Win11 LTSC 2024 RDP works with MAS. The edition switch issue was
specific to Win10 LTSC 2021.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New-NetFirewallRule with -Profile Any is more reliable than
Enable-NetFirewallRule (predefined rules may not exist or be
profile-scoped). Set UserAuthentication=1 (NLA) per standard
RDP configuration. Settings take effect after reboot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MAS HWID switches Enterprise LTSC to IoT Enterprise S which lacks
the RDP server listener. Skip activation to preserve the edition.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add nicModel option (default: virtio-net-pci) to allow e1000 for
images without VirtIO drivers
- Restore MAS activation with slmgr /ipk to switch back from IoT
Enterprise S to Enterprise LTSC (which has native RDP server)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When spice.vgamem is set (e.g. 64), uses -device qxl-vga,vgamem_mb=N
instead of -vga qxl (which defaults to 16MB). When null (default),
uses -vga qxl for backwards compatibility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MAS HWID activation switches the edition from Enterprise LTSC to IoT
Enterprise LTSC (which lacks the RDP server listener). Re-apply the
Enterprise LTSC product key after activation to restore RDP capability.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
sc config fails silently for these services. Use reg add to set
Start=2 (automatic) directly in the registry instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
TermService alone doesn't create the RDP listener — SessionEnv (Remote
Desktop Configuration) and UmRdpService (Port Redirector) must also be
running. Use PowerShell Enable-NetFirewallRule to enable the built-in
Remote Desktop firewall rules for all network profiles instead of
creating custom netsh rules.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- generalize.nix: add enableRDP option that re-enables RDP in
post-oobe.cmd after sysprep resets registry (firewall rules,
TermService auto-start, disable NLA)
- Fix OOBE AutoLogon: create user with blank password (Windows
ignores unattend passwords), set real password via net user in
post-oobe.cmd, and explicitly set AutoAdminLogon registry values
- Add LogonCount=999 for persistent AutoLogon across reboots
- Remove unused rdpEntries import from registry/default.nix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy Xauthority to a world-readable temp file so nix build users
(nixbld*) can authenticate to X11. Add --option sandbox relaxed so
__noChroot derivations can access the X11 socket and xauth file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Only set sandbox = "relaxed" when vmix.namespaces is non-empty.
Safe to import as a default module on all hosts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Images:
- laptopUpstream: bare OS install with AHCI, no templates
- laptopSlim: essentials only (debloat, registry tweaks)
- laptop: full (essentials + all apps)
- win10/win11 images use rec for self-references
CLI:
- preserve recovery partition (4) during disk copy
- expand partition 3 up to partition 4 boundary
- remove VNC CLI flag (use vncDisplay in nix configs instead)
Flake:
- add devShell with vmix alias and PS1 prompt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extract all vmix CLI logic (build, copy, run) from flake.nix into
cli.nix. flake.nix is now 30 lines — just wiring.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Laptop images now use AHCI storage + e1000 network instead of VirtIO.
This fixes "inaccessible boot device" on real hardware — the AHCI→NVMe
driver transition is handled by Windows, unlike VirtIO→NVMe which isn't.
- makeImage: useAHCI flag switches disk to ide-hd and network to e1000
- customizeImage: auto-detects useAHCI from original image, propagates it
- win10/win11 laptop images: useAHCI = true
- vmix run: --ahci flag for running laptop images in QEMU
- generalize: PlainText password tags in OOBE unattend XML
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SDL display:
- try SDL, auto-fallback to headless if it fails (no crash)
- SDL_VIDEODRIVER=x11 to avoid wayland socket path issues
- suppress XDG_RUNTIME_DIR warnings
Disk copy:
- zap-all before writing to clear old partition tables
- delete recovery partition (4) before resizing partition 3
- use parted resizepart (preserves partition GUID for BCD)
- remote: nix-shell for sgdisk/parted/ntfsresize on target
- remote: lz4 compression for faster streaming
- remote: pv progress bar with disk size
- -y/--yes flag to skip confirmation prompt
Generalize:
- delay-oobe-run=true defers OOBE + activation to real hardware
- clean cached Autounattend from Windows\Panther before sysprep
- taskkill sysprep.exe on first login (CopyProfile artifact)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CLI:
- `vmix run <qcow2>` boots image with QEMU (SDL if DISPLAY, snapshot mode)
- --generalize supports delay-oobe-run=true to defer OOBE + activation
to first boot on real hardware (for physical disk deployments)
Templates:
- essentials.virtioDrivers: installs VirtIO drivers only (no guest agent)
used in laptop bundle for network access during Office download
- generalize: delayOobeRun flag controls sysprep /shutdown vs /reboot
delays OOBE, user creation and HWID activation to target device
Build:
- suppress XDG_RUNTIME_DIR and homeless-shelter warnings in SDL mode
- remove invalid ICH9-LMB global properties
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- macvtaps working
- only 1 dnsmasq service per namespace
- vms binds to networking services
- lans with domains
- vms no longer assigned same ip (machine id issues)
-
