fix: Spelling mistake of successfully (#1251)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.devcontainer.json

@@ -0,0 +1,6 @@
+{
+  "name": "windows",
+  "service": "windows",
+  "forwardPorts": [8006],
+  "dockerComposeFile": "compose.yml"
+}

.github/ISSUE_TEMPLATE/1-issue.yml

@@ -21,6 +21,7 @@ body:
     attributes:
       label: Docker compose
       description: The compose file (or otherwise the `docker run` command used).
+      render: yaml
     validations:
       required: true
   - type: textarea
@@ -28,6 +29,7 @@ body:
     attributes:
       label: Docker log
       description: The logfile of the container (as shown by `docker logs windows`).
+      render: shell
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/3-bug.yml

@@ -23,6 +23,7 @@ body:
     attributes:
       label: Docker compose
       description: The compose file (or otherwise the `docker run` command used).
+      render: yaml
     validations:
       required: true
   - type: textarea
@@ -30,6 +31,7 @@ body:
     attributes:
       label: Docker log
       description: The logfile of the container (as shown by `docker logs windows`).
+      render: shell
     validations:
       required: true
   - type: textarea

Dockerfile

@@ -1,7 +1,8 @@
+ARG VERSION_ARG="latest"
 FROM scratch AS build-amd64
-COPY --from=qemux/qemu-docker:6.05 / /
 
-ARG VERSION_ARG="0.0"
+COPY --from=qemux/qemu:7.12 / /
+
 ARG DEBCONF_NOWARNINGS="yes"
 ARG DEBIAN_FRONTEND="noninteractive"
 ARG DEBCONF_NONINTERACTIVE_SEEN="true"
@@ -9,37 +10,34 @@ ARG DEBCONF_NONINTERACTIVE_SEEN="true"
 RUN set -eu && \
     apt-get update && \
     apt-get --no-install-recommends -y install \
-        bc \
-        curl \
-        7zip \
         wsdd \
         samba \
-        xz-utils \
         wimtools \
         dos2unix \
         cabextract \
-        genisoimage \
         libxml2-utils \
-        libarchive-tools && \
+        libarchive-tools \
+        netcat-openbsd && \
     apt-get clean && \
-    echo "$VERSION_ARG" > /run/version && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY --chmod=755 ./src /run/
 COPY --chmod=755 ./assets /run/assets
 
-ADD --chmod=755 https://raw.githubusercontent.com/christgau/wsdd/v0.8/src/wsdd.py /usr/sbin/wsdd
-ADD --chmod=664 https://github.com/qemus/virtiso-whql/releases/download/v1.9.43-0/virtio-win-1.9.43.tar.xz /drivers.txz
+ADD --chmod=664 https://github.com/qemus/virtiso-whql/releases/download/v1.9.45-0/virtio-win-1.9.45.tar.xz /var/drivers.txz
 
-FROM dockurr/windows-arm:2.20 AS build-arm64
+FROM dockurr/windows-arm:${VERSION_ARG} AS build-arm64
 FROM build-${TARGETARCH}
 
-EXPOSE 8006 3389
-VOLUME /storage
+ARG VERSION_ARG="0.00"
+RUN echo "$VERSION_ARG" > /run/version
 
+VOLUME /storage
+EXPOSE 3389 8006
+
+ENV VERSION="11"
 ENV RAM_SIZE="4G"
 ENV CPU_CORES="2"
 ENV DISK_SIZE="64G"
-ENV VERSION="win11"
 
 ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"]

assets/win10x64-enterprise-eval.xml

@@ -323,11 +323,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -415,6 +410,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win10x64-enterprise.xml

@@ -326,11 +326,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -418,6 +413,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win10x64-iot.xml

@@ -332,11 +332,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -424,6 +419,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win10x64-ltsc.xml

@@ -329,11 +329,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -421,6 +416,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win10x64.xml

@@ -326,11 +326,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -418,6 +413,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win11x64-enterprise-eval.xml

@@ -264,6 +264,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>26</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -346,11 +351,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -443,13 +443,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>24</Order>

assets/win11x64-enterprise.xml

@@ -267,6 +267,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>26</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -349,11 +354,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -446,13 +446,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>24</Order>
@@ -463,4 +463,3 @@
     </component>
   </settings>
 </unattend>
-

assets/win11x64-iot.xml

@@ -267,6 +267,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>26</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -349,11 +354,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -446,13 +446,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>24</Order>

assets/win11x64-ltsc.xml

@@ -267,6 +267,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>26</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -349,11 +354,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -446,13 +446,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>24</Order>

assets/win11x64.xml

@@ -267,6 +267,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>26</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -349,11 +354,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -446,13 +446,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>24</Order>

assets/win2008r2-eval.xml

@@ -203,11 +203,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -290,6 +285,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>19</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>20</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2008r2.xml

@@ -206,11 +206,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -293,6 +288,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>19</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>20</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2012r2-eval.xml

@@ -236,11 +236,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -308,6 +303,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>16</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2012r2.xml

@@ -239,11 +239,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -311,6 +306,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>16</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2016-eval.xml

@@ -236,11 +236,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -328,6 +323,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2016.xml

@@ -239,11 +239,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -331,6 +326,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2019-eval.xml

@@ -240,11 +240,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -332,6 +327,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2019-hv.xml

@@ -0,0 +1,346 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
+  <settings pass="windowsPE">
+    <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SetupUILanguage>
+        <UILanguage>en-US</UILanguage>
+      </SetupUILanguage>
+      <InputLocale>0409:00000409</InputLocale>
+      <SystemLocale>en-US</SystemLocale>
+      <UILanguage>en-US</UILanguage>
+      <UILanguageFallback>en-US</UILanguageFallback>
+      <UserLocale>en-US</UserLocale>
+    </component>
+    <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DiskConfiguration>
+        <Disk wcm:action="add">
+          <DiskID>0</DiskID>
+          <WillWipeDisk>true</WillWipeDisk>
+          <CreatePartitions>
+            <!-- System partition (ESP) -->
+            <CreatePartition wcm:action="add">
+              <Order>1</Order>
+              <Type>EFI</Type>
+              <Size>128</Size>
+            </CreatePartition>
+            <!-- Microsoft reserved partition (MSR) -->
+            <CreatePartition wcm:action="add">
+              <Order>2</Order>
+              <Type>MSR</Type>
+              <Size>128</Size>
+            </CreatePartition>
+            <!-- Windows partition -->
+            <CreatePartition wcm:action="add">
+              <Order>3</Order>
+              <Type>Primary</Type>
+              <Extend>true</Extend>
+            </CreatePartition>
+          </CreatePartitions>
+          <ModifyPartitions>
+            <!-- System partition (ESP) -->
+            <ModifyPartition wcm:action="add">
+              <Order>1</Order>
+              <PartitionID>1</PartitionID>
+              <Label>System</Label>
+              <Format>FAT32</Format>
+            </ModifyPartition>
+            <!-- MSR partition does not need to be modified -->
+            <ModifyPartition wcm:action="add">
+              <Order>2</Order>
+              <PartitionID>2</PartitionID>
+            </ModifyPartition>
+            <!-- Windows partition -->
+            <ModifyPartition wcm:action="add">
+              <Order>3</Order>
+              <PartitionID>3</PartitionID>
+              <Label>Windows</Label>
+              <Letter>C</Letter>
+              <Format>NTFS</Format>
+            </ModifyPartition>
+          </ModifyPartitions>
+        </Disk>
+      </DiskConfiguration>
+      <ImageInstall>
+        <OSImage>
+          <InstallFrom>
+            <MetaData wcm:action="add">
+              <Key>/IMAGE/NAME</Key>
+              <Value>Hyper-V Server 2019 SERVERHYPERCORE</Value>
+            </MetaData>
+          </InstallFrom>
+          <InstallTo>
+            <DiskID>0</DiskID>
+            <PartitionID>3</PartitionID>
+          </InstallTo>
+          <WillShowUI>OnError</WillShowUI>
+          <InstallToAvailablePartition>false</InstallToAvailablePartition>
+        </OSImage>
+      </ImageInstall>
+      <DynamicUpdate>
+        <Enable>true</Enable>
+        <WillShowUI>Never</WillShowUI>
+      </DynamicUpdate>
+      <UpgradeData>
+        <Upgrade>false</Upgrade>
+        <WillShowUI>Never</WillShowUI>
+      </UpgradeData>
+      <UserData>
+        <AcceptEula>true</AcceptEula>
+        <FullName>Docker</FullName>
+        <Organization>Windows for Docker</Organization>
+      </UserData>
+      <EnableFirewall>false</EnableFirewall>
+      <Diagnostics>
+        <OptIn>false</OptIn>
+      </Diagnostics>
+    </component>
+  </settings>
+  <settings pass="offlineServicing">
+    <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <EnableLUA>false</EnableLUA>
+    </component>
+  </settings>
+  <settings pass="generalize">
+    <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
+    </component>
+    <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SkipRearm>1</SkipRearm>
+    </component>
+  </settings>
+  <settings pass="specialize">
+    <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SkipAutoActivation>true</SkipAutoActivation>
+    </component>
+    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <ComputerName>*</ComputerName>
+      <OEMInformation>
+        <Manufacturer>Dockur</Manufacturer>
+        <Model>Windows for Docker</Model>
+        <SupportHours>24/7</SupportHours>
+        <SupportPhone />
+        <SupportProvider>Dockur</SupportProvider>
+        <SupportURL>https://github.com/dockur/windows/issues</SupportURL>
+      </OEMInformation>
+      <OEMName>Windows for Docker</OEMName>
+    </component>
+    <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableWER>1</DisableWER>
+    </component>
+    <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableAccelerators>true</DisableAccelerators>
+      <DisableFirstRunWizard>true</DisableFirstRunWizard>
+      <Home_Page>https://google.com</Home_Page>
+      <Help_Page>about:blank</Help_Page>
+    </component>
+    <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableAccelerators>true</DisableAccelerators>
+      <DisableFirstRunWizard>true</DisableFirstRunWizard>
+      <Home_Page>https://google.com</Home_Page>
+      <Help_Page>about:blank</Help_Page>
+    </component>
+    <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <CEIPEnabled>0</CEIPEnabled>
+    </component>
+    <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableSR>1</DisableSR>
+    </component>
+    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <InputLocale>0409:00000409</InputLocale>
+      <SystemLocale>en-US</SystemLocale>
+      <UILanguage>en-US</UILanguage>
+      <UILanguageFallback>en-US</UILanguageFallback>
+      <UserLocale>en-US</UserLocale>
+    </component>
+    <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <RunSynchronous>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>1</Order>
+          <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
+          <Description>Set Network Location to Home</Description>
+        </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>2</Order>
+          <Path>dism.exe /online /Disable-Feature /FeatureName:Microsoft-Hyper-V /NoRestart</Path>
+          <Description>Disable Hyper-V role</Description>
+        </RunSynchronousCommand>
+      </RunSynchronous>
+    </component>
+    <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
+    </component>
+    <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
+    </component>
+    <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <fDenyTSConnections>false</fDenyTSConnections>
+    </component>
+    <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <UserAuthentication>0</UserAuthentication>
+    </component>
+    <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <FirewallGroups>
+        <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop">
+          <Active>true</Active>
+          <Profile>all</Profile>
+          <Group>@FirewallAPI.dll,-28752</Group>
+        </FirewallGroup>
+      </FirewallGroups>
+    </component>
+  </settings>
+  <settings pass="oobeSystem">
+    <component name="Microsoft-Windows-SecureStartup-FilterDriver" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <PreventDeviceEncryption>true</PreventDeviceEncryption>
+    </component>
+    <component name="Microsoft-Windows-EnhancedStorage-Adm" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled>
+    </component>
+    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <UserAccounts>
+        <LocalAccounts>
+          <LocalAccount wcm:action="add">
+            <Name>Docker</Name>
+            <Group>Administrators</Group>
+            <Password>
+              <Value />
+              <PlainText>true</PlainText>
+            </Password>
+          </LocalAccount>
+        </LocalAccounts>
+        <AdministratorPassword>
+          <Value>password</Value>
+          <PlainText>true</PlainText>
+        </AdministratorPassword>
+      </UserAccounts>
+      <AutoLogon>
+        <Username>Docker</Username>
+        <Enabled>true</Enabled>
+        <LogonCount>65432</LogonCount>
+        <Password>
+          <Value />
+          <PlainText>true</PlainText>
+        </Password>
+      </AutoLogon>
+      <Display>
+        <ColorDepth>32</ColorDepth>
+        <HorizontalResolution>1920</HorizontalResolution>
+        <VerticalResolution>1080</VerticalResolution>
+      </Display>
+      <OOBE>
+        <HideEULAPage>true</HideEULAPage>
+        <HideLocalAccountScreen>true</HideLocalAccountScreen>
+        <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
+        <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
+        <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+        <NetworkLocation>Home</NetworkLocation>
+        <ProtectYourPC>3</ProtectYourPC>
+        <SkipUserOOBE>true</SkipUserOOBE>
+        <SkipMachineOOBE>true</SkipMachineOOBE>
+      </OOBE>
+      <RegisteredOrganization>Dockur</RegisteredOrganization>
+      <RegisteredOwner>Windows for Docker</RegisteredOwner>
+      <FirstLogonCommands>
+        <SynchronousCommand wcm:action="add">
+          <Order>1</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Allow guest access to network shares</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Enable option for passwordless sign-in</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>4</Order>
+          <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
+          <Description>Password Never Expires</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>5</Order>
+          <CommandLine>cmd /C POWERCFG -H OFF</CommandLine>
+          <Description>Disable Hibernation</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>6</Order>
+          <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine>
+          <Description>Disable monitor blanking</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>7</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Disable first-run experience in Edge</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>8</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Show file extensions in Explorer</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>9</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Zero Hibernation File</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>10</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Disable Hibernation</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>11</Order>
+          <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine>
+          <Description>Disable Sleep</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>12</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Enable RemoteAPP to launch unlisted programs</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>13</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Remove Search from the Taskbar</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>14</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowTaskViewButton" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Remove Task View from the Taskbar</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>15</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarDa" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Remove Widgets from the Taskbar</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>16</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarMn" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Remove Chat from the Taskbar</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Turn off Windows Update auto download</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
+          <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine>
+          <Description>Enable Network Discovery</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>19</Order>
+          <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine>
+          <Description>Enable File Sharing</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
+          <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
+          <Description>Execute custom script from the OEM folder if exists</Description>
+        </SynchronousCommand>
+      </FirstLogonCommands>
+    </component>
+  </settings>
+</unattend>

