xstefen/winutil
1
0
Fork 0
mirror of https://github.com/ChrisTitusTech/winutil.git synced 2025-06-28 00:54:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

[MicroWin] Preparation for 2025 (#3066)

Browse Source 
* Set Boot Manager entry timeout to 0

Fixes #2562

* Exclude Windows Hello stuff from package removal

* Obscure passwords with Base64 and fix indentation

Fixes #3064

* Fix name of excluded package

* Update comment

It reflects my feelings towards Microsoft when it comes to security a lot better

* Remove jargon of scratch directory options

* Package exclusion improvements

- Removed AppX packages from OS package exclusion list
- Added exclusion of PowerShell ISE (source: Discord server - yes, some people still use the PowerShell ISE)

* Exclude Windows Photo Viewer from dir removal

* Improve copy operation to Ventoy drives

This change may fix the issues where there's a conflict between both Ventoy's and MicroWin's unattended answer files, causing target images to stop working as expected during OOBE

* Add VirtIO functionality and more enhancements

- Added the ability to grab VirtIO Guest Tools
- Modified the description of the Copy ISO files function because it basically had nonsense

* Fix typo (#3104)

* Access specific property of ISO image object

Only show the ISO path. No one is interested in the storage type

* Add detections for expedited app removal

They only affect 24H2 and newer. Earlier releases don't have these expedited apps

* Update message

* Add VirtIO instructions to MicroWin page

* Add DISM command fallback

This fallback is triggered if an exception occurs while getting information with the cmdlets (I couldn't test this on my host as everything magically works now - sometimes it threw the Class not registered error)

* Exclude OpenSSH from package removal

Some people need this to avoid installing third-party programs like PuTTY

* Fixed some more indentation
This commit is contained in:
CodingWonders
2025-01-10 20:40:25 +01:00
committed by GitHub
parent fa9dbcace4
commit 9183e92692
11 changed files with 423 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
functions/microwin/Invoke-Microwin.ps1
View File

@ -55,6 +55,8 @@ public class PowerManagement {
$injectDrivers = $sync.MicrowinInjectDrivers.IsChecked
$importDrivers = $sync.MicrowinImportDrivers.IsChecked
$importVirtIO = $sync.MicrowinCopyVirtIO.IsChecked
$mountDir = $sync.MicrowinMountDir.Text
$scratchDir = $sync.MicrowinScratchDir.Text
@ -109,7 +111,7 @@ public class PowerManagement {
Write-Host "Mounting Windows image. This may take a while."
Mount-WindowsImage -ImagePath "$mountDir\sources\install.wim" -Index $index -Path "$scratchDir"
if ($?) {
Write-Host "Mounting complete! Performing removal of applications..."
Write-Host "The Windows image has been mounted successfully. Continuing processing..."
} else {
Write-Host "Could not mount image. Exiting..."
Set-WinUtilTaskbaritem -state "Error" -value 1 -overlay "warning"
@ -155,13 +157,18 @@ public class PowerManagement {
}
}
if ($importVirtIO) {
Write-Host "Copying VirtIO drivers..."
Microwin-CopyVirtIO
}
Write-Host "Remove Features from the image"
Microwin-RemoveFeatures
Microwin-RemoveFeatures -UseCmdlets $true
Write-Host "Removing features complete!"
Write-Host "Removing OS packages"
Microwin-RemovePackages
Microwin-RemovePackages -UseCmdlets $true
Write-Host "Removing Appx Bloat"
Microwin-RemoveProvisionedPackages
Microwin-RemoveProvisionedPackages -UseCmdlets $true
# Detect Windows 11 24H2 and add dependency to FileExp to prevent Explorer look from going back - thanks @WitherOrNot and @thecatontheceiling
if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,26100,1))) -eq $true) {
@ -189,8 +196,6 @@ public class PowerManagement {
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\DiagTrack" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\InboxApps" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Windows\System32\LocationNotificationWindows.exe"
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Photo Viewer" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Windows Photo Viewer" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Media Player" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files\Windows Media Player" -Directory
Microwin-RemoveFileOrDirectory -pathToDelete "$($scratchDir)\Program Files (x86)\Windows Mail" -Directory
@ -280,20 +285,22 @@ public class PowerManagement {
reg add "HKLM\zSYSTEM\Setup\LabConfig" /v "BypassTPMCheck" /t REG_DWORD /d 1 /f
reg add "HKLM\zSYSTEM\Setup\MoSetup" /v "AllowUpgradesWithUnsupportedTPMOrCPU" /t REG_DWORD /d 1 /f
# Prevent Windows Update Installing so called Expedited Apps
@(
'EdgeUpdate',
'DevHomeUpdate',
'OutlookUpdate',
'CrossDeviceUpdate'
) | ForEach-Object {
Write-Host "Removing Windows Expedited App: $_"
# Prevent Windows Update Installing so called Expedited Apps - 24H2 and newer
if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,26100,1))) -eq $true) {
@(
'EdgeUpdate',
'DevHomeUpdate',
'OutlookUpdate',
'CrossDeviceUpdate'
) | ForEach-Object {
Write-Host "Removing Windows Expedited App: $_"
# Copied here After Installation (Online)
# reg delete "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\$_" /f | Out-Null
# Copied here After Installation (Online)
# reg delete "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\UScheduler\$_" /f | Out-Null
# When in Offline Image
reg delete "HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\$_" /f | Out-Null
# When in Offline Image
reg delete "HKLM\zSOFTWARE\Microsoft\WindowsUpdate\Orchestrator\UScheduler_Oobe\$_" /f | Out-Null
}
}
reg add "HKLM\zSOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "SearchboxTaskbarMode" /t REG_DWORD /d 0 /f

