-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Windows 10 versions #128
Conversation
Spent several build cycles today trying to fix an issue with a WinRM timeout that turned out to be an |
Sorry for the line noise but some of my previous changes mixed line termination characters and this fixes that too.
I realized during my workshop that with 1903, Defender was enabled. Need to investigate that and find a fix. |
Adding only for Windows 10
Tamper Protection was what caused me trouble. You can read about it here: https://www.windowscentral.com/how-manage-windows-security-tamper-protection-windows-10-may-2019-update I think I've found a way to bypass it reliably without requiring user intervention. Doing a full rebuild of all OSes with this patch now. |
Smoke tests passed but getting this in them:
Trying to run the scripts as system instead. Another round of tests required. |
Turns out that the upstream feature was introduced in 1.3.3 released on December 5, 2018 and merged in hashicorp/packer#6972.
Tests failed with the following:
Turns out the Packer version in the buildbot was older and didn't support using system accounts. See commit for details and here's the upstream issue: hashicorp/packer#6104 |
With the latest changes 1607 runs fine but 1903 still complains but the build goes through. I'll see what the resulting image looks like but I might only add a note to manually disable defender for 1903 and later. |
Resulting image has Defender turned On. I'll need to introduce an exception starting with 1903 where we advice the user on how turning off Windows Defender TamperProtection and provide a batch script to run to disable it. |
Ready for another round of testing. |
and minor output improvements
CI tests for the latest fixes failed but it seems unrelated:
On my machine the Windows 7 build failed with wireshark's dependencies troubles but I think they were transient and in any case a user can always remove it from the build and install it afterwards. One last smoke test run and if all green, I'll merge. |
Build passed! |
README updated to reflect that for both Win 10 and Win 7
No longer required since we dropped the requirement on using SYSTEM elevated_user for powershell because that fix didn't work.
Current status: Our Windows 10 1607
Autounattend.xml
doesn't pass on the 1903 iso. Something changed. Need to generate a new one.