Windows 11 Archives - ivobeerens.nl

Create a Windows 11 VM in Hyper-V with Packer

August 31, 2023August 31, 2023

Some people ask if it is possible to create a Windows 11 VM in Hyper-V with Packer. The answer is YES. The Packer plugin that makes this possible is called “Hyperv”. Version 1.1.1 supports TPM. Enabling TPM in the Hyper-V VM makes it possible to install Windows 11 without any registry hacks.

So I decided to test Packer with Hyper-V and Windows 11 and create a blog post about it.

So what are the prerequisites?

Make sure the Hyper-V role is enabled in Windows 10/11
Download the Windows 11 ISO and save the ISO to the following location: c:\iso
An example of downloading and creating a Windows 10/11 ISO can be found here: https://www.ivobeerens.nl/2021/05/19/quick-tip-download-the-latest-windows-10-iso-file/
Install the Windows Assessment and Deployment Kit (32-bit version). https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install#download-the-adk-for-windows-11-version-22h2
Add the following location the the system path variable: C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\x86\Oscdimg

When the prerequisites are met you can go further with the rest. To make it easy I created a PowerShell script called _1.build.ps1 (link) that does all the work for you.

# Enable TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Speed up the invoke-webrequest command
$ProgressPreference = 'SilentlyContinue'

# Variables
$downloadfolder = "C:\temp\" # Packer location installed
$win11_downloadfolder = "C:\Temp\packer-main\hyper-v\windows11\"
$packer_config = "windows.json.pkr.hcl" #Packer config file
$packer_variable = "windows.auto.pkrvars.hcl" # Packer variable file
$github = "https://github.com/ibeerens/packer/archive/refs/heads/main.zip"
$product = "packer"
$packer_uri = "https://developer.hashicorp.com/packer/downloads"

# Check if the temp folder exist
If(!(test-path -PathType container $downloadfolder))
    {
      New-Item -ItemType Directory -Path $downloadfolder
}

# Go to the Packer download folder
Set-Location $downloadfolder

# Download Github files
Invoke-WebRequest -Uri $github -OutFile ${downloadfolder}packer.zip
Expand-Archive ${downloadfolder}packer.zip -DestinationPath $downloadfolder -Force

# Remove zip file
Remove-Item -Path ${downloadfolder}packer.zip 

# Download the latest version of Packer
$packurl = Invoke-WebRequest -Uri $packer_uri| Select-Object -Expand links | Where-Object href -match "//releases\.hashicorp\.com/$product/\d.*/$product_.*_windows_amd64\.zip$" | Select-Object -Expand href
$packdown = $packurl | Split-Path -Leaf
$packdownload = $downloadfolder + $packdown
Invoke-WebRequest $packurl -outfile $packdownload

# Unzip Packer 
Expand-Archive $packdownload -DestinationPath $win11_downloadfolder -Force
# Remove the Packer ZIP file
Remove-Item $packdownload

# Go to the Packer download folder
Set-Location $win11_downloadfolder

Line 7-13: This is the variable block. Change if needed
Line 13-19: Here are the variables located. Change if needed
Line 21-25: The script creates a c:\temp folder if it does not exist
Line 30-32: Downloads the GitHub files for creating a Windows 11 VM
Line 37-41: Downloads the latest version of Packer

After running the _1.build.ps1 script it is time to change the variables:

Get the hash of the ISO file with the Powershell Get-Filehash command and change the variable in the windows-auto-pkvars.hcl file
Change the other variables in the windows-auto-pkvars.hcl such as win_iso for the exact iso name
Run the following _2.run_packer.ps1 script

# Show Packer Version
.\packer.exe -v

# Download Packer plugins
.\packer.exe init "${$win11_downloadfolder}${packer_config}"

# Packer Format configuration files (.pkr.hcl) and variable files (.pkrvars.hcl) are updated.
.\packer.exe fmt -var-file="${$win11_downloadfolder}{$packer_variable}" "${$win11_downloadfolder}${packer_config}"

# Packer validate
.\packer.exe validate .

# Packer build
.\packer.exe build -force -var-file="${$win11_downloadfolder}${packer_variable}" "${$win11_downloadfolder}${packer_config}"

Line 2: Show the Packer version
Line 5: Download Packer plugins such as the hyper-v and Windows update plugin
Line 8: Formats the config and variable HCL file syntax
Line 11: Performs a validation to make sure the variable and config file are ok
Line 15: Starts Packer to create a Windows 11 VM

The creation of a Windows 11 VM starts. When the image is created it is stored and needs to be imported in the Hyper-V manager.

Start the Hyper-V Manager
Select Import Virtual Machine
Browse to the created image folder C:\Temp\packer-main\hyper-v\windows11\output-windows11\
Select the VM
Register the VM in-place
Start the VM

On my laptop, I have in 35 minutes a fresh copy of Windows 11 running with the latest updates installed running in Hyper-V. How cool is that! The scripts can be found on my GitHub page (link). Have fun creating Windows 11 VMs.

Customize the Windows 11 Start Menu

December 13, 2022

Start Menu management in Windows 11 is different than Windows 10. Microsoft recommended an MDM provider such as Microsoft Intune to manage the Windows 11 Start Menu.

There are many environments (such as VDI and Azure Virtual Desktop(AVD) that don’t use an MDM provider to manage their Windows 11 workspace environment. In this blog post, I will highlight how to manage the Start Menu with native tools such as Active Directory and Group Policies.

I will create several blog posts about how to customize the Windows 11 Start Menu, configure the taskbar, remove unwanted desktop icons and remove bloatware and apps.

Customize the Windows 11 Start Menu (this blog post)
Customize the Windows 11 Desktop icons
Customize the Taskbar icons
Remove bloatware from the Start Menu

In this blog post, I will highlight how to customize the Windows 11 Start Menu with native Active Directory Group Policies.

