From 12bcc9b549090e70f975ddaadc1d0e0f865fc36d Mon Sep 17 00:00:00 2001 From: cproudlock Date: Fri, 10 Apr 2026 10:19:34 -0400 Subject: [PATCH] Stage gate in Run-ShopfloorSetup + sync retrigger 5min Run-ShopfloorSetup.ps1 now checks for C:\Enrollment\setup-stage.txt at the very top. If the stage file exists (written by run-enrollment.ps1), the script exits immediately with "deferring to Stage-Dispatcher.ps1 on next logon". This prevents the unattend's FirstLogonCommands chain from running Run-ShopfloorSetup in the same session as run-enrollment, which was bypassing the entire staged reboot chain. Without this gate: FirstLogonCommand #1: run-enrollment.ps1 (sets stage file + RunOnce) FirstLogonCommand #2: Run-ShopfloorSetup.ps1 (runs immediately, ignoring stage) PPKG reboot fires after both complete Next boot: dispatcher has nothing to do (Run-ShopfloorSetup already ran) With the gate: FirstLogonCommand #1: run-enrollment.ps1 (sets stage file + RunOnce) FirstLogonCommand #2: Run-ShopfloorSetup.ps1 (sees stage file, exits) PPKG reboot fires Next boot: RunOnce fires dispatcher, reads "shopfloor-setup", runs Run-ShopfloorSetup properly (stage file deleted by gate on re-entry) Also: Monitor-IntuneProgress.ps1 RetriggerMinutes bumped from 3 to 5. Co-Authored-By: Claude Opus 4.6 (1M context) --- playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 index 58a5c0a..6cd59a7 100644 --- a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 +++ b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 @@ -1,6 +1,20 @@ # Run-ShopfloorSetup.ps1 - Dispatcher for shopfloor PC type setup # Runs Shopfloor baseline scripts first, then type-specific scripts on top. +# --- Stage-file gate --- +# If run-enrollment.ps1 wrote a stage file, the imaging chain is managed by +# Stage-Dispatcher.ps1 via RunOnce. Exit immediately so the FirstLogonCommands +# chain finishes, the PPKG reboot fires, and the dispatcher takes over on +# the next boot. Without this gate, the unattend's FirstLogonCommands runs +# this script right after run-enrollment in the same session (before the +# PPKG reboot), bypassing the entire staged chain. +$stageFile = 'C:\Enrollment\setup-stage.txt' +if (Test-Path -LiteralPath $stageFile) { + $stage = (Get-Content -LiteralPath $stageFile -First 1 -ErrorAction SilentlyContinue) + Write-Host "Stage file found ($stage) - deferring to Stage-Dispatcher.ps1 on next logon." + exit 0 +} + # --- Transcript logging --- # Captures everything the dispatcher and all child scripts write to host so # we can diagnose setup failures after the fact. -Append + -Force so repeat