From db9b7335f2965a13d0f4d46ba2ec757bd2b204ef Mon Sep 17 00:00:00 2001 From: rbalsleyMSFT <53497092+rbalsleyMSFT@users.noreply.github.com> Date: Thu, 7 Aug 2025 13:58:09 -0700 Subject: [PATCH] refactor: Inject unattend file after VHDX caching for audit-mode boot - Moved unattend file injection logic to occur after VHDX caching to ensure the cached VHDX does not contain audit-mode unattend. - Simplified the logic to determine if the VHDX is already mounted, reducing redundant mount/dismount cycles. - Ensured the unattend file is copied to the correct directory based on the Windows architecture. --- FFUDevelopment/BuildFFUVM.ps1 | 46 ++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/FFUDevelopment/BuildFFUVM.ps1 b/FFUDevelopment/BuildFFUVM.ps1 index 8adb36f..3588f17 100644 --- a/FFUDevelopment/BuildFFUVM.ps1 +++ b/FFUDevelopment/BuildFFUVM.ps1 @@ -4933,20 +4933,6 @@ try { WriteLog "Setting Windows Product Key" Set-WindowsProductKey -Path $WindowsPartition -ProductKey $ProductKey } - - - If ($InstallApps) { - #Copy Unattend file so VM Boots into Audit Mode - WriteLog 'Copying unattend file to boot to audit mode' - New-Item -Path "$($osPartitionDriveLetter):\Windows\Panther\unattend" -ItemType Directory -Force | Out-Null - if ($WindowsArch -eq 'x64') { - Copy-Item -Path "$FFUDevelopmentPath\BuildFFUUnattend\unattend_x64.xml" -Destination "$($osPartitionDriveLetter):\Windows\Panther\Unattend\Unattend.xml" -Force | Out-Null - } - else { - Copy-Item -Path "$FFUDevelopmentPath\BuildFFUUnattend\unattend_arm64.xml" -Destination "$($osPartitionDriveLetter):\Windows\Panther\Unattend\Unattend.xml" -Force | Out-Null - } - WriteLog 'Copy completed' - } Set-Progress -Percentage 40 -Message "Finalizing VHDX..." if ($AllowVHDXCaching -and !$cachedVHDXFileFound) { @@ -4983,11 +4969,6 @@ try { Mount-Vhd -Path $VHDXPath } } - else { - if ($InstallApps) { - Dismount-ScratchVhdx -VhdxPath $VHDXPath - } - } } catch { Write-Host 'Creating VHDX Failed' @@ -5012,6 +4993,33 @@ catch { } +#Inject unattend after caching so cached VHDX never contains audit-mode unattend +if ($InstallApps) { + # Determine mount state and only mount if needed to avoid redundant mount/dismount cycles + $vhdMeta = Get-VHD -Path $VHDXPath + if ($vhdMeta.Attached) { + WriteLog 'VHDX already mounted; reusing existing mount for unattend injection' + $disk = Get-Disk -Number $vhdMeta.DiskNumber + } + else { + WriteLog 'Mounting VHDX to inject unattend for audit-mode boot' + $disk = Mount-VHD -Path $VHDXPath -Passthru | Get-Disk + } + $osPartition = $disk | Get-Partition | Where-Object { $_.GptType -eq '{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}' } + $osPartitionDriveLetter = $osPartition.DriveLetter + WriteLog 'Copying unattend file to boot to audit mode' + New-Item -Path "$($osPartitionDriveLetter):\Windows\Panther\Unattend" -ItemType Directory -Force | Out-Null + if ($WindowsArch -eq 'x64') { + Copy-Item -Path "$FFUDevelopmentPath\BuildFFUUnattend\unattend_x64.xml" -Destination "$($osPartitionDriveLetter):\Windows\Panther\Unattend\Unattend.xml" -Force | Out-Null + } + else { + Copy-Item -Path "$FFUDevelopmentPath\BuildFFUUnattend\unattend_arm64.xml" -Destination "$($osPartitionDriveLetter):\Windows\Panther\Unattend\Unattend.xml" -Force | Out-Null + } + WriteLog 'Copy completed' + # Always dismount so downstream VM creation logic has a clean starting point + Dismount-ScratchVhdx -VhdxPath $VHDXPath +} + #If installing apps (Office or 3rd party), we need to build a VM and capture that FFU, if not, just cut the FFU from the VHDX file if ($InstallApps) { Set-Progress -Percentage 41 -Message "Starting VM for app installation..."