Retire v1 per-pctype enforcers; GE-Enforce is the sole dispatcher
Stage 2a (GE-Enforce.ps1, landed 2026-04-22) is now the only ongoing-update
enforcer. The legacy per-pctype tasks (Machine-Enforce, Common-Enforce,
CMM-Enforce, Keyence-Enforce, Acrobat-Enforce) were kept as transition
belt-and-suspenders; with retrofitted PCs handled, the v1 path is dead and
gets removed entirely.
Deleted (13 files):
Standard/{Machine-Enforce,Register-MachineEnforce}.ps1
Standard/machineapps-manifest.template.json
common/{Common-Enforce,Acrobat-Enforce,Register-CommonEnforce,Register-AcrobatEnforce}.ps1
common/common-apps-manifest.template.json
CMM/CMM-Enforce.ps1
Keyence/Keyence-Enforce.ps1
{CMM,Keyence,Standard}/lib/Install-FromManifest.ps1 (orphan dups of common/lib)
Trimmed:
Run-ShopfloorSetup.ps1: dropped the legacy register-* invocations (Common,
Machine) and the transition-period comment. Sole enforcer registration
is now Register-GEEnforce.
09-Setup-Keyence.ps1: keeps imaging-time install (step 1); removes the
enforcer staging (step 2) and scheduled-task registration (step 3).
Library lookup repointed to common/lib/Install-FromManifest.ps1.
09-Setup-CMM.ps1: same treatment - keeps .NET 3.5 enable, install,
PC-DMIS ACL grants, and bootstrap cleanup. Library repointed to common/lib.
cmm-manifest.json + keyence-manifest.json: _comment fields updated to
reflect imaging-time-only role (ongoing enforcement now goes through
the v2 share manifests via GE-Enforce).
Verified clean: no orphan references to *-Enforce.ps1 / Register-*Enforce.ps1
/ machineapps-manifest / common-apps-manifest in any code path that runs.
A few historical mentions remain in unmodified header comments (GE-Enforce.ps1,
Deploy-GEEnforce.ps1, Monitor-IntuneProgress.ps1) describing what the new
dispatcher replaced; left as historical context.
Run-ShopfloorSetup.ps1 also picks up an unrelated 1-line hunk adding
SetShopfloorAutoLogon.bat to the desktop-copy list (already in the working
tree from a prior session). The file itself is not yet tracked; the
desktop-copy step is Test-Path-guarded so this is harmless until the
.bat is committed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
@@ -1,40 +1,26 @@
|
||||
# 09-Setup-Keyence.ps1 - Keyence type setup (runs during shopfloor-setup phase).
|
||||
#
|
||||
# Performs one-shot imaging-time install and then registers the ongoing
|
||||
# enforcer. Mirrors CMM's pattern.
|
||||
#
|
||||
# Sequence:
|
||||
# 1. Run Install-FromManifest against the staged bundle in $PSScriptRoot.
|
||||
# Installs VR-6000 Series Software MSI + KEYENCE VR Series USB driver.
|
||||
# 2. Stage Install-FromManifest.ps1 + Keyence-Enforce.ps1 + keyence-manifest.json
|
||||
# to C:\Program Files\GE\Keyence so the scheduled task has them post-imaging.
|
||||
# 3. Register "GE Keyence Enforce" scheduled task (SYSTEM, logon trigger).
|
||||
# It mounts the tsgwp00525 share, reads the manifest there, and upgrades
|
||||
# anything whose detection falls out of sync. Credentials for the share
|
||||
# arrive via Azure DSC writing to HKLM:\SOFTWARE\GE\SFLD\Credentials.
|
||||
# Performs the imaging-time install of Keyence VR-6000 Series Software MSI +
|
||||
# KEYENCE VR Series USB driver from the staged bundle. Ongoing enforcement
|
||||
# is handled by GE-Enforce (registered separately in Run-ShopfloorSetup.ps1)
|
||||
# reading keyence/manifest.json from the tsgwp00525 share.
|
||||
#
|
||||
# Layout at $PSScriptRoot (xcopied by startnet.cmd only for PCTYPE=Keyence):
|
||||
# keyence-manifest.json
|
||||
# 09-Setup-Keyence.ps1 (this file)
|
||||
# Keyence-Enforce.ps1 (staged to C:\Program Files\GE\Keyence)
|
||||
# lib\Install-FromManifest.ps1 (staged alongside)
|
||||
# installers\VR-6000 Series Software.msi
|
||||
# drivers\keyence_vr_series.inf (+ cat + amd64\{Wdf,WinUsb}CoInstaller*.dll)
|
||||
#
|
||||
# Library lookup: the imaging-time install uses the common Install-FromManifest
|
||||
# library at ..\common\lib\Install-FromManifest.ps1 (relative to $PSScriptRoot).
|
||||
#
|
||||
# Log: C:\Logs\Keyence\09-Setup-Keyence.log
|
||||
# C:\Logs\Keyence\install.log (written by Install-FromManifest)
|
||||
|
||||
$ErrorActionPreference = 'Continue'
|
||||
|
||||
$manifestPath = Join-Path $PSScriptRoot 'keyence-manifest.json'
|
||||
$libSource = Join-Path $PSScriptRoot 'lib\Install-FromManifest.ps1'
|
||||
$enforceSource = Join-Path $PSScriptRoot 'Keyence-Enforce.ps1'
|
||||
|
||||
$runtimeRoot = 'C:\Program Files\GE\Keyence'
|
||||
$runtimeLibDir = Join-Path $runtimeRoot 'lib'
|
||||
$runtimeLib = Join-Path $runtimeLibDir 'Install-FromManifest.ps1'
|
||||
$runtimeEnforce = Join-Path $runtimeRoot 'Keyence-Enforce.ps1'
|
||||
$runtimeManifest= Join-Path $runtimeRoot 'keyence-manifest.json'
|
||||
$libSource = Join-Path $PSScriptRoot '..\common\lib\Install-FromManifest.ps1'
|
||||
|
||||
$logDir = 'C:\Logs\Keyence'
|
||||
$installLog = Join-Path $logDir 'install.log'
|
||||
@@ -83,62 +69,6 @@ if (-not (Test-Path $manifestPath)) {
|
||||
Write-KeyenceLog "Install-FromManifest returned $rc"
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Step 2: Stage runtime scripts to C:\Program Files\GE\Keyence
|
||||
# ============================================================================
|
||||
# These survive past any bootstrap cleanup so the logon-triggered scheduled
|
||||
# task can run them. The manifest is staged too as a fallback for the first
|
||||
# logon if the share is unreachable.
|
||||
Write-KeyenceLog "Staging runtime scripts to $runtimeRoot"
|
||||
foreach ($dir in @($runtimeRoot, $runtimeLibDir)) {
|
||||
if (-not (Test-Path $dir)) {
|
||||
New-Item -Path $dir -ItemType Directory -Force | Out-Null
|
||||
}
|
||||
}
|
||||
Copy-Item -Path $libSource -Destination $runtimeLib -Force
|
||||
Copy-Item -Path $enforceSource -Destination $runtimeEnforce -Force
|
||||
Copy-Item -Path $manifestPath -Destination $runtimeManifest -Force
|
||||
|
||||
# ============================================================================
|
||||
# Step 3: Register "GE Keyence Enforce" scheduled task (logon trigger, SYSTEM)
|
||||
# ============================================================================
|
||||
$taskName = 'GE Keyence Enforce'
|
||||
|
||||
# Drop any stale version first so re-imaging is idempotent.
|
||||
$existing = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
|
||||
if ($existing) {
|
||||
Write-KeyenceLog "Removing existing scheduled task '$taskName'"
|
||||
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Write-KeyenceLog "Registering scheduled task '$taskName' (logon trigger, SYSTEM)"
|
||||
try {
|
||||
$action = New-ScheduledTaskAction `
|
||||
-Execute 'powershell.exe' `
|
||||
-Argument "-NoProfile -ExecutionPolicy Bypass -File `"$runtimeEnforce`""
|
||||
|
||||
$trigger = New-ScheduledTaskTrigger -AtLogOn
|
||||
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
|
||||
$settings = New-ScheduledTaskSettingsSet `
|
||||
-AllowStartIfOnBatteries `
|
||||
-DontStopIfGoingOnBatteries `
|
||||
-StartWhenAvailable `
|
||||
-ExecutionTimeLimit (New-TimeSpan -Hours 1) `
|
||||
-MultipleInstances IgnoreNew
|
||||
|
||||
Register-ScheduledTask `
|
||||
-TaskName $taskName `
|
||||
-Action $action `
|
||||
-Trigger $trigger `
|
||||
-Principal $principal `
|
||||
-Settings $settings `
|
||||
-Description 'GE Keyence: enforce VR-6000 Series Software + USB driver against tsgwp00525 SFLD share on user logon' | Out-Null
|
||||
|
||||
Write-KeyenceLog "Scheduled task registered"
|
||||
} catch {
|
||||
Write-KeyenceLog "Failed to register scheduled task: $_" "ERROR"
|
||||
}
|
||||
|
||||
Write-KeyenceLog "================================================================"
|
||||
Write-KeyenceLog "=== Keyence Setup session end ==="
|
||||
Write-KeyenceLog "================================================================"
|
||||
|
||||
Reference in New Issue
Block a user