Downloads of v 2.9.24:


Last Update:

18 Jun 2017

Package Maintainer(s):

Software Author(s):

  • Matt Wrock


Boxstarter bootstrapper environment setup

Boxstarter Bootstrapper Module

This is not the latest version of Boxstarter Bootstrapper Module available.

  • 1
  • 2
  • 3

2.9.24 | Updated: 18 Jun 2017



Downloads of v 2.9.24:


Software Author(s):

  • Matt Wrock

  • 1
  • 2
  • 3
Boxstarter Bootstrapper Module 2.9.24

This is not the latest version of Boxstarter Bootstrapper Module available.

  • 1
  • 2
  • 3

All Checks are Passing

3 Passing Tests

Validation Testing Passed

Verification Testing Passed


Scan Testing Successful:

No detections found in any package files

Learn More

Deployment Method: Individual Install, Upgrade, & Uninstall

To install Boxstarter Bootstrapper Module, run the following command from the command line or from PowerShell:


To upgrade Boxstarter Bootstrapper Module, run the following command from the command line or from PowerShell:


To uninstall Boxstarter Bootstrapper Module, run the following command from the command line or from PowerShell:


Deployment Method:

📝 NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Enter Your Internal Repository Url

(this should look similar to

2. Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Copy Your Script

choco upgrade boxstarter.bootstrapper -y --source="'INTERNAL REPO URL'" --version="'2.9.24'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:

choco upgrade boxstarter.bootstrapper -y --source="'INTERNAL REPO URL'" --version="'2.9.24'" 

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0

Exit $exitCode

- name: Install boxstarter.bootstrapper
    name: boxstarter.bootstrapper
    version: '2.9.24'
    state: present

See docs at

chocolatey_package 'boxstarter.bootstrapper' do
  action    :install
  source   'INTERNAL REPO URL'
  version  '2.9.24'

See docs at

cChocoPackageInstaller boxstarter.bootstrapper
    Name     = "boxstarter.bootstrapper"
    Version  = "2.9.24"
    Source   = "INTERNAL REPO URL"

Requires cChoco DSC Resource. See docs at

package { 'boxstarter.bootstrapper':
  ensure   => '2.9.24',
  provider => 'chocolatey',
  source   => 'INTERNAL REPO URL',

Requires Puppet Chocolatey Provider module. See docs at

4. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

This package was approved as a trusted package on 18 Jun 2017.


Boxstarter's Bootstrapper module provides a powershell wrapper that supports reboots and automatic logons and exposes commands that can detect pending reboots, perform logging and messaging, and several commands that can configure various windows settings.

Description = 'Provides an unattended installation environment supporting automatic reboots, suspension of update services and logging'
# Script module or binary module file associated with this manifest.
ModuleToProcess = './boxstarter.bootstrapper.psm1'

# Version number of this module.
ModuleVersion = '2.9.24'

# ID used to uniquely identify this module
GUID = 'bbdb3e8b-9daf-4c00-a553-4f3f88fb6e50'

# Author of this module
Author = 'Matt Wrock'

# Copyright statement for this module
Copyright = '(c) 2017 Matt Wrock'

# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '2.0'

# Minimum version of the .NET Framework required by this module
DotNetFrameworkVersion = '2.0'

# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
NestedModules = @('..\Boxstarter.Common\Boxstarter.Common.psd1')

# Functions to export from this module
FunctionsToExport = '*'

# Cmdlets to export from this module
CmdletsToExport = '*'

# Variables to export from this module
VariablesToExport = '*'

# Aliases to export from this module
AliasesToExport = '*'

# List of all modules packaged with this module.
# ModuleList = @()

# List of all files packaged with this module
# FileList = @()

# Private data to pass to the module specified in RootModule/ModuleToProcess
PrivateData = '69e2cbcd24b8f2435b1425154ded5d1e8f0d6b49'

# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''


Resolve-Path $PSScriptRoot\*.ps1 | 
    % { . $_.ProviderPath }

Import-Module (Join-Path $Boxstarter.BaseDir Boxstarter.WinConfig\BoxStarter.WinConfig.psd1) -global -DisableNameChecking

Export-ModuleMember Invoke-BoxStarter, `
                    Test-PendingReboot, `
                    Invoke-Reboot, `
                    Write-BoxstarterMessage, `
                    Start-TimedSection, `
                    Stop-TimedSection, `
                    Out-Boxstarter, `
                    Enter-BoxstarterLogable, `
function Cleanup-Boxstarter {

    if(Test-Path "$(Get-BoxstarterTempDir)\BoxstarterReEnableUAC") {
        del "$(Get-BoxstarterTempDir)\BoxstarterReEnableUAC"
    if(!$Boxstarter.IsRebooting) { 
        Write-BoxstarterMessage "Cleaning up and not rebooting" -Verbose
        $startup = "$env:appdata\Microsoft\Windows\Start Menu\Programs\Startup"
        if( Test-Path "$Startup\boxstarter-post-restart.bat") {
            Write-BoxstarterMessage "Cleaning up restart file" -Verbose
            remove-item "$Startup\boxstarter-post-restart.bat"
            remove-item "$(Get-BoxstarterTempDir)\Boxstarter.Script"
        if(Test-Path "$(Get-BoxstarterTempDir)\Boxstarter.autologon") {
            Write-BoxstarterMessage "Cleaning up autologon registry keys" -Verbose
            $winLogonKey="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
            $winlogonProps = Import-CLIXML -Path "$(Get-BoxstarterTempDir)\Boxstarter.autologon"
            @("DefaultUserName","DefaultDomainName","DefaultPassword","AutoAdminLogon") | % {
                  Remove-ItemProperty -Path $winLogonKey -Name $_ -ErrorAction SilentlyContinue
                else {
                  Set-ItemProperty -Path $winLogonKey -Name $_ -Value $winlogonProps[$_]
            Remove-Item -Path "$(Get-BoxstarterTempDir)\Boxstarter.autologon"
        if($promptToExit -or $KeepWindowOpen){
            Read-Host 'Type ENTER to exit'

    if(!(Get-IsRemote -PowershellRemoting) -and !$DisableRestart){
            Write-BoxstarterMessage "UAC Enabled. Disabling..."
            New-Item "$(Get-BoxstarterTempDir)\BoxstarterReEnableUAC" -type file | Out-Null

    if(!(Get-IsRemote -PowershellRemoting) -and $BoxstarterPassword.Length -gt 0) {
        Write-BoxstarterMessage "Securely Storing $($currentUser.Domain)\$($currentUser.Name) credentials for automatic logon"
        Set-SecureAutoLogon $currentUser.Name $BoxstarterPassword $currentUser.Domain -BackupFile "$(Get-BoxstarterTempDir)\Boxstarter.autologon"
        Write-BoxstarterMessage "Logon Set"

	Describes how to use Boxstarter to wrap powershell scripts.

	The Boxstarter.Bootstrapper module provides an execution 
	environment for running scripts that may require one or more 
	reboots throughout its exeution process. This can be any 
	powershell script and is ideally suited for scripts that involve 
	the installation of software and system configuration.

	By default, Boxstarter will not reboot a machine even when 
	Invoke-Reboot is called. In order to enable reboots, either the 
	-RebootOk switch parameter bust be set on Invoke-Boxstarter or 
	the RebootOk $Boxstarter property should be true.

	If Reoots are enabled, calling INVOKE-REBOOT will prepare the 
	Boxstarter environment for reboot and force a restart of the 
	local machine. DO NOT CALL RESTART-COMPUTER. This will not allow 
	Boxstarter to propperly prepare for reboot and will disable 
	automatic logon and not allow the Boxstarter script to continue 
	upon reboot.

	While a boxstarter script may have its own rules determining when 
	a reboot is needed, Boxstarter provides a Test-PendingReboot 
	functions which checks several machine settings to determine if a 
	reboot is needed. Credit for this script goes to Brian Wilhite's 
	original contribution at

	Test-PendingReboot Checks several known registry keys, the windows 
	update service, component based servicing, and configuration manager. 
	If there is any indication that a reboot is pending, Test-PendingReboot 
	returns $True. Boxstarter scripts may then want to call Invoke-Reboot. 
	Many Software Installers will fail if there is a reboot pending.

	If reboots are enabled, Boxstarter will prompt the user for a password 
	when initially calling Invoke-Boxstarter. The password is given to 
	boxstarter as a SecureString. Boxstarter uses the domain and username 
	of the current user. Boxstarter will attempt to authenticate the 
	password up to three times. If the password cannot be authenticated, 
	Boxstarter will continue to run the script but the user will need to 
	manually sign on at logon. If the user succesfully authenticates, 
	Boxstarter stores the pasword in an encrypted area intended for auto 
	logon passwords.

	When the boxstarter script completes, all logon information is removed 
	from the registry and subsequent logons will prompt for credentials.

	When Boxstarter reboots, it simply reruns the script as it was 
	provided. Currently Boxstarter has no checkpointing mechanism to 
	start your script from a specific location. Of coarse, the script 
	author can include such logic. Therefore, it is best to write 
	scripts that can be run in a repeatable manner. For example, the 
	script may want to do its own checks to determine if long running 
	routines like a lengthy software install needs to be run. Is the 
	software already installed? Boxstarter scripts should anticipate 
	that any portion of the script may have been previously executed.

	Boxstarter ensures that scripts run as administrator. If you call 
	Invoke-Boxstarter from a non elevated shell, Boxstarter will 
	launch an elevated shell and run the remainder of the session 
	from tha tshell. If Boxstarter is asked to reboot via Invoke-Reboot 
	and UAC is enabled on the machine, it will disable UAC and then 
	reenable it after the machine is rebooted and the script restarts. 
	This is necessary for an unattended execution experience, otherwise 
	Boxstarter would need to have you accept the UAC prompt after reboot 
	in order to continue the Boxstarter session.

	In order to provide as little interruption as possible during a 
	Boxstarter script execution, Windows Update Service and, if installed, 
	the System Configuration Client are stopped. When Boxstarter 
	completes, these services are restarted. Boxstarter exposes 
	functionality to install Windows Updates (see below) and stopping 
	these services will not impact that functionality.

	Boxstarter provides several Logging functions. These include the 
	ability to log both to the screen and the Boxstarter Log as well as 
	the ability to log to both simultaneously. Boxstarter also enables 
	you t ocapture the standard output and error streams of standard 
	command line executables and utilities and not just the powershell 
	pipeline. See About_Boxstarter_Logging for more details.

	Boxstarter exposes several functions aimed at customizing several 
	Windows settings. All of these are located in the 
	Boxstarter.WinConfig module. These include customizing Windows 
	Explorer, the Windows Task Bar, enabling Remote desktop and much 
	more. See Get-Command -Module Boxstarter.WinConfig for the 
	functions available.


	A Hashtable for persisting Boxstarter settings.

	The Boxstarter variable is a hashtable that is globaly accesible. 
	Different Boxstarter modules may store different settings.
	Some of the bootstrapper module settings available from the 
	Boxstarter variable can also be set from the Invoke-Boxstarter 

		Indicates if the current session was automatically loged on by 
		Boxstarter after a reboot.

		The Root directory containing the Boxstarter Modules and local 
		package repository. By default this is in the users AppData 

		Indicates if Boxstarter has intiated a reboot.

		This points to the path of the Boxstarter log file. By default 
		this is $env:LocalAppData\Boxstarter\boxstarter.log. You may 
		edit this variable to change the location of the log.

		A boolean value indicating if automatic reboots are permited. 
		This is false by default but true if the -RebootOk switch is 
		used when calling Invoke-Boxstarter. You may edit this value 
		to suppress or enable reboots.

		The script that is wraped  by Boxstarter.

		A boolean value that specifies if log messages should be 
		suppressed. The default is false and can be changed at any 
		time. If true, any message logged via Write-BoxstarterMessage 
		or Star-TimedSection will not log to the console or to the 

function Get-BoxstarterTempDir {
    if($env:LocalAppData -and $env:LocalAppData.StartsWith("$env:SystemDrive\Users")){
        $dir = $env:LocalAppData
    else {
        $dir = $env:ProgramData

if(!(Test-Path "$dir\Boxstarter")){mkdir "$dir\Boxstarter" | out-null}
    return "$dir\Boxstarter"
*   This function was written by Brian Wilhite
*   Published at
*	Version: 07/27/2015
*   Distributed according to Technet Terms of Use
Function Get-PendingReboot
    Gets the pending reboot status on a local or remote computer.

    This function will query the registry on a local or remote computer and determine if the
    system is pending a reboot, from Microsoft updates, Configuration Manager Client SDK, Pending Computer 
    Rename, Domain Join or Pending File Rename Operations. For Windows 2008+ the function will query the 
    CBS registry key as another factor in determining pending reboot state.  "PendingFileRenameOperations" 
    and "Auto Update\RebootRequired" are observed as being consistant across Windows Server 2003 & 2008.
    CBServicing = Component Based Servicing (Windows 2008+)
    WindowsUpdate = Windows Update / Auto Update (Windows 2003+)
    CCMClientSDK = SCCM 2012 Clients only (DetermineIfRebootPending method) otherwise $null value
    PendComputerRename = Detects either a computer rename or domain join operation (Windows 2003+)
    PendFileRename = PendingFileRenameOperations (Windows 2003+)
    PendFileRenVal = PendingFilerenameOperations registry value; used to filter if need be, some Anti-
                     Virus leverage this key for def/dat removal, giving a false positive PendingReboot

.PARAMETER ComputerName
    A single Computer or an array of computer names.  The default is localhost ($env:COMPUTERNAME).

    A single path to send error data to a log file.

    PS C:\> Get-PendingReboot -ComputerName (Get-Content C:\ServerList.txt) | Format-Table -AutoSize
    Computer CBServicing WindowsUpdate CCMClientSDK PendFileRename PendFileRenVal RebootPending
    -------- ----------- ------------- ------------ -------------- -------------- -------------
    DC01           False         False                       False                        False
    DC02           False         False                       False                        False
    FS01           False         False                       False                        False

    This example will capture the contents of C:\ServerList.txt and query the pending reboot
    information from the systems contained in the file and display the output in a table. The
    null values are by design, since these systems do not have the SCCM 2012 client installed,
    nor was the PendingFileRenameOperations value populated.

    PS C:\> Get-PendingReboot
    Computer           : WKS01
    CBServicing        : False
    WindowsUpdate      : True
    CCMClient          : False
    PendComputerRename : False
    PendFileRename     : False
    PendFileRenVal     : 
    RebootPending      : True
    This example will query the local machine for pending reboot information.
    PS C:\> $Servers = Get-Content C:\Servers.txt
    PS C:\> Get-PendingReboot -Computer $Servers | Export-Csv C:\PendingRebootReport.csv -NoTypeInformation
    This example will create a report that contains pending reboot information.

    Component-Based Servicing:
    PendingFileRename/Auto Update:

    SCCM 2012/CCM_ClientSDK:

    Author:  Brian Wilhite
    Email:   bcwilhite (at)
    Date:    29AUG2012
    PSVer:   2.0/3.0/4.0/5.0
    Updated: 27JUL2015
    UpdNote: Added Domain Join detection to PendComputerRename, does not detect Workgroup Join/Change
             Fixed Bug where a computer rename was not detected in 2008 R2 and above if a domain join occurred at the same time.
             Fixed Bug where the CBServicing wasn't detected on Windows 10 and/or Windows Server Technical Preview (2016)
             Added CCMClient property - Used with SCCM 2012 Clients only
             Added ValueFromPipelineByPropertyName=$true to the ComputerName Parameter
             Removed $Data variable from the PSObject - it is not needed
             Bug with the way CCMClientSDK returned null value if it was false
             Removed unneeded variables
             Added PendFileRenVal - Contents of the PendingFileRenameOperations Reg Entry
             Removed .Net Registry connection, replaced with WMI StdRegProv
             Added ComputerPendingRename


Begin {  }## End Begin Script Block
Process {
  Foreach ($Computer in $ComputerName) {
	Try {
	    ## Setting pending values to false to cut down on the number of else statements
	    $CompPendRen,$PendFileRename,$Pending,$SCCM = $false,$false,$false,$false
	    ## Setting CBSRebootPend to null since not all versions of Windows has this value
	    $CBSRebootPend = $null
	    ## Querying WMI for build version
	    $WMI_OS = Get-WmiObject -Class Win32_OperatingSystem -Property BuildNumber, CSName -ComputerName $Computer -ErrorAction Stop

	    ## Making registry connection to the local/remote computer
	    $HKLM = [UInt32] "0x80000002"
	    $WMI_Reg = [WMIClass] "\\$Computer\root\default:StdRegProv"
	    ## If Vista/2008 & Above query the CBS Reg Key
	    If ([Int32]$WMI_OS.BuildNumber -ge 6001) {
		    $RegSubKeysCBS = $WMI_Reg.EnumKey($HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\")
		    $CBSRebootPend = $RegSubKeysCBS.sNames -contains "RebootPending"		
	    ## Query WUAU from the registry
	    $RegWUAURebootReq = $WMI_Reg.EnumKey($HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\")
	    $WUAURebootReq = $RegWUAURebootReq.sNames -contains "RebootRequired"
	    ## Query PendingFileRenameOperations from the registry
	    $RegSubKeySM = $WMI_Reg.GetMultiStringValue($HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\","PendingFileRenameOperations")
	    $RegValuePFRO = $RegSubKeySM.sValue

	    ## Query JoinDomain key from the registry - These keys are present if pending a reboot from a domain join operation
	    $Netlogon = $WMI_Reg.EnumKey($HKLM,"SYSTEM\CurrentControlSet\Services\Netlogon").sNames
	    $PendDomJoin = ($Netlogon -contains 'JoinDomain') -or ($Netlogon -contains 'AvoidSpnSet')

	    ## Query ComputerName and ActiveComputerName from the registry
	    $ActCompNm = $WMI_Reg.GetStringValue($HKLM,"SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\","ComputerName")            
	    $CompNm = $WMI_Reg.GetStringValue($HKLM,"SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\","ComputerName")

	    If (($ActCompNm -ne $CompNm) -or $PendDomJoin) {
	        $CompPendRen = $true
	    ## If PendingFileRenameOperations has a value set $RegValuePFRO variable to $true
	    If ($RegValuePFRO) {
		    $PendFileRename = $true