assets/win2019.xml

@@ -243,11 +243,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -335,6 +330,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2022-eval.xml

@@ -240,11 +240,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -332,6 +327,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2022.xml

@@ -243,11 +243,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -335,6 +330,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>20</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>21</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win2025-eval.xml

@@ -159,6 +159,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>2</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -245,11 +250,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -337,13 +337,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>21</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>

assets/win2025.xml

@@ -162,6 +162,11 @@
           <Path>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 1 /f</Path>
           <Description>Set Network Location to Home</Description>
         </RunSynchronousCommand>
+        <RunSynchronousCommand wcm:action="add">
+          <Order>2</Order>
+          <Path>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</Path>
+          <Description>Install VirtIO display driver</Description>
+        </RunSynchronousCommand>
       </RunSynchronous>
     </component>
     <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
@@ -248,11 +253,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f</CommandLine>
           <Description>Disable SMB signing requirement</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>3</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>4</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -340,13 +340,13 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>21</Order>
-          <CommandLine>pnputil -i -a C:\Windows\Drivers\viogpudo\viogpudo.inf</CommandLine>
-          <Description>Install VirtIO display driver</Description>
+          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
+          <Description>Remove empty Windows.old folder</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
-          <CommandLine>cmd /C rd /q C:\Windows.old</CommandLine>
-          <Description>Remove empty Windows.old folder</Description>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>23</Order>

assets/win7x64-enterprise-eval.xml

@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
+  <settings pass="windowsPE">
+    <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SetupUILanguage>
+        <UILanguage>en-US</UILanguage>
+      </SetupUILanguage>
+      <InputLocale>0409:00000409</InputLocale>
+      <SystemLocale>en-US</SystemLocale>
+      <UILanguage>en-US</UILanguage>
+      <UserLocale>en-US</UserLocale>
+    </component>
+    <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DiskConfiguration>
+        <WillShowUI>OnError</WillShowUI>
+        <Disk wcm:action="add">
+          <DiskID>0</DiskID>
+          <WillWipeDisk>true</WillWipeDisk>
+          <CreatePartitions>
+            <CreatePartition wcm:action="add">
+              <Order>1</Order>
+              <Type>Primary</Type>
+              <Size>100</Size>
+            </CreatePartition>
+            <CreatePartition wcm:action="add">
+              <Order>2</Order>
+              <Type>Primary</Type>
+              <Extend>true</Extend>
+            </CreatePartition>
+          </CreatePartitions>
+          <ModifyPartitions>
+            <ModifyPartition wcm:action="add">
+              <Format>NTFS</Format>
+              <Label>System Reserved</Label>
+              <Order>1</Order>
+              <Active>true</Active>
+              <PartitionID>1</PartitionID>
+              <TypeID>0x27</TypeID>
+            </ModifyPartition>
+            <ModifyPartition wcm:action="add">
+              <Active>true</Active>
+              <Format>NTFS</Format>
+              <Label>Windows</Label>
+              <Letter>C</Letter>
+              <Order>2</Order>
+              <PartitionID>2</PartitionID>
+            </ModifyPartition>
+          </ModifyPartitions>
+        </Disk>
+      </DiskConfiguration>
+      <ImageInstall>
+        <OSImage>
+          <InstallFrom>
+            <MetaData wcm:action="add">
+              <Value>Windows 7 Enterprise</Value>
+              <Key>/IMAGE/NAME</Key>
+            </MetaData>
+          </InstallFrom>
+          <InstallTo>
+            <DiskID>0</DiskID>
+            <PartitionID>2</PartitionID>
+          </InstallTo>
+          <InstallToAvailablePartition>false</InstallToAvailablePartition>
+        </OSImage>
+      </ImageInstall>
+      <DynamicUpdate>
+        <Enable>true</Enable>
+        <WillShowUI>Never</WillShowUI>
+      </DynamicUpdate>
+      <UpgradeData>
+        <Upgrade>false</Upgrade>
+        <WillShowUI>Never</WillShowUI>
+      </UpgradeData>
+      <UserData>
+        <AcceptEula>true</AcceptEula>
+        <FullName>Docker</FullName>
+        <Organization>Windows for Docker</Organization>
+      </UserData>
+      <EnableFirewall>false</EnableFirewall>
+      <Diagnostics>
+        <OptIn>false</OptIn>
+      </Diagnostics>
+    </component>
+  </settings>
+  <settings pass="offlineServicing">
+    <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <EnableLUA>false</EnableLUA>
+    </component>
+  </settings>
+  <settings pass="generalize">
+    <component name="Microsoft-Windows-PnPSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
+    </component>
+    <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SkipRearm>1</SkipRearm>
+    </component>
+  </settings>
+  <settings pass="specialize">
+    <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <SkipAutoActivation>true</SkipAutoActivation>
+    </component>
+    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <ComputerName>*</ComputerName>
+      <OEMInformation>
+        <Manufacturer>Dockur</Manufacturer>
+        <Model>Windows for Docker</Model>
+      </OEMInformation>
+    </component>
+    <component name="Microsoft-Windows-ErrorReportingCore" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableWER>1</DisableWER>
+    </component>
+    <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableAccelerators>true</DisableAccelerators>
+      <DisableFirstRunWizard>true</DisableFirstRunWizard>
+      <Home_Page>https://google.com</Home_Page>
+      <Help_Page>about:blank</Help_Page>
+    </component>
+    <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableAccelerators>true</DisableAccelerators>
+      <DisableFirstRunWizard>true</DisableFirstRunWizard>
+      <Home_Page>https://google.com</Home_Page>
+      <Help_Page>about:blank</Help_Page>
+    </component>
+    <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <CEIPEnabled>0</CEIPEnabled>
+    </component>
+    <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <DisableSR>1</DisableSR>
+    </component>
+    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <InputLocale>0409:00000409</InputLocale>
+      <SystemLocale>en-US</SystemLocale>
+      <UILanguage>en-US</UILanguage>
+      <UserLocale>en-US</UserLocale>
+    </component>
+    <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <fDenyTSConnections>false</fDenyTSConnections>
+    </component>
+    <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <UserAuthentication>0</UserAuthentication>
+    </component>
+    <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <FirewallGroups>
+        <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop">
+          <Active>true</Active>
+          <Profile>all</Profile>
+          <Group>@FirewallAPI.dll,-28752</Group>
+        </FirewallGroup>
+      </FirewallGroups>
+    </component>
+  </settings>
+  <settings pass="oobeSystem">
+    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
+      <UserAccounts>
+        <LocalAccounts>
+          <LocalAccount wcm:action="add">
+            <Name>Docker</Name>
+            <Group>Administrators</Group>
+            <Password>
+              <Value />
+              <PlainText>true</PlainText>
+            </Password>
+          </LocalAccount>
+        </LocalAccounts>
+        <AdministratorPassword>
+          <Value>password</Value>
+          <PlainText>true</PlainText>
+        </AdministratorPassword>
+      </UserAccounts>
+      <AutoLogon>
+        <Username>Docker</Username>
+        <Enabled>true</Enabled>
+        <LogonCount>65432</LogonCount>
+        <Password>
+          <Value />
+          <PlainText>true</PlainText>
+        </Password>
+      </AutoLogon>
+      <Display>
+        <ColorDepth>32</ColorDepth>
+        <HorizontalResolution>1920</HorizontalResolution>
+        <VerticalResolution>1080</VerticalResolution>
+      </Display>
+      <OOBE>
+        <HideEULAPage>true</HideEULAPage>
+        <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+        <NetworkLocation>Home</NetworkLocation>
+        <ProtectYourPC>3</ProtectYourPC>
+        <SkipUserOOBE>true</SkipUserOOBE>
+        <SkipMachineOOBE>true</SkipMachineOOBE>
+      </OOBE>
+      <RegisteredOrganization>Dockur</RegisteredOrganization>
+      <RegisteredOwner>Windows for Docker</RegisteredOwner>
+      <FirstLogonCommands>
+        <SynchronousCommand wcm:action="add">
+          <Order>1</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Allow guest access to network shares</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>3</Order>
+          <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
+          <Description>Password Never Expires</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>4</Order>
+          <CommandLine>cmd /C POWERCFG -H OFF</CommandLine>
+          <Description>Disable Hibernation</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>5</Order>
+          <CommandLine>cmd /C POWERCFG -X -monitor-timeout-ac 0</CommandLine>
+          <Description>Disable monitor blanking</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>6</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f</CommandLine>
+          <Description>Disable Network Discovery popup</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>7</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NetworkLocationWizard" /v "HideWizard" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Disable Network Discovery popup</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>8</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\NewNetworks" /v NetworkList /t REG_MULTI_SZ /d "" /f</CommandLine>
+          <Description>Disable Network Discovery popup</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>9</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HideFirstRunExperience" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Disable first-run experience in Edge</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>10</Order>
+          <CommandLine>reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "HideFileExt" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Show file extensions in Explorer</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>11</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateFileSizePercent" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Zero Hibernation File</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>12</Order>
+          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t REG_DWORD /d 0 /f</CommandLine>
+          <Description>Disable Hibernation</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>13</Order>
+          <CommandLine>cmd /C POWERCFG -X -standby-timeout-ac 0</CommandLine>
+          <Description>Disable Sleep</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>14</Order>
+          <CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnlistedRemotePrograms" /t REG_DWORD /d 1 /f</CommandLine>
+          <Description>Enable RemoteAPP to launch unlisted programs</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>15</Order>
+          <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-32752" new enable=Yes</CommandLine>
+          <Description>Enable Network Discovery</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>16</Order>
+          <CommandLine>netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" new enable=Yes</CommandLine>
+          <Description>Enable File Sharing</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
+          <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
+          <Description>Execute custom script from the OEM folder if exists</Description>
+        </SynchronousCommand>
+      </FirstLogonCommands>
+    </component>
+  </settings>
+</unattend>

assets/win7x64-enterprise.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win7x64-ultimate.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win7x64.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win7x86-enterprise.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win7x86-ultimate.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win7x86.xml

@@ -201,11 +201,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -278,6 +273,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>17</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>18</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win81x64-enterprise-eval.xml

@@ -221,11 +221,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -293,6 +288,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>16</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win81x64-enterprise.xml

@@ -224,11 +224,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -296,6 +291,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>16</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/win81x64.xml

