps1 index 92489ce..2567ebb 100644 --- a/vm-win/scripts/bootstrap.ps1 +++ b/vm-win/scripts/bootstrap.ps1 @@ -16,7 +16,3 @@ secedit /export /cfg c:\secpol.cfg | Out-Null (Get-Content C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg | Out-Null secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY | Out-Null rm -force c:\secpol.cfg -confirm:$false | Out-Null - -Write-Host "Resize Partition C to max size" -$size = Get-PartitionSupportedSize -DriveLetter C -Resize-Partition -DriveLetter C -Size $size.SizeMax | Out-Null \ No newline at end of file diff --git a/win-common/scripts/disable-ie-sec.ps1 b/win-common/scripts/disable-ie-sec.ps1 new file mode 100644 index 0000000..1f4be2c --- /dev/null +++ b/win-common/scripts/disable-ie-sec.ps1 @@ -0,0 +1,13 @@ +# Disable Internet Explorer Enhanced Security +function Disable-InternetExplorerESC { + $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" + $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" + Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force + Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force + Rundll32 iesetup.dll, IEHardenLMSettings + Rundll32 iesetup.dll, IEHardenUser + Rundll32 iesetup.dll, IEHardenAdmin + Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." +} + +Disable-InternetExplorerESC \ No newline at end of file diff --git a/win-common/scripts/onedrive-install.ps1 b/win-common/scripts/onedrive-install.ps1 index d4a6bed..2d5905b 100644 --- a/win-common/scripts/onedrive-install.ps1 +++ b/win-common/scripts/onedrive-install.ps1 @@ -1,16 +1,2 @@ Write-Host "--- Install OneDrive" -choco install onedrive --version 20.201.1005.0009 --no-progress --cache C:\Provision --params "ALLUSERS=1" -y - -# Disable Internet Explorer Enhanced Security -function Disable-InternetExplorerESC { - $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" - $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" - Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force - Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force - Rundll32 iesetup.dll, IEHardenLMSettings - Rundll32 iesetup.dll, IEHardenUser - Rundll32 iesetup.dll, IEHardenAdmin - Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -} - -Disable-InternetExplorerESC \ No newline at end of file +choco install onedrive --version 20.201.1005.0009 --no-progress --cache C:\Provision --params "ALLUSERS=1" -y \ No newline at end of file