Fix ShopFloor autologon persistence, S: drive mapping, sync throttle

AutoLogonCount depletion: Run-ShopfloorSetup set AutoLogonCount=4 for SupportUser. Windows decrements per-logon; at 0 it clears AutoAdminLogon + DefaultPassword, nuking the lockdown-configured ShopFloor autologon. Fix: delete AutoLogonCount in Invoke-SetupComplete before the lockdown reboot. ShopFloor's Autologon.exe-set config persists indefinitely. Sync_intune window on ShopFloor: The marker-check path used 'exit 0' but the task runs with -NoExit, leaving a dangling PowerShell window on every ShopFloor logon. Fix: [Environment]::Exit(0) kills the host outright, defeating -NoExit. S: drive mapping: Vendor ConsumeCredentials.ps1 calls New-StoredCredential -Persist LocalMachine (needs admin) before net use. ShopFloor is non-admin so cred-store fails silently and net use has no auth. Fix: new Map-SfldShare.ps1 reads HKLM creds and passes them inline to net use /user: -- no Credential Manager needed, works as Limited. Register-MapSfldShare updated to stage + reference our script. Wired NIC re-enable: SYSTEM task polls for SFLD creds (Phase 5), re-enables wired NICs, self-deletes. Replaces the broken Enable-NetAdapter in Monitor (Limited principal can't enable NICs). No-WiFi devices unaffected (migrate-to-wifi never disables, re-enable is a no-op). Sync throttle: 15 min retrigger when only waiting for lockdown (was 5 min for all phases). Avoids interrupting the Intune Remediation script. Defect Tracker path: All references corrected to C:\Program Files (x86)\WJF_Defect_Tracker. QR code retry: Build-QRCodeText retried every poll cycle until DeviceId appears (was single-shot that could miss the dsregcmd timing window). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 12:29:02 -04:00
parent f73f999938
commit 2ab6055125
8 changed files with 187 additions and 51 deletions
--- a/playbook/preinstall/preinstall.json
+++ b/playbook/preinstall/preinstall.json
@@ -158,9 +158,9 @@
      "Name": "WJF Defect Tracker",
      "Installer": "WJF_Defect_Tracker.msi",
      "Type": "MSI",
-      "InstallArgs": "/qn /norestart ALLUSERS=1 REBOOT=ReallySuppress TARGETDIR=\"C:\\Program Files\\WJF_Defect_Tracker\"",
+      "InstallArgs": "/qn /norestart ALLUSERS=1 REBOOT=ReallySuppress TARGETDIR=\"C:\\Program Files (x86)\\WJF_Defect_Tracker\"",
      "DetectionMethod": "File",
-      "DetectionPath": "C:\\Program Files\\WJF_Defect_Tracker\\Defect_Tracker.exe",
+      "DetectionPath": "C:\\Program Files (x86)\\WJF_Defect_Tracker\\Defect_Tracker.exe",
      "PCTypes": ["*"]
    },
    {
--- a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
+++ b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
@@ -244,6 +244,51 @@ Write-Host "Auto-logon set to 4 remaining logins."
 # These run on every logon regardless of PC type, mounting the SFLD share
 # for version-pinned app enforcement. Initial install already handled by
 # preinstall flow; enforcers only kick in when detection fails.
 # --- Re-enable wired NICs once SFLD creds arrive (Phase 5) ---
 # migrate-to-wifi.ps1 disables wired NICs so the PPKG runs over WiFi.
 # After Phase 5 (SFLD creds populated), WiFi duty is done and the tech
 # needs wired back for production ethernet. Monitor-IntuneProgress runs
 # as Limited and can't call Enable-NetAdapter (needs admin). This SYSTEM
 # task fires at logon, waits for the SFLD cred marker, re-enables wired
 # NICs, and self-deletes. If creds haven't landed yet, the task exits
 # quickly and the repetition interval retries every 5 minutes.
 $reEnableTask = 'GE Re-enable Wired NICs'
 try {
    $script = @'
 $credsBase = 'HKLM:\SOFTWARE\GE\SFLD\Credentials'
 if (-not (Test-Path $credsBase)) { exit 0 }
 $hasCreds = $false
 Get-ChildItem -Path $credsBase -ErrorAction SilentlyContinue | ForEach-Object {
    $p = Get-ItemProperty -Path $_.PSPath -ErrorAction SilentlyContinue
    if ($p -and $p.TargetHost -and $p.Username -and $p.Password) { $hasCreds = $true }
 }
 if (-not $hasCreds) { exit 0 }
 Get-NetAdapter -Physical -ErrorAction SilentlyContinue |
    Where-Object { $_.InterfaceDescription -notmatch 'Wi-?Fi|Wireless|WLAN|802\.11' } |
    Enable-NetAdapter -Confirm:$false -ErrorAction SilentlyContinue
 Unregister-ScheduledTask -TaskName 'GE Re-enable Wired NICs' -Confirm:$false -ErrorAction SilentlyContinue
 '@
    $scriptPath = 'C:\Program Files\GE\ReEnableNIC.ps1'
    if (-not (Test-Path 'C:\Program Files\GE')) {
        New-Item -Path 'C:\Program Files\GE' -ItemType Directory -Force | Out-Null
    }
    Set-Content -Path $scriptPath -Value $script -Force
    $reEnableAction    = New-ScheduledTaskAction -Execute 'powershell.exe' `
        -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$scriptPath`""
    $reEnableTrigger   = New-ScheduledTaskTrigger -AtLogOn
    $reEnableTrigger.Repetition = (New-ScheduledTaskTrigger -Once -At (Get-Date) `
        -RepetitionInterval (New-TimeSpan -Minutes 5)).Repetition
    $reEnablePrincipal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
    $reEnableSettings  = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries `
        -ExecutionTimeLimit (New-TimeSpan -Minutes 2)
    Register-ScheduledTask -TaskName $reEnableTask -Action $reEnableAction -Trigger $reEnableTrigger `
        -Principal $reEnablePrincipal -Settings $reEnableSettings -Force -ErrorAction Stop | Out-Null
    Write-Host "Registered '$reEnableTask' task (waits for SFLD creds, then re-enables wired NICs)."
 } catch {
    Write-Warning "Failed to register NIC re-enable task: $_"
 }
 $commonSetupDir = Join-Path $PSScriptRoot 'common'
 $registerCommon = Join-Path $commonSetupDir 'Register-CommonEnforce.ps1'
 if (Test-Path -LiteralPath $registerCommon) {
--- a/playbook/shopfloor-setup/Shopfloor/06-OrganizeDesktop.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/06-OrganizeDesktop.ps1
@@ -339,7 +339,7 @@ function Add-ShopfloorToolsApps {
            @{ Name = 'eDNC';           Kind = 'exe';      ExePath = 'C:\Program Files (x86)\Dnc\bin\DncMain.exe' }
            @{ Name = 'NTLARS';         Kind = 'exe';      ExePath = 'C:\Program Files (x86)\Dnc\Common\NTLARS.exe' }
            @{ Name = 'WJ Shopfloor';   Kind = 'existing'; SourceName = 'WJ Shopfloor.lnk' }
-            @{ Name = 'Defect_Tracker'; Kind = 'exe';      ExePath = 'C:\Program Files\WJF_Defect_Tracker\Defect_Tracker.exe' }
+            @{ Name = 'Defect_Tracker'; Kind = 'exe';      ExePath = 'C:\Program Files (x86)\WJF_Defect_Tracker\Defect_Tracker.exe' }
        )
    }
--- a/playbook/shopfloor-setup/Shopfloor/Register-MapSfldShare.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/Register-MapSfldShare.ps1
@@ -1,28 +1,19 @@
-# Register-MapSfldShare.ps1 - Register a parallel logon task that runs
+# Register-MapSfldShare.ps1 - Stage Map-SfldShare.ps1 + register a logon
-# the SFLD vendor's ConsumeCredentials.ps1 for ANY user in BUILTIN\Users.
+# task that maps S: for any user in BUILTIN\Users (SupportUser, ShopFloor,
 # any future end-user accounts).
 #
-# Why: the vendor's own 'SFLD - Consume Credentials' scheduled task is
+# Why not the vendor's ConsumeCredentials.ps1: it calls
-# registered with a principal that excludes ShopFloor (admin/specific-
+# New-StoredCredential -Persist LocalMachine (needs admin) before net use.
-# user only), so when ShopFloor logs in, ConsumeCredentials never fires
+# ShopFloor is non-admin, so the cred-store fails and net use has no auth.
-# for that session and S: drive is never mapped (drive mappings are
+# Our Map-SfldShare.ps1 reads HKLM creds directly and passes them inline
-# per-user-session, so SupportUser's mapping doesn't carry over).
+# to net use /user: -- no Credential Manager needed, works as Limited.
 #
 # We don't reimplement the mapping logic - the vendor script at
 # C:\ProgramData\SFLD\CredentialManager\ConsumeCredentials.ps1 already
 # reads HKLM creds and runs net use when DriveLetter/ShareName are
 # populated. We just register a second task with a wider principal
 # (BUILTIN\Users + Limited) so the vendor script ALSO fires for the
 # end-user logon.
 #
 # Trade-off: the vendor script's New-StoredCredential -Persist LocalMachine
 # step requires admin to write Cred Manager. ShopFloor (Limited) will see
 # that part throw, but the script catches per-cred and the net use step
 # still runs and lands the drive in ShopFloor's session.
 $ErrorActionPreference = 'Continue'
-$logDir  = 'C:\Logs\SFLD'
+$installRoot = 'C:\Program Files\GE\SfldShare'
-$logFile = Join-Path $logDir 'register-mapshare.log'
+$mapScript   = Join-Path $installRoot 'Map-SfldShare.ps1'
 $logDir      = 'C:\Logs\SFLD'
 $logFile     = Join-Path $logDir 'register-mapshare.log'
 if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
 function Write-RegLog {
@@ -34,12 +25,23 @@ function Write-RegLog {
 Write-RegLog '=== Register-MapSfldShare start ==='
-$vendorScript = 'C:\ProgramData\SFLD\CredentialManager\ConsumeCredentials.ps1'
+# Stage our Map-SfldShare.ps1 to a persistent location
 if (-not (Test-Path $installRoot)) {
    New-Item -Path $installRoot -ItemType Directory -Force | Out-Null
 }
 $src = Join-Path $PSScriptRoot 'lib\Map-SfldShare.ps1'
 if (Test-Path $src) {
    Copy-Item -Path $src -Destination $mapScript -Force
    Write-RegLog "Staged $src -> $mapScript"
 } else {
    Write-RegLog "Map-SfldShare.ps1 not found at $src - cannot register"
    exit 1
 }
 try {
    $action = New-ScheduledTaskAction `
        -Execute 'powershell.exe' `
-        -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$vendorScript`""
+        -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$mapScript`""
    $trigger = New-ScheduledTaskTrigger -AtLogOn
@@ -63,7 +65,7 @@ try {
        -Principal $principal `
        -Settings  $settings `
        -Force `
-        -Description 'Run vendor ConsumeCredentials.ps1 on any user logon (parallel to the principal-restricted SFLD-owned task) so ShopFloor and other end-user accounts get S: mapped' `
+        -Description 'Map SFLD share drives on any user logon using HKLM creds (parallel to the principal-restricted vendor task) so ShopFloor and other end-user accounts get S: mapped' `
        -ErrorAction Stop | Out-Null
    Write-RegLog 'Scheduled task registered'
--- a/playbook/shopfloor-setup/Shopfloor/lib/Map-SfldShare.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Map-SfldShare.ps1
@@ -0,0 +1,68 @@
 # Map-SfldShare.ps1 - Map S: drive on user logon using SFLD creds from HKLM.
 #
 # Runs as the interactive user (BUILTIN\Users, Limited) so the drive
 # mapping lands in the logged-in user's session. Reads username/password
 # directly from HKLM:\SOFTWARE\GE\SFLD\Credentials\* and passes them
 # inline to net use -- no Windows Credential Manager involvement.
 #
 # Why not the vendor's ConsumeCredentials.ps1: it calls
 # New-StoredCredential -Persist LocalMachine which requires admin.
 # ShopFloor is a non-admin user, so the cred-store step fails silently
 # and the subsequent net use (which relies on those stored creds) has
 # no authentication. Direct net use /user: bypasses the issue entirely.
 $ErrorActionPreference = 'Continue'
 $logDir = 'C:\Logs\SFLD'
 if (-not (Test-Path $logDir)) {
    try { New-Item -Path $logDir -ItemType Directory -Force | Out-Null } catch { $logDir = $env:TEMP }
 }
 $logFile = Join-Path $logDir 'map-share.log'
 function Write-MapLog {
    param([string]$Message)
    $line = '[{0}] [{1}] {2}' -f (Get-Date -Format 'yyyy-MM-dd HH:mm:ss'), $env:USERNAME, $Message
    Add-Content -Path $logFile -Value $line -ErrorAction SilentlyContinue
 }
 Write-MapLog '=== Map-SfldShare start ==='
 $credsBase = 'HKLM:\SOFTWARE\GE\SFLD\Credentials'
 if (-not (Test-Path $credsBase)) {
    Write-MapLog 'No HKLM SFLD credentials yet - exiting'
    exit 0
 }
 foreach ($entry in (Get-ChildItem -Path $credsBase -ErrorAction SilentlyContinue)) {
    $p = Get-ItemProperty -Path $entry.PSPath -ErrorAction SilentlyContinue
    if (-not $p -or -not $p.TargetHost -or -not $p.Username -or -not $p.Password) { continue }
    $drive = $null
    $share = $null
    try { $drive = $p.DriveLetter } catch {}
    try { $share = $p.ShareName } catch {}
    if ([string]::IsNullOrWhiteSpace($drive) -or [string]::IsNullOrWhiteSpace($share)) { continue }
    $drive = $drive.TrimEnd(':') + ':'
    $share = $share.TrimStart('\')
    $uncPath = "\\$($p.TargetHost)\$share"
    # Skip if already mapped to the right target
    $existing = & net use $drive 2>&1
    if ($LASTEXITCODE -eq 0 -and ($existing -join "`n") -match [regex]::Escape($uncPath)) {
        Write-MapLog "$drive already mapped to $uncPath - skipping"
        continue
    }
    & net use $drive /delete /y 2>$null | Out-Null
    $out = & net use $drive $uncPath /user:$($p.Username) $($p.Password) /persistent:yes 2>&1
    if ($LASTEXITCODE -eq 0) {
        Write-MapLog "Mapped $drive -> $uncPath"
    } else {
        Write-MapLog "FAILED $drive -> $uncPath (exit $LASTEXITCODE): $out"
    }
 }
 Write-MapLog '=== Map-SfldShare end ==='
 exit 0
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -103,14 +103,10 @@ Write-Host ""
 # the imaging chain on a keypress. Tower (no WiFi) case is a no-op because
 # Order 5's WiFi detection left the wired NIC enabled to begin with.
 # ============================================================================
-try {
+# Wired NIC re-enable is handled by the 'GE Re-enable Wired NICs' SYSTEM
-    Get-NetAdapter -Physical -ErrorAction SilentlyContinue |
+# task (registered by Run-ShopfloorSetup.ps1) which polls for SFLD creds
-        Where-Object { $_.InterfaceDescription -notmatch 'Wi-?Fi|Wireless|WLAN|802\.11' } |
+# and re-enables once they appear. This script (Limited principal) can't
-        Enable-NetAdapter -Confirm:$false -ErrorAction SilentlyContinue
+# call Enable-NetAdapter itself.
    Write-Host "Wired NICs re-enabled (was migrate-to-wifi.ps1 had disabled them on laptops)."
 } catch {
    Write-Warning "Failed to re-enable wired NICs: $_"
 }
 Write-Host ""
 # ============================================================================
@@ -740,10 +736,19 @@ function Invoke-SetupComplete {
            try { & $ConfigureScript -MachineNumberOnly } catch { Write-Warning "Configure-PC failed: $_" }
        }
        # Delete AutoLogonCount so it can't deplete and nuke ShopFloor's
        # autologon. Run-ShopfloorSetup set it to 4 for the SupportUser
        # imaging chain; Windows decrements per-logon and at 0 clears
        # AutoAdminLogon + DefaultPassword, breaking the lockdown-set
        # ShopFloor autologon. Removing the value entirely leaves the
        # lockdown's Autologon.exe-configured autologon intact forever.
        & reg.exe delete 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v AutoLogonCount /f 2>$null | Out-Null
        Write-Host "Cleared AutoLogonCount (ShopFloor autologon will persist)."
        # Reboot so Winlogon's new DefaultUserName=ShopFloor kicks in -
        # autologon only fires at the logon boundary. Next boot brings up
        # a clean ShopFloor session; this task will fire again for that
-        # user, see the marker, and exit in <1s.
+        # user, see the marker, and exit in <1s (via [Environment]::Exit).
        Write-Host ""
        Write-Host "Rebooting in 10 seconds for ShopFloor autologon..." -ForegroundColor Yellow
        & shutdown.exe /r /t 10
@@ -817,9 +822,11 @@ $syncCompleteMarker = 'C:\Enrollment\sync-complete.txt'
 # exit immediately. The task stays registered (BUILTIN\Users can't delete
 # tasks) but does nothing -- fires at logon, sees marker, exits in <1s.
 if ($AsTask -and (Test-Path -LiteralPath $syncCompleteMarker)) {
    Write-Host "Sync already complete (marker exists). Exiting."
    try { Stop-Transcript | Out-Null } catch {}
-    exit 0
+    # [Environment]::Exit forcefully terminates the PowerShell host,
    # defeating -NoExit so the ShopFloor desktop doesn't show a
    # dangling PowerShell window on every logon.
    [Environment]::Exit(0)
 }
 # PC types that don't receive DSC (no SAS token, no DSCInstall.log).
@@ -846,12 +853,12 @@ try {
    while ($true) {
        $snap = Get-Snapshot
-        # Refresh QR code once AAD join is detected (the initial build
+        # Retry QR code every cycle until it actually renders. dsregcmd
-        # may have run before enrollment completed, showing "not yet
+        # may report AzureAdJoined=YES before DeviceId is populated, so
-        # Azure AD joined" even after Phase 1 passes).
+        # a single-shot refresh misses the window.
-        if (-not $qrRefreshed -and $snap.Phase1.AzureAdJoined) {
+        if (-not $qrRefreshed) {
            $qrText = Build-QRCodeText
-            $qrRefreshed = $true
+            $qrRefreshed = [bool]($qrText -notmatch 'not yet Azure AD joined')
        }
        Clear-Host
@@ -903,13 +910,27 @@ try {
            }
        }
-        # Re-trigger sync periodically
+        # Re-trigger sync periodically. Throttle to 15 min once we're
        # only waiting on lockdown -- the 5 min cycle can interrupt the
        # Intune Remediation script mid-execution and delay lockdown.
        $waitingForLockdownOnly = $false
        if (-not $skipDsc) {
            $waitingForLockdownOnly = ($snap.DscInstallComplete -and
                                      $snap.Phase5.CredsPopulated -and
                                      -not $snap.LockdownComplete)
        } else {
            $waitingForLockdownOnly = ($snap.Phase1.AzureAdJoined -and
                                      $snap.Phase1.PoliciesArriving -and
                                      -not $snap.LockdownComplete)
        }
        $currentInterval = if ($waitingForLockdownOnly) { 15 } else { $RetriggerMinutes }
        if ((Get-Date) -ge $nextRetrigger) {
            Write-Host ""
            Write-Host "Re-triggering Intune sync..." -ForegroundColor Cyan
            Invoke-IntuneSync
            $lastSync      = Get-Date
-            $nextRetrigger = $lastSync.AddMinutes($RetriggerMinutes)
+            $nextRetrigger = $lastSync.AddMinutes($currentInterval)
        }
        Start-Sleep -Seconds $PollSecs
--- a/playbook/shopfloor-setup/common/common-apps-manifest.template.json
+++ b/playbook/shopfloor-setup/common/common-apps-manifest.template.json
@@ -14,13 +14,13 @@
      "DetectionValue": "25.001.20531"
    },
    {
-      "_comment": "WJF Defect Tracker. Replaces the old ClickOnce deployment. MSI installs to C:\\Program Files\\WJF_Defect_Tracker\\. Update workflow: drop new MSI on share, bump DetectionValue to new ProductVersion, next logon upgrades. ProductCode changes per version so msiexec /i handles the upgrade.",
+      "_comment": "WJF Defect Tracker. Replaces the old ClickOnce deployment. MSI installs to C:\\Program Files (x86)\\WJF_Defect_Tracker\\. Update workflow: drop new MSI on share, bump DetectionValue to new ProductVersion, next logon upgrades.",
      "Name": "WJF Defect Tracker",
      "Installer": "WJF_Defect_Tracker.msi",
      "Type": "MSI",
-      "InstallArgs": "/qn /norestart ALLUSERS=1 REBOOT=ReallySuppress TARGETDIR=\"C:\\Program Files\\WJF_Defect_Tracker\"",
+      "InstallArgs": "/qn /norestart ALLUSERS=1 REBOOT=ReallySuppress TARGETDIR=\"C:\\Program Files (x86)\\WJF_Defect_Tracker\"",
      "DetectionMethod": "FileVersion",
-      "DetectionPath": "C:\\Program Files\\WJF_Defect_Tracker\\Defect_Tracker.exe",
+      "DetectionPath": "C:\\Program Files (x86)\\WJF_Defect_Tracker\\Defect_Tracker.exe",
      "DetectionValue": "1.0.0.102"
    }
  ]
--- a/playbook/shopfloor-setup/site-config.json
+++ b/playbook/shopfloor-setup/site-config.json
@@ -51,7 +51,7 @@
    { "name": "eDNC",            "kind": "exe",      "exePath": "C:\\Program Files (x86)\\Dnc\\bin\\DncMain.exe" },
    { "name": "NTLARS",          "kind": "exe",      "exePath": "C:\\Program Files (x86)\\Dnc\\Common\\NTLARS.exe" },
    { "name": "WJ Shopfloor",   "kind": "existing",  "sourceName": "WJ Shopfloor.lnk" },
-    { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
+    { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files (x86)\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
  ],
  "pcProfiles": {
@@ -67,7 +67,7 @@
      ],
      "desktopApps": [
        { "name": "WJ Shopfloor",   "kind": "existing",  "sourceName": "WJ Shopfloor.lnk" },
-        { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
+        { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files (x86)\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
      ],
      "edgeHomepage": "http://tsgwp00524.logon.ds.ge.com/",
      "edgeStartupTabs": [
@@ -99,7 +99,7 @@
        { "name": "eDNC",            "kind": "exe",      "exePath": "C:\\Program Files (x86)\\Dnc\\bin\\DncMain.exe" },
        { "name": "NTLARS",          "kind": "exe",      "exePath": "C:\\Program Files (x86)\\Dnc\\Common\\NTLARS.exe" },
        { "name": "WJ Shopfloor",   "kind": "existing",  "sourceName": "WJ Shopfloor.lnk" },
-        { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
+        { "name": "Defect_Tracker",  "kind": "exe",       "exePath": "C:\\Program Files (x86)\\WJF_Defect_Tracker\\Defect_Tracker.exe" }
      ]
    },