feat: add windows 11 build

2025-02-20 23:29:38 -06:00
parent dbc24c6688
commit 9f1ff435ae
14 changed files with 1359 additions and 2 deletions
--- a/ansible/roles/configure/tasks/windows.yml
+++ b/ansible/roles/configure/tasks/windows.yml
@@ -0,0 +1,133 @@
+---
+# Microsoft Windows specific tasks.
+
+# Set the Windows Explorer options.
+# ansible-lint: disable=line-length
+- name: Setting the Windows Explorer options...
+  when: ansible_os_installation_type != "Server Core"
+  block:
+    - name: Show hidden files.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: Hidden
+        data: 1
+        type: dword
+
+    - name: Show file extensions.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: HideFileExt
+        data: 0
+        type: dword
+
+    - name: Show drives with no media.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: HideDrivesWithNoMedia
+        data: 0
+        type: dword
+
+    - name: Disabling Sync Provider Notifications.
+      ansible.windows.win_regedit:
+        path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+        name: ShowSyncProviderNotifications
+        data: 1
+        type: dword
+
+# Disable system hibernation.
+- name: Disabling System Hibernation...
+  block:
+    - name: Disabling Hibernation.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\Power
+        name: HibernateEnabled
+        data: 0
+        type: dword
+
+    - name: Setting HiberFileSizePercent to 0.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\Power
+        name: HiberFileSizePercent
+        data: 0
+        type: dword
+
+# Disable TLS 1.0.s
+- name: Disabling TLS 1.0 for Client...
+  block:
+    - name: Disabling TLS 1.0 for Client.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.0 for Client to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+    - name: Disabling TLS 1.0 for Server.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.0 for Server to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+# Disable TLS 1.1.
+- name: Disabling TLS 1.1 for Client...
+  block:
+    - name: Disabling TLS 1.1 for Client.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.1 for Client to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+    - name: Disabling TLS 1.1 for Server.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
+        name: Enabled
+        data: 0
+        type: dword
+
+    - name: Setting TLS 1.1 for Server to Disabled by Default.
+      ansible.windows.win_regedit:
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
+        name: DisabledByDefault
+        data: 1
+        type: dword
+
+# Disable Password Expiration for Administrator and Build Accounts
+- name: Disabling Local Administrator Password Expiration...
+  ansible.windows.win_user:
+    name: Administrator
+    password_never_expires: true
+
+- name: Disabling Password Expiration for "{{ build_username }}"
+  ansible.windows.win_user:
+    name: "{{ build_username }}"
+    password_never_expires: true
+
+# Enable Remote Desktop.
+- name: Enabling Remote Desktop...
+  ansible.windows.win_powershell:
+    script: |
+      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 | Out-Null
+      Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0
+      Enable-NetFirewallRule -Group '@FirewallAPI.dll,-28752'