How to Install Chocolatey inside Windows Container using Docker

The following should always work.

In your dockerfile add the following

ADD scripts/installChoco.ps1 /installChoco.ps1
RUN powershell .\installChoco.ps1 -Wait; Remove-Item c:\installChoco.ps1 -Force;
Create the installChoco.ps1 file insdie script directory
#############################################
$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol
try {
# Set TLS 1.2 (3072), then TLS 1.1 (768), then TLS 1.0 (192), finally SSL 3.0 (48)
# Use integers because the enumeration values for TLS 1.2 and TLS 1.1 won’t
# exist in .NET 4.0, even though they are addressable if .NET 4.5+ is
# installed (.NET 4.5 is an in-place upgrade).
[System.Net.ServicePointManager]::SecurityProtocol =3072-bor768-bor192-bor48
} catch {
Write-Warning’Unable to set PowerShell to use TLS 1.2 and TLS 1.1 due to old .NET Framework installed. If you see underlying connection closed or trust errors, you may need to do one or more of the following: (1) upgrade to .NET Framework 4.5 and PowerShell v3, (2) specify internal Chocolatey package location (set $env:chocolateyDownloadUrl prior to install or host the package internally), (3) use the Download + PowerShell method of install. See https://chocolatey.org/install for all install options.’
}
iex ((New-Object System.Net.WebClient).DownloadString(‘https://chocolatey.org/install.ps1’))
[System.Net.ServicePointManager]::SecurityProtocol = $securityProtocolSettingsOriginal
##################################################
If you don’t have a TLS1.0 disabled then the following should work

ENV chocolateyUseWindowsCompression false

RUN powershell -Command \
iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’)); \
choco feature disable –name showDownloadProgress

Advertisements

How to enable remote IIS Management using docker

Add the following to your docker file

#Enable IIS Management
RUN powershell -NoProfile Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1
RUN powershell -NoProfile Set-Service -name WMSVC -StartupType Automatic

How to install .Net 4.7.1 using docker

Copy the the offline installer to your build folder where the docker file is then run

This will install and remove the installation file from the image.

# Install NET 4.7.1

COPY NDP471-KB4033342-x86-x64-AllOS-ENU.exe /NDP471-KB4033342-x86-x64-AllOS-ENU.exe
RUN powershell Start-Process NDP471-KB4033342-x86-x64-AllOS-ENU.exe /q
RUN powershell Remove-Item c:\NDP471-KB4033342-x86-x64-AllOS-ENU.exe -Force

How to disable unsecure ciphers/protocos using dockerfile and powershell

Use the following techniques

FROM microsoft/windowsservercore:10.0.14393.2007
SHELL [“powershell”, “-Command”, “$ErrorActionPreference = ‘Stop’; $ProgressPreference = ‘SilentlyContinue’;”]
#Disable Ciphers
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple` DES` 168’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple` DES` 168 -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Null’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Null -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 40$([char]0x2215)128’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 40$([char]0x2215)128 -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 56$([char]0x2215)128’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 56$([char]0x2215)128 -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 64$([char]0x2215)128’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 64$([char]0x2215)128 -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘mkdir -Path [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 128$([char]0x2215)128]’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4` 128$([char]0x2215)128 -Name “Enabled” -PropertyType DWord -Value 0’
#Disable Protocols
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Client’
RUN powershell ‘mkdir -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Server’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Client -Name “DisabledByDefault” -PropertyType DWord -Value 1’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Client -Name “Enabled” -PropertyType DWord -Value 0’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Server -Name “DisabledByDefault” -PropertyType DWord -Value 1’
RUN powershell ‘New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS` 1.0\Server -Name “Enabled” -PropertyType DWord -Value 0’

How to fix your Windows 10 machine

You can run few command to try to fix your Windows 10 installation.

Open up a command line as Admin.

Navigate to Start type in cmd right click and open up Administrator

then run this first

scf /scannow – this will check for corruption in your system.

Once done run the following

Make sure that E: is your cd-rom with Windows 10 cd.

DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:E:\Sources\Install.wim:1 /LimitAccess

You can also run the following to check if system can find any problems on your PC

DISM /Online /Cleanup-Image /ScanHealth