This post documents the process of building and finalizing the Windows 10 Pro 22H2 template for use in the OPFORGE cyber lab environment.
๐ ๏ธ Version & Baseline
- OS: Windows 10 Pro 22H2 (fully patched as of 2025-05-25)
- Build Source: Clean ISO install (22H2), upgraded from legacy 10240
- Purpose: Golden template for domain-joined endpoint clones (
opf-mbr01, future victim hosts)
๐ฆ Tool Installation via Script
After installation and patching, the following tools were installed using the custom script:
Install-OPFORGE-WindowsTools.ps1
Tools Installed:
- Sysmon
- Winlogbeat
- 7zip
- VSCode
- Notepad++
- Sysinternals Suite
- Wireshark
- Autoruns
- Process Explorer
๐ System Hardening
Included in the setup:
- Removal of bloatware and telemetry
- Disabling Cortana, Xbox services, OneDrive
- Clean Start Menu layout
- Chocolatey configured for repeat installs
๐งฝ Final Cleanup & Snapshot
Prior to cloning or Sysprep:
cleanmgr /sagerun:1
powercfg -h off
Snapshot taken:
base-windows10-template - win10_22H2_tools_installed
โ Status
This image is ready to be cloned into production boxes like:
opf-mbr01- Future detection test targets
- Domain-joined Windows clients
For installation automation, refer to:
Install-OPFORGE-WindowsTools.ps1