	    ## Determine SCCM 2012 Client Reboot Pending Status
	    ## To avoid nested 'if' statements and unneeded WMI calls to determine if the CCM_ClientUtilities class exist, setting EA = 0
	    $CCMClientSDK = $null
	    $CCMSplat = @{
	    ## Try CCMClientSDK
	    Try {
	        $CCMClientSDK = Invoke-WmiMethod @CCMSplat
	    } Catch [System.UnauthorizedAccessException] {
	        $CcmStatus = Get-Service -Name CcmExec -ComputerName $Computer -ErrorAction SilentlyContinue
	        If ($CcmStatus.Status -ne 'Running') {
	            Write-Warning "$Computer`: Error - CcmExec service is not running."
	            $CCMClientSDK = $null
	    } Catch {
	        $CCMClientSDK = $null

	    If ($CCMClientSDK) {
	        If ($CCMClientSDK.ReturnValue -ne 0) {
		        Write-Warning "Error: DetermineIfRebootPending returned error code $($CCMClientSDK.ReturnValue)"          
		    If ($CCMClientSDK.IsHardRebootPending -or $CCMClientSDK.RebootPending) {
		        $SCCM = $true
	    Else {
	        $SCCM = $null

	    ## Creating Custom PSObject and Select-Object Splat
	    $SelectSplat = @{
	    New-Object -TypeName PSObject -Property @{
	        RebootPending=($CompPendRen -or $CBSRebootPend -or $WUAURebootReq -or $SCCM -or $PendFileRename)
	    } | Select-Object @SelectSplat

	} Catch {
	    Write-Warning "$Computer`: $_"
	    ## If $ErrorLog, log the file to a user specified location/path
	    If ($ErrorLog) {
	        Out-File -InputObject "$Computer`,$_" -FilePath $ErrorLog -Append
  }## End Foreach ($Computer in $ComputerName)			
}## End Process

End {  }## End End

}## End Function Get-PendingReboot
if(!$Global:Boxstarter) { $Global:Boxstarter = @{} }
if(!$Boxstarter.ContainsKey('Log')) {
if(!$Boxstarter.ContainsKey('RebootOk')) { $Boxstarter.RebootOk=$false }
if(!$Boxstarter.ContainsKey('IsRebooting')) { $Boxstarter.IsRebooting=$false }
function Invoke-BoxStarter{
Invokes the Boxstarter bootstrapper

This wraps any PowerShell script block and executes it in an environment tailored for uninterrupted installations
 - Turns off the windows update service during installation to prevent installation conflicts and minimize the need for reboots
 - Imports the Boxstarter.WinConfig module that provides functions for customizing windows
 - Provides Reboot Resiliency by ensuring the package installation is immediately restarted up on reboot if there is a reboot during the installation.
 - Ensures everything runs under administrator permissions
If the password argument is not included and RebootOk is passed, 
the user will be prompted for a password immediately after 
invoking the command and that password will be used for any 
subsequent reboot during the boxstarter run.

.Parameter ScriptToCall
The script that Boxstarter wraps. After Boxstarter shuts down 
the update services and ensures that the console is running as 
an administrator, it invokes this script. The script may call Invoke-Reboot 
at any time and Boxstarter will ensure that the machine is 
rebooted, logged in and the script is rerun.

.Parameter Password
This password will be used to automatically log the user in if a 
reboot is required and reboots are enabled.

.Parameter RebootOk
If set, a reboot will be performed if boxstarter determines that a 
reboot is pending. If no password is supplied to the Password 
parameterBoxstarter will prompt the user to enter a password which 
will be used for automatic logins in the event a restart is 

.PARAMETER KeepWindowOpen
Enabling this switch will prevent the command window from closing and 
prompt the user to pres the Enter key before the window closes. This 
is ideal when not invoking boxstarter from a console.

When set, Boxstarter will never prompt for logon. Use this if using
an account without password validation.

Invoke-Boxstarter {Import-Modler myinstaller;Invoke-MyInstall} -RebootOk

This invokes Boxstarter and invokes MyInstall. If pending 
reboots are detected, boxstarter will restart the machine. Boxstarter
will prompt the user to enter a password which will be used for 
automatic logins in the event a restart is required.

    $BoxStarter.IsRebooting = $false
    $scriptFile = "$(Get-BoxstarterTempDir)\boxstarter.script"
    if(!(Test-Admin)) {
        New-Item $scriptFile -type file -value $ScriptToCall.ToString() -force | out-null
        Write-BoxstarterMessage "User is not running with administrative rights. Attempting to elevate..."
        $unNormalized=(Get-Item "$($Boxstarter.Basedir)\Boxstarter.Bootstrapper\BoxStarter.Bootstrapper.psd1")
            $encryptedPass = convertfrom-securestring -securestring $password
            $passwordArg = "-encryptedPassword $encryptedPass"
        $command = "-ExecutionPolicy bypass -noexit -command Import-Module `"$($unNormalized.FullName)`";Invoke-BoxStarter $(if($RebootOk){'-RebootOk'}) $passwordArg"
        Start-Process powershell -verb runas -argumentlist $command
        if(!(Get-IsRemote)){ Write-BoxstarterLogo }
        $session=Start-TimedSection "Installation session." -Verbose
        if($encryptedPassword){$password = ConvertTo-SecureString -string $encryptedPassword}
            Write-BoxstarterMessage "NoPassword is false checking autologin" -verbose
            $script:BoxstarterPassword=InitAutologon $password
        if($script:BoxstarterPassword -eq $null) {
        Write-BoxstarterMessage "NoPassword is set to $($boxstarter.NoPassword) and RebootOk is set to $($Boxstarter.RebootOk) and the NoPassword parameter passed was $NoPassword" -verbose
        $Boxstarter.ScriptToCall = Resolve-Script $ScriptToCall $scriptFile
        return $true
    catch {
       Log-BoxStarterMessage ($_ | Out-String)
       throw $_
        Cleanup-Boxstarter -KeepWindowOpen:$KeepWindowOpen -DisableRestart:$DisableRestart
        Stop-TimedSection $session
        if($BoxStarter.IsRebooting) {

function RestartNow {
    Write-BoxstarterMessage "Restart Required. Restarting now..."
    Restart-Computer -force -ErrorAction SilentlyContinue