@@ -231,11 +231,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device" /v "DevicePasswordLessBuildVersion" /t REG_DWORD /d 0 /f</CommandLine>
@@ -303,6 +298,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>16</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>17</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax64-enterprise.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax64-ultimate.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax64.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax86-enterprise.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax86-ultimate.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

assets/winvistax86.xml

@@ -150,11 +150,6 @@
           <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f</CommandLine>
           <Description>Allow guest access to network shares</Description>
         </SynchronousCommand>
-        <SynchronousCommand wcm:action="add">
-          <Order>2</Order>
-          <CommandLine>reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f</CommandLine>
-          <Description>Allow RDP login with blank password</Description>
-        </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>3</Order>
           <CommandLine>cmd /C wmic useraccount where name="Docker" set PasswordExpires=false</CommandLine>
@@ -252,6 +247,11 @@
         </SynchronousCommand>
         <SynchronousCommand wcm:action="add">
           <Order>22</Order>
+          <CommandLine>cmd /C echo 20.20.20.1     host.lan >> %WINDIR%\system32\drivers\etc\hosts</CommandLine>
+          <Description>Add entry in hosts file</Description>
+        </SynchronousCommand>
+        <SynchronousCommand wcm:action="add">
+          <Order>23</Order>
           <CommandLine>cmd /C if exist "C:\OEM\install.bat" start "Install" "cmd /C C:\OEM\install.bat"</CommandLine>
           <Description>Execute custom script from the OEM folder if exists</Description>
         </SynchronousCommand>

compose.yml

@@ -3,13 +3,17 @@ services:
     image: dockurr/windows
     container_name: windows
     environment:
-      VERSION: "win11"
+      VERSION: "11"
     devices:
       - /dev/kvm
+      - /dev/net/tun
     cap_add:
       - NET_ADMIN
     ports:
       - 8006:8006
       - 3389:3389/tcp
       - 3389:3389/udp
+    volumes:
+      - ./windows:/storage
+    restart: always
     stop_grace_period: 2m

kubernetes.yml

@@ -1,72 +1,100 @@
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: windows-pvc
 spec:
   accessModes:
-    - ReadWriteOnce
+  - ReadWriteOnce
   resources:
     requests:
       storage: 64Gi
 ---
-apiVersion: v1
-kind: Pod
+apiVersion: apps/v1
+kind: Deployment
 metadata:
   name: windows
   labels:
     name: windows
 spec:
-  terminationGracePeriodSeconds: 120 # the Kubernetes default is 30 seconds and it may be not enough
-  containers:
-    - name: windows
-      image: dockurr/windows
-      ports:
-        - containerPort: 8006
-          protocol: TCP
-        - containerPort: 3389
-          protocol: TCP
-        - containerPort: 3389
-          protocol: UDP
-      securityContext:
-        privileged: true
-      env:
-        - name: RAM_SIZE
-          value: 4G
-        - name: CPU_CORES
-          value: "2"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: windows
+  template:
+    metadata:
+      labels:
+        app: windows
+    spec:
+      containers:
+      - name: windows
+        image: dockurr/windows
+        env:
+        - name: VERSION
+          value: "11"
         - name: DISK_SIZE
           value: "64G"
-      volumeMounts:
+        ports:
+          - containerPort: 8006
+            name: http
+            protocol: TCP
+          - containerPort: 3389
+            name: rdp
+            protocol: TCP
+          - containerPort: 3389
+            name: udp
+            protocol: UDP
+          - containerPort: 5900
+            name: vnc
+            protocol: TCP
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+          privileged: true
+        volumeMounts:
         - mountPath: /storage
           name: storage
         - mountPath: /dev/kvm
           name: dev-kvm
-  volumes:
-    - name: storage
-      persistentVolumeClaim:
-        claimName: windows-pvc
-    - name: dev-kvm
-      hostPath:
-        path: /dev/kvm
+        - mountPath: /dev/net/tun
+          name: dev-tun
+      terminationGracePeriodSeconds: 120
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: windows-pvc
+      - hostPath:
+          path: /dev/kvm
+        name: dev-kvm
+      - hostPath:
+          path: /dev/net/tun
+          type: CharDevice
+        name: dev-tun
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: windows
 spec:
-  type: NodePort
-  selector:
-    name: windows
+  internalTrafficPolicy: Cluster
   ports:
-    - name: tcp-8006
-      protocol: TCP
+    - name: http
       port: 8006
-      targetPort: 8006
-    - name: tcp-3389
       protocol: TCP
+      targetPort: 8006
+    - name: rdp
       port: 3389
+      protocol: TCP
       targetPort: 3389
-    - name: udp-3389
+    - name: udp
+      port: 3389
       protocol: UDP
-      port: 3389
       targetPort: 3389
+    - name: vnc
+      port: 5900
+      protocol: TCP
+      targetPort: 5900
+  selector:
+    app: windows
+  type: ClusterIP

readme.md

@@ -26,7 +26,7 @@ Windows inside a Docker container.
 
 ## Usage 🐳
 
-Via Docker Compose:
+##### Via Docker Compose:
 
 ```yaml
 services:
@@ -34,37 +34,45 @@ services:
     image: dockurr/windows
     container_name: windows
     environment:
-      VERSION: "win11"
+      VERSION: "11"
     devices:
       - /dev/kvm
+      - /dev/net/tun
     cap_add:
       - NET_ADMIN
     ports:
       - 8006:8006
       - 3389:3389/tcp
       - 3389:3389/udp
+    volumes:
+      - ./windows:/storage
+    restart: always
     stop_grace_period: 2m
 ```
 
-Via Docker CLI:
+##### Via Docker CLI:
 
 ```bash
-docker run -it --rm -p 8006:8006 --device=/dev/kvm --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows
+docker run -it --rm --name windows -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/windows:/storage" --stop-timeout 120 dockurr/windows
 ```
 
-Via Kubernetes:
+##### Via Kubernetes:
 
 ```shell
-kubectl apply -f kubernetes.yml
+kubectl apply -f https://raw.githubusercontent.com/dockur/windows/refs/heads/master/kubernetes.yml
 ```
 
+##### Via Github Codespaces:
+
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/dockur/windows)
+
 ## FAQ 💬
 
 ### How do I use it?
 
   Very simple! These are the steps:
   
-  - Start the container and connect to [port 8006](http://localhost:8006) using your web browser.
+  - Start the container and connect to [port 8006](http://127.0.0.1:8006/) using your web browser.
 
   - Sit back and relax while the magic happens, the whole installation will be performed fully automatic.
 
@@ -74,38 +82,38 @@ kubectl apply -f kubernetes.yml
 
 ### How do I select the Windows version?
 
-  By default, Windows 11 will be installed. But you can add the `VERSION` environment variable to your compose file, in order to specify an alternative Windows version to be downloaded:
+  By default, Windows 11 Pro will be installed. But you can add the `VERSION` environment variable to your compose file, in order to specify an alternative Windows version to be downloaded:
 
   ```yaml
   environment:
-    VERSION: "win11"
+    VERSION: "11"
   ```
 
   Select from the values below:
   
-  | **Value** | **Version**              | **Size** |
+  | **Value** | **Version**            | **Size** |
   |---|---|---|
-  | `win11`   | Windows 11 Pro           | 5.4 GB   |
-  | `ltsc11`  | Windows 11 LTSC    | 4.2 GB   |
-  | `win11e`  | Windows 11 Enterprise    | 5.8 GB   |
+  | `11`   | Windows 11 Pro            | 5.4 GB   |
+  | `11l`  | Windows 11 LTSC           | 4.7 GB   |
+  | `11e`  | Windows 11 Enterprise     | 4.0 GB   |
   ||||
-  | `win10`   | Windows 10 Pro           | 5.7 GB   |
-  | `ltsc10`  | Windows 10 LTSC          | 4.6 GB   |
-  | `win10e`  | Windows 10 Enterprise    | 5.2 GB   |
+  | `10`   | Windows 10 Pro            | 5.7 GB   |
+  | `10l`  | Windows 10 LTSC           | 4.6 GB   |
+  | `10e`  | Windows 10 Enterprise     | 5.2 GB   |
   ||||
-  | `win8`    | Windows 8.1 Pro          | 4.0 GB   |
-  | `win8e`   | Windows 8.1 Enterprise   | 3.7 GB   |
-  | `win7`    | Windows 7 Enterprise     | 3.0 GB   |
-  | `vista`   | Windows Vista Enterprise | 3.0 GB   |
-  | `winxp`   | Windows XP Professional  | 0.6 GB   |
-  ||||
-  | `2025`    | Windows Server 2025      | 5.0 GB   |
-  | `2022`    | Windows Server 2022      | 4.7 GB   |
-  | `2019`    | Windows Server 2019      | 5.3 GB   |
-  | `2016`    | Windows Server 2016      | 6.5 GB   |
-  | `2012`    | Windows Server 2012      | 4.3 GB   |
-  | `2008`    | Windows Server 2008      | 3.0 GB   |
-  | `2003`    | Windows Server 2003      | 0.6 GB   |
+  | `8e`   | Windows 8.1 Enterprise    | 3.7 GB   |
+  | `7u`   | Windows 7 Ultimate        | 3.1 GB   |
+  | `vu`   | Windows Vista Ultimate    | 3.0 GB   |
+  | `xp`   | Windows XP Professional   | 0.6 GB   |
+  | `2k`   | Windows 2000 Professional | 0.4 GB   | 
+  ||||  
+  | `2025` | Windows Server 2025       | 5.6 GB   |
+  | `2022` | Windows Server 2022       | 4.7 GB   |
+  | `2019` | Windows Server 2019       | 5.3 GB   |
+  | `2016` | Windows Server 2016       | 6.5 GB   |
+  | `2012` | Windows Server 2012       | 4.3 GB   |
+  | `2008` | Windows Server 2008       | 3.0 GB   |
+  | `2003` | Windows Server 2003       | 0.6 GB   |
 
 > [!TIP]
 > To install ARM64 versions of Windows use [dockur/windows-arm](https://github.com/dockur/windows-arm/).
@@ -116,10 +124,10 @@ kubectl apply -f kubernetes.yml
 
   ```yaml
   volumes:
-    - /var/win:/storage
+    - ./windows:/storage
   ```
 
-  Replace the example path `/var/win` with the desired storage folder.
+  Replace the example path `./windows` with the desired storage folder or named volume.
 
 ### How do I change the size of the disk?
 
@@ -135,58 +143,20 @@ kubectl apply -f kubernetes.yml
 
 ### How do I share files with the host?
 
-  Open 'File Explorer' and click on the 'Network' section, you will see a computer called `host.lan`. Double-click it and it will show a folder called `Data`, which can be binded to any folder on your host via the compose file:
+  Open 'File Explorer' and click on the 'Network' section, you will see a computer called `host.lan`.
+  
+  Double-click it and it will show a folder called `Data`, which can be bound to any folder on your host via the compose file:
 
   ```yaml
   volumes:
-    -  /home/user/example:/data
+    -  ./example:/data
   ```
 
-  The example folder `/home/user/example` will be available as ` \\host.lan\Data`.
+  The example folder `./example` will be available as ` \\host.lan\Data`.
   
 > [!TIP]
 > You can map this path to a drive letter in Windows, for easier access.
 
-### How do I install a custom image?
-
-  In order to download an unsupported ISO image that is not selectable from the list above, specify the URL of that ISO in the `VERSION` environment variable, for example:
-  
-  ```yaml
-  environment:
-    VERSION: "https://example.com/win.iso"
-  ```
-
-  Alternatively, you can also skip the download and use a local file instead, by binding it in your compose file in this way:
-  
-  ```yaml
-  volumes:
-    - /home/user/example.iso:/custom.iso
-  ```
-
-  Replace the example path `/home/user/example.iso` with the filename of your desired ISO file, the value of `VERSION` will be ignored in this case.
-
-### How do I run a script after installation?
-
-  To run your own script after installation, you can create a file called `install.bat` and place it in a folder together with any additional files it needs (software to be installed for example). Then bind that folder in your compose file like this:
-
-  ```yaml
-  volumes:
-    -  /home/user/example:/oem
-  ```
-
-  The example folder `/home/user/example` will be copied to `C:\OEM` during installation and the containing `install.bat` will be executed during the last step.
-
-### How do I perform a manual installation?
-
-  It's best to stick to the automatic installation, as it adjusts various settings to prevent common issues when running Windows inside a virtual environment.
-
-  However, if you insist on performing the installation manually, add the following environment variable to your compose file:
-
-  ```yaml
-  environment:
-    MANUAL: "Y"
-  ```
-
 ### How do I change the amount of CPU or RAM?
 
   By default, the container will be allowed to use a maximum of 2 CPU cores and 4 GB of RAM.
@@ -201,9 +171,9 @@ kubectl apply -f kubernetes.yml
 
 ### How do I configure the username and password?
 
-  By default, a user called `Docker` is created during the installation, with an empty password.
+  By default, a user called `Docker` is created during installation and its password is `admin`.
 
