This collection of Docker images can be used to deploy an installer on a Windows machine behind a VPN gateway from a Linux / MacOS machine. This should also include a GitHub / GitLab runner.
The tool has been tested agains Windows 11 ARM, but should also work with Windows 10 on x86-64 / AMD64.
- Modules
fileproviderfails on multiple invocationswindowsdeployerneeds to be tested
- Documentation isn't finished yet
- Multiple invocations of
fileproviderdoesn't work yet, just start a new container. - Setting the debug flag on
/etc/vpnc/vpnc-scriptisn't reverted, just start a new container.
- Add a configuration file
vpnconnect: Certificate based VPN loginwindowsdeployer:- Set the Windows shell to installed programm
The images depend on each other, make sure to build them in the order shown here. But they are also build by GitHub, so there should be no need to build them, if you're not planning to change / improve them.
You can also use the provides script:
./build-images.sh
docker buildx build -f docker/msitools/Dockerfile -t ghcr.io/cmahnke/windows-deployer/msitools:latest .
docker buildx build -f docker/vpnconnect/Dockerfile -t ghcr.io/cmahnke/windows-deployer/vpnconnect:latest .
docker buildx build -f docker/fileprovider/Dockerfile -t ghcr.io/cmahnke/windows-deployer/fileprovider:latest .
docker buildx build -f docker/windowsdeployer/Dockerfile -t ghcr.io/cmahnke/windows-deployer/windowsdeployer:latest .
docker buildx build -f docker/deployexample/Dockerfile -t ghcr.io/cmahnke/windows-deployer/deployexample:latest .
The final image ghcr.io/cmahnke/windows-deployer/windowsdeployer:latest contains all modules of the different images:
windowsdeployer: Runs an installer via WMIfileprovider: Provides a directory via SMBvpnconnect: Connects to a Cisco Anyconnect VPN serviceverify: Checks if file service can be reached
Each subcommand has a -h (help) options, use it to get all implemented options. It's possible to pass some options from one module to another using Python templating. Just put variables of functions in curly brackets ({, }).
The folowing methods and varibles are available:
user(): Generate a usernamepasswd(): Generate a passwordfilename(): Get the file from a pathmod: Reference to other modules, beware that this incluudes all modules not only the used ones.
The easiest way to keep the list of arguments short is to just reuse the administartive account of the target machine of the target machine or the file provider like this:
/opt/entrypoint/run.py -v fileprovider -u 'Adminstrator' -p 'Password' windowsdeployer -p '{opt.fileprovider.args.password}' -t 10.10.0.1 -f setup.exe
These examples demontrate how to use each image individualy. This is mainly used for testing purposes.
The VPN connect utility uses the Cisco Any Connect protocoll by default.
You need to start docker with --cap-add NET_ADMIN and --device /dev/net/tun.
docker run -it --cap-add NET_ADMIN --device /dev/net/tun ghcr.io/cmahnke/windows-deployer/vpnconnect
/opt/entrypoint/run.py -v vpnconnect -u username -p password -s vpn.provider.com
docker run -it ghcr.io/cmahnke/windows-deployer/fileprovider
/opt/entrypoint/run.py -v fileprovider -u '{user()}' -p '{passwd()}'
The verifier is part of the fileprovider image
/opt/entrypoint/run.py -v verify -a 0.0.0.0 -s deployer
/opt/entrypoint/run.py -v fileprovider -u '{user()}' -p '{passwd()}' verify -u '{mod.fileprovider.args.user}' -p '{mod.fileprovider.args.password}' -a '{mod.fileprovider.args.address}' -s deployment
docker run -it --cap-add NET_ADMIN --device /dev/net/tun ghcr.io/cmahnke/windows-deployer/windowsdeployer
/opt/entrypoint/run.py -v windowsdeployer
For local development you need to install the following Python modules:
impacketsmbprotocolifaddrmsiutils(patched)- This also needs (patched)
msitoolsinstalled
- This also needs (patched)
- If connecting using WMI doesn't work see https://help.pdq.com/hc/en-us/articles/220533007
This tool either uses or was inspired by the following projects:
- Inspiration for Docker based VPN:
docker-vpn - OpenConnect VPN client: OpenConnect
- VPN Slice Script:
vpn-sclice - Python Network interface library:
ifaddr - Samba SMB Fileserver: Samba
- Python SMB client:
smbprotocol - Python based WMI executer:
impacket - Gnome MSI tools:
msitools - Python MSI tools wrapper:
msi-utils