ABSTRACT

This is where some people will try to dazzle and

impress you with pon fica on and prose. I’m not
those people. Simply put, I spent about a week
messing around with virtualizing Windows Server on
ARM, and this is the result. I figured others could learn

Throwing Windows
from, or at the very least take joy in, my mistakes.

Jake Hildreth
Service Lead – Trimarc Active Directory Security
Through an Apple. Assessment.

Virtualizing Windows Server 2025 on Apple Silicon

TrimarcSecurity.com Hub.TrimarcSecurity.com TrimarcVision.com

Hi everyone. My name is Jake… and I’m a Mac user.

The (not very) big secret is out.

In my day job, I lead a service focused on assessing the security of one of Microsoft’s
most used technologies, Active Directory (AD). But for 18 years, I’ve used a MacBook as
my daily driver. How did I get here?

(If you don’t care about why I’m a Mac user, skip to the How To section.)

Some History
I’ve always been a user of multiple operating systems. I had experience with C64, Apple
IIe, DOS, and Mac OS before I ever touched a Windows device.

I started seriously learning computers with Windows 95, but from the late 90s onward,
I’ve always had a device (or a partition on a device) dedicated to running Linux.

Even now, my Mattermost server runs on Ubuntu, and I have a Kali VM I spin up when I
need to do some “hacking” aka running Python. I like learning different ways to do the
same task to find the best tool for a job. Regularly using multiple OSes makes that
possible.

All Aboard the Apple Train?

In 2006, Apple switched to Intel chips for the Mac/OS X. I knew I needed to get
something in the Mac line, but I was too poor (aka bad with money) at the time to
spend nearly $2000 on technology I had no clue how to properly use. To be completely
honest, I just thought the black MacBook looked super sexy.

Thankfully, I was able to convince my boss at the time to refresh my corporate

laptop two years early and get a MacBook (the black one! 😍). I sold him with lines like
“it can run software from Mac, Linux, AND Windows ecosystems” and “if everything else
in the forest gets infected with a virus, I’ll still be able to manage the network.” It helped
that he was a guy who liked experimenting with new tech.

After receiving the MacBook, I had a month-long period best described as my WTF Era.
Some Apple-y things made sense immediately, but other tasks were just so foreign. I
remember being flabbergasted by burning a CD. I regularly visited a few sites that gave
great guidance on transitioning from Windows to OS X, but the absolute best thing I did
was change my approach to computing.
My MacBook wasn’t a thing to be deciphered but instead a tool to be used. And like the
best tools, its most basic functions should be usable by non-experts with little-to-no
training. I started approaching the Mac as someone with little computer training would,
and things just started clicking.

I Joined The Cult

OS X on Intel was fun. Most Unix and Linux tools ran with little modification. Basic
Windows utilities could run in Wine. And if I needed to run something more complex,
Boot Camp gave me access to a full Windows installation.

I figured out a great workflow for doing most of my productivity work, network
administration, and VMware administration from my Mac while running a Windows
Virtual Machine (VM) in Parallels to handle Windows-specific tasks (Outlook and Remote
Server Administration Tools [RSAT], basically). The specifics of this setup changed over
time, but the basic shape stayed the same throughout.

Eventually, I went in hard on the Apple ecosystem. Almost all technology in my house is
Apple brand. I love that it (usually) Just Works. I love that I can share things with my
family easily. I love that the Apple operating systems reveal their features over time and
can be heavily customized, but the basic functions serve most people just fine.

A New Era
Fast forward to 2020. Apple announced they are transitioning Macs and macOS to use
Apple Silicon. Apple had been producing their own mobile chips for years, and this
transition promised tighter coupling of software and hardware resulting in better
performance and battery life. I was jazzed.

Yet again, I was able to convince my boss to let me upgrade my corporate laptop early
so I could get my hands on a new MacBook Pro with an M1 chip. I received it in mid-
January 2020 and immediately fell in love. It was super snappy and so damn powerful. I
remember loading ~14 4K videos without even a tiny hiccup. I never got the cooling fan
to spin up during normal use. And much like the transition to Intel chips, Apple made
the transition to their silicon super smooth. Rosetta 2 is a beast.

Virtualiza on Challenges
Despite the obvious improvements presented by Apple Silicon, the new chip presented
a serious problem for me: I regularly ran Windows in VMs on my older MacBooks for
testing and goofing around. Virtualizing x86_64 Windows was not possible on Apple
Silicon. Windows 10 on ARM was a thing, but I already had a couple of different ways to
do Windows-centric work and various places to run x86 VMs, so I didn’t go down that
rabbit hole too far.