-  If you want to use different credentials, you can change them in your compose file:
+  If you want to use different credentials, you can configure them in your compose file (only before installation):
 
   ```yaml
   environment:
@@ -213,18 +183,20 @@ kubectl apply -f kubernetes.yml
 
 ### How do I select the Windows language?
 
-  By default, the English version of Windows will be downloaded. But you can add the `LANGUAGE` environment variable to your compose file, in order to specify an alternative language:
+  By default, the English version of Windows will be downloaded.
+  
+  But before installation you can add the `LANGUAGE` environment variable to your compose file, in order to specify an alternative language:
 
   ```yaml
   environment:
     LANGUAGE: "French"
   ```
   
-  You can choose between: 🇦🇪 Arabic, 🇧🇬 Bulgarian, 🇨🇳 Chinese, 🇭🇷 Croatian, 🇨🇿 Czech, 🇩🇰 Danish, 🇳🇱 Dutch, 🇬🇧 English, 🇪🇪 Estionian, 🇫🇮 Finnish, 🇫🇷 French, 🇩🇪 German, 🇬🇷 Greek, 🇮🇱 Hebrew, 🇭🇺 Hungarian, 🇮🇹 Italian, 🇯🇵 Japanese, 🇰🇷 Korean, 🇱🇻 Latvian, 🇱🇹 Lithuanian, 🇳🇴 Norwegian, 🇵🇱 Polish, 🇵🇹 Portuguese, 🇷🇴 Romanian, 🇷🇺 Russian, 🇷🇸 Serbian, 🇸🇰 Slovak, 🇸🇮 Slovenian, 🇪🇸 Spanish, 🇸🇪 Swedish, 🇹🇭 Thai, 🇹🇷 Turkish and 🇺🇦 Ukrainian.
+  You can choose between: 🇦🇪 Arabic, 🇧🇬 Bulgarian, 🇨🇳 Chinese, 🇭🇷 Croatian, 🇨🇿 Czech, 🇩🇰 Danish, 🇳🇱 Dutch, 🇬🇧 English, 🇪🇪 Estonian, 🇫🇮 Finnish, 🇫🇷 French, 🇩🇪 German, 🇬🇷 Greek, 🇮🇱 Hebrew, 🇭🇺 Hungarian, 🇮🇹 Italian, 🇯🇵 Japanese, 🇰🇷 Korean, 🇱🇻 Latvian, 🇱🇹 Lithuanian, 🇳🇴 Norwegian, 🇵🇱 Polish, 🇵🇹 Portuguese, 🇷🇴 Romanian, 🇷🇺 Russian, 🇷🇸 Serbian, 🇸🇰 Slovak, 🇸🇮 Slovenian, 🇪🇸 Spanish, 🇸🇪 Swedish, 🇹🇭 Thai, 🇹🇷 Turkish and 🇺🇦 Ukrainian.
 
 ### How do I select the keyboard layout?
 
-  If you want to use a keyboard layout or locale that is not the default for your selected language, you can add the `KEYBOARD` and `REGION` variables with a culture code, like this:
+  If you want to use a keyboard layout or locale that is not the default for your selected language, you can add  `KEYBOARD` and `REGION` variables like this (before installation):
 
   ```yaml
   environment:
@@ -232,15 +204,62 @@ kubectl apply -f kubernetes.yml
     KEYBOARD: "en-US"
   ```
 
-> [!NOTE]  
->  Changing these values will have no effect after the installation has been performed already. Use the control panel inside Windows in that case.
->
+### How do I select the edition?
+
+  Windows Server offers a minimalistic Core edition without a GUI. To select those non-standard editions, you can add a `EDITION` variable like this (before installation):
+
+  ```yaml
+  environment:
+    EDITION: "core"
+  ```
+
+### How do I install a custom image?
+
+  In order to download an unsupported ISO image, specify its URL in the `VERSION` environment variable:
+  
+  ```yaml
+  environment:
+    VERSION: "https://example.com/win.iso"
+  ```
+
+  Alternatively, you can also skip the download and use a local file instead, by binding it in your compose file in this way:
+  
+  ```yaml
+  volumes:
+    - ./example.iso:/boot.iso
+  ```
+
+  Replace the example path `./example.iso` with the filename of your desired ISO file. The value of `VERSION` will be ignored in this case.
+
+### How do I run a script after installation?
+
+  To run your own script after installation, you can create a file called `install.bat` and place it in a folder together with any additional files it needs (software to be installed for example).
+  
+  Then bind that folder in your compose file like this:
+
+  ```yaml
+  volumes:
+    -  ./example:/oem
+  ```
+
+  The example folder `./example` will be copied to `C:\OEM` and the containing `install.bat` will be executed during the last step of the automatic installation.
+
+### How do I perform a manual installation?
+
+  It's recommended to stick to the automatic installation, as it adjusts various settings to prevent common issues when running Windows inside a virtual environment.
+
+  However, if you insist on performing the installation manually at your own risk, add the following environment variable to your compose file:
+
+  ```yaml
+  environment:
+    MANUAL: "Y"
+  ```
 
 ### How do I connect using RDP?
 
   The web-viewer is mainly meant to be used during installation, as its picture quality is low, and it has no audio or clipboard for example.
 
-  So for a better experience you can connect using any Microsoft Remote Desktop client to the IP of the container, using the username `Docker` and by leaving the password empty.
+  So for a better experience you can connect using any Microsoft Remote Desktop client to the IP of the container, using the username `Docker` and password `admin`.
 
   There is a RDP client for [Android](https://play.google.com/store/apps/details?id=com.microsoft.rdc.androidx) available from the Play Store and one for [iOS](https://apps.apple.com/nl/app/microsoft-remote-desktop/id714464092?l=en-GB) in the Apple Store. For Linux you can use [FreeRDP](https://www.freerdp.com/) and on Windows just type `mstsc` in the search box.
 
@@ -285,7 +304,7 @@ kubectl apply -f kubernetes.yml
 
   After configuring the container for [macvlan](#how-do-i-assign-an-individual-ip-address-to-the-container), it is possible for Windows to become part of your home network by requesting an IP from your router, just like a real PC.
 
-  To enable this mode, add the following lines to your compose file:
+  To enable this mode, in which the container and Windows will have separate IP addresses, add the following lines to your compose file:
 
   ```yaml
   environment:
@@ -296,9 +315,6 @@ kubectl apply -f kubernetes.yml
     - 'c *:* rwm'
   ```
 
-> [!NOTE]  
-> In this mode, the container and Windows will each have their own separate IPs.
-
 ### How do I add multiple disks?
 
   To create additional disks, modify your compose file like this:
@@ -308,18 +324,18 @@ kubectl apply -f kubernetes.yml
     DISK2_SIZE: "32G"
     DISK3_SIZE: "64G"
   volumes:
-    - /home/example:/storage2
-    - /mnt/data/example:/storage3
+    - ./example2:/storage2
+    - ./example3:/storage3
   ```
 
 ### How do I pass-through a disk?
 
-  It is possible to pass-through disk devices directly by adding them to your compose file in this way:
+  It is possible to pass-through disk devices or partitions directly by adding them to your compose file in this way:
 
   ```yaml
   devices:
     - /dev/sdb:/disk1
-    - /dev/sdc:/disk2
+    - /dev/sdc1:/disk2
   ```
 