function Read-AuthenticatedPassword {
    while(--$attemptsLeft -ge 0 -and !$val) {
            $Password=Read-Host -AsSecureString "Autologon Password"
            $creds = New-Object System.Management.Automation.PsCredential("$($currentUser.Domain)\$($currentUser.Name)", $password)
            Start-Process "Cmd.exe" -argumentlist "/c","echo" -Credential $creds
            write-BoxstarterMessage "Successfully authenticated password."
            return $password
        catch { }
    write-BoxstarterMessage "Unable to authenticate password for $($currentUser.Domain)\$($currentUser.Name). Proceeding with autologon disabled"
    return $null

function InitAutologon([System.Security.SecureString]$password){
    $autologonKey="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    $winlogonProps = Get-ItemProperty -Path $autologonKey
    if($winlogonProps.AutoAdminLogon){$autoLogon=Get-ItemProperty -Path $autologonKey -Name "AutoAdminLogon"}
    if($autoLogon) {
        $autoLogon = $autoLogon.AutoAdminLogon
        if($autoLogon -gt 0) {
            try { $autoLogonCount=Get-ItemProperty -Path $autologonKey -Name "AutoLogonCount" -ErrorAction stop } catch {$global:error.RemoveAt(0)}
            if($autoLogonCount) {$autoLogon=$autoLogonCount.autoLogonCount}
    } else {$autoLogon=0}
    $Boxstarter.AutologedOn = ($autoLogon -gt 0)
    Write-BoxstarterMessage "AutoLogin status is $($Boxstarter.AutologedOn)" -verbose
    if($Boxstarter.RebootOk -and !$Password -and !$Boxstarter.AutologedOn) {
        Write-BoxstarterMessage "Please type CTRL+C or close this window to exit Boxstarter if you do not want to risk a reboot during this Boxstarter install.`r`n" -nologo -Color Yellow
        write-BoxstarterMessage @"
Boxstarter may need to reboot your system. 
Please provide your password so that Boxstarter may automatically log you on. 
Your password will be securely stored and encrypted.
"@ -nologo

    return $password

function Resolve-Script([ScriptBlock]$script, [string]$scriptFile){
    if($script) {return $script.ToString()}
    if(Test-Path $scriptFile) {
        $scriptFile=(Get-Content $scriptFile)
        if($scriptFile.length -gt 0) {
            return $scriptFile
    throw "No Script was specified to call."
function Invoke-Reboot {
Reboots the local machine ensuring Boxstarter restarts 
automatically after reboot and sets up autologon if it a 
password was provided.

Use this command inside of a boxstarter package instead 
of calling Restart-Computer

This command will often be used with the Test-PendingReboot
command. If Test-PendingReboot returns true, one may want 
to call Invoke-Reboot to restart otherwise the remainder of 
the package might fail.

One can use the $Boxstarter variable's RebootOk to enable/disable
reboots. If this is set to $False (the default) then Invoke-Reboot
will not do anything. If Boxstarter was invoked with the -RebootOk
parameter $Boxstarter.RebootOk is set to True.

    if(!$Boxstarter.RebootOk) { 
        Write-BoxstarterMessage "A Reboot was requested but Reboots are suppressed. Either call Invoke-Boxstarter with -RebootOk or set `$Boxstarter.RebootOk to `$true"
    if(!(Get-IsRemote -PowershellRemoting) -and !($Boxstarter.DisableRestart)){
        if(!$Boxstarter.ScriptToCall) {
            Write-BoxstarterMessage "Invoke-Reboot must be called from a Boxstarter package."
        Write-BoxstarterMessage "writing restart file"
        New-Item "$(Get-BoxstarterTempDir)\Boxstarter.script" -type file -value $boxstarter.ScriptToCall -force | Out-Null
        $startup = "$env:appdata\Microsoft\Windows\Start Menu\Programs\Startup"
        $restartScript="Call PowerShell -NoProfile -ExecutionPolicy bypass -command `"Import-Module '$($Boxstarter.BaseDir)\Boxstarter.Bootstrapper\boxstarter.bootstrapper.psd1';Invoke-Boxstarter -RebootOk -NoPassword:`$$($Boxstarter.NoPassword.ToString())`""
        New-Item "$startup\boxstarter-post-restart.bat" -type file -force -value $restartScript | Out-Null
    try {
        if(Get-Module Bitlocker -ListAvailable -ErrorAction Stop){
            Get-BitlockerVolume -ErrorAction Stop | ? {$_.ProtectionStatus -eq "On"  -and $_.VolumeType -eq "operatingSystem"} | Suspend-Bitlocker -RebootCount 1 | out-null
    catch {
    } # There are several reports of the bitlocker module throwing errors

    if($Boxstarter.SourcePID -ne $Null) {
        Write-BoxstarterMessage "Writing restart marker with pid $($Boxstarter.SourcePID) from $PID" -verbose
        New-Item "$(Get-BoxstarterTempDir)\Boxstarter.$($Boxstarter.SourcePID).restart" -type file -value "" -force | Out-Null

function Restart {
*   This function was written by Andy Arismendi
*   Published at
*   Under Creative Commons License 
function Set-SecureAutoLogon {
param (
    [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]

    [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [System.Security.SecureString]

begin {
    [string] $WinlogonPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
    [string] $WinlogonBannerPolicyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

    [string] $Enable = 1
    [string] $Disable = 0
    #region C# Code to P-invoke LSA LsaStorePrivateData function.
    Add-Type @"
        using System;
        using System.Collections.Generic;
        using System.Text;
        using System.Runtime.InteropServices;

        namespace ComputerSystem
            public class LSAutil
                private struct LSA_UNICODE_STRING
                    public UInt16 Length;
                    public UInt16 MaximumLength;
                    public IntPtr Buffer;

                private struct LSA_OBJECT_ATTRIBUTES
                    public int Length;
                    public IntPtr RootDirectory;
                    public LSA_UNICODE_STRING ObjectName;
                    public uint Attributes;
                    public IntPtr SecurityDescriptor;
                    public IntPtr SecurityQualityOfService;

                private enum LSA_AccessPolicy : long
                    POLICY_VIEW_LOCAL_INFORMATION = 0x00000001L,
                    POLICY_VIEW_AUDIT_INFORMATION = 0x00000002L,
                    POLICY_GET_PRIVATE_INFORMATION = 0x00000004L,
                    POLICY_TRUST_ADMIN = 0x00000008L,
                    POLICY_CREATE_ACCOUNT = 0x00000010L,
                    POLICY_CREATE_SECRET = 0x00000020L,
                    POLICY_CREATE_PRIVILEGE = 0x00000040L,
                    POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080L,
                    POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100L,
                    POLICY_AUDIT_LOG_ADMIN = 0x00000200L,
                    POLICY_SERVER_ADMIN = 0x00000400L,
                    POLICY_LOOKUP_NAMES = 0x00000800L,
                    POLICY_NOTIFICATION = 0x00001000L

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaRetrievePrivateData(
                            IntPtr PolicyHandle,
                            ref LSA_UNICODE_STRING KeyName,
                            out IntPtr PrivateData

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaStorePrivateData(
                        IntPtr policyHandle,
                        ref LSA_UNICODE_STRING KeyName,
                        ref LSA_UNICODE_STRING PrivateData

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaOpenPolicy(
                    ref LSA_UNICODE_STRING SystemName,
                    ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
                    uint DesiredAccess,
                    out IntPtr PolicyHandle

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaNtStatusToWinError(
                    uint status

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaClose(
                    IntPtr policyHandle

                [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)]
                private static extern uint LsaFreeMemory(
                    IntPtr buffer

                private LSA_OBJECT_ATTRIBUTES objectAttributes;
                private LSA_UNICODE_STRING localsystem;
                private LSA_UNICODE_STRING secretName;

                public LSAutil(string key)
                    if (key.Length == 0)
                        throw new Exception("Key length zero");

                    objectAttributes = new LSA_OBJECT_ATTRIBUTES();
                    objectAttributes.Length = 0;
                    objectAttributes.RootDirectory = IntPtr.Zero;
                    objectAttributes.Attributes = 0;
                    objectAttributes.SecurityDescriptor = IntPtr.Zero;
                    objectAttributes.SecurityQualityOfService = IntPtr.Zero;

                    localsystem = new LSA_UNICODE_STRING();
                    localsystem.Buffer = IntPtr.Zero;
                    localsystem.Length = 0;
                    localsystem.MaximumLength = 0;

                    secretName = new LSA_UNICODE_STRING();
                    secretName.Buffer = Marshal.StringToHGlobalUni(key);
                    secretName.Length = (UInt16)(key.Length * UnicodeEncoding.CharSize);
                    secretName.MaximumLength = (UInt16)((key.Length + 1) * UnicodeEncoding.CharSize);

                private IntPtr GetLsaPolicy(LSA_AccessPolicy access)
                    IntPtr LsaPolicyHandle;

                    uint ntsResult = LsaOpenPolicy(ref this.localsystem, ref this.objectAttributes, (uint)access, out LsaPolicyHandle);

                    uint winErrorCode = LsaNtStatusToWinError(ntsResult);
                    if (winErrorCode != 0)
                        throw new Exception("LsaOpenPolicy failed: " + winErrorCode);

                    return LsaPolicyHandle;

                private static void ReleaseLsaPolicy(IntPtr LsaPolicyHandle)
                    uint ntsResult = LsaClose(LsaPolicyHandle);
                    uint winErrorCode = LsaNtStatusToWinError(ntsResult);
                    if (winErrorCode != 0)
                        throw new Exception("LsaClose failed: " + winErrorCode);

                public void SetSecret(string value)
                    LSA_UNICODE_STRING lusSecretData = new LSA_UNICODE_STRING();

                    if (value.Length > 0)
                        //Create data and key
                        lusSecretData.Buffer = Marshal.StringToHGlobalUni(value);
                        lusSecretData.Length = (UInt16)(value.Length * UnicodeEncoding.CharSize);
                        lusSecretData.MaximumLength = (UInt16)((value.Length + 1) * UnicodeEncoding.CharSize);
                        //Delete data and key
                        lusSecretData.Buffer = IntPtr.Zero;
                        lusSecretData.Length = 0;
                        lusSecretData.MaximumLength = 0;

                    IntPtr LsaPolicyHandle = GetLsaPolicy(LSA_AccessPolicy.POLICY_CREATE_SECRET);
                    uint result = LsaStorePrivateData(LsaPolicyHandle, ref secretName, ref lusSecretData);

                    uint winErrorCode = LsaNtStatusToWinError(result);
                    if (winErrorCode != 0)
                        throw new Exception("StorePrivateData failed: " + winErrorCode);

process {

    try {
        $ErrorActionPreference = "Stop"
        $decryptedPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto(

        if ($BackupFile) {
                # Initialize the hash table with a string comparer to allow case sensitive keys.
                # This allows differentiation between the winlogon and system policy logon banner strings.
            $OrigionalSettings = New-Object System.Collections.Hashtable ([system.stringcomparer]::CurrentCulture)
            $OrigionalSettings.AutoAdminLogon = (Get-ItemProperty $WinlogonPath ).AutoAdminLogon
            $OrigionalSettings.ForceAutoLogon = (Get-ItemProperty $WinlogonPath).ForceAutoLogon
            $OrigionalSettings.DefaultUserName = (Get-ItemProperty $WinlogonPath).DefaultUserName
            $OrigionalSettings.DefaultDomainName = (Get-ItemProperty $WinlogonPath).DefaultDomainName
            if((Get-ItemProperty $WinlogonPath).DefaultPassword) {
                $OrigionalSettings.DefaultPassword = (Get-ItemProperty $WinlogonPath).DefaultPassword
                Remove-ItemProperty -Path $WinlogonPath -Name DefaultPassword -Force
            $OrigionalSettings.AutoLogonCount = (Get-ItemProperty $WinlogonPath).AutoLogonCount
                # The winlogon logon banner settings.
            $OrigionalSettings.LegalNoticeCaption = (Get-ItemProperty $WinlogonPath).LegalNoticeCaption
            $OrigionalSettings.LegalNoticeText = (Get-ItemProperty $WinlogonPath).LegalNoticeText
                # The system policy logon banner settings.
            $OrigionalSettings.legalnoticecaption = (Get-ItemProperty $WinlogonBannerPolicyPath).legalnoticecaption
            $OrigionalSettings.legalnoticetext = (Get-ItemProperty $WinlogonBannerPolicyPath).legalnoticetext
            $OrigionalSettings | Export-Clixml -Depth 10 -Path $BackupFile
            # Store the password securely.
        $lsaUtil = New-Object ComputerSystem.LSAutil -ArgumentList "DefaultPassword"
            # Store the autologon registry settings.
        Set-ItemProperty -Path $WinlogonPath -Name AutoAdminLogon -Value $Enable -Force

        Set-ItemProperty -Path $WinlogonPath -Name DefaultUserName -Value $Username -Force
        Set-ItemProperty -Path $WinlogonPath -Name DefaultDomainName -Value $Domain -Force

        if ($AutoLogonCount) {
            Set-ItemProperty -Path $WinlogonPath -Name AutoLogonCount -Value $AutoLogonCount -Force
        } else {
            try {Remove-ItemProperty -Path $WinlogonPath -Name AutoLogonCount -ErrorAction stop } catch {$global:error.RemoveAt(0)}

        if ($RemoveLegalPrompt) {
            Set-ItemProperty -Path $WinlogonPath -Name LegalNoticeCaption -Value $null -Force
            Set-ItemProperty -Path $WinlogonPath -Name LegalNoticeText -Value $null -Force
            Set-ItemProperty -Path $WinlogonBannerPolicyPath -Name legalnoticecaption -Value $null -Force
            Set-ItemProperty -Path $WinlogonBannerPolicyPath -Name legalnoticetext -Value $null -Force
    } catch {
        throw 'Failed to set auto logon. The error was: "{0}".' -f $_

        Enables auto logon using the specified username and password.

    .PARAMETER  Username
        The username of the user to automatically logon as.

    .PARAMETER  Password
        The password for the user to automatically logon as.
    .PARAMETER  Domain
        The domain of the user to automatically logon as.
    .PARAMETER  AutoLogonCount
        The number of logons that auto logon will be enabled.
    .PARAMETER  RemoveLegalPrompt
        Removes the system banner to ensure intervention-less logon.
    .PARAMETER  BackupFile
        If specified the existing settings such as the system banner text will be backed up to the specified file.

        PS C:\> Set-SecureAutoLogon `
                -Username $env:USERNAME `
                -Password (Read-Host -AsSecureString) `
                -AutoLogonCount 2 `
                -RemoveLegalPrompt `
                -BackupFile "C:\WinlogonBackup.xml"



        Revision History:
            2011-04-19 : Andy Arismendi - Created.
            2011-09-29 : Andy Arismendi - Changed to use LSA secrets to store password securely.


function Start-UpdateServices {
    write-boxstartermessage "Restore Automatic Updates from Windows Update"
    $winUpdateKey = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au"

    Remove-BoxstarterError {
        Remove-ItemProperty -Path $winUpdateKey -name 'NoAutoUpdate' -force
        Remove-ItemProperty -Path $winUpdateKey -name 'NoAutoRebootWithLoggedOnUsers' -force

        # Restore original value
        Rename-ItemProperty -Path $winUpdateKey -NewName 'NoAutoUpdate' -Name 'NoAutoUpdate_BAK'


function Start-CCMEXEC {
    $ccm = get-service -include CCMEXEC
    if($ccm -and $ccm.Status -ne "Running") {
        Write-BoxstarterMessage "Starting Configuration Manager Service"
        set-service CCMEXEC -startuptype automatic
        Enter-BoxstarterLogable { Start-Service CCMEXEC -ErrorAction SilentlyContinue }
function Stop-UpdateServices {
    write-boxstartermessage "Disabling Automatic Updates from Windows Update"
    $winUpdateKey = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au"
    if(!(Test-Path $winUpdateKey) ) { New-Item $winUpdateKey -Type Folder -Force | Out-Null }

    Remove-BoxstarterError {
        # Backup original value
        Rename-ItemProperty -Path $winUpdateKey -Name 'NoAutoUpdate' -NewName 'NoAutoUpdate_BAK'

        New-ItemProperty -Path $winUpdateKey -name 'NoAutoUpdate' -value '1' -propertyType "DWord" -force | Out-Null
        New-ItemProperty -Path $winUpdateKey -name 'NoAutoRebootWithLoggedOnUsers' -value '1' -propertyType "DWord" -force | Out-Null

function Stop-CCMEXEC {
    $ccm = (get-service -include CCMEXEC)
    if($ccm) {
        set-service CCMEXEC -startuptype disabled
        do {
            if($ccm.CanStop) { 
                Write-boxstartermessage "Stopping Configuration Manager"
                Enter-BoxstarterLogable { Stop-Service CCMEXEC }
            Write-boxstartermessage "Waiting for Computer Configuration Manager to stop..."
            sleep 10
        } while (-not ($ccm.CanStop) -and ($i++ -lt 5))
function Test-PendingReboot {
Checks to see if Windows is pending a reboot

Uses a script from Brian Wilhite 
that queries the registry, Windows Update and System 
Configuration Manager to determine if a pending reboot is 

One may want to check this before installing software 
or doing anything that may fail if there is a pending 
reboot. If this command returns $true, one may want to
call Invoke-Reboot to restart the local machine.


    Write-BoxstarterMessage "Checking for Pending reboot" -Verbose
    return Remove-BoxstarterError {
        $rebootPending = Get-PendingReboot -ErrorLog $BoxStarter.Log
		if ($rebootPending.RebootPending) {
			Write-BoxstarterMessage "Detected Pending reboot" -Verbose
			Log-BoxstarterMessage "$rebootPending"
			return $true
		else {
			return $false
$tools = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
. (Join-Path $tools Setup.ps1)
try { 
    $ModuleName = (Get-ChildItem $tools | ?{ $_.PSIsContainer }).BaseName
    $preInstall = Join-Path $tools "$modulename.preinstall.ps1"
    if(Test-Path $preInstall) { .$preInstall }
    Install-Boxstarter $tools $ModuleName $env:chocolateyPackageParameters
} catch {
    write-output $_ | fl * -force
    throw $_.Exception
                                 Apache License
                           Version 2.0, January 2004


   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."

