Skip to main content

Creating Base Images for Sandbox

Windows Packer Template

This is a basic Windows 10 and 7 Packer template for building VM images.

Requirements

  1. Packer
  2. QEMU & KVM
  3. MAKE
  4. Windows ISOs
  5. VMware Workstation Pro
  6. Rufus

Packer Installation

Install Packer from the official documentation

Getting packages

make download-packages # Or manually download all the packages in packages.txt into the folder 'Packages', mostly for Windows 7

Downloading ISOs

Installation of Windows 10 and 11

  1. Enable Check for Updates in Rufus
  2. Restart Rufus
  3. Wait for Select Button to have drop down
  4. Select Download
  5. Choose Windows Version
  6. Languge English (United States) -- > For Autounattend file. Wrong Language will cause it to not install.
  7. Choose Architecture (Windows 11 does not have x86)

Installation of Windows 7

Download the x86 and x64 ISO here

Loading the ISO file

Update the directory and hashes accordingly in variables.pkr.hcl

See build.*.pkr.hcl for the file names and hashes.

Building images on QEMU

# Both Windows 10 images:
packer build -on-error=ask -only 10.qemu.* .

# Only Windows 7 64-bit images:
packer build -on-error=ask -only 7.qemu.x64 .

# Only Windows 10 32-bit images:
packer build -on-error=ask -only 10.qemu.x86 .

Estimated build time on an NVMe SSD, i7-8700K:

  • Windows 10 / 11: 2 hours
  • Windows 7: 24 hours
    • Due to slow Windows updates

Building images on VMware

# Only when getting errors
packer build -on-error=ask -only 10.vmware-iso.x86 .
packer build -on-error=ask -only 10.vmware-iso.x64 .
packer build -on-error=ask -only 11.vmware-iso.x64 .

Estimated build time on an NVMe SSD, i7-8700K:

  • Windows 10 / 11: 2 hours
  • Windows 7: 4 hours
    • Due to slow Windows updates
info

VMWare Workstation Pro network mapping Error

If you encounter this problem with VMWare

7.vmware-iso.x64: Could not determine network mappings from files in path: C:/Program Files (x86)/VMware/VMware Workstation
7.vmware-iso.x64: Step "stepCreateVMX" failed
  1. Go to VMWare > Edit > Virtual Network Editor
  2. Requires Admin priviledges: Change Settings
  3. Click Ok and Exit

This will create the Network Mapping that is missing in VMware Workstation. For more info, please visit here

VM check list

  • Sysmon installed
  • Certificate Removed if added
  • UAC Removed (Run cmd and u should be admin)
  • Check if Agent.py is running <IP:8000>
  • Remove Windows Store and Mail on the Task Bar
  • Windows Defender removed or Windows Security Center turned off
  • [Noise Reduced] (#Things to note for Noise Reduction before snapshotting in KVM / QEMU)

Removing Windows Defender

Youtube link to remove Windows Defender

Boot into safe mode to remove privileges

  1. Open msconfig.exe
  2. Boot Tab --> Boot options --> Safe boot --> Minimal
  3. Restart
  4. C:\ProgramData\Microsoft
  5. Windows Defender Properties
  6. Security Change Owner from SYSTEM --> Administrators
  7. Tick all child object permission entries
  8. Remove all user permissions
  9. Disable Safeboot in msconfig.exe

Disabling Windows 7 Security Center

  1. Services
  2. Disable Security Center (The WSCSV)

Things to note for Noise Reduction before snapshotting in KVM / QEMU

  1. Chrome and Edge

    • Rename Chrome and Edge updater file
    • Program Files\Google\Update\GoogleUpdate.exe
    • Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

  2. Disable Windows Update Service

    • Windows Services
    • Disable Windows Update

  3. Set Static IP address for the Vm

    • IP for the VM
    • Gateway and DNS to be the same

  4. Ensure that all the Driver has been installed properly

    • PCI Driver
    • Ethernet Controller
    • Display Drivers

  5. Restart Computer after changes had been made

Converting VMX to qcow2

Install Qemu on Windows

Direct Installation

Command to convert VMDK to Qcow2

qemu-img convert -f vmdk -O qcow2 disk.vmdk win<ver>-<arch>bit-base.qcow2

Current Base Machine Versioning

Windows 11x64v3

  • Removed Windows Defender
  • Removed Windows Store in Environment Variable
  • Java Installed
  • Security Updates Removed

Windows 10x64v3

  • Removed Windows Defender
  • Removed Windows Store in Environment Variable
  • Java Installed
  • Security Updates Removed

Windows 10x86v3

  • Removed Windows Defender
  • Removed Windows Store in Environment Variable
  • Java Installed
  • Security Updates Removed

Windows 7x64v3

  • Windows Security Center turned off
  • Java Installed
  • Security Updates Removed

Windows 7x86v3

  • Windows Security Center turned off
  • Java Installed
  • Security Updates Removed
info

If you have a Certificate Authority, copy the CA .cer file into optional/root.cer