   Use `/disk1` if you want it to become your main drive (which will be formatted during installation), and use `/disk2` and higher to add them as secondary drives (which will stay untouched).
@@ -335,34 +351,44 @@ kubectl apply -f kubernetes.yml
     - /dev/bus/usb
   ```
 
-> [!IMPORTANT]
-> If the device is a USB disk drive, please wait until after the installation is completed before connecting it. Otherwise the installation may fail, as the order of the disks can get rearranged.
+  If the device is a USB disk drive, please wait until after the installation is fully completed before connecting it. Otherwise the installation may fail, as the order of the disks can get rearranged.
 
 ### How do I verify if my system supports KVM?
 
-  To verify that your system supports KVM, run the following commands:
+  First check if your software is compatible using this chart:
+
+  | **Product**  | **Linux** | **Win11** | **Win10** | **macOS** |
+  |---|---|---|---|---|
+  | Docker CLI        | ✅   | ✅       | ❌        | ❌ |
+  | Docker Desktop    | ❌   | ✅       | ❌        | ❌ | 
+  | Podman CLI        | ✅   | ✅       | ❌        | ❌ | 
+  | Podman Desktop    | ✅   | ✅       | ❌        | ❌ | 
+
+  After that you can run the following commands in Linux to check your system:
 
   ```bash
   sudo apt install cpu-checker
   sudo kvm-ok
   ```
 
-  If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, please check whether:
+  If you receive an error from `kvm-ok` indicating that KVM cannot be used, please check whether:
 
   - the virtualization extensions (`Intel VT-x` or `AMD SVM`) are enabled in your BIOS.
 
-  - you are running an operating system that supports them, like Linux or Windows 11 (macOS and Windows 10 do not unfortunately).
-
   - you enabled "nested virtualization" if you are running the container inside a virtual machine.
 
   - you are not using a cloud provider, as most of them do not allow nested virtualization for their VPS's.
 
-  If you didn't receive any error from `kvm-ok` at all, but the container still complains that `/dev/kvm` is missing, it might help to add `privileged: true` to your compose file (or `--privileged` to your `run` command), to rule out any permission issue.
+  If you did not receive any error from `kvm-ok` but the container still complains about a missing KVM device, it could help to add `privileged: true` to your compose file (or `sudo` to your `docker` command) to rule out any permission issue.
 
 ### How do I run macOS in a container?
 
   You can use [dockur/macos](https://github.com/dockur/macos) for that. It shares many of the same features, except for the automatic installation.
 
+### How do I run a Linux desktop in a container?
+
+  You can use [qemus/qemu](https://github.com/qemus/qemu) in that case.
+
 ### Is this project legal?
 
   Yes, this project contains only open-source code and does not distribute any copyrighted material. Any product keys found in the code are just generic placeholders provided by Microsoft for trial purposes. So under all applicable laws, this project will be considered legal.

src/entry.sh

@@ -1,16 +1,17 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
+: "${APP:="Windows"}"
+: "${PLATFORM:="x64"}"
 : "${BOOT_MODE:="windows"}"
-
-APP="Windows"
-SUPPORT="https://github.com/dockur/windows"
+: "${SUPPORT:="https://github.com/dockur/windows"}"
 
 cd /run
 
+. utils.sh      # Load functions
 . reset.sh      # Initialize system
 . define.sh     # Define versions
-. mido.sh       # Download code
+. mido.sh       # Download Windows
 . install.sh    # Run installation
 . disk.sh       # Initialize disks
 . display.sh    # Initialize graphics
@@ -32,8 +33,10 @@ info "Booting ${APP}${BOOT_DESC} using QEMU v$version..."
 terminal
 ( sleep 30; boot ) &
 tail -fn +0 "$QEMU_LOG" 2>/dev/null &
-cat "$QEMU_TERM" 2> /dev/null | tee "$QEMU_PTY" &
-wait $! || :
+cat "$QEMU_TERM" 2> /dev/null | tee "$QEMU_PTY" | \
+sed -u -e 's/\x1B\[[=0-9;]*[a-z]//gi' \
+-e 's/failed to load Boot/skipped Boot/g' \
+-e 's/0): Not Found/0)/g' & wait $! || :
 
 sleep 1 & wait $!
 [ ! -f "$QEMU_END" ] && finish 0

src/install.sh

@@ -10,21 +10,31 @@ EFISYS="efi/microsoft/boot/efisys_noprompt.bin"
 skipInstall() {
 
   local iso="$1"
+  local method=""
   local magic byte
   local boot="$STORAGE/windows.boot"
   local previous="$STORAGE/windows.base"
 
   if [ -f "$previous" ]; then
     previous=$(<"$previous")
+    previous="${previous//[![:print:]]/}"
     if [ -n "$previous" ]; then
-      previous="$STORAGE/$previous"
-      if [[ "${previous,,}" != "${iso,,}" ]]; then
+      if [[ "${STORAGE,,}/${previous,,}" != "${iso,,}" ]]; then
         if [ -f "$boot" ] && hasDisk; then
-          info "Detected that the version was changed, but ignoring this because Windows is already installed."
-          info "Please start with an empty /storage folder, if you want to install a different version of Windows."
+          if [[ "${iso,,}" == "${STORAGE,,}/windows."* ]]; then
+            method="your custom .iso file"
+          else
+            if [[ "${previous,,}" != "windows."* ]]; then
+              method="the VERSION variable"
+            fi
+          fi
+          if [ -n "$method" ]; then
+            info "Detected that $method was changed, but ignoring this because Windows is already installed."
+            info "Please start with an empty /storage folder, if you want to install a different version of Windows."
+          fi
           return 0
         fi
-        [ -f "$previous" ] && rm -f "$previous"
+        rm -f "$STORAGE/$previous"
         return 1
       fi
     fi
@@ -76,8 +86,6 @@ startInstall() {
 
     BOOT="$STORAGE/$file"
 
-    ! migrateFiles "$BOOT" "$VERSION" && error "Migration failed!" && exit 57
-
   fi
 
   skipInstall "$BOOT" && return 1
@@ -120,6 +128,9 @@ finishInstall() {
 
   rm -f "$STORAGE/windows.old"
   rm -f "$STORAGE/windows.vga"
+  rm -f "$STORAGE/windows.net"
+  rm -f "$STORAGE/windows.usb"
+  rm -f "$STORAGE/windows.args"
   rm -f "$STORAGE/windows.base"
   rm -f "$STORAGE/windows.boot"
   rm -f "$STORAGE/windows.mode"
@@ -156,10 +167,27 @@ finishInstall() {
     fi
   fi
 
+  if [ -n "${ARGS:-}" ]; then
+    ARGUMENTS="$ARGS ${ARGUMENTS:-}"
+    echo "$ARGS" > "$STORAGE/windows.args"
+  fi
+
+  if [ -n "${VGA:-}" ] && [[ "${VGA:-}" != "virtio"* ]]; then
+    echo "$VGA" > "$STORAGE/windows.vga"
+  fi
+
+  if [ -n "${USB:-}" ] && [[ "${USB:-}" != "qemu-xhci"* ]]; then
+    echo "$USB" > "$STORAGE/windows.usb"
+  fi
+
   if [ -n "${DISK_TYPE:-}" ] && [[ "${DISK_TYPE:-}" != "scsi" ]]; then
     echo "$DISK_TYPE" > "$STORAGE/windows.type"
   fi
 
+  if [ -n "${ADAPTER:-}" ] && [[ "${ADAPTER:-}" != "virtio-net-pci" ]]; then
+    echo "$ADAPTER" > "$STORAGE/windows.net"
+  fi
+
   rm -rf "$TMP"
   return 0
 }
@@ -171,8 +199,9 @@ abortInstall() {
   local efi
 
   [[ "${iso,,}" == *".esd" ]] && exit 60
+  [[ "${UNPACK:-}" == [Yy1]* ]] && exit 60
 
-  efi=$(find "$dir" -maxdepth 1 -type d -iname efi | head -n 1)
+  efi=$(find "$dir" -maxdepth 1 -type d -iname efi -print -quit)
 
   if [ -z "$efi" ]; then
     [[ "${PLATFORM,,}" == "x64" ]] && BOOT_MODE="windows_legacy"
@@ -193,13 +222,23 @@ abortInstall() {
   return 1
 }
 
-detectCustom() {
+findFile() {
 
-  local file base
-  CUSTOM=""
+  local dir file base
+  local fname="$1"
+  local boot="$STORAGE/windows.boot"
 
-  file=$(find / -maxdepth 1 -type f -iname custom.iso | head -n 1)
-  [ ! -s "$file" ] && file=$(find "$STORAGE" -maxdepth 1 -type f -iname custom.iso | head -n 1)
+  dir=$(find / -maxdepth 1 -type d -iname "$fname" -print -quit)
+  [ ! -d "$dir" ] && dir=$(find "$STORAGE" -maxdepth 1 -type d -iname "$fname" -print -quit)
+
+  if [ -d "$dir" ]; then
+    if ! hasDisk || [ ! -f "$boot" ]; then
+      error "The bind $dir maps to a file that does not exist!" && return 1
+    fi
+  fi
+
+  file=$(find / -maxdepth 1 -type f -iname "$fname" -print -quit)
+  [ ! -s "$file" ] && file=$(find "$STORAGE" -maxdepth 1 -type f -iname "$fname" -print -quit)
 
   if [ ! -s "$file" ] && [[ "${VERSION,,}" != "http"* ]]; then
     base=$(basename "$VERSION")
@@ -215,12 +254,25 @@ detectCustom() {
   [ -z "$size" ] || [[ "$size" == "0" ]] && return 0
 
   ISO="$file"
-  CUSTOM="$ISO"
+  CUSTOM="$file"
   BOOT="$STORAGE/windows.$size.iso"
 
   return 0
 }
 
+detectCustom() {
+
+  CUSTOM=""
+
+  ! findFile "custom.iso" && return 1
+  [ -n "$CUSTOM" ] && return 0
+
+  ! findFile "boot.iso" && return 1
+  [ -n "$CUSTOM" ] && return 0
+
+  return 0
+}
+
 extractESD() {
 
   local iso="$1"
@@ -240,12 +292,12 @@ extractESD() {
   mkdir -p "$dir"
 
   size=16106127360
-  size_gb=$(( (size + 1073741823)/1073741824 ))
+  size_gb=$(formatBytes "$size")
   space=$(df --output=avail -B 1 "$dir" | tail -n 1)
-  space_gb=$(( (space + 1073741823)/1073741824 ))
+  space_gb=$(formatBytes "$space")
 
   if (( size > space )); then
-    error "Not enough free space in $STORAGE, have $space_gb GB available but need at least $size_gb GB." && return 1
+    error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1
   fi
 
   local esdImageCount
@@ -310,7 +362,7 @@ extractImage() {
   local dir="$2"
   local version="$3"
   local desc="local ISO"
-  local size size_gb space space_gb
+  local file size size_gb space space_gb
 
   if [ -z "$CUSTOM" ]; then
     desc="downloaded ISO"
@@ -331,16 +383,16 @@ extractImage() {
   mkdir -p "$dir"
 
   size=$(stat -c%s "$iso")
-  size_gb=$(( (size + 1073741823)/1073741824 ))
+  size_gb=$(formatBytes "$size")
   space=$(df --output=avail -B 1 "$dir" | tail -n 1)
-  space_gb=$(( (space + 1073741823)/1073741824 ))
+  space_gb=$(formatBytes "$space")
 
   if ((size<100000000)); then
     error "Invalid ISO file: Size is smaller than 100 MB" && return 1
   fi
 
   if (( size > space )); then
-    error "Not enough free space in $STORAGE, have $space_gb GB available but need at least $size_gb GB." && return 1
+    error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1
   fi
 
   rm -rf "$dir"
@@ -349,7 +401,26 @@ extractImage() {
     error "Failed to extract ISO file: $iso" && return 1
   fi
 
-  LABEL=$(isoinfo -d -i "$iso" | sed -n 's/Volume id: //p')
+  if [[ "${UNPACK:-}" != [Yy1]* ]]; then
+
+    LABEL=$(isoinfo -d -i "$iso" | sed -n 's/Volume id: //p')
+
+  else
+
+    file=$(find "$dir" -maxdepth 1 -type f -iname "*.iso" -print -quit)
+
+    if [ -z "$file" ]; then
+      error "Failed to find any .iso file in archive!" && return 1
+    fi
+
+    if ! 7z x "$file" -o"$dir" > /dev/null; then
+      error "Failed to extract archive!" && return 1
+    fi
+
+    LABEL=$(isoinfo -d -i "$file" | sed -n 's/Volume id: //p')
+    rm -f "$file"
+
+  fi
 
   return 0
 }
@@ -483,6 +554,10 @@ setXML() {
 
   local file="/custom.xml"
 
+  if [ -d "$file" ]; then
+    error "The bind $file maps to a file that does not exist!" && exit 67
+  fi
+
   [ ! -f "$file" ] || [ ! -s "$file" ] && file="$STORAGE/custom.xml"
   [ ! -f "$file" ] || [ ! -s "$file" ] && file="/run/assets/custom.xml"
   [ ! -f "$file" ] || [ ! -s "$file" ] && file="$1"
@@ -527,14 +602,14 @@ detectImage() {
   fi
 
   local src wim info
-  src=$(find "$dir" -maxdepth 1 -type d -iname sources | head -n 1)
+  src=$(find "$dir" -maxdepth 1 -type d -iname sources -print -quit)
 
   if [ ! -d "$src" ]; then
     warn "failed to locate 'sources' folder in ISO image, $FB" && return 1
   fi
 
-  wim=$(find "$src" -maxdepth 1 -type f -iname install.wim | head -n 1)
-  [ ! -f "$wim" ] && wim=$(find "$src" -maxdepth 1 -type f -iname install.esd | head -n 1)
+  wim=$(find "$src" -maxdepth 1 -type f -iname install.wim -print -quit)
+  [ ! -f "$wim" ] && wim=$(find "$src" -maxdepth 1 -type f -iname install.esd -print -quit)
 
   if [ ! -f "$wim" ]; then
     warn "failed to locate 'install.wim' or 'install.esd' in ISO image, $FB" && return 1
@@ -567,6 +642,10 @@ detectImage() {
   info "Detected: $desc"
   setXML "" && return 0
 
+  if [[ "$DETECTED" == "win81x86"* ]] || [[ "$DETECTED" == "win10x86"* ]]; then
+    error "The 32-bit version of $desc is not supported!" && return 1
+  fi
+
   msg="the answer file for $desc was not found ($DETECTED.xml)"
   local fallback="/run/assets/${DETECTED%%-*}.xml"
 
@@ -614,11 +693,15 @@ updateXML() {
   local language="$2"
   local culture region user admin pass keyboard
 
-  [ -z "$YRES" ] && YRES="720"
-  [ -z "$XRES" ] && XRES="1280"
+  if [ -n "${VM_NET_IP:-}" ]; then
+    sed -i "s/ 20.20.20.1 / ${VM_NET_IP%.*}.1 /g" "$asset"
+  fi
 
-  sed -i "s/<VerticalResolution>1080<\/VerticalResolution>/<VerticalResolution>$YRES<\/VerticalResolution>/g" "$asset"
-  sed -i "s/<HorizontalResolution>1920<\/HorizontalResolution>/<HorizontalResolution>$XRES<\/HorizontalResolution>/g" "$asset"
+  [ -z "$HEIGHT" ] && HEIGHT="720"
+  [ -z "$WIDTH" ] && WIDTH="1280"
+
+  sed -i "s/<VerticalResolution>1080<\/VerticalResolution>/<VerticalResolution>$HEIGHT<\/VerticalResolution>/g" "$asset"
+  sed -i "s/<HorizontalResolution>1920<\/HorizontalResolution>/<HorizontalResolution>$WIDTH<\/HorizontalResolution>/g" "$asset"
 
   culture=$(getLanguage "$language" "culture")
 
@@ -651,15 +734,26 @@ updateXML() {
     sed -i "s/<Username>Docker<\/Username>/<Username>$user<\/Username>/g" "$asset"
   fi
 
-  if [ -n "$PASSWORD" ]; then
-    pass=$(printf '%s' "${PASSWORD}Password" | iconv -f utf-8 -t utf-16le | base64 -w 0)
-    admin=$(printf '%s' "${PASSWORD}AdministratorPassword" | iconv -f utf-8 -t utf-16le | base64 -w 0)
-    sed -i "s/<Value>password<\/Value>/<Value>$admin<\/Value>/g" "$asset"
-    sed -i "s/<PlainText>true<\/PlainText>/<PlainText>false<\/PlainText>/g" "$asset"
-    sed -z "s/<Password>...........<Value \/>/<Password>\n          <Value>$pass<\/Value>/g" -i "$asset"
-    sed -z "s/<Password>...............<Value \/>/<Password>\n              <Value>$pass<\/Value>/g" -i "$asset"
-    sed -z "s/<AdministratorPassword>...........<Value \/>/<AdministratorPassword>\n          <Value>$admin<\/Value>/g" -i "$asset"
-    sed -z "s/<AdministratorPassword>...............<Value \/>/<AdministratorPassword>\n              <Value>$admin<\/Value>/g" -i "$asset"
+  [ -n "$PASSWORD" ] && pass="$PASSWORD" || pass="admin"
+
+  pw=$(printf '%s' "${pass}Password" | iconv -f utf-8 -t utf-16le | base64 -w 0)
+  admin=$(printf '%s' "${pass}AdministratorPassword" | iconv -f utf-8 -t utf-16le | base64 -w 0)
+
+  sed -i "s/<Value>password<\/Value>/<Value>$admin<\/Value>/g" "$asset"
+  sed -i "s/<PlainText>true<\/PlainText>/<PlainText>false<\/PlainText>/g" "$asset"
+  sed -z "s/<Password>...........<Value \/>/<Password>\n          <Value>$pw<\/Value>/g" -i "$asset"
+  sed -z "s/<Password>...............<Value \/>/<Password>\n              <Value>$pw<\/Value>/g" -i "$asset"
+  sed -z "s/<AdministratorPassword>...........<Value \/>/<AdministratorPassword>\n          <Value>$admin<\/Value>/g" -i "$asset"
+  sed -z "s/<AdministratorPassword>...............<Value \/>/<AdministratorPassword>\n              <Value>$admin<\/Value>/g" -i "$asset"
+
+  if [ -n "$EDITION" ]; then
+    [[ "${EDITION^^}" == "CORE" ]] && EDITION="STANDARDCORE"
+    sed -i "s/SERVERSTANDARD<\/Value>/SERVER${EDITION^^}<\/Value>/g" "$asset"
+  fi
+
+  if [ -n "$KEY" ]; then
+    sed -i '/<ProductKey>/,/<\/ProductKey>/d' "$asset"
+    sed -i "s/<\/UserData>/  <ProductKey>\n          <Key>${KEY}<\/Key>\n          <WillShowUI>OnError<\/WillShowUI>\n        <\/ProductKey>\n      <\/UserData>/g" "$asset"
   fi
 
   return 0
@@ -671,8 +765,13 @@ addDriver() {
   local path="$2"
   local target="$3"
   local driver="$4"
+  local desc=""
   local folder=""
 
+  if [ -z "$id" ]; then
+    warn "no Windows version specified for \"$driver\" driver!" && return 0
+  fi
+
   case "${id,,}" in
     "win7x86"* ) folder="w7/x86" ;;
     "win7x64"* ) folder="w7/amd64" ;;
@@ -692,7 +791,12 @@ addDriver() {
   esac
 
   if [ -z "$folder" ]; then
-    warn "no \"$driver\" driver found for \"$DETECTED\" !" && return 0
+    desc=$(printVersion "$id" "$id")
+    if [[ "${id,,}" != *"x86"* ]]; then
+      warn "no \"$driver\" driver available for \"$desc\" !" && return 0
+    else
+      warn "no \"$driver\" driver available for the 32-bit version of \"$desc\" !" && return 0
+    fi
   fi
 
   [ ! -d "$path/$driver/$folder" ] && return 0
@@ -725,7 +829,12 @@ addDrivers() {
   local msg="Adding drivers to image..."
   info "$msg" && html "$msg"
 
-  if ! bsdtar -xf /drivers.txz -C "$drivers"; then
+  if [ -z "$version" ]; then
+    version="win11x64"
+    warn "Windows version unknown, falling back to Windows 11 drivers..."
+  fi
+
+  if ! bsdtar -xf /var/drivers.txz -C "$drivers"; then
     error "Failed to extract drivers from archive!" && return 1
   fi
 
@@ -794,14 +903,14 @@ updateImage() {
   rm -rf "$tmp"
   mkdir -p "$tmp"
 
-  src=$(find "$dir" -maxdepth 1 -type d -iname sources | head -n 1)
+  src=$(find "$dir" -maxdepth 1 -type d -iname sources -print -quit)
 
   if [ ! -d "$src" ]; then
     error "failed to locate 'sources' folder in ISO image, $FB" && return 1
   fi
 
-  wim=$(find "$src" -maxdepth 1 -type f -iname boot.wim | head -n 1)
-  [ ! -f "$wim" ] && wim=$(find "$src" -maxdepth 1 -type f -iname boot.esd | head -n 1)
+  wim=$(find "$src" -maxdepth 1 -type f -iname boot.wim -print -quit)
+  [ ! -f "$wim" ] && wim=$(find "$src" -maxdepth 1 -type f -iname boot.esd -print -quit)
 
   if [ ! -f "$wim" ]; then
     error "failed to locate 'boot.wim' or 'boot.esd' in ISO image, $FB" && return 1
@@ -864,7 +973,7 @@ updateImage() {
 
   local find="$file"
   [[ "$MANUAL" == [Yy1]* ]] && find="$org"
-  path=$(find "$dir" -maxdepth 1 -type f -iname "$find" | head -n 1)
+  path=$(find "$dir" -maxdepth 1 -type f -iname "$find" -print -quit)
 
   if [ -f "$path" ]; then
     if [[ "$MANUAL" != [Yy1]* ]]; then
@@ -918,12 +1027,12 @@ buildImage() {
   fi
 
   size=$(du -h -b --max-depth=0 "$dir" | cut -f1)
-  size_gb=$(( (size + 1073741823)/1073741824 ))
+  size_gb=$(formatBytes "$size")
   space=$(df --output=avail -B 1 "$TMP" | tail -n 1)
-  space_gb=$(( (space + 1073741823)/1073741824 ))
+  space_gb=$(formatBytes "$space")
 
   if (( size > space )); then
-    error "Not enough free space in $STORAGE, have $space_gb GB available but need at least $size_gb GB." && return 1
+    error "Not enough free space in $STORAGE, have $space_gb available but need at least $size_gb." && return 1
   fi
 
   if [[ "${BOOT_MODE,,}" != "windows_legacy" ]]; then
@@ -965,49 +1074,49 @@ bootWindows() {
 
   rm -rf "$TMP"
 
+  if [ -f "$STORAGE/windows.args" ]; then
+    ARGS=$(<"$STORAGE/windows.args")
+    ARGS="${ARGS//[![:print:]]/}"
+    ARGUMENTS="$ARGS ${ARGUMENTS:-}"
+  fi
+
+  if [ -s "$STORAGE/windows.vga" ] && [ -f "$STORAGE/windows.vga" ]; then
+    if [ -z "${VGA:-}" ]; then
+      VGA=$(<"$STORAGE/windows.vga")
+      VGA="${VGA//[![:print:]]/}"
+    fi
+  fi
+
+  if [ -s "$STORAGE/windows.usb" ] && [ -f "$STORAGE/windows.usb" ]; then
+    if [ -z "${USB:-}" ]; then
+      USB=$(<"$STORAGE/windows.usb")
+      USB="${USB//[![:print:]]/}"
+    fi
+  fi
+
+  if [ -s "$STORAGE/windows.net" ] && [ -f "$STORAGE/windows.net" ]; then
+    if [ -z "${ADAPTER:-}" ]; then
+      ADAPTER=$(<"$STORAGE/windows.net")
+      ADAPTER="${ADAPTER//[![:print:]]/}"
+    fi
+  fi
+
   if [ -s "$STORAGE/windows.type" ] && [ -f "$STORAGE/windows.type" ]; then
-    [ -z "${DISK_TYPE:-}" ] && DISK_TYPE=$(<"$STORAGE/windows.type")
+    if [ -z "${DISK_TYPE:-}" ]; then
+      DISK_TYPE=$(<"$STORAGE/windows.type")
+      DISK_TYPE="${DISK_TYPE//[![:print:]]/}"
+    fi
   fi
 
   if [ -s "$STORAGE/windows.mode" ] && [ -f "$STORAGE/windows.mode" ]; then
     BOOT_MODE=$(<"$STORAGE/windows.mode")
-    if [ -s "$STORAGE/windows.old" ] && [ -f "$STORAGE/windows.old" ]; then
-      [[ "${PLATFORM,,}" == "x64" ]] && MACHINE=$(<"$STORAGE/windows.old")
-    fi
-    return 0
+    BOOT_MODE="${BOOT_MODE//[![:print:]]/}"
   fi
 
-  # Migrations
-
-  [[ "${PLATFORM,,}" != "x64" ]] && return 0
-
-  if [ -f "$STORAGE/windows.old" ]; then
-    MACHINE=$(<"$STORAGE/windows.old")
-    [ -z "$MACHINE" ] && MACHINE="q35"
-    BOOT_MODE="windows_legacy"
-    echo "$BOOT_MODE" > "$STORAGE/windows.mode"
-    return 0
-  fi
-
-  local creation="1.10"
-  local minimal="2.14"
-
-  if [ -f "$STORAGE/windows.ver" ]; then
-    creation=$(<"$STORAGE/windows.ver")
-    [[ "${creation}" != *"."* ]] && creation="$minimal"
-  fi
-
-  # Force secure boot on installs created prior to v2.14
-  if (( $(echo "$creation < $minimal" | bc -l) )); then
-    if [[ "${BOOT_MODE,,}" == "windows" ]]; then
-      BOOT_MODE="windows_secure"
-      echo "$BOOT_MODE" > "$STORAGE/windows.mode"
-      if [ -f "$STORAGE/windows.rom" ] && [ ! -f "$STORAGE/$BOOT_MODE.rom" ]; then
-        mv -f "$STORAGE/windows.rom" "$STORAGE/$BOOT_MODE.rom"
-      fi
-      if [ -f "$STORAGE/windows.vars" ] && [ ! -f "$STORAGE/$BOOT_MODE.vars" ]; then
-        mv -f "$STORAGE/windows.vars" "$STORAGE/$BOOT_MODE.vars"
-      fi
+  if [ -s "$STORAGE/windows.old" ] && [ -f "$STORAGE/windows.old" ]; then
+    if [[ "${PLATFORM,,}" == "x64" ]]; then
+      MACHINE=$(<"$STORAGE/windows.old")
+      MACHINE="${MACHINE//[![:print:]]/}"
     fi
   fi
 

src/mido.sh

@@ -4,25 +4,26 @@ set -Eeuo pipefail
 handle_curl_error() {
 
   local error_code="$1"
+  local server_name="$2"
 
   case "$error_code" in
     1) error "Unsupported protocol!" ;;
     2) error "Failed to initialize curl!" ;;
     3) error "The URL format is malformed!" ;;
     5) error "Failed to resolve address of proxy host!" ;;
-    6) error "Failed to resolve Microsoft servers! Is there an Internet connection?" ;;
-    7) error "Failed to contact Microsoft servers! Is there an Internet connection or is the server down?" ;;
-    8) error "Microsoft servers returned a malformed HTTP response!" ;;
+    6) error "Failed to resolve $server_name servers! Is there an Internet connection?" ;;
+    7) error "Failed to contact $server_name servers! Is there an Internet connection or is the server down?" ;;
+    8) error "$server_name servers returned a malformed HTTP response!" ;;
     16) error "A problem was detected in the HTTP2 framing layer!" ;;
-    22) error "Microsoft servers returned a failing HTTP status code!" ;;
+    22) error "$server_name servers returned a failing HTTP status code!" ;;
     23) error "Failed at writing Windows media to disk! Out of disk space or permission error?" ;;
     26) error "Failed to read Windows media from disk!" ;;
     27) error "Ran out of memory during download!" ;;
-    28) error "Connection timed out to Microsoft server!" ;;
-    35) error "SSL connection error from Microsoft server!" ;;
+    28) error "Connection timed out to $server_name server!" ;;
+    35) error "SSL connection error from $server_name server!" ;;
     36) error "Failed to continue earlier download!" ;;
-    52) error "Received no data from the Microsoft server!" ;;
-    63) error "Microsoft servers returned an unexpectedly large response!" ;;
+    52) error "Received no data from the $server_name server!" ;;
+    63) error "$server_name servers returned an unexpectedly large response!" ;;
     # POSIX defines exit statuses 1-125 as usable by us
     # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_08_02
     $((error_code <= 125)))
@@ -63,77 +64,75 @@ download_windows() {
   local lang="$2"
   local desc="$3"
   local sku_id=""
+  local sku_url=""
+  local iso_url=""
+  local iso_json=""
   local language=""
   local session_id=""
   local user_agent=""
+  local download_type=""
   local windows_version=""
   local iso_download_link=""
+  local download_page_html=""
   local product_edition_id=""
-  local iso_download_link_html=""
-  local iso_download_page_html=""
-  local language_skuid_table_html=""
-
-  case "${id,,}" in
-    "win11x64" ) windows_version="11" ;;
-    "win10x64" ) windows_version="10" ;;
-    "win81x64" ) windows_version="8" ;;
-    * ) error "Invalid VERSION specified, value \"$id\" is not recognized!" && return 1 ;;
-  esac
+  local language_skuid_json=""
+  local profile="606624d44113"
 
   user_agent=$(get_agent)
   language=$(getLanguage "$lang" "name")
 
-  local url="https://www.microsoft.com/en-us/software-download/windows$windows_version"
-  case "$windows_version" in
-    8 | 10) url+="ISO";;
+  case "${id,,}" in
+    "win11x64" ) windows_version="11" && download_type="1" ;;
+    "win10x64" ) windows_version="10" && download_type="1" ;;
+    "win11arm64" ) windows_version="11arm64" && download_type="2" ;;
+    * ) error "Invalid VERSION specified, value \"$id\" is not recognized!" && return 1 ;;
   esac
 
+  local url="https://www.microsoft.com/en-us/software-download/windows$windows_version"
+  [[ "${id,,}" == "win10"* ]] && url+="ISO"
+
   # uuidgen: For MacOS (installed by default) and other systems (e.g. with no /proc) that don't have a kernel interface for generating random UUIDs
   session_id=$(cat /proc/sys/kernel/random/uuid 2> /dev/null || uuidgen --random)
+  session_id="${session_id//[![:print:]]/}"
 
   # Get product edition ID for latest release of given Windows version
   # Product edition ID: This specifies both the Windows release (e.g. 22H2) and edition ("multi-edition" is default, either Home/Pro/Edu/etc., we select "Pro" in the answer files) in one number
   # This is the *only* request we make that Fido doesn't. Fido manually maintains a list of all the Windows release/edition product edition IDs in its script (see: $WindowsVersions array). This is helpful for downloading older releases (e.g. Windows 10 1909, 21H1, etc.) but we always want to get the newest release which is why we get this value dynamically
   # Also, keeping a "$WindowsVersions" array like Fido does would be way too much of a maintenance burden
   # Remove "Accept" header that curl sends by default
-  [[ "$DEBUG" == [Yy1]* ]] && echo " - Parsing download page: ${url}"
-  iso_download_page_html=$(curl --silent --max-time 30 --user-agent "$user_agent" --header "Accept:" --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url") || {
-    handle_curl_error $?
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Parsing download page: ${url}"
+  download_page_html=$(curl --silent --max-time 30 --user-agent "$user_agent" --header "Accept:" --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url") || {
+    handle_curl_error "$?" "Microsoft"
     return $?
   }
 
   [[ "$DEBUG" == [Yy1]* ]] && echo -n "Getting Product edition ID: "
-  # tr: Filter for only numerics to prevent HTTP parameter injection
-  # head -c was recently added to POSIX: https://austingroupbugs.net/view.php?id=407
-  product_edition_id=$(echo "$iso_download_page_html" | grep -Eo '<option value="[0-9]+">Windows' | cut -d '"' -f 2 | head -n 1 | tr -cd '0-9' | head -c 16)
+  product_edition_id=$(echo "$download_page_html" | grep -Eo '<option value="[0-9]+">Windows' | cut -d '"' -f 2 | head -n 1 | tr -cd '0-9' | head -c 16)
   [[ "$DEBUG" == [Yy1]* ]] && echo "$product_edition_id"
 
+  if [ -z "$product_edition_id" ]; then
+    error "Product edition ID not found!"
+    return 1
+  fi
+
   [[ "$DEBUG" == [Yy1]* ]] && echo "Permit Session ID: $session_id"
   # Permit Session ID
-  # "org_id" is always the same value
   curl --silent --max-time 30 --output /dev/null --user-agent "$user_agent" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "https://vlscppe.microsoft.com/tags?org_id=y6jn8c31&session_id=$session_id" || {
     # This should only happen if there's been some change to how this API works
-    handle_curl_error $?
+    handle_curl_error "$?" "Microsoft"
     return $?
   }
 
-  # Extract everything after the last slash
-  local url_segment_parameter="${url##*/}"
-
   [[ "$DEBUG" == [Yy1]* ]] && echo -n "Getting language SKU ID: "
-  # Get language -> skuID association table
-  # SKU ID: This specifies the language of the ISO. We always use "English (United States)", however, the SKU for this changes with each Windows release
-  # We must make this request so our next one will be allowed
-  # --data "" is required otherwise no "Content-Length" header will be sent causing HTTP response "411 Length Required"
-  language_skuid_table_html=$(curl --silent --max-time 30 --request POST --user-agent "$user_agent" --data "" --header "Accept:" --max-filesize 10K --fail --proto =https --tlsv1.2 --http1.1 -- "https://www.microsoft.com/en-US/api/controls/contentinclude/html?pageId=a8f8f489-4c7f-463a-9ca6-5cff94d8d041&host=www.microsoft.com&segments=software-download,$url_segment_parameter&query=&action=getskuinformationbyproductedition&sessionId=$session_id&productEditionId=$product_edition_id&sdVersion=2") || {
-    handle_curl_error $?
+  sku_url="https://www.microsoft.com/software-download-connector/api/getskuinformationbyproductedition?profile=$profile&ProductEditionId=$product_edition_id&SKU=undefined&friendlyFileName=undefined&Locale=en-US&sessionID=$session_id"
+  language_skuid_json=$(curl --silent --max-time 30 --request GET --user-agent "$user_agent" --referer "$url" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "$sku_url") || {
+    handle_curl_error "$?" "Microsoft"
     return $?
   }
 
-  # tr: Filter for only alphanumerics or "-" to prevent HTTP parameter injection
-  sku_id=$(echo "$language_skuid_table_html" | grep -m 1 ">${language}<" | sed 's/&quot;//g' | cut -d ',' -f 1  | cut -d ':' -f 2 | tr -cd '[:alnum:]-' | head -c 16)
+  { sku_id=$(echo "$language_skuid_json" | jq --arg LANG "$language" -r '.Skus[] | select(.Language==$LANG).Id') 2>/dev/null; rc=$?; } || :
 
-  if [ -z "$sku_id" ]; then
+  if [ -z "$sku_id" ] || [[ "${sku_id,,}" == "null" ]] || (( rc != 0 )); then
     language=$(getLanguage "$lang" "desc")
     error "No download in the $language language available for $desc!"
     return 1
@@ -144,28 +143,31 @@ download_windows() {
 
   # Get ISO download link
   # If any request is going to be blocked by Microsoft it's always this last one (the previous requests always seem to succeed)
-  # --referer: Required by Microsoft servers to allow request
-  iso_download_link_html=$(curl --silent --max-time 30 --request POST --user-agent "$user_agent" --data "" --referer "$url" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "https://www.microsoft.com/en-US/api/controls/contentinclude/html?pageId=6e2a1789-ef16-4f27-a296-74ef7ef5d96b&host=www.microsoft.com&segments=software-download,$url_segment_parameter&query=&action=GetProductDownloadLinksBySku&sessionId=$session_id&skuId=$sku_id&language=English&sdVersion=2")
 
-  if ! [ "$iso_download_link_html" ]; then
+  iso_url="https://www.microsoft.com/software-download-connector/api/GetProductDownloadLinksBySku?profile=$profile&ProductEditionId=undefined&SKU=$sku_id&friendlyFileName=undefined&Locale=en-US&sessionID=$session_id"
+  iso_json=$(curl --silent --max-time 30 --request GET --user-agent "$user_agent" --referer "$url" --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_url")
+
+  if ! [ "$iso_json" ]; then
     # This should only happen if there's been some change to how this API works
     error "Microsoft servers gave us an empty response to our request for an automated download."
     return 1
   fi
 
-  if echo "$iso_download_link_html" | grep -q "We are unable to complete your request at this time."; then
+  if echo "$iso_json" | grep -q "Sentinel marked this request as rejected."; then
     error "Microsoft blocked the automated download request based on your IP address."
     return 1
   fi
 
-  # Filter for 64-bit ISO download URL
-  # sed: HTML decode "&" character
-  # tr: Filter for only alphanumerics or punctuation
-  iso_download_link=$(echo "$iso_download_link_html" | grep -o "https://software.download.prss.microsoft.com.*IsoX64" | cut -d '"' -f 1 | sed 's/&amp;/\&/g' | tr -cd '[:alnum:][:punct:]')
+  if echo "$iso_json" | grep -q "We are unable to complete your request at this time."; then
+    error "Microsoft blocked the automated download request based on your IP address."
+    return 1
+  fi
 
-  if ! [ "$iso_download_link" ]; then
-    # This should only happen if there's been some change to the download endpoint web address
+  { iso_download_link=$(echo "$iso_json" | jq --argjson TYPE "$download_type" -r '.ProductDownloadOptions[] | select(.DownloadType==$TYPE).Uri') 2>/dev/null; rc=$?; } || :
+
+  if [ -z "$iso_download_link" ] || [[ "${iso_download_link,,}" == "null" ]] || (( rc != 0 )); then
     error "Microsoft servers gave us no download link to our request for an automated download!"
+    info "Response: $iso_json"
     return 1
   fi
 
@@ -207,6 +209,9 @@ download_windows_eval() {
     "win2022-eval" )
       enterprise_type="server"
       windows_version="windows-server-2022" ;;
+    "win2019-hv" )
+      enterprise_type="server"
+      windows_version="hyper-v-server-2019" ;;
     "win2019-eval" )
       enterprise_type="server"
       windows_version="windows-server-2019" ;;
@@ -229,7 +234,7 @@ download_windows_eval() {
 
   [[ "$DEBUG" == [Yy1]* ]] && echo "Parsing download page: ${url}"
   iso_download_page_html=$(curl --silent --max-time 30 --user-agent "$user_agent" --location --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url") || {
-    handle_curl_error $?
+    handle_curl_error "$?" "Microsoft"
     return $?
   }
 
@@ -241,10 +246,10 @@ download_windows_eval() {
 
   [[ "$DEBUG" == [Yy1]* ]] && echo "Getting download link.."
 
-  if [[ "$enterprise_type" == "iot" ]]; then
-    filter="https://go.microsoft.com/fwlink/?linkid=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country^^}"
-  else
-    filter="https://go.microsoft.com/fwlink/p/?LinkID=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country^^}"
+  filter="https://go.microsoft.com/fwlink/?linkid=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country,,}"
+
+  if ! echo "$iso_download_page_html" | grep -io "$filter" > /dev/null; then
+    filter="https://go.microsoft.com/fwlink/p/?linkid=[0-9]\+&clcid=0x[0-9a-z]\+&culture=${culture,,}&country=${country,,}"
   fi
 
   iso_download_links=$(echo "$iso_download_page_html" | grep -io "$filter") || {
@@ -283,11 +288,11 @@ download_windows_eval() {
   [[ "$DEBUG" == [Yy1]* ]] && echo "Found download link: $iso_download_link"
 
   # Follow redirect so proceeding log message is useful
-  # This is a request we make this Fido doesn't
-  # We don't need to set "--max-filesize" here because this is a HEAD request and the output is to /dev/null anyway
+  # This is a request we make that Fido doesn't
+
   iso_download_link=$(curl --silent --max-time 30 --user-agent "$user_agent" --location --output /dev/null --silent --write-out "%{url_effective}" --head --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_download_link") || {
     # This should only happen if the Microsoft servers are down
-    handle_curl_error $?
+    handle_curl_error "$?" "Microsoft"
     return $?
   }
 
@@ -305,11 +310,11 @@ getWindows() {
   language=$(getLanguage "$lang" "desc")
   edition=$(printEdition "$version" "$desc")
 
-  local msg="Requesting $desc from Microsoft server..."
+  local msg="Requesting $desc from the Microsoft servers..."
   info "$msg" && html "$msg"
 
   case "${version,,}" in
-    "win2008r2" | "win81${PLATFORM,,}-enterprise"* | "win11${PLATFORM,,}-enterprise-iot"* | "win11${PLATFORM,,}-enterprise-ltsc"* )
+    "win2008r2" | "win81${PLATFORM,,}"* | "win11${PLATFORM,,}-enterprise-iot"* | "win11${PLATFORM,,}-enterprise-ltsc"* )
       if [[ "${lang,,}" != "en" ]] && [[ "${lang,,}" != "en-"* ]]; then
         error "No download in the $language language available for $edition!"
         MIDO_URL="" && return 1
@@ -317,6 +322,7 @@ getWindows() {
   esac
 
   case "${version,,}" in
+    "win11${PLATFORM,,}" ) ;;
     "win11${PLATFORM,,}-enterprise-iot"* ) ;;
     "win11${PLATFORM,,}-enterprise-ltsc"* ) ;;
     * )
@@ -327,13 +333,13 @@ getWindows() {
   esac
 
   case "${version,,}" in
-    "win81${PLATFORM,,}" | "win10${PLATFORM,,}" | "win11${PLATFORM,,}" )
+    "win10${PLATFORM,,}" | "win11${PLATFORM,,}" )
       download_windows "$version" "$lang" "$edition" && return 0
       ;;
     "win11${PLATFORM,,}-enterprise"* | "win10${PLATFORM,,}-enterprise"* )
       download_windows_eval "$version" "$lang" "$edition" && return 0
       ;;
-    "win2025-eval" | "win2022-eval" | "win2019-eval" | "win2016-eval" | "win2012r2-eval" )
+    "win2025-eval" | "win2022-eval" | "win2019-eval" | "win2019-hv" | "win2016-eval" | "win2012r2-eval" )
       download_windows_eval "$version" "$lang" "$edition" && return 0
       ;;
     "win81${PLATFORM,,}-enterprise"* | "win2008r2" )
@@ -341,53 +347,10 @@ getWindows() {
     * ) error "Invalid VERSION specified, value \"$version\" is not recognized!" ;;
   esac
 
-  if [[ "${PLATFORM,,}" != "x64" ]]; then
-    MIDO_URL=""
-    return 1
-  fi
+  MIDO_URL=$(getMido "$version" "$lang" "")
+  [ -z "$MIDO_URL" ] && return 1
 
-  if [[ "${lang,,}" != "en" ]] && [[ "${lang,,}" != "en-"* ]]; then
-    MIDO_URL=""
-    return 1
-  fi
-
-  case "${version,,}" in
-    "win81${PLATFORM,,}-enterprise"* )
-      MIDO_URL="https://download.microsoft.com/download/B/9/9/B999286E-0A47-406D-8B3D-5B5AD7373A4A/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_ENTERPRISE_EVAL_EN-US-IR3_CENA_X64FREE_EN-US_DV9.ISO"
-      return 0
-      ;;
-    "win11${PLATFORM,,}-enterprise-iot"* | "win11${PLATFORM,,}-enterprise-ltsc"* )
-      MIDO_URL="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26100.1.240331-1435.ge_release_CLIENT_IOT_LTSC_EVAL_x64FRE_en-us.iso"
-      return 0
-      ;;
-    "win2025-eval" )
-      MIDO_URL="https://software-static.download.prss.microsoft.com/dbazure/888969d5-f34g-4e03-ac9d-1f9786c66749/26100.1.240331-1435.ge_release_SERVER_EVAL_x64FRE_en-us.iso"
-      return 0
-      ;;
-    "win2022-eval" )
-      MIDO_URL="https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso"
-      return 0
-      ;;
-    "win2019-eval" )
-      MIDO_URL="https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso"
-      return 0
-      ;;
-    "win2016-eval" )
-      MIDO_URL="https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO"
-      return 0
-      ;;
-    "win2012r2-eval" )
-      MIDO_URL="https://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO"
-      return 0
-      ;;
-    "win2008r2" )
-      MIDO_URL="https://download.microsoft.com/download/4/1/D/41DEA7E0-B30D-4012-A1E3-F24DC03BA1BB/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso"
-      return 0
-      ;;
-  esac
-
-  MIDO_URL=""
-  return 1
+  return 0
 }
 
 getCatalog() {
@@ -457,7 +420,7 @@ getESD() {
   local eFile="esd_edition.xml"
   local fFile="products_filter.xml"
 
-  { wget "$winCatalog" -O "$dir/$wFile" -q --timeout=30; rc=$?; } || :
+  { wget "$winCatalog" -O "$dir/$wFile" -q --timeout=30 --no-http-keep-alive; rc=$?; } || :
 
   msg="Failed to download $winCatalog"
   (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1
@@ -509,6 +472,18 @@ getESD() {
   return 0
 }
 
+isCompressed() {
+
+  local file="$1"
+
+  case "${file,,}" in
+    *".7z" | *".zip" | *".rar" | *".lzma" | *".bz" | *".bz2" )
+      return 0 ;;
+  esac
+
+  return 1
+}
+
 verifyFile() {
 
   local iso="$1"
@@ -517,7 +492,9 @@ verifyFile() {
   local check="$4"
 
   if [ -n "$size" ] && [[ "$total" != "$size" ]] && [[ "$size" != "0" ]]; then
-    warn "The downloaded file has an unexpected size: $total bytes, while expected value was: $size bytes. Please report this at $SUPPORT/issues"
+    if [[ "$VERIFY" == [Yy1]* ]] || [[ "$DEBUG" == [Yy1]* ]]; then
+      warn "The downloaded file has a different size ( $total bytes) than expected ( $size bytes). Please report this at $SUPPORT/issues"
+    fi
   fi
 
   local hash=""
@@ -537,10 +514,10 @@ verifyFile() {
   fi
 
   if [[ "$hash" == "$check" ]]; then
-    info "Succesfully verified ISO!" && return 0
+    info "Successfully verified ISO!" && return 0
   fi
 
-  error "The downloaded file has an invalid $algo checksum: $hash , while expected value was: $check. Please report this at $SUPPORT/issues"
+  error "The downloaded file has an unknown $algo checksum: $hash , as the expected value was: $check. Please report this at $SUPPORT/issues"
   return 1
 }
 
@@ -552,14 +529,17 @@ downloadFile() {
   local size="$4"
   local lang="$5"
   local desc="$6"
-  local rc total progress domain dots space folder
+  local msg="Downloading $desc"
+  local rc total total_gb progress domain dots agent space folder
 
   rm -f "$iso"
+  agent=$(get_agent)
 
   if [ -n "$size" ] && [[ "$size" != "0" ]]; then
     folder=$(dirname -- "$iso")
     space=$(df --output=avail -B 1 "$folder" | tail -n 1)
-    (( size > space )) && error "Not enough free space left to download file!" && return 1
+    total_gb=$(formatBytes "$space")
+    (( size > space )) && error "Not enough free space to download file, only $total_gb left!" && return 1
   fi
 
   # Check if running with interactive TTY or redirected to docker log
@@ -569,8 +549,8 @@ downloadFile() {
     progress="--progress=dot:giga"
   fi
 
-  local msg="Downloading $desc"
   html "$msg..."
+  /run/progress.sh "$iso" "$size" "$msg ([P])..." &
 
   domain=$(echo "$url" | awk -F/ '{print $3}')
   dots=$(echo "$domain" | tr -cd '.' | wc -c)
@@ -581,25 +561,26 @@ downloadFile() {
   fi
 
   info "$msg..."
-  /run/progress.sh "$iso" "$size" "$msg ([P])..." &
 
-  { wget "$url" -O "$iso" -q --timeout=30 --show-progress "$progress"; rc=$?; } || :
+  { wget "$url" -O "$iso" -q --timeout=30 --no-http-keep-alive --user-agent "$agent" --show-progress "$progress"; rc=$?; } || :
 
   fKill "progress.sh"
 
   if (( rc == 0 )) && [ -f "$iso" ]; then
     total=$(stat -c%s "$iso")
+    total_gb=$(formatBytes "$total")
     if [ "$total" -lt 100000000 ]; then
-      error "Invalid download link: $url (is only $total bytes?). Please report this at $SUPPORT/issues." && return 1
+      error "Invalid download link: $url (is only $total_gb ?). Please report this at $SUPPORT/issues" && return 1
     fi
     verifyFile "$iso" "$size" "$total" "$sum" || return 1
+    isCompressed "$url" && UNPACK="Y"
     html "Download finished successfully..." && return 0
   fi
 
   msg="Failed to download $url"
   (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1
   (( rc == 4 )) && error "$msg , network failure!" && return 1
-  (( rc == 8 )) && error "$msg , server issued an error response!" && return 1
+  (( rc == 8 )) && error "$msg , server issued an error response! Please report this at $SUPPORT/issues" && return 1
 
   error "$msg , reason: $rc"
   return 1
@@ -610,14 +591,21 @@ downloadImage() {
   local iso="$1"
   local version="$2"
   local lang="$3"
+  local delay=5
   local tried="n"
+  local success="n"
   local url sum size base desc language
+  local msg="Will retry after $delay seconds..."
 
   if [[ "${version,,}" == "http"* ]]; then
+
     base=$(basename "$iso")
     desc=$(fromFile "$base")
     downloadFile "$iso" "$version" "" "" "" "$desc" && return 0
+    info "$msg" && html "$msg" && sleep "$delay"
+    downloadFile "$iso" "$version" "" "" "" "$desc" && return 0
     rm -f "$iso"
+
     return 1
   fi
 
@@ -637,11 +625,23 @@ downloadImage() {
   fi
 
   if isMido "$version" "$lang"; then
+
     tried="y"
+    success="n"
+
     if getWindows "$version" "$lang" "$desc"; then
+      success="y"
+    else
+      info "$msg" && html "$msg" && sleep "$delay"
+      getWindows "$version" "$lang" "$desc" && success="y"
+    fi
+
+    if [[ "$success" == "y" ]]; then
       size=$(getMido "$version" "$lang" "size" )
       sum=$(getMido "$version" "$lang" "sum")
       downloadFile "$iso" "$MIDO_URL" "$sum" "$size" "$lang" "$desc" && return 0
+      info "$msg" && html "$msg" && sleep "$delay"
+      downloadFile "$iso" "$MIDO_URL" "$sum" "$size" "$lang" "$desc" && return 0
       rm -f "$iso"
     fi
   fi
@@ -655,10 +655,20 @@ downloadImage() {
     fi
 
     tried="y"
+    success="n"
 
     if getESD "$TMP/esd" "$version" "$lang" "$desc"; then
+      success="y"
+    else
+      info "$msg" && html "$msg" && sleep "$delay"
+      getESD "$TMP/esd" "$version" "$lang" "$desc" && success="y"
+    fi
+
+    if [[ "$success" == "y" ]]; then
       ISO="${ISO%.*}.esd"
       downloadFile "$ISO" "$ESD" "$ESD_SUM" "$ESD_SIZE" "$lang" "$desc" && return 0
+      info "$msg" && html "$msg" && sleep "$delay"
+      downloadFile "$ISO" "$ESD" "$ESD_SUM" "$ESD_SIZE" "$lang" "$desc" && return 0
       rm -f "$ISO"
       ISO="$iso"
     fi
@@ -677,6 +687,8 @@ downloadImage() {
       size=$(getSize "$i" "$version" "$lang")
       sum=$(getHash "$i" "$version" "$lang")
       downloadFile "$iso" "$url" "$sum" "$size" "$lang" "$desc" && return 0
+      info "$msg" && html "$msg" && sleep "$delay"
+      downloadFile "$iso" "$url" "$sum" "$size" "$lang" "$desc" && return 0
       rm -f "$iso"
     fi
 

src/power.sh

@@ -35,7 +35,7 @@ boot() {
         grep -Fq "BOOTMGR is missing" "$QEMU_PTY" && fail="y"
       fi
       if [ -z "$fail" ]; then
-        info "Windows started succesfully, visit http://localhost:8006/ to view the screen..."
+        info "Windows started successfully, visit http://127.0.0.1:8006/ to view the screen..."
         return 0
       fi
     fi

src/samba.sh

@@ -14,16 +14,21 @@ if [[ "$DHCP" == [Yy1]* ]]; then
   interface="$VM_NET_DEV"
 fi
 
+if [[ "${NETWORK,,}" == "user"* ]]; then
+  interface="127.0.0.1"
+fi
+
 addShare() {
   local dir="$1"
   local name="$2"
   local comment="$3"
 
   mkdir -p "$dir" || return 1
+  ls -A "$dir" >/dev/null 2>&1 || return 1
 
   if [ -z "$(ls -A "$dir")" ]; then
 
-    chmod 777 "$dir"
+    chmod 777 "$dir" || return 1
 
     {      echo "--------------------------------------------------------"
             echo " $APP for Docker v$(</run/version)..."
@@ -71,6 +76,9 @@ addShare() {
         echo "    guest account = nobody"
         echo "    map to guest = Bad User"
         echo "    server min protocol = NT1"
+        echo "    follow symlinks = yes"
+        echo "    wide links = yes"
+        echo "    unix extensions = no"
         echo ""
         echo "    # disable printing services"
         echo "    load printers = no"
@@ -84,26 +92,37 @@ share="/data"
 [ ! -d "$share" ] && [ -d "/shared" ] && share="/shared"
 [ ! -d "$share" ] && [ -d "$STORAGE/shared" ] && share="$STORAGE/shared"
 
-addShare "$share" "Data" "Shared" || error "Failed to create shared folder!"
+if ! addShare "$share" "Data" "Shared"; then
+  error "Failed to add shared folder '$share'. Please check its permissions." && return 0
+fi
 
-[ -d "/data2" ] && addShare "/data2" "Data2" "Shared"
-[ -d "/data3" ] && addShare "/data3" "Data3" "Shared"
+if [ -d "/data2" ]; then
+  addShare "/data2" "Data2" "Shared" || error "Failed to add shared folder '/data2'. Please check its permissions."
+fi
+
+if [ -d "/data3" ]; then
+  addShare "/data3" "Data3" "Shared" || error "Failed to add shared folder '/data3'. Please check its permissions."
+fi
+
+IFS=',' read -r -a dirs <<< "${SHARES:-}"
+for dir in "${dirs[@]}"; do
+  [ ! -d "$dir" ] && continue
+  dir_name=$(basename "$dir")
+  addShare "$dir" "$dir_name" "Shared $dir_name" || error "Failed to create shared folder for $dir!"
+done
+
+# Fix Samba permissions
+[ -d /run/samba/msg.lock ] && chmod -R 0755 /run/samba/msg.lock
+[ -d /var/log/samba/cores ] && chmod -R 0700 /var/log/samba/cores
+[ -d /var/cache/samba/msg.lock ] && chmod -R 0755 /var/cache/samba/msg.lock
 
 if ! smbd; then
   error "Samba daemon failed to start!"
   smbd -i --debug-stdout || true
 fi
 
-legacy=""
-
-if [ -f "$STORAGE/windows.old" ]; then
-  MT=$(<"$STORAGE/windows.old")
-  [[ "${MT,,}" == "pc-q35-2"* ]] && legacy="y"
-  [[ "${MT,,}" == "pc-i440fx-2"* ]] && legacy="y"
-fi
-
-if [ -n "$legacy" ]; then
-  # Enable NetBIOS on Windows XP and lower
+if [[ "${BOOT_MODE:-}" == "windows_legacy" ]]; then
+  # Enable NetBIOS on Windows 7 and lower
   if ! nmbd; then
     error "NetBIOS daemon failed to start!"
     nmbd -i --debug-stdout || true