      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.

   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.

   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.

   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:

      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.

      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.

   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.

   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      implied, including, without limitation, any warranties or conditions
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.

   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.

   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
function Install-Boxstarter($here, $ModuleName, $installArgs = "") {
    $boxstarterPath=Join-Path $env:AppData Boxstarter
    if(!(test-Path $boxstarterPath)){
        mkdir $boxstarterPath
    $packagePath=Join-Path $boxstarterPath BuildPackages
    if(!(test-Path $packagePath)){
        mkdir $packagePath
    foreach($ModulePath in (Get-ChildItem $here | ?{ $_.PSIsContainer })){
        $target=Join-Path $boxstarterPath $modulePath.BaseName
        if(test-Path $target){
            Remove-Item $target -Recurse -Force
    Copy-Item "$here\*" $boxstarterPath -Recurse -Force -Exclude ChocolateyInstall.ps1, Setup.*

    PersistBoxStarterPathToEnvironmentVariable "PSModulePath"
    PersistBoxStarterPathToEnvironmentVariable "Path"
    $binPath =  "$here\..\..\..\bin"
    $boxModule=Get-Module Boxstarter.Chocolatey
    if($boxModule) {
        if($boxModule.Path -like "$env:LOCALAPPDATA\Apps\*") {
        Import-Module "$boxstarterPath\$ModuleName" -DisableNameChecking -Force -ErrorAction SilentlyContinue
    $successMsg = @"
The $ModuleName Module has been copied to $boxstarterPath and added to your Module path. 
You will need to open a new console for the path to be visible.
Use 'Get-Module Boxstarter.* -ListAvailable' to list all Boxstarter Modules.
To list all available Boxstarter Commands, use:
PS:>Import-Module $ModuleName
PS:>Get-Command -Module Boxstarter.*

To find more info visit or use:
PS:>Import-Module $ModuleName
PS:>Get-Help Boxstarter
    Write-Host $successMsg

    if($ModuleName -eq "Boxstarter.Chocolatey" -and !$env:appdata.StartsWith($env:windir)) {
        $desktop = $([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::DesktopDirectory))
        $startMenu=$("$env:appdata\Microsoft\Windows\Start Menu\Programs\Boxstarter")
        if(!(Test-Path $startMenu)){
            mkdir $startMenu
        $targetArgs="-ExecutionPolicy bypass -NoExit -Command `"&'$boxstarterPath\BoxstarterShell.ps1'`""

		if($installArgs -inotcontains "nodesktopicon") {
			$link = Join-Path $desktop "Boxstarter Shell.lnk"
			Create-Shortcut $link $target $targetArgs $boxstarterPath
        $link = Join-Path $startMenu "Boxstarter Shell.lnk"
        Create-Shortcut $link $target $targetArgs $boxstarterPath

        Set-Content -Path "$binPath\BoxstarterShell.bat" -Force -Value "$target $TargetArgs"

function Create-Shortcut($location, $target, $targetArgs, $boxstarterPath) {
    $wshshell = New-Object -ComObject WScript.Shell
    $lnk = $wshshell.CreateShortcut($location)
    $lnk.TargetPath = $target
    $lnk.Arguments = "$targetArgs"
    $lnk.WorkingDirectory = $boxstarterPath

	$tempFile = "$env:temp\TempShortcut.lnk"
	$writer = new-object System.IO.FileStream $tempFile, ([System.IO.FileMode]::Create)
	$reader = new-object System.IO.FileStream $location, ([System.IO.FileMode]::Open)
	while ($reader.Position -lt $reader.Length)
		$byte = $reader.ReadByte()
		if ($reader.Position -eq 22) {
			$byte = 34
	Move-Item -Path $tempFile $location -Force
function PersistBoxStarterPathToEnvironmentVariable($variableName){
    $value = [Environment]::GetEnvironmentVariable($variableName, 'User')
        $values=($value -split ';' | ?{ !($_.ToLower() -match "\\boxstarter$")}) -join ';'
    elseif($variableName -eq "PSModulePath") {
        $values +="\WindowsPowerShell\Modules;$boxstarterPath"
    else {
        $values ="$boxstarterPath"
    if(!$value -or !($values -contains $boxstarterPath)){
        $values = $values.Replace(';;',';')
        [Environment]::SetEnvironmentVariable($variableName, $values, 'User')
        $varValue = Get-Content env:\$variableName
        $varValue += ";$boxstarterPath"
        $varValue = $varValue.Replace(';;',';')
        Set-Content env:\$variableName -value $varValue

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Add to Builder Version Downloads Last Updated Status
Boxstarter Bootstrapper Module 3.0.0-beta-20220427-21 75 Wednesday, April 27, 2022 Exempted
Boxstarter Bootstrapper Module 2.12.0 388688 Tuesday, October 30, 2018 Approved
Boxstarter Bootstrapper Module 2.11.0 64656 Wednesday, May 16, 2018 Approved
Boxstarter Bootstrapper Module 2.10.3 52183 Thursday, August 31, 2017 Approved
Boxstarter Bootstrapper Module 2.9.26 5565 Monday, June 19, 2017 Approved
Boxstarter Bootstrapper Module 2.9.24 704 Sunday, June 18, 2017 Approved
Boxstarter Bootstrapper Module 2.9.14 6797 Friday, May 5, 2017 Approved

  • Update vendored chocolatey to stable 0.10.7
  • Update vendored chocolatey to stable 0.10.5
  • Add required tags element to boxstarter.common nuspec
  • Fix Set-ExplorerOption argument names
  • Fix Nuspec dependencies to be exact
  • Update vendored chocolatey to stable 0.10.4
  • Randomize package names generated from script to avoid file locks
  • Update vendored Chocolatey to 0.10.4 beta
  • Add Icon toggling of task bar notifications in Set-TaskbarOptions
  • Fix registry key name in Set-TaskbarOptions on some Windows 10 versions
  • Fix Default of RebootOk in boxstarter shell
  • Stop powershell profile loading when in powershell v2
Discussion for the Boxstarter Bootstrapper Module Package

Ground Rules:

  • This discussion is only about Boxstarter Bootstrapper Module and the Boxstarter Bootstrapper Module package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or Boxstarter Bootstrapper Module, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus