SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de283495d97d4006e8e20f24231430d289c703
SilverMetal/windows/installer/autounattend/autounattend.xml
sysadmin e3b010530c
All checks were successful
Build SilverMetal Enhanced - Windows ISO / build (pull_request) Successful in 7m31s
Details
fix(kiosk): pivot to Explorer + policy lockdown (WebView2 wizard renders blank as the SL shell) 
5th VM e2e: with the kiosk fully working mechanically (SL engages, silent UAC,
app launches fullscreen as the shell), the MAUI/WebView2 wizard STILL renders
blank — WebView2 never initializes when the app is the bare Shell Launcher shell
with no Explorer (the same app rendered fine in the earlier build launched with
Explorer present). Operator decision: pivot.

- autounattend.xml: restore FirstLogonCommands to launch the wizard elevated over
  the normal (Explorer) first-logon session — where WebView2 works.
- Configure-Kiosk.ps1: drop Shell-Launcher-as-shell entirely; keep the lockdown —
  Keyboard Filter (Win/Start/lock/task-switch/Task-Mgr/Alt+F4), DisableTaskMgr /
  LockWorkstation / FastUserSwitch, and silent-elevation UAC. The wizard runs
  fullscreen-topmost over the locked-down Explorer (covers the taskbar).
- RevertKioskAsync: disable the Keyboard Filter rules for the real user (no SL to
  undo); keep escape-policy + secure-UAC restore. Tests updated.

Keeps the diagnostics from #10 (welcome.log) to confirm the wizard renders.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-09 18:52:15 +01:00

139 lines
7.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!--
SilverMetal Enhanced - Windows : Windows 11 IoT Enterprise LTSC answer file.
Automates OOBE, wipes disk 0 to a clean GPT/UEFI layout, installs the LTSC
image (index 1), forces a LOCAL account (no Microsoft Account / no cloud key
escrow), and hands off to C:\Windows\Setup\Scripts\SetupComplete.cmd (run
automatically as SYSTEM at end of setup) for the §A-H hardening.
SECURITY NOTE: the bootstrap local-admin password below is a PLACEHOLDER for
unattended setup only. The shippable SKU pipeline MUST inject a per-device
credential (or force change at first logon); never ship this value.
Design: ../../iso-builder.md Controls: ../../hardening-spec.md (domains A, C)
-->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<SetupUILanguage><UILanguage>en-US</UILanguage></SetupUILanguage>
<InputLocale>0809:00000809</InputLocale>
<SystemLocale>en-GB</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-GB</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
<CreatePartitions>
<CreatePartition wcm:action="add"><Order>1</Order><Type>EFI</Type><Size>300</Size></CreatePartition>
<CreatePartition wcm:action="add"><Order>2</Order><Type>MSR</Type><Size>16</Size></CreatePartition>
<CreatePartition wcm:action="add"><Order>3</Order><Type>Primary</Type><Extend>true</Extend></CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add"><Order>1</Order><PartitionID>1</PartitionID><Label>System</Label><Format>FAT32</Format></ModifyPartition>
<ModifyPartition wcm:action="add"><Order>2</Order><PartitionID>2</PartitionID></ModifyPartition>
<ModifyPartition wcm:action="add"><Order>3</Order><PartitionID>3</PartitionID><Label>Windows</Label><Format>NTFS</Format><Letter>C</Letter></ModifyPartition>
</ModifyPartitions>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo><DiskID>0</DiskID><PartitionID>3</PartitionID></InstallTo>
<InstallFrom>
<MetaData wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Key>/IMAGE/INDEX</Key><Value>1</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
<UserData>
<!-- IoT Enterprise LTSC eval media is pre-pidded; no product key required. -->
<AcceptEula>true</AcceptEula>
</UserData>
</component>
</settings>
<settings pass="oobeSystem">
<!-- Pre-answer the OOBE region/keyboard pages (CloudExperienceHost). Without
International-Core in the oobeSystem pass, 24H2 OOBE prompts for these
interactively even under legacy Setup. -->
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<InputLocale>0809:00000809</InputLocale>
<SystemLocale>en-GB</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-GB</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<!--
sm-bootstrap: ephemeral one-time admin account used ONLY for the
SilverOS Welcome onboarding wizard. The Welcome app's ApplyService
tears this account down on success (removes AutoAdminLogon registry
keys, deletes the account, and creates the real end-user account
instead). Never ship this password as-is for end-users; the
production pipeline MUST inject a per-device credential.
-->
<LocalAccount wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Name>sm-bootstrap</Name>
<Group>Administrators</Group>
<DisplayName>SilverOS Bootstrap</DisplayName>
<Password><Value>bootstrap-OneTime!</Value><PlainText>true</PlainText></Password>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<!--
AutoLogon: logs in as sm-bootstrap exactly once so FirstLogonCommands can
launch the Welcome wizard. After the wizard completes successfully,
ApplyService removes the AutoAdminLogon registry values and deletes
sm-bootstrap, so the one-time session cannot be re-entered.
-->
<AutoLogon>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>sm-bootstrap</Username>
<Password><Value>bootstrap-OneTime!</Value><PlainText>true</PlainText></Password>
</AutoLogon>
<!--
Launch the Welcome wizard ELEVATED over the (locked-down) Explorer session.
Explorer stays the shell so the MAUI/WebView2 wizard renders (it does NOT
render when launched as a bare Shell Launcher shell). Configure-Kiosk.ps1
bakes the silent-elevation UAC policy + the lockdown (Keyboard Filter,
DisableTaskMgr, hidden taskbar); the wizard runs fullscreen-topmost on top.
-->
<FirstLogonCommands>
<SynchronousCommand wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Order>1</Order>
<CommandLine>cmd /c powershell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process -FilePath 'C:\Program Files\SilverOS\Welcome\SilverOS.Welcome.App.exe' -Verb RunAs"</CommandLine>
<Description>Launch SilverOS Welcome elevated</Description>
</SynchronousCommand>
</FirstLogonCommands>
<RegisteredOwner>SilverMetal</RegisteredOwner>
<RegisteredOrganization>SilverLABS</RegisteredOrganization>
<!--
Hardening runs from C:\Windows\Setup\Scripts\SetupComplete.cmd, which
Windows Setup executes automatically (as SYSTEM) at the end of setup.
-->
</component>
</settings>
</unattend>
Reference in New Issue View Git Blame Copy Permalink