ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Keyence ongoing-update enforcer (tsgwp00525 share pattern)

Browse Source 
Adds a CMM-style logon enforcer so VR-6000 updates push fleet-wide
without re-imaging.

- keyence-manifest.json: declares VR-6000 MSI (ProductCode-keyed) and
  KEYENCE VR USB driver (pnputil-keyed). Single source of truth for
  both imaging-time and ongoing-enforcement paths.
- lib/Install-FromManifest.ps1: forked from CMM/lib; adds DetectionMethod
  "pnputil" (regex-matches `pnputil /enum-drivers` output) and Type
  "INF" (invokes `pnputil /add-driver /install`). Everything else
  unchanged so CMM-style error parsing + MSI log scanning carry over.
- Keyence-Enforce.ps1: forked from CMM-Enforce.ps1. SYSTEM scheduled
  task, logon trigger, mounts tsgwp00525 SFLD share with creds from
  HKLM:\SOFTWARE\GE\SFLD\Credentials (provisioned by Azure DSC),
  hands off to Install-FromManifest against the share manifest.
- 09-Setup-Keyence.ps1: rewritten around the manifest. Runs
  Install-FromManifest at imaging time, stages runtime scripts to
  C:\Program Files\GE\Keyence, registers "GE Keyence Enforce"
  scheduled task. Idempotent.
- site-config.json: add keyenceSharePath to the Keyence profile
  pointing at \\tsgwp00525\shared\dt\shopfloor\keyence\machineapps.

To push a new VR-6000 version: drop the new MSI + updated manifest on
the tsgwp00525 share, every Keyence PC upgrades on next logon.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-18 10:16:20 -04:00
parent 22c59b889e
commit 6dcf832ace
5 changed files with 584 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
playbook/shopfloor-setup/Keyence/09-Setup-Keyence.ps1
View File

@@ -1,46 +1,44 @@
# 09-Setup-Keyence.ps1 - Keyence type setup (runs during shopfloor-setup phase).
#
# Installs the VR-6000 Series Software MSI and the KEYENCE VR Series USB driver
# package. Both payloads ship inside this directory (shopfloor-setup\Keyence\)
# and are staged by startnet.cmd during WinPE, so they exist locally on disk
# when this script runs - no share mapping required.
# Performs one-shot imaging-time install and then registers the ongoing
# enforcer. Mirrors CMM's pattern.
#
# Layout (sibling to this .ps1):
# Sequence:
# 1. Run Install-FromManifest against the staged bundle in $PSScriptRoot.
# Installs VR-6000 Series Software MSI + KEYENCE VR Series USB driver.
# 2. Stage Install-FromManifest.ps1 + Keyence-Enforce.ps1 + keyence-manifest.json
# to C:\Program Files\GE\Keyence so the scheduled task has them post-imaging.
# 3. Register "GE Keyence Enforce" scheduled task (SYSTEM, logon trigger).
# It mounts the tsgwp00525 share, reads the manifest there, and upgrades
# anything whose detection falls out of sync. Credentials for the share
# arrive via Azure DSC writing to HKLM:\SOFTWARE\GE\SFLD\Credentials.
#
# Layout at $PSScriptRoot (xcopied by startnet.cmd only for PCTYPE=Keyence):
# keyence-manifest.json
# 09-Setup-Keyence.ps1 (this file)
# Keyence-Enforce.ps1 (staged to C:\Program Files\GE\Keyence)
# lib\Install-FromManifest.ps1 (staged alongside)
# installers\VR-6000 Series Software.msi
# drivers\keyence_vr_series.inf
# drivers\KEYENCE_VR_SERIES.cat
# drivers\amd64\WdfCoInstaller01009.dll
# drivers\amd64\WinUsbCoinstaller2.dll
#
# Prereqs (installed earlier by 00-PreInstall-MachineApps.ps1 via preinstall.json):
# - Microsoft Visual C++ 2010 x86 + x64
# - Microsoft Visual C++ 2013 x86 + x64 (Min + Add)
# - Microsoft Visual C++ 2017/2022 x86 (UCRT covers 2015-2022)
#
# Idempotent: skips the MSI if the product GUID is already registered, skips
# the driver if the package is already in the DriverStore.
# drivers\keyence_vr_series.inf (+ cat + amd64\{Wdf,WinUsb}CoInstaller*.dll)
#
# Log: C:\Logs\Keyence\09-Setup-Keyence.log
# C:\Logs\Keyence\install.log (written by Install-FromManifest)
$ErrorActionPreference = 'Continue'
$logDir = 'C:\Logs\Keyence'
$transcriptLog = Join-Path $logDir '09-Setup-Keyence.log'
$manifestPath = Join-Path $PSScriptRoot 'keyence-manifest.json'
$libSource = Join-Path $PSScriptRoot 'lib\Install-FromManifest.ps1'
$enforceSource = Join-Path $PSScriptRoot 'Keyence-Enforce.ps1'
$installerDir = Join-Path $PSScriptRoot 'installers'
$msiPath = Join-Path $installerDir 'VR-6000 Series Software.msi'
$msiLog = Join-Path $logDir 'VR-6000-msiexec.log'
$driverDir = Join-Path $PSScriptRoot 'drivers'
$driverInf = Join-Path $driverDir 'keyence_vr_series.