From 59dbd64e3781e559c2c520b719b0262b167ea3c2 Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Wed, 13 May 2026 18:27:26 -0400
Subject: [PATCH] Fix Report IP glob (.LOG not .txt) + add device-id copy
 button

Field bay surfaced two bugs in one diag dump (mdm-diag-F907T5X3 -
6PPSF24):

1. GE Proactive Remediation Report IP actually writes
   GE_Report_IP_Address_2_5.LOG (uppercase .LOG), not the .txt I
   assumed. Globs in two places had .txt filter -> never matched ->
   Phase 1 stuck IN PROGRESS forever even after the file landed and
   wired-NIC re-enable never fired. Drop extension from both globs
   in Monitor-IntuneProgress.ps1 (id=7 push gate + p1Done check).

2. The "GE Re-enable Wired NICs" SYSTEM task registered by
   Run-ShopfloorSetup was polling Autologon_Remediation.log for
   "Autologon set for ShopFloor" - a lockdown-time signal. Re-enable
   needs to fire at Report-IP time (well before lockdown) so that
   Monitor can push idx=7 with the QR before the Intune-triggered
   LAPS-prompt reboot. Repoint the SYSTEM task's poll to
   C:\Logs\GE_Report_IP_Address* (any extension).

Plus minor UX: copy button next to the Intune device ID on
/imaging dashboard so techs can grab the GUID without having to
double-click-select the <code>.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 playbook/shopfloor-setup/Run-ShopfloorSetup.ps1     | 13 ++++++++-----
 .../Shopfloor/lib/Monitor-IntuneProgress.ps1        |  4 ++--
 webapp/templates/imaging.html                       |  6 +++++-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
index 34cf9c7..461b85b 100644
--- a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
+++ b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
@@ -310,11 +310,14 @@ if (Test-Path -LiteralPath $monitorScript) {
 $reEnableTask = 'GE Re-enable Wired NICs'
 try {
     $script = @'
-$imeLogs = 'C:\ProgramData\Microsoft\IntuneManagementExtension\Logs'
-$remLog  = Join-Path $imeLogs 'Autologon_Remediation.log'
-if (-not (Test-Path $remLog)) { exit 0 }
-$content = Get-Content $remLog -Raw -ErrorAction SilentlyContinue
-if ($content -notmatch 'Autologon set for ShopFloor') { exit 0 }
+# Poll for the GE Report-IP Proactive Remediation log file. Its appearance
+# means the Report IP script has fired with WiFi-only IPs (because we
+# disabled wired post-PPKG) - which is the exact moment we want to bring
+# wired back up so Monitor-IntuneProgress can push idx=7 with the
+# DeviceId / QR code before the Intune-triggered LAPS-prompt reboot lands.
+# Extension is .LOG (not .txt) observed in field; match any extension.
+$ip = Get-ChildItem 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue | Select-Object -First 1
+if (-not $ip) { exit 0 }
 
 # Vendor-agnostic wired-NIC re-enable. NetAdapter "Name" varies wildly
 # ("Ethernet", "Ethernet 2", "Network", per-vendor names like "Realtek
diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
index 727fde8..729681b 100644
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -229,7 +229,7 @@ function Get-Phase1 {
     #
     # 1. Re-enable wired NICs as soon as the log lands + state file exists.
     # 2. Push idx=7 once DeviceId is captured AND the log exists.
-    $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue |
+    $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue |
                    Select-Object -First 1
     $nicListFile = 'C:\Enrollment\disabled-wired-nics.txt'
     if ($reportIpLog -and (Test-Path $nicListFile)) {
@@ -810,7 +810,7 @@ function Format-Snapshot {
     # yet, which means the SFLD ConfigurationProfile assignment filter still
     # sees a leaked 10.9.100.x IP and Phase 2 won't unblock. Don't call
     # registration "done" until Report IP has cleared.
-    $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue | Select-Object -First 1)
+    $reportIpDone = [bool](Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*' -ErrorAction SilentlyContinue | Select-Object -First 1)
     $p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and
                $Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesBaselineReady -and
                $reportIpDone)
diff --git a/webapp/templates/imaging.html b/webapp/templates/imaging.html
index e7cac74..a639951 100644
--- a/webapp/templates/imaging.html
+++ b/webapp/templates/imaging.html
@@ -44,7 +44,11 @@
           {% if s.hostname_target %}<code class="ms-2 small text-muted">{{ s.hostname_target }}</code>{% endif %}
           {% if s.pctype %}<span class="badge bg-info text-dark ms-2">{{ s.pctype }}</span>{% endif %}
           {% if s.machinenumber %}<span class="badge bg-secondary ms-1">#{{ s.machinenumber }}</span>{% endif %}
-          {% if s.intune_device_id %}<div class="small text-muted mt-1">Intune: <code>{{ s.intune_device_id }}</code></div>{% endif %}
+          {% if s.intune_device_id %}<div class="small text-muted mt-1">Intune: <code>{{ s.intune_device_id }}</code>
+            <button type="button" class="btn btn-sm btn-outline-secondary py-0 px-1 ms-1"
+                    style="font-size:0.7rem; line-height:1;"
+                    onclick="navigator.clipboard.writeText('{{ s.intune_device_id }}').then(()=>{this.textContent='copied';setTimeout(()=>{this.textContent='copy'},1500)});">copy</button>
+          </div>{% endif %}
         </div>
       </div>
       <span class="badge bg-{{ border }}">{{ s.status or 'in_progress' }}</span>