In Windows 10 you can export and import the Start Menu layout. With the “Export-StartLayout” PowerShell command, the Start Menu is exported to an XML file. With a Group Policy, you refer to the custom XML file.

In Windows 11, the Start Menu is exported to a JSON file. The command is like this:

Export-StartLayout -Path "C:\Layouts\LayoutModification.JSON"

There is no Group Policy (Windows 11 22H2) to import a Start Menu JSON file. The Group Policy only works with an XML file.

There is a workaround. In Windows 11 the Start Menu is stored in a single encrypted file in the following folder location:

%LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState

In this folder, there is a start.bin or start2.bin (depending on the Windows 11 version) file. This file is the Windows 11 Start Menu that can be copied.

These steps will copy the modified Start Menu to a central location and when the endpoint starts the modified Start Menu will be copied to the default user profile. When new users logs in, they will get the customized Start Menu.

Pin/unpin and organize the apps in the Start Menu the way you want.

Copy the start2.bin file in from the %LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState folder to a central location (for example in a folder in the netlogon share of the domain controller (for example \\lab.local\netlogon\w11).
Create a cmd file called w11startmenu.cmd with the following context:

copy "\\lab.local\netlogon\w11\start2.bin" "C:\Users\Default\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState" /Y

Open Group Policy Management console
Create a GPO Computer Configuration – Scripts (Startup/Shutdown) – Startup – Scripts and browse to the cmd script file in the netlogon share (for example \\lab.local\netlogon\w11\w11startmenu.cmd)

All users who log in with a new profile will get the customized Windows 11 Start Menu.

More information can be found in the following article, link.

How to install Windows 11 on VMware Workstation

October 17, 2022October 17, 2022

For testing purposes, I frequently use VMware Workstation to install Operating Systems such as Windows 11. The biggest challenge with Windows 11 is that you need a TPM 2.0 device. When installing Windows 11, if your computer does not meet the hardware requirements, you will see a message stating, “This PC can’t run Windows 11“.

Windows 11 requires the following hardware specifications:

CPU: 1 GHz or faster with 2 or more cores on the processor
RAM: 4 GB RAM
Storage: 64 GB or larger
Firmware: UEFI, Secure boot
TPM: Trusted Platform Module (TPM) 2.0

More info: link

The following options are available when installing Windows 11 using VMware Workstation Pro/Player and Fusion:

Option 1: The physical endpoint such as a laptop or PC has a TPM 2.0 device. This requires adding encryption and adding a vTPM device.

Option 2: The physical endpoint such as a laptop or PC has compatible hardware but no TPM 2.0 device. VMware Workstation 16.2 Pro adds an experimental vTPM device that uses a new encryption mode with increased performance over fully encrypting the VM in option 1.

Update October 17, 2022: Wil van Antwerpen has a good blog post about the risks of this experimental feature. Make sure that you read the blog before using this feature!

What you should know about VMware’s experimental vTPM – Vimalin

Option 3: The physical endpoint such as a laptop or PC has no compatible hardware such as a TPM 2.0 device. Use a registry hack to bypass the TPM check.

If you don’t have a Windows 10/11 ISO, you can create one following this blog post: Quick Tip: Download the latest Windows 10/11 ISO files – ivobeerens.nl

Here are the steps outlined for each option:

Option 1. The physical endpoint such as a laptop or PC has a TPM 2.0 chip

Start VMware Workstation and create a new Virtual Machine with the following configuration:

Type of configuration: Custom (advanced)
Virtual Machine hardware compatibility: Workstation 16.2.x
Guest Operating System Installation: Installer disc image file (iso): Point to the downloaded Windows 11 ISO
Guest operating system: Microsoft Windows
- Version: Windows 10 and later x64
Virtual Machine name: Name of the VM such as: Windows 11
- Location: for example: c:\vms\win11
Firmware: UEFI
- Secure boot: Check
Processors: 2 or more
- Number of cores: 1 or more
Memory (MB): 4096 or more
Network Type: Use network address translation (NAT)
SCSI Controller: LSI Logic SAS or Paravirtualized SCSI
Virtual Disk Type: NVMe
Disk: Create a new virtual disk
- Maximum disk size (GB): 64 or more
Disk file: Windows 10 and later x64.vmdk
The new VM will be created.
Edit the virtual machine settings
Click on the options tab, choose Access Control, and select Encrypt

Enter a virtual machine password twice

The VM will be encrypted
Select the Hardware tab and select Add
Select the Trusted Platform Module and click Finish and OK

Start the VM to install Windows 11

The VM is encrypted and has a TPM device configured.

Option 2: The physical endpoint such as a laptop or PC has compatible hardware but no TPM 2.0 device.

Since VMware Workstation 16.2 there is an experimental feature without the need fully encrypt the VM. Use it with care and read the blog from Wil van Antwerpen before using this feature!

Follow the steps in step 1 till ” The new VM will be created”
Before starting the VM close VMware Workstation
Edit the VMX file of the created VM in notepad for example
- Add the following line to the end of the file:
- managedVM.autoAddVTPM = “software”
- This line adds a TPM 2.0 device to the VM
- Save the VMX file

Open VMware Workstation
Start the VM to install Windows 11

Option 3: The physical endpoint such as a laptop or PC has no compatible hardware such as a TPM 2.0 device. Use a registry hack to bypass the TPM check.

In 2021 I already blogged about this hack. More information can be found here: Install Windows 11 as VM on VMware vSphere / Workstation without TPM 2.0 – ivobeerens.nl

With these 3 options, you are able to install Windows 11 on VMware Workstation Pro/Player and Fusion in most situations.