More importantly, I had just started working towards an associate’s degree and
beginning my search for jobs in security. I just didn’t have free time to play with
unsupported stuff.

Eventually, Windows-on-ARM became better supported on Apple Silicon. VMware and

Parallels both released versions of their workstation software that could run Win 10 and
Win 11. My virtualization platform of choice, UTM, also started supporting Windows-on-
ARM. I tried all of the options, and they all ran great!

But I wanted to test AD, and you can’t stand up a forest without Windows Server, and
Server-on-ARM wasn’t really a thing. Until recently, that is!

Virtualiza on Breakthrough
Recently, I randomly googled “server 2025 arm iso” and came across a few Reddit
threads talking about the performance and support for Server 2025 on ARM… this
looked promising.

I grabbed some ISO packages from uupdump.net and spent a few hours building ISOs
on my Mac. After building, I would attempt to use the ISOs in VMware Fusion and UTM,
but I kept getting stuck in boot loops. Eventually, I realized it was way WAY past my
bedtime and shut down for the night.

The next morning, I re-read some of the threads from the night before and noticed my
mistake. Apparently, you need to build the installation ISO on Windows. I’d been
building my ISOs on macOS. As soon as I built the installation media on Windows,
Server 2025 booted and installed!
After the initial setup, I tried the real test: installing the AD Directory Services role and
creating a forest. IT WORKED! Here’s the logon screen for ARM2025DC.ad.dotdot.horse.

I mentioned my success to Jim Sykora who immediately upped the ante and asked me if
it was possible to join ARM-based DCs to a forest containing only x86_64-based DCs. I
wasn’t sure, so I tried creating a new child domain in a test forest we share
(BlueTuxedo.DanglingSPNs.lol).

Would it work? Short answer, YUP!

So now, I have a single-domain ARM-only test forest that lives completely on my
MacBook Air M1 (ad.dotdot.horse) and a mixed x86/ARM multi-domain test forest
(BlueTuxedo.DanglingSPNs.lol) partially hosted in Jim’s house. The options should allow
for lots of interesting testing.

I’m sorry for the long-winded journey, but if recipe sites have taught me anything, it’s
that recipes need long-winded journeys for introductions.

All right, let’s get cooking.

How To
This is a distilled version of what ended up working for me. There are other approaches
you could take at certain points, and I’m sure each choice has its benefits. I do not claim
this is the best or most efficient method. But I had no interest in things like “weighing
my options” or “making choices”; this is the laziest method possible.

Install UTM
https://apps.apple.com/us/app/utm-virtual-machines/id1538878817

UTM is a GUI front-end for QEMU. It makes the process of booting and running a VM
pretty easy. And because it uses QEMU, you can emulate a bunch of other processor
architectures (at a speed cost). But hey, if you wanna emulate Win 3.11, you can!

I think there’s a monetary cost for the prebuilt version of UTM available in the macOS
App Store, but I like all the benefits that come from that distribution method. As I said,
this is the laziest method possible, and sometimes laziness costs a few bucks.

Install CrystalFetch
https://apps.apple.com/us/app/crystalfetch-iso-downloader/id6454431289?mt=12

CrystalFetch is used by UTM to create ISOs from information found on uupdump.net

which itself pulls UUP files from Microsoft’s official UUP repositories.

Install Windows 11-on-ARM

After installing UTM, you need to stand up a Windows 11 VM. UTM makes it easy.
First, click the + button to start the installation process.

Next, click
the Virtualize button.
Click
the Windows button.

Click the Fetch latest Windows installer… link. This opens CrystalFetch.

Select Windows 11 and click the Download… button. When CrystalFetch is done
generating the ISO, you will be prompted to save it somewhere. Save it somewhere
you’ll remember because you’ll need it in the next step.

Under “Boot ISO Image” click the Browse… button and select the ISO you just saved.
You already forgot where you saved it, didn’t you?

On the “Hardware”, “Storage”, and “Shared Directory” pages, feel free to modify as you
wish then click the Continue button. I modified nothing because I am using the laziest
method possible.
On the Summary page, you should set a “Name” and then click Save. I didn’t set a
Name because…
That’s it! You have a Windows 11-on-ARM VM. Click any of the play buttons to start up
the installation and configuration process.

Note: I am not detailing the installation process for Windows 11. It’s mostly easy.

Create Server 2025 Installa on Media

Log into your Windows 11 VM.

Open Edge.

Head to uupdump.net and search for “server arm64” to get a list of available 2025 ARM
ISOs. (There might be a way to do this from the various on-screen menus, but yet again,
I’m going for the laziest options possible.)
When you search, you’ll be presented with a list of results that looks something like this:

The results are a mix of installation media and updates. Dig through until you find
installation media that suits your level of danger: release or pre-release. I like to live
dangerously, so I selected “ Windows Server Insider Preview 26212.5000 (ge_prerelease)
arm64”: https://uupdump.net/selectlang.php?id=cb985455-1f1d-43fd-9208-
3bd74477d90e

Click the link!

Now we’re into a section that allows you to lightly configure your installation media.
First, select your language and click Next.
Then select the editions you’d like to work with. I wanted a small installer, and I am not
super-1337, so I unchecked everything except Windows Server Standard. When you’re
done making your selection, click Next.
My laziness impels me to let other smarter people do things on my behalf, so I am
choosing to download an installation package that compiles the downloaded UUP files
and converts them into a single ISO for later use. If you know how to compile UUPs into
an ISO, choose that option instead! Hopefully, this is the most difficult choice you need
to make today.

Whatever you decide, you need to click Create download package when you are done.
When the download package is complete (it’s very small), click Open file to open the
compressed package.
While viewing the contents of the download package file, click the 3 dots and
choose Extract all.
Extract the package contents to a location you will remember. I am lazy, so I accepted
the defaults.
The extracted files will be displayed in a folder. Right-click uup_download_windows.cmd
and select Run as administrator.
You will likely be presented with a scary prompt about Windows protecting you from
yourself. Click More info and Run anyway.
A Windows Terminal window will pop up and ask you if you want to run an unsigned
script. Enter R and press Enter.

You will then begin seeing files download and stuff happening. Just relax. Depending on
the options you configured, you may be downloading anywhere from 2-13GB of UUP
files.

If you get hit with an error that you downloaded no files, try the process again. If you
get the same error a second time, head back to uupdump.net and pick a different
installation package.

Once the files are downloaded, the installer/converter (aria2) will compile the
downloaded UUP files into a bootable ISO. If everything worked correctly, you will see:

Finished

Press 0 or q to quit
Press 0 or q.
You should now see an ISO file!

Transferring the ISO

So now you have an ISO file… but it’s on the Windows 11 VM’s storage. You need it on
your Mac’s storage so you can use it for the next section. Thankfully, UTM allows you to
share folders on the host machine to make them available in the guest VM.

Unfortunately, I cannot seem to get this file transfer process working consistently using
UTM’s shared directory tools, so this step is currently left as an exercise for the reader. I
uploaded my ISO to iCloud temporarily and then downloaded it to my Mac.

Install Server 2025-on-ARM

This section is pretty much a duplicate of the “Install Windows 11-on-ARM” section
above, but I’m including it for completeness.
First, click the + button to start the installation process.

Next, click the Virtualize button.

Click the Windows button.

This is where the process diverges slightly from the Windows 11 installation. Instead of
using UTM/CrystalFetch to “Fetch latest Windows installer…”, we’re going to go directly
to “Boot ISO Image”, click the **Browse… **button, and select the Server ISO you just
transferred from Win 11 to macOS. You forgot where you saved that one too, didn’t
you?
On the “Hardware”, “Storage”, and “Shared Directory” pages, feel free to modify as you
wish then click the Continue button. I modified nothing because I am using the laziest
method possible.
On the Summary page, you should set a “Name” and then click Save. I didn’t set a
Name because…
That’s it! You have a Windows Server 2025-on-ARM VM. Click any of the play buttons to
start up the installation and configuration process.

Note: I am not detailing the installation process for Windows Server 2025. It’s mostly
easy.

Conclusion
Now that Server 2025 is installed, do something fun with it:

 Install AD DS + DNS/DHCP
 Run BlueTuxedo to find out-of-the-box DNS issues you can fix to
immediately improve DNS security.
 Install AD CS
 Run Invoke-TSS.ps1 to screw up your AD CS!
 Run Locksmith to find all the issues TSS created so you can clean them up.
 Run BadBlood to create a bunch of dangerous permission delegation issues.
 Use ADeleg + ADeleginator to identify permission delegation issues.

If this guide inspires you to install Server 2025 on ARM, please reach out to me at
[email protected] to let me know how it went. I’m always looking to
improve my documentation, and I’d love to hear what cool stuff people are doing with
Apple Silicon!
About the author
Jake Hildreth is a man of many roles - devoted husband, fun-loving dad, seasoned IT
expert. With 20+ years entrenched in IT, he currently leads Trimarc's Active Directory
(AD) Security Assessment. Jake's daily mission involves bolstering the digital
fortifications of major corporations, ensuring their AD security is rock solid. His
creations, Locksmith and BlueTuxedo, attempt to alleviate the burden on overworked
AD admins while his CISSP certification demonstrates his wide-ranging experience.

To contact Jake and view his current projects, visit his Linktree.