diff --git a/playbook/shopfloor-setup/run-enrollment.ps1 b/playbook/shopfloor-setup/run-enrollment.ps1
index f2820fa..cd7bc1e 100755
--- a/playbook/shopfloor-setup/run-enrollment.ps1
+++ b/playbook/shopfloor-setup/run-enrollment.ps1
@@ -38,27 +38,35 @@ Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue
 # enrollment PPKGs are designed to run during OOBE; on Windows 11 22H2+ they
 # can hang indefinitely if OOBE is already marked complete.
 #
-# Install-ProvisioningPackage triggers an IMMEDIATE reboot. Nothing below
-# this line executes. BPRT app installs (Chrome, Office, Tanium, etc.) happen
-# on the next boot. The sync_intune scheduled task (registered by
-# Run-ShopfloorSetup.ps1 before calling us) fires at the next logon to
-# monitor Intune enrollment.
+# We invoke provtool.exe directly instead of Install-ProvisioningPackage.
+# The PowerShell cmdlet enforces a hardcoded 180-second timeout on the
+# underlying provtool call, which a 7-8 GB GCCH PPKG often exceeds on
+# slower disks. When the cmdlet times out it throws, and the Add-
+# ProvisioningPackage fallback has been observed to invoke provtool with
+# an empty packagePathsToAdd (session registered but never started),
+# leaving the PC un-enrolled. provtool.exe directly has no caller-side
+# timeout; Start-Process -Wait waits on the actual child process.
+#
+# The PPKG triggers an IMMEDIATE reboot once fully applied. Nothing below
+# that point executes on the current boot. BPRT app installs (Chrome,
+# Office, Tanium, etc.) happen on the next boot. The sync_intune
+# scheduled task (registered by Run-ShopfloorSetup.ps1 before calling us)
+# fires at the next logon to monitor Intune enrollment.
 $ppkgLogDir = "C:\Logs\PPKG"
 New-Item -ItemType Directory -Path $ppkgLogDir -Force -ErrorAction SilentlyContinue | Out-Null
-Log "Installing provisioning package (PPKG will reboot immediately)..."
+$provtool = Join-Path $env:SystemRoot 'System32\provtool.exe'
+$provArgs = "/ppkg:`"$($ppkgFile.FullName)`" /quiet /log:`"$ppkgLogDir\provtool.log`""
+Log "Installing provisioning package via provtool.exe (no PowerShell timeout)..."
+Log "Command: $provtool $provArgs"
 Log "PPKG diagnostic logs -> $ppkgLogDir"
 try {
-    Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
-    Log "Install-ProvisioningPackage returned (reboot may be imminent)."
-} catch {
-    Log "ERROR: Install-ProvisioningPackage failed: $_"
-    Log "Attempting fallback with Add-ProvisioningPackage..."
-    try {
-        Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
-        Log "Add-ProvisioningPackage returned."
-    } catch {
-        Log "ERROR: Fallback also failed: $_"
+    $p = Start-Process -FilePath $provtool -ArgumentList $provArgs -Wait -PassThru -NoNewWindow -ErrorAction Stop
+    Log "provtool.exe exit code: $($p.ExitCode)"
+    if ($p.ExitCode -ne 0) {
+        Log "WARNING: provtool.exe returned non-zero exit code. Check $ppkgLogDir\provtool.log for details."
     }
+} catch {
+    Log "ERROR: Failed to launch provtool.exe: $_"
 }
 
 # --- Set OOBE complete (only reached if PPKG didn't trigger immediate reboot) ---