Hey friends, today I’m super excited to share I found the missing link! Specifically, the missing piece that now allows me to create *fully automated* Windows 10 installs that serve as virtual pentest jumpboxes. Here are the high points:

* When your deployment script is finishing and you need the system to reboot and run some final commands, temporarily add your account as an auto-login account like so:

new-itemproperty -path 'hklm:\software\microsoft\windows nt\currentversion\winlogon' -name AutoAdminLogon -value 1 -force
new-itemproperty -path 'hklm:\software\microsoft\windows nt\currentversion\winlogon' -name DefaultUserName -value "your-local-user" -force
new-itemproperty -path 'hklm:\software\microsoft\windows nt\currentversion\winlogon' -name DefaultPassword -value "your-password" -force

Then tell Windows to run your final script *one time* after automatically logging in as `your-local-user`:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v MyRunOnceKey /t REG_SZ /d "c:\your-final-script.bat"

Finally, make sure your `your-final-script.bat` deletes the auto-login creds:

reg delete "hkey_local_machine\software\microsoft\windows nt\currentversion\Winlogon" /v DefaultUserName /f
reg delete "hkey_local_machine\software\microsoft\windows nt\currentversion\Winlogon" /v DefaultPassword /f
reg delete "hkey_local_machine\software\microsoft\windows nt\currentversion\Winlogon" /v AutoAdminLogon /f
Tags: ,

Written by: Brian Johnson

Share on socials: