Shell defaults + eDNC reg restore from machine-number backups

- 03-ShellDefaults.ps1: Default-User TaskbarAl=0 (left), HKLM policies to hide Start Recommended section, kill Bing web search + suggestions, disable Cortana. LTSC-honoured; runs fleet-wide via baseline loop. - ntlars-backups/: 147 per-machine eDNC registry backups renamed to flat <MachineNumber>.reg scheme. Historical off-by-one entries from the original dump rewritten to match CSV-target MachineNo. - Standard/03-RestoreEDncConfig.ps1: at imaging time, if tech typed a real machine number at PXE (not 9999), import <num>.reg from the local staged copy. Restores eFocas IP, PPDCS serial, Hssb relays -- not just the bare MachineNo. Skipped on Timeclock / 9999 / missing backup. - Update-MachineNumber.ps1: when tech later sets a real number from 9999, pull <num>.reg from tsgwp00525 SFLD share (ntlarsBackupSharePath in site-config) and reg-import it before writing the new MachineNo. - Restore-EDncReg.ps1: shared helper (Mount-SFLDShare + Import-EDncRegBackup) used by both callers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 15:42:21 -04:00
parent 67845372b2
commit 6db170bf54
152 changed files with 313 additions and 1 deletions
--- a/playbook/shopfloor-setup/Shopfloor/lib/Restore-EDncReg.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Restore-EDncReg.ps1
@@ -0,0 +1,88 @@
+# Restore-EDncReg.ps1 - Import a per-machine eDNC .reg backup from a folder.
+#
+# Two callers:
+#   1. Standard/03-RestoreEDncConfig.ps1 (imaging-time, source = local PXE copy)
+#   2. Shopfloor/lib/Update-MachineNumber.ps1 (post-image 9999 -> real, source
+#      = tsgwp00525 SFLD share mounted via existing SFLD credential pattern)
+#
+# The .reg files live as <num>-<host>.reg or <num>.reg. Returns the path
+# that was imported, or $null if nothing was found/imported. Errors are
+# caught and logged via Write-Host (no throwing); callers continue.
+#
+# Dot-source with:
+#   . "$PSScriptRoot\lib\Restore-EDncReg.ps1"        (from Shopfloor\)
+#   . "$PSScriptRoot\..\Shopfloor\lib\Restore-EDncReg.ps1"  (from Standard\)
+
+function Mount-SFLDShare {
+    <#
+    .SYNOPSIS
+        Mounts a \\server\share path using SFLD creds from
+        HKLM:\SOFTWARE\GE\SFLD\Credentials\*. Returns $true on success,
+        $false if creds are missing or mount fails.
+    #>
+    param(
+        [Parameter(Mandatory)][string]$SharePath,
+        [string]$DriveLetter = 'V:'
+    )
+
+    $server = ($SharePath -replace '^\\\\', '') -split '\\' | Select-Object -First 1
+    $basePath = 'HKLM:\SOFTWARE\GE\SFLD\Credentials'
+    if (-not (Test-Path $basePath)) { return $false }
+
+    $cred = $null
+    foreach ($entry in Get-ChildItem -Path $basePath -ErrorAction SilentlyContinue) {
+        $props = Get-ItemProperty -Path $entry.PSPath -ErrorAction SilentlyContinue
+        if (-not $props -or -not $props.TargetHost) { continue }
+        if ($props.TargetHost -eq $server -or
+            $props.TargetHost -like "$server.*" -or
+            $server -like "$($props.TargetHost).*") {
+            $cred = $props; break
+        }
+    }
+    if (-not $cred -or -not $cred.Username -or -not $cred.Password) { return $false }
+
+    & net use $DriveLetter /delete /y 2>$null | Out-Null
+    $null = & net use $DriveLetter $SharePath /user:$($cred.Username) $($cred.Password) /persistent:no 2>&1
+    return ($LASTEXITCODE -eq 0)
+}
+
+function Import-EDncRegBackup {
+    <#
+    .SYNOPSIS
+        Looks for <MachineNumber>-*.reg or <MachineNumber>.reg in SourceRoot
+        and runs `reg import` on it. Caller is responsible for mounting any
+        network share first; this function works on whatever local or drive-
+        letter path is handed in.
+    .PARAMETER SourceRoot
+        Directory containing the .reg backups.
+    .PARAMETER MachineNumber
+        The target machine number (digits). Used as a filename prefix.
+    .OUTPUTS
+        Path of the imported file, or $null if none found / import failed.
+    #>
+    param(
+        [Parameter(Mandatory)][string]$SourceRoot,
+        [Parameter(Mandatory)][string]$MachineNumber
+    )
+
+    if (-not (Test-Path -LiteralPath $SourceRoot)) {
+        Write-Host "  Restore-EDncReg: source root not found: $SourceRoot"
+        return $null
+    }
+
+    $candidate = Get-ChildItem -Path $SourceRoot -Filter "$MachineNumber.reg" -File -ErrorAction SilentlyContinue |
+                 Select-Object -First 1
+    if (-not $candidate) {
+        Write-Host "  Restore-EDncReg: no backup for machine $MachineNumber in $SourceRoot"
+        return $null
+    }
+
+    Write-Host "  Restore-EDncReg: importing $($candidate.FullName)"
+    $out = & reg.exe import "$($candidate.FullName)" 2>&1
+    if ($LASTEXITCODE -ne 0) {
+        Write-Host "  Restore-EDncReg: reg import failed (exit $LASTEXITCODE): $out"
+        return $null
+    }
+    Write-Host "  Restore-EDncReg: imported OK"
+    return $candidate.FullName
+}
--- a/playbook/shopfloor-setup/Shopfloor/lib/Update-MachineNumber.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Update-MachineNumber.ps1
@@ -60,7 +60,43 @@ function Update-MachineNumber {
        [string]$Site = 'West Jefferson'
    )

-    $out = @{ UdcUpdated = $false; EdncUpdated = $false; Errors = @() }
+    $out = @{ UdcUpdated = $false; EdncUpdated = $false; Errors = @(); RegImported = $null }
+
+    # --- If UDC or eDNC is still at placeholder 9999, try to pull the
+    #     per-machine .reg backup from the SFLD share and restore all
+    #     the eFocas/PPDCS/Hssb config. The tech-typed $NewNumber is still
+    #     written last (below), so the restore never clobbers it. ---
+    $current = Get-CurrentMachineNumber
+    $isPlaceholder = (($current.Udc -in @('9999', $null, '')) -or ($current.Ednc -in @('9999', $null, '')))
+
+    if ($isPlaceholder -and $NewNumber -ne '9999') {
+        $sharePath = $null
+        $siteCfgPath = 'C:\Enrollment\site-config.json'
+        if (Test-Path $siteCfgPath) {
+            try {
+                $cfg = Get-Content $siteCfgPath -Raw | ConvertFrom-Json
+                $sharePath = $cfg.pcProfiles.'Standard-Machine'.ntlarsBackupSharePath
+            } catch {}
+        }
+
+        if ($sharePath) {
+            try {
+                . (Join-Path $PSScriptRoot 'Restore-EDncReg.ps1')
+                $mounted = Mount-SFLDShare -SharePath $sharePath -DriveLetter 'V:'
+                if ($mounted) {
+                    try {
+                        $out.RegImported = Import-EDncRegBackup -SourceRoot 'V:\' -MachineNumber $NewNumber
+                    } finally {
+                        & net use V: /delete /y 2>$null | Out-Null
+                    }
+                } else {
+                    Write-Host "  Update-MachineNumber: SFLD share unreachable - skipping restore."
+                }
+            } catch {
+                $out.Errors += "ntlars restore failed: $_"
+            }
+        }
+    }

    # --- Stop UDC before editing its JSON (avoid stale shutdown write) ---
    Get-Process UDC -ErrorAction SilentlyContinue | ForEach-Object {