dotfiles/vmix.nix
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add enableRDP flag to generalize and fix AutoLogon

Browse source 
- generalize.nix: add enableRDP option that re-enables RDP in
  post-oobe.cmd after sysprep resets registry (firewall rules,
  TermService auto-start, disable NLA)
- Fix OOBE AutoLogon: create user with blank password (Windows
  ignores unattend passwords), set real password via net user in
  post-oobe.cmd, and explicitly set AutoAdminLogon registry values
- Add LogonCount=999 for persistent AutoLogon across reboots
- Remove unused rdpEntries import from registry/default.nix

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Git Sagar 2026-06-07 15:57:17 +05:30
parent e196160aac
commit def21bca57
2 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

33
lib/images/windows/templates/generalize.nix
View file

@ -19,6 +19,8 @@ in
timezone ? "UTC",
# Desktop background solid color as hex string (e.g. "8e8cd8")
bgColor ? null,
# Enable Remote Desktop for the created user (re-applied after sysprep)
enableRDP ? false,
# delayOobeRun = true: sysprep only, OOBE + activation on real hardware
# delayOobeRun = false: sysprep + OOBE + activation in build VM
delayOobeRun ? false,
@ -53,6 +55,18 @@ in
reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f
''}
${lib.optionalString (password != "") ''
:: Set user password (OOBE creates with blank password for reliable AutoLogon)
net user "${username}" "${password}"
''}
:: Set AutoLogon via registry (OOBE unattend AutoLogon is unreliable)
${lib.optionalString autoLogon ''
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "${username}" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "${password}" /f
''}
:: Kill sysprep if it was triggered via CopyProfile'd startup entries
taskkill /f /im sysprep.exe 2>nul
:: Clean any leftover RunOnce/Run entries from audit phase
@ -78,6 +92,20 @@ in
)
del /q C:\MAS_AIO.cmd 2>nul
${lib.optionalString enableRDP ''
:: Enable RDP
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
:: Firewall rules for RDP (TCP + UDP)
netsh advfirewall firewall add rule name="RDP TCP" dir=in protocol=tcp localport=3389 action=allow
netsh advfirewall firewall add rule name="RDP UDP" dir=in protocol=udp localport=3389 action=allow
:: Enable and restart TermService
sc config TermService start= auto
net stop TermService /y 2>nul
net start TermService
''}
:: Clean up
del /q C:\oobe-unattend.xml 2>nul
del /q C:\vmix-audit-script.cmd 2>nul
@ -126,7 +154,7 @@ in
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>${password}</Value>
<Value></Value>
<PlainText>true</PlainText>
</Password>
<Group>Administrators</Group>
@ -136,10 +164,11 @@ in
</UserAccounts>
<AutoLogon>
<Password>
<Value>${password}</Value>
<Value></Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>999</LogonCount>
<Username>${username}</Username>
</AutoLogon>
<ComputerName>${hostname}</ComputerName>

1
lib/images/windows/templates/registry/default.nix
View file

@ -9,7 +9,6 @@ let
${entries}
'';
rdpEntries = import ./rdp.nix;
telemetryEntries = import ./telemetry.nix;
errorReportingEntries = import ./error-reporting.nix;
defenderEntries = import ./defender.nix;