Windows 11 Engineering Environment SOE

Project Overview

This repository contains a Standard Operating Environment (SOE) automation suite for Windows 11 Pro. It is designed to reduce the deployment time of a fully configured engineering workstation from hours to under 45 minutes through unattended installation and automated post-deployment scripts.

This project demonstrates proficiency in Windows automation, configuration management, and systems security—key skills for Desktop Support and Systems Administration roles.

Core Components

• Unattended OS Installation: Custom Autounattend.xml configuration for zero-touch Windows 11 Pro deployment.
• Automated Package Management: Silent installation of core developer and productivity tools using Microsoft Winget.
• Security & Compliance: Forced XTS-AES 256 BitLocker encryption with automated recovery key documentation.
• Virtualization Infrastructure: Automated WSL2 and Ubuntu distribution deployment.
• System Optimization: Performance tuning via .wslconfig and automated environment variable configuration.

Technical Requirements

• Windows 11 Pro ISO
• 8GB+ USB Flash Drive
• Target hardware with TPM 2.0 and UEFI support

Deployment Guide

1. Hardware and Software Prerequisites

• Media: USB 3.0 flash drive (8GB minimum).
• Operating System: Windows 11 Pro ISO.
• Target Device: UEFI-compatible hardware with TPM 2.0 enabled.
• Tooling: Rufus (recommended for creating bootable media).

2. Prepare the Installation Media

1. Insert the USB drive and launch Rufus.
2. Select the Windows 11 Pro ISO.
3. Set Partition Scheme to GPT and Target System to UEFI (non-CSM).
4. Click Start to format the drive and copy the OS files.

3. Integrate Automation Files

Copy the files from this repository to the root of your newly created USB drive according to the following structure:

• Place Autounattend.xml in the root directory of the USB drive (e.g., D:\Autounattend.xml).
• Copy the entire Scripts/ folder and .wslconfig to the root directory of the USB drive.

4. Zero-Touch Installation

1. Insert the USB drive into the target computer.
2. Boot from the USB drive (refer to your hardware manufacturer's key for the "Boot Menu," e.g., F12, F11, or Esc).
3. The installation will proceed automatically. It will wipe the primary disk (Disk 0) and install the OS.
4. Once the installation finishes, the system will auto-logon to the DevAdmin account.

5. Finalize Post-Deployment Setup

1. Open PowerShell as Administrator.
2. Navigate to the Scripts folder on your USB drive.
3. Execute the master automation script:

   Set-ExecutionPolicy Bypass -Scope Process
   .\Setup-SOE.ps1

4. The script will install all software, configure BitLocker, and optimize WSL2.
5. Reboot the machine when the script completes to finalize the installation of system components and WSL2.

Verification

After the final reboot, you can verify the integrity of the installation by running the system audit tool:

1. Open PowerShell.
2. Import the utility: Import-Module C:\Scripts\Env-Utils.ps1
3. Run the audit: Get-SystemAudit

Security and Administration

• Administrative Account: The default account created is DevAdmin. The password is set in Autounattend.xml (Default: DevAdminPassword123!). It is highly recommended to change this after the first deployment.
• BitLocker: The recovery key is stored at C:\BitLocker-Recovery-Key.txt. This key must be moved to an offline, secure medium immediately.

---

Technical Context

• Primary OS: Windows 11 Pro
• Scripting: PowerShell 5.1 / 7.x
• Encryption: XTS-AES 256
• Virtualization: WSL2 (Ubuntu)