Intune sync: 3-step lockdown monitor, fix batch detection, remove backup_lockdown

sync_intune.bat now monitors three stages sequentially:
1. SFLD registry key (device configuration received)
2. DSCInstall.log success string (DSC installation complete)
3. SFLD - Consume Credentials scheduled task (lockdown complete)
Triggers Intune sync before each poll. Prompts reboot on completion.

Fixed batch delayed expansion bugs, removed nested if/goto blocks.
Removed backup_lockdown.bat and its desktop copy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

playbook/shopfloor-setup/Run-ShopfloorSetup.ps1

@@ -71,20 +71,15 @@ if ($pcType -ne "Shopfloor") {
 Write-Host "Shopfloor setup complete for $pcType."
 
 # Copy utility scripts to SupportUser desktop
-$lockdownScript = Join-Path $setupDir "backup_lockdown.bat"
-if (Test-Path $lockdownScript) {
-    Copy-Item -Path $lockdownScript -Destination "C:\Users\SupportUser\Desktop\backup_lockdown.bat" -Force
-    Write-Host "backup_lockdown.bat copied to desktop."
-}
 $syncScript = Join-Path $setupDir "Shopfloor\sync_intune.bat"
 if (Test-Path $syncScript) {
     Copy-Item -Path $syncScript -Destination "C:\Users\SupportUser\Desktop\sync_intune.bat" -Force
     Write-Host "sync_intune.bat copied to desktop."
 }
 
-# Set auto-logon to expire after 1 more login
-reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 1 /f | Out-Null
-Write-Host "Auto-logon set to 1 remaining login."
+# Set auto-logon to expire after 2 more logins
+reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 2 /f | Out-Null
+Write-Host "Auto-logon set to 2 remaining logins."
 
 Write-Host "Rebooting in 10 seconds..."
 shutdown /r /t 10