diff --git a/modules/build/unix/cleanup/secgen_metadata.xml b/modules/build/unix/cleanup/secgen_metadata.xml
index 9a5287739..d3cdc12ee 100644
--- a/modules/build/unix/cleanup/secgen_metadata.xml
+++ b/modules/build/unix/cleanup/secgen_metadata.xml
@@ -34,4 +34,4 @@
utilities/unix/system/.*/accounts
-
\ No newline at end of file
+
diff --git a/modules/build/windows/cleanup/cleanup.pp b/modules/build/windows/cleanup/cleanup.pp
new file mode 100644
index 000000000..ef2da891c
--- /dev/null
+++ b/modules/build/windows/cleanup/cleanup.pp
@@ -0,0 +1 @@
+include cleanup::init
\ No newline at end of file
diff --git a/modules/build/windows/cleanup/manifests/init.pp b/modules/build/windows/cleanup/manifests/init.pp
new file mode 100644
index 000000000..201cfdb44
--- /dev/null
+++ b/modules/build/windows/cleanup/manifests/init.pp
@@ -0,0 +1,56 @@
+class cleanup::init {
+ $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
+ $remove_history = str2bool($secgen_params['remove_history'][0])
+ $root_password = $secgen_params['root_password'][0]
+ $clobber_file_times = str2bool($secgen_params['clobber_file_times'][0])
+ $disable_ssh = str2bool($secgen_params['disable_ssh'][0])
+
+ Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+ # TODO: clean up Windows
+
+ # file_line { 'comment_out_legacy_login_config1':
+ # line => '# NONEXISTENT',
+ # match => 'NONEXISTENT.*',
+ # path => "/etc/login.defs",
+ # } ->
+ # file_line { 'comment_out_legacy_login_config2':
+ # line => '# PREVENT_NO_AUTH',
+ # match => 'PREVENT_NO_AUTH.*',
+ # path => "/etc/login.defs",
+ # }
+ #
+ # if $root_password {
+ # # Set root password
+ # ::accounts::user { 'root':
+ # ensure => present,
+ # password => pw_hash($root_password, 'SHA-512', 'mysalt'),
+ # }
+ # ::accounts::user { 'vagrant':
+ # ensure => present,
+ # password => pw_hash($root_password, 'SHA-512', 'mysalt'),
+ # }
+ # }
+ #
+ # # Disable ssh
+ # if $disable_ssh {
+ # service { 'ssh':
+ # enable => false,
+ # }
+ # }
+ #
+ # # Reset all system file access times to hide our tracks
+ # if $clobber_file_times {
+ # notice 'Clobbering file access times -- This may take a while...'
+ # exec { 'clobber_files':
+ # command => "find / -exec touch -d '17 May 2006 14:16' {} \\;",
+ # }
+ # }
+ #
+ # # removes bash history
+ # if $remove_history {
+ # exec { 'remove_history':
+ # command => "/bin/bash -c 'history -c && history -w'"
+ # }
+ # }
+}
diff --git a/modules/build/windows/cleanup/secgen_metadata.xml b/modules/build/windows/cleanup/secgen_metadata.xml
new file mode 100644
index 000000000..72df08549
--- /dev/null
+++ b/modules/build/windows/cleanup/secgen_metadata.xml
@@ -0,0 +1,43 @@
+
+
+ Cleanup Windows Module
+ Thomas Shaw
+ MIT
+ Cleanup module which remove traces left on the box during setup.
+
+ cleanup
+ windows
+
+ remove_history
+ root_password
+ clobber_file_times
+ disable_ssh
+
+
+ true
+
+
+
+
+
+
+
+ false
+
+
+
+ false
+
+
+
+
+ bases/.*
+ linux
+
+
+
+