New Windows 10 versions

[obilodeau]

Current status: Our Windows 10 1607 Autounattend.xml doesn't pass on the 1903 iso. Something changed. Need to generate a new one.

[obilodeau]

Spent several build cycles today trying to fix an issue with a WinRM timeout that turned out to be an Autounattend.xml regression. I think I've finally found a fix.

[obilodeau]

I realized during my workshop that with 1903, Defender was enabled. Need to investigate that and find a fix.

[obilodeau]

Tamper Protection was what caused me trouble. You can read about it here: https://www.windowscentral.com/how-manage-windows-security-tamper-protection-windows-10-may-2019-update

I think I've found a way to bypass it reliably without requiring user intervention. Doing a full rebuild of all OSes with this patch now.

[obilodeau]

Smoke tests passed but getting this in them:

    virtualbox-iso: + Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows Defender\Fea ...
    virtualbox-iso: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    virtualbox-iso:     + CategoryInfo          : PermissionDenied: (TamperProtection:String) [Set-ItemProperty], UnauthorizedAccessExcept
    virtualbox-iso:    ion
    virtualbox-iso:     + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
    virtualbox-iso:

Trying to run the scripts as system instead. Another round of tests required.

[obilodeau]

Tests failed with the following:

* Must supply an 'elevated_password' if 'elevated_user' provided

Turns out the Packer version in the buildbot was older and didn't support using system accounts. See commit for details and here's the upstream issue: hashicorp/packer#6104

[obilodeau]

With the latest changes 1607 runs fine but 1903 still complains but the build goes through. I'll see what the resulting image looks like but I might only add a note to manually disable defender for 1903 and later.

[obilodeau]

Resulting image has Defender turned On. I'll need to introduce an exception starting with 1903 where we advice the user on how turning off Windows Defender TamperProtection and provide a batch script to run to disable it.

[obilodeau]

Ready for another round of testing.

[obilodeau]

CI tests for the latest fixes failed but it seems unrelated:

==> virtualbox-iso: Error exporting virtual machine: VBoxManage error: 0%...
==> virtualbox-iso: Progress state: NS_ERROR_FAILURE
==> virtualbox-iso: VBoxManage: error: Appliance write failed
==> virtualbox-iso: VBoxManage: error: Could not open the medium '/var/jenkins_home/.cache/malboxes/builds/packer-virtualbox-iso-1567659328.vdi'.
==> virtualbox-iso: VBoxManage: error: VD: error VERR_FILE_NOT_FOUND opening image file '/var/jenkins_home/.cache/malboxes/builds/packer-virtualbox-iso-1567659328.vdi' (VERR_FILE_NOT_FOUND)
==> virtualbox-iso: VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MediumWrap, interface IMedium
==> virtualbox-iso: VBoxManage: error: Context: "RTEXITCODE handleExportAppliance(HandlerArg*)" at line 1263 of file VBoxManageAppliance.cpp

On my machine the Windows 7 build failed with wireshark's dependencies troubles but I think they were transient and in any case a user can always remove it from the build and install it afterwards.

One last smoke test run and if all green, I'll merge.

[obilodeau]

Build passed!