14
functions/microwin/Invoke-MicrowinGetIso.ps1
View File

@ -169,7 +169,7 @@ function Invoke-MicrowinGetIso {
try {
Write-Host "Mounting Iso. Please wait."
$mountedISO = Mount-DiskImage -PassThru "$filePath"
Write-Host "Done mounting Iso $mountedISO"
Write-Host "Done mounting Iso `"$($mountedISO.ImagePath)`""
$driveLetter = (Get-Volume -DiskImage $mountedISO).DriveLetter
Write-Host "Iso mounted to '$driveLetter'"
} catch {
@ -189,7 +189,7 @@ function Invoke-MicrowinGetIso {
$sync.MicrowinScratchDirBox.Text =""
}
$UseISOScratchDir = $sync.WPFMicrowinISOScratchDir.IsChecked
$UseISOScratchDir = $sync.WPFMicrowinISOScratchDir.IsChecked
if ($UseISOScratchDir) {
$sync.MicrowinScratchDirBox.Text=$mountedISOPath
@ -220,10 +220,10 @@ function Invoke-MicrowinGetIso {
$sync.BusyText.Text=" - Mounting"
Write-Host "Mounting Iso. Please wait."
if ($sync.MicrowinScratchDirBox.Text -eq "") {
$mountDir = Join-Path $env:TEMP $randomMicrowin
$scratchDir = Join-Path $env:TEMP $randomMicrowinScratch
$mountDir = Join-Path $env:TEMP $randomMicrowin
$scratchDir = Join-Path $env:TEMP $randomMicrowinScratch
} else {
$scratchDir = $sync.MicrowinScratchDirBox.Text+"Scrach"
$scratchDir = $sync.MicrowinScratchDirBox.Text+"Scratch"
$mountDir = $sync.MicrowinScratchDirBox.Text+"micro"
}
@ -242,8 +242,8 @@ function Invoke-MicrowinGetIso {
# xcopy we can verify files and also not copy files that already exist, but hard to measure
# xcopy.exe /E /I /H /R /Y /J $DriveLetter":" $mountDir >$null
$totalTime = Measure-Command { Copy-Files "$($driveLetter):" $mountDir -Recurse -Force }
Write-Host "Copy complete! Total Time: $($totalTime.Minutes)m$($totalTime.Seconds)s"
$totalTime = Measure-Command { Copy-Files "$($driveLetter):" "$mountDir" -Recurse -Force }
Write-Host "Copy complete! Total Time: $($totalTime.Minutes) minutes, $($totalTime.Seconds) seconds"
$wimFile = "$mountDir\sources\install.wim"
Write-Host "Getting image information $wimFile"

48
functions/microwin/Microwin-CopyToUSB.ps1
View File

@ -16,6 +16,54 @@ function Microwin-CopyToUSB([string]$fileToCopy) {
}
Write-Host "File copied to Ventoy drive $($volume.DriveLetter)"
# Detect if config files are present, move them if they are, and configure the Ventoy drive to not bypass the requirements
$customVentoyConfig = @'
{
"control":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
],
"control_legacy":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
],
"control_uefi":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
],
"control_ia32":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
],
"control_aa64":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
],
"control_mips":[
{ "VTOY_WIN11_BYPASS_CHECK": "0" },
{ "VTOY_WIN11_BYPASS_NRO": "0" }
]
}
'@
try {
Write-Host "Writing custom Ventoy configuration. Please wait..."
if (Test-Path -Path "$($volume.DriveLetter):\ventoy\ventoy.json" -PathType Leaf) {
Write-Host "A Ventoy configuration file exists. Moving it..."
Move-Item -Path "$($volume.DriveLetter):\ventoy\ventoy.json" -Destination "$($volume.DriveLetter):\ventoy\ventoy.json.old" -Force
Write-Host "Existing Ventoy configuration has been moved to `"ventoy.json.old`". Feel free to put your config back into the `"ventoy.json`" file."
}
if (-not (Test-Path -Path "$($volume.DriveLetter):\ventoy")) {
New-Item -Path "$($volume.DriveLetter):\ventoy" -ItemType Directory -Force | Out-Null
}
$customVentoyConfig | Out-File -FilePath "$($volume.DriveLetter):\ventoy\ventoy.json" -Encoding utf8 -Force
Write-Host "The Ventoy drive has been successfully configured."
} catch {
Write-Host "Could not configure Ventoy drive. Error: $($_.Exception.Message)`n"
Write-Host "Be sure to add the following configuration to the Ventoy drive by either creating a `"ventoy.json`" file in the `"ventoy`" directory (create it if it doesn't exist) or by editing an existing one: `n`n$customVentoyConfig`n"
Write-Host "Failure to do this will cause conflicts with your target ISO file."
}
return
}
}

40
functions/microwin/Microwin-CopyVirtIO.ps1 Normal file
View File

@ -0,0 +1,40 @@
function Microwin-CopyVirtIO {
<#
.SYNOPSIS
Downloads and copies the VirtIO Guest Tools drivers to the target MicroWin ISO
.NOTES
A network connection must be available and the servers of Fedora People must be up. Automatic driver installation will not be added yet - I want this implementation to be reliable.
#>
try {
Write-Host "Checking existing files..."
if (Test-Path -Path "$($env:TEMP)\virtio.iso" -PathType Leaf) {
Write-Host "VirtIO ISO has been detected. Deleting..."
Remove-Item -Path "$($env:TEMP)\virtio.iso" -Force
}
Write-Host "Getting latest VirtIO drivers. Please wait. This can take some time, depending on your network connection speed and the speed of the servers..."
Start-BitsTransfer -Source "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso" -Destination "$($env:TEMP)\virtio.iso" -DisplayName "Downloading VirtIO drivers..."
# Do everything else if the VirtIO ISO exists
if (Test-Path -Path "$($env:TEMP)\virtio.iso" -PathType Leaf) {
Write-Host "Mounting ISO. Please wait."
$virtIO_ISO = Mount-DiskImage -PassThru "$($env:TEMP)\virtio.iso"
$driveLetter = (Get-Volume -DiskImage $virtIO_ISO).DriveLetter
# Create new directory for VirtIO on ISO
New-Item -Path "$mountDir\VirtIO" -ItemType Directory | Out-Null
$totalTime = Measure-Command { Copy-Files "$($driveLetter):" "$mountDir\VirtIO" -Recurse -Force }
Write-Host "VirtIO contents have been successfully copied. Time taken: $($totalTime.Minutes) minutes, $($totalTime.Seconds) seconds`n"
Get-Volume $driveLetter | Get-DiskImage | Dismount-DiskImage
Remove-Item -Path "$($env:TEMP)\virtio.iso" -Force -ErrorAction SilentlyContinue
Write-Host "To proceed with installation of the MicroWin image in QEMU/Proxmox VE:"
Write-Host "1. Proceed with Setup until you reach the disk selection screen, in which you won't see any drives"
Write-Host "2. Click `"Load Driver`" and click Browse"
Write-Host "3. In the folder selection dialog, point to this path:`n`n `"D:\VirtIO\vioscsi\w11\amd64`" (replace amd64 with ARM64 if you are using Windows on ARM, and `"D:`" with the drive letter of the ISO)`n"
Write-Host "4. Select all drivers that will appear in the list box and click OK"
} else {
throw "Could not download VirtIO drivers"
}
} catch {
Write-Host "We could not download and/or prepare the VirtIO drivers. Error information: $_`n"
Write-Host "You will need to download these drivers manually. Location: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso"
}
}

16
functions/microwin/Microwin-NewFirstRun.ps1
View File

@ -63,6 +63,22 @@ function Microwin-NewFirstRun {
{
}
# Get BCD entries and set bootmgr timeout accordingly
try
{
# Check if the number of occurrences of "path" is 2 - this fixes the Boot Manager screen issue (#2562)
if ((bcdedit | Select-String "path").Count -eq 2)
{
# Set bootmgr timeout to 0
bcdedit /set `{bootmgr`} timeout 0
}
}
catch
{
}
'@
$firstRun | Out-File -FilePath "$env:temp\FirstStartup.ps1" -Force
}

39
functions/microwin/Microwin-NewUnattend.ps1
View File

@ -31,7 +31,7 @@ function Microwin-NewUnattend {
<Group>Administrators</Group>
<Password>
<Value>PW-REPLACEME</Value>
<PlainText>true</PlainText>
<PlainText>PT-STATUS</PlainText>
</Password>
</LocalAccount>
</LocalAccounts>
@ -42,7 +42,7 @@ function Microwin-NewUnattend {
<LogonCount>1</LogonCount>
<Password>
<Value>PW-REPLACEME</Value>
<PlainText>true</PlainText>
<PlainText>PT-STATUS</PlainText>
</Password>
</AutoLogon>
<OOBE>
@ -295,15 +295,40 @@ function Microwin-NewUnattend {
</settings>
'@
if ((Microwin-TestCompatibleImage $imgVersion $([System.Version]::new(10,0,22000,1))) -eq $false) {
# Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
$unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
# Replace the placeholder text with an empty string to make it valid for Windows 10 Setup
$unattend = $unattend.Replace("<#REPLACEME#>", "").Trim()
} else {
# Replace the placeholder text with the Specialize pass
$unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
# Replace the placeholder text with the Specialize pass
$unattend = $unattend.Replace("<#REPLACEME#>", $specPass).Trim()
}
# User password in Base64. According to Microsoft, this is the way you can hide this sensitive information.
# More information can be found here: https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/hide-sensitive-data-in-an-answer-file
# Yeah, I know this is not the best way to protect this kind of data, but we all know how Microsoft is - "the Apple of security" (in a sense, it takes them
# an eternity to implement basic security features right. Just look at the NTLM and Kerberos situation!)
$b64pass = ""
# Replace default User and Password values with the provided parameters
$unattend = $unattend.Replace("USER-REPLACEME", $userName).Trim()
$unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
try {
# I want to play it safe here - I don't want encoding mismatch problems like last time
# NOTE: "Password" needs to be appended to the password specified by the user. Otherwise, a parse error will occur when processing oobeSystem.
# This will not be added to the actual password stored in the target system's SAM file - only the provided password
$b64pass = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("$($userPassword)Password"))
} catch {
$b64pass = ""
}
if ($b64pass -ne "") {
# If we could encode the password with Base64, put it in the answer file and indicate that it's NOT in plain text
$unattend = $unattend.Replace("PW-REPLACEME", $b64pass).Trim()
$unattend = $unattend.Replace("PT-STATUS", "false").Trim()
$b64pass = ""
} else {
$unattend = $unattend.Replace("PW-REPLACEME", $userPassword).Trim()
$unattend = $unattend.Replace("PT-STATUS", "true").Trim()
}
# Save unattended answer file with UTF-8 encoding
$unattend | Out-File -FilePath "$env:temp\unattend.xml" -Force -Encoding utf8

84
functions/microwin/Microwin-RemoveFeatures.ps1
View File

@ -3,38 +3,80 @@ function Microwin-RemoveFeatures() {
.SYNOPSIS
Removes certain features from ISO image
.PARAMETER Name
No Params
.PARAMETER UseCmdlets
Determines whether or not to use the DISM cmdlets for processing.
- If true, DISM cmdlets will be used
- If false, calls to the DISM executable will be made whilst selecting bits and pieces from the output as a string (that was how MicroWin worked before
the DISM conversion to cmdlets)
.EXAMPLE
Microwin-RemoveFeatures
Microwin-RemoveFeatures -UseCmdlets $true
#>
param (
[Parameter(Mandatory = $true, Position = 0)] [bool]$UseCmdlets
)
try {
$featlist = (Get-WindowsOptionalFeature -Path $scratchDir)
if ($UseCmdlets) {
$featlist = (Get-WindowsOptionalFeature -Path "$scratchDir")
$featlist = $featlist | Where-Object {
$_.FeatureName -NotLike "*Defender*" -AND
$_.FeatureName -NotLike "*Printing*" -AND
$_.FeatureName -NotLike "*TelnetClient*" -AND
$_.FeatureName -NotLike "*PowerShell*" -AND
$_.FeatureName -NotLike "*NetFx*" -AND
$_.FeatureName -NotLike "*Media*" -AND
$_.FeatureName -NotLike "*NFS*" -AND
$_.FeatureName -NotLike "*SearchEngine*" -AND
$_.FeatureName -NotLike "*RemoteDesktop*" -AND
$_.State -ne "Disabled"
$featlist = $featlist | Where-Object {
$_.FeatureName -NotLike "*Defender*" -AND
$_.FeatureName -NotLike "*Printing*" -AND
$_.FeatureName -NotLike "*TelnetClient*" -AND
$_.FeatureName -NotLike "*PowerShell*" -AND
$_.FeatureName -NotLike "*NetFx*" -AND
$_.FeatureName -NotLike "*Media*" -AND
$_.FeatureName -NotLike "*NFS*" -AND
$_.FeatureName -NotLike "*SearchEngine*" -AND
$_.FeatureName -NotLike "*RemoteDesktop*" -AND
$_.State -ne "Disabled"
}
} else {
$featList = dism /english /image="$scratchDir" /get-features | Select-String -Pattern "Feature Name : " -CaseSensitive -SimpleMatch
if ($?) {
$featList = $featList -split "Feature Name : " | Where-Object {$_}
# Exclude the same items. Note: for now, this doesn't exclude those features that are disabled.
# This will appear in the future
$featList = $featList | Where-Object {
$_ -NotLike "*Defender*" -AND
$_ -NotLike "*Printing*" -AND
$_ -NotLike "*TelnetClient*" -AND
$_ -NotLike "*PowerShell*" -AND
$_ -NotLike "*NetFx*" -AND
$_ -NotLike "*Media*" -AND
$_ -NotLike "*NFS*" -AND
$_ -NotLike "*SearchEngine*" -AND
$_ -NotLike "*RemoteDesktop*"
}
} else {
Write-Host "Features could not be obtained with DISM. MicroWin processing will continue, but features will be skipped."
return
}
}
foreach($feature in $featlist) {
$status = "Removing feature $($feature.FeatureName)"
Write-Progress -Activity "Removing features" -Status $status -PercentComplete ($counter++/$featlist.Count*100)
Write-Debug "Removing feature $($feature.FeatureName)"
Disable-WindowsOptionalFeature -Path "$scratchDir" -FeatureName $($feature.FeatureName) -Remove -ErrorAction SilentlyContinue -NoRestart
if ($UseCmdlets) {
foreach ($feature in $featList) {
$status = "Removing feature $($feature.FeatureName)"
Write-Progress -Activity "Removing features" -Status $status -PercentComplete ($counter++/$featlist.Count*100)
Write-Debug "Removing feature $($feature.FeatureName)"
Disable-WindowsOptionalFeature -Path "$scratchDir" -FeatureName $($feature.FeatureName) -Remove -ErrorAction SilentlyContinue -NoRestart
}
} else {
foreach ($feature in $featList) {
$status = "Removing feature $feature"
Write-Progress -Activity "Removing features" -Status $status -PercentComplete ($counter++/$featlist.Count*100)
Write-Debug "Removing feature $feature"
dism /english /image="$scratchDir" /disable-feature /featurename=$feature /remove /quiet /norestart | Out-Null
if ($? -eq $false) {
Write-Host "Feature $feature could not be disabled."
}
}
}
Write-Progress -Activity "Removing features" -Status "Ready" -Completed
Write-Host "You can re-enable the disabled features at any time, using either Windows Update or the SxS folder in <installation media>\Sources."
} catch {
Write-Host "Unable to get information about the features. MicroWin processing will continue, but features will not be processed"
Write-Host "Unable to get information about the features. A fallback will be used..."
Write-Host "Error information: $($_.Exception.Message)" -ForegroundColor Yellow
Microwin-RemoveFeatures -UseCmdlets $false
}
}

151
functions/microwin/Microwin-RemovePackages.ps1
View File

@ -1,71 +1,103 @@
function Microwin-RemovePackages {
<#
.SYNOPSIS
Removes certain packages from ISO image
.PARAMETER UseCmdlets
Determines whether or not to use the DISM cmdlets for processing.
- If true, DISM cmdlets will be used
- If false, calls to the DISM executable will be made whilst selecting bits and pieces from the output as a string (that was how MicroWin worked before
the DISM conversion to cmdlets)
.EXAMPLE
Microwin-RemovePackages -UseCmdlets $true
#>
param (
[Parameter(Mandatory = $true, Position = 0)] [bool]$UseCmdlets
)
try {
$pkglist = (Get-WindowsPackage -Path "$scratchDir").PackageName
if ($useCmdlets) {
$pkglist = (Get-WindowsPackage -Path "$scratchDir").PackageName
$pkglist = $pkglist | Where-Object {
$_ -NotLike "*ApplicationModel*" -AND
$_ -NotLike "*indows-Client-LanguagePack*" -AND
$_ -NotLike "*LanguageFeatures-Basic*" -AND
$_ -NotLike "*Package_for_ServicingStack*" -AND
$_ -NotLike "*.NET*" -AND
$_ -NotLike "*Store*" -AND
$_ -NotLike "*VCLibs*" -AND
$_ -NotLike "*AAD.BrokerPlugin",
$_ -NotLike "*LockApp*" -AND
$_ -NotLike "*Notepad*" -AND
$_ -NotLike "*immersivecontrolpanel*" -AND
$_ -NotLike "*ContentDeliveryManager*" -AND
$_ -NotLike "*PinningConfirMationDialog*" -AND
$_ -NotLike "*SecHealthUI*" -AND
$_ -NotLike "*SecureAssessmentBrowser*" -AND
$_ -NotLike "*PrintDialog*" -AND
$_ -NotLike "*AssignedAccessLockApp*" -AND
$_ -NotLike "*OOBENetworkConnectionFlow*" -AND
$_ -NotLike "*Apprep.ChxApp*" -AND
$_ -NotLike "*CBS*" -AND
$_ -NotLike "*OOBENetworkCaptivePortal*" -AND
$_ -NotLike "*PeopleExperienceHost*" -AND
$_ -NotLike "*ParentalControls*" -AND
$_ -NotLike "*Win32WebViewHost*" -AND
$_ -NotLike "*InputApp*" -AND
$_ -NotLike "*DirectPlay*" -AND
$_ -NotLike "*AccountsControl*" -AND
$_ -NotLike "*AsyncTextService*" -AND
$_ -NotLike "*CapturePicker*" -AND
$_ -NotLike "*CredDialogHost*" -AND
$_ -NotLike "*BioEnrollMent*" -AND
$_ -NotLike "*ShellExperienceHost*" -AND
$_ -NotLike "*DesktopAppInstaller*" -AND
$_ -NotLike "*WebMediaExtensions*" -AND
$_ -NotLike "*WMIC*" -AND
$_ -NotLike "*UI.XaML*" -AND
$_ -NotLike "*Ethernet*" -AND
$_ -NotLike "*Wifi*" -AND
$_ -NotLike "*FodMetadata*" -AND
$_ -NotLike "*Foundation*" -AND
$_ -NotLike "*LanguageFeatures*" -AND
$_ -NotLike "*VBSCRIPT*" -AND
$_ -NotLike "*License*"
$pkglist = $pkglist | Where-Object {
$_ -NotLike "*ApplicationModel*" -AND
$_ -NotLike "*indows-Client-LanguagePack*" -AND
$_ -NotLike "*LanguageFeatures-Basic*" -AND
$_ -NotLike "*Package_for_ServicingStack*" -AND
$_ -NotLike "*DotNet*" -AND
$_ -NotLike "*Notepad*" -AND
$_ -NotLike "*WMIC*" -AND
$_ -NotLike "*Ethernet*" -AND
$_ -NotLike "*Wifi*" -AND
$_ -NotLike "*FodMetadata*" -AND
$_ -NotLike "*Foundation*" -AND
$_ -NotLike "*LanguageFeatures*" -AND
$_ -NotLike "*VBSCRIPT*" -AND
$_ -NotLike "*License*" -AND
$_ -NotLike "*Hello-Face*" -AND
$_ -NotLike "*ISE*" -AND
$_ -NotLike "*OpenSSH*"
}
} else {
$pkgList = dism /english /image="$scratchDir" /get-packages | Select-String -Pattern "Package Identity : " -CaseSensitive -SimpleMatch
if ($?) {
$pkgList = $pkgList -split "Package Identity : " | Where-Object {$_}
# Exclude the same items.
$pkgList = $pkgList | Where-Object {
$_ -NotLike "*ApplicationModel*" -AND
$_ -NotLike "*indows-Client-LanguagePack*" -AND
$_ -NotLike "*LanguageFeatures-Basic*" -AND
$_ -NotLike "*Package_for_ServicingStack*" -AND
$_ -NotLike "*DotNet*" -AND
$_ -NotLike "*Notepad*" -AND
$_ -NotLike "*WMIC*" -AND
$_ -NotLike "*Ethernet*" -AND
$_ -NotLike "*Wifi*" -AND
$_ -NotLike "*FodMetadata*" -AND
$_ -NotLike "*Foundation*" -AND
$_ -NotLike "*LanguageFeatures*" -AND
$_ -NotLike "*VBSCRIPT*" -AND
$_ -NotLike "*License*" -AND
$_ -NotLike "*Hello-Face*" -AND
$_ -NotLike "*ISE*" -AND
$_ -NotLike "*OpenSSH*"
}
} else {
Write-Host "Packages could not be obtained with DISM. MicroWin processing will continue, but packages will be skipped."
return
}
}
$failedCount = 0
if ($UseCmdlets) {
$failedCount = 0
$erroredPackages = [System.Collections.Generic.List[ErroredPackage]]::new()
$erroredPackages = [System.Collections.Generic.List[ErroredPackage]]::new()
foreach ($pkg in $pkglist) {
try {
$status = "Removing $pkg"
Write-Progress -Activity "Removing Packages" -Status $status -PercentComplete ($counter++/$pkglist.Count*100)
Remove-WindowsPackage -Path "$scratchDir" -PackageName $pkg -NoRestart -ErrorAction SilentlyContinue
} catch {
# This can happen if the package that is being removed is a permanent one
$erroredPackages.Add([ErroredPackage]::new($pkg, $_.Exception.Message))
$failedCount += 1
continue
foreach ($pkg in $pkglist) {
try {
$status = "Removing $pkg"
Write-Progress -Activity "Removing Packages" -Status $status -PercentComplete ($counter++/$pkglist.Count*100)
Remove-WindowsPackage -Path "$scratchDir" -PackageName $pkg -NoRestart -ErrorAction SilentlyContinue
} catch {
# This can happen if the package that is being removed is a permanent one
$erroredPackages.Add([ErroredPackage]::new($pkg, $_.Exception.Message))
$failedCount += 1
continue
}
}
} else {
foreach ($package in $pkgList) {
$status = "Removing package $package"
Write-Progress -Activity "Removing features" -Status $status -PercentComplete ($counter++/$featlist.Count*100)
Write-Debug "Removing package $package"
dism /english /image="$scratchDir" /remove-package /packagename=$package /remove /quiet /norestart | Out-Null
if ($? -eq $false) {
Write-Host "Package $package could not be removed."
}
}
}
Write-Progress -Activity "Removing Packages" -Status "Ready" -Completed
if ($failedCount -gt 0)
if ($UseCmdlets -and $failedCount -gt 0)
{
Write-Host "$failedCount package(s) could not be removed. Your image will still work fine, however. Below is information on what packages failed to be removed and why."
if ($erroredPackages.Count -gt 0)
@ -90,7 +122,8 @@ function Microwin-RemovePackages {
}
}
} catch {
Write-Host "Unable to get information about the packages. MicroWin processing will continue, but packages will not be processed"
Write-Host "Unable to get information about the packages. A fallback will be used..."
Write-Host "Error information: $($_.Exception.Message)" -ForegroundColor Yellow
Microwin-RemovePackages -UseCmdlets $false
}
}

101
functions/microwin/Microwin-RemoveProvisionedPackages.ps1
View File

@ -3,49 +3,94 @@ function Microwin-RemoveProvisionedPackages() {
.SYNOPSIS
Removes AppX packages from a Windows image during MicroWin processing
.PARAMETER Name
No Params
.PARAMETER UseCmdlets
Determines whether or not to use the DISM cmdlets for processing.
- If true, DISM cmdlets will be used
- If false, calls to the DISM executable will be made whilst selecting bits and pieces from the output as a string (that was how MicroWin worked before
the DISM conversion to cmdlets)
.EXAMPLE
Microwin-RemoveProvisionedPackages
#>
param (
[Parameter(Mandatory = $true, Position = 0)] [bool]$UseCmdlets
)
try
{
$appxProvisionedPackages = Get-AppxProvisionedPackage -Path "$($scratchDir)" | Where-Object {
$_.PackageName -NotLike "*AppInstaller*" -AND
$_.PackageName -NotLike "*Store*" -and
$_.PackageName -NotLike "*Notepad*" -and
$_.PackageName -NotLike "*Printing*" -and
$_.PackageName -NotLike "*YourPhone*" -and
$_.PackageName -NotLike "*Xbox*" -and
$_.PackageName -NotLike "*WindowsTerminal*" -and
$_.PackageName -NotLike "*Calculator*" -and
$_.PackageName -NotLike "*Photos*" -and
$_.PackageName -NotLike "*VCLibs*" -and
$_.PackageName -NotLike "*Paint*" -and
$_.PackageName -NotLike "*Gaming*" -and
$_.PackageName -NotLike "*Extension*" -and
$_.PackageName -NotLike "*SecHealthUI*" -and
$_.PackageName -NotLike "*ScreenSketch*"
if ($UseCmdlets) {
$appxProvisionedPackages = Get-AppxProvisionedPackage -Path "$($scratchDir)" | Where-Object {
$_.PackageName -NotLike "*AppInstaller*" -AND
$_.PackageName -NotLike "*Store*" -and
$_.PackageName -NotLike "*Notepad*" -and
$_.PackageName -NotLike "*Printing*" -and
$_.PackageName -NotLike "*YourPhone*" -and
$_.PackageName -NotLike "*Xbox*" -and
$_.PackageName -NotLike "*WindowsTerminal*" -and
$_.PackageName -NotLike "*Calculator*" -and
$_.PackageName -NotLike "*Photos*" -and
$_.PackageName -NotLike "*VCLibs*" -and
$_.PackageName -NotLike "*Paint*" -and
$_.PackageName -NotLike "*Gaming*" -and
$_.PackageName -NotLike "*Extension*" -and
$_.PackageName -NotLike "*SecHealthUI*" -and
$_.PackageName -NotLike "*ScreenSketch*"
}
} else {
$appxProvisionedPackages = dism /english /image="$scratchDir" /get-provisionedappxpackages | Select-String -Pattern "PackageName : " -CaseSensitive -SimpleMatch
if ($?) {
$appxProvisionedPackages = $appxProvisionedPackages -split "PackageName : " | Where-Object {$_}
# Exclude the same items.
$appxProvisionedPackages = $appxProvisionedPackages | Where-Object {
$_ -NotLike "*AppInstaller*" -AND
$_ -NotLike "*Store*" -and
$_ -NotLike "*Notepad*" -and
$_ -NotLike "*Printing*" -and
$_ -NotLike "*YourPhone*" -and
$_ -NotLike "*Xbox*" -and
$_ -NotLike "*WindowsTerminal*" -and
$_ -NotLike "*Calculator*" -and
$_ -NotLike "*Photos*" -and
$_ -NotLike "*VCLibs*" -and
$_ -NotLike "*Paint*" -and
$_ -NotLike "*Gaming*" -and
$_ -NotLike "*Extension*" -and
$_ -NotLike "*SecHealthUI*" -and
$_ -NotLike "*ScreenSketch*"
}
} else {
Write-Host "AppX packages could not be obtained with DISM. MicroWin processing will continue, but AppX packages will be skipped."
return
}
}
$counter = 0
foreach ($appx in $appxProvisionedPackages) {
$status = "Removing Provisioned $($appx.PackageName)"
Write-Progress -Activity "Removing Provisioned Apps" -Status $status -PercentComplete ($counter++/$appxProvisionedPackages.Count*100)
try {
Remove-AppxProvisionedPackage -Path "$scratchDir" -PackageName $appx.PackageName -ErrorAction SilentlyContinue
} catch {
Write-Host "Application $($appx.PackageName) could not be removed"
continue
if ($UseCmdlets) {
foreach ($appx in $appxProvisionedPackages) {
$status = "Removing Provisioned $($appx.PackageName)"
Write-Progress -Activity "Removing Provisioned Apps" -Status $status -PercentComplete ($counter++/$appxProvisionedPackages.Count*100)
try {
Remove-AppxProvisionedPackage -Path "$scratchDir" -PackageName $appx.PackageName -ErrorAction SilentlyContinue
} catch {
Write-Host "Application $($appx.PackageName) could not be removed"
continue
}
}
} else {
foreach ($appx in $appxProvisionedPackages) {
$status = "Removing Provisioned $appx"
Write-Progress -Activity "Removing Provisioned Apps" -Status $status -PercentComplete ($counter++/$appxProvisionedPackages.Count*100)
dism /english /image="$scratchDir" /remove-provisionedappxpackage /packagename=$appx /quiet /norestart | Out-Null
if ($? -eq $false) {
Write-Host "AppX package $appx could not be removed."
}
}
}
Write-Progress -Activity "Removing Provisioned Apps" -Status "Ready" -Completed
}
catch
{
# This can happen if getting AppX packages fails
Write-Host "Unable to get information about the AppX packages. MicroWin processing will continue, but AppX packages will not be processed"
Write-Host "Unable to get information about the AppX packages. A fallback will be used..."
Write-Host "Error information: $($_.Exception.Message)" -ForegroundColor Yellow
Microwin-RemoveProvisionedPackages -UseCmdlets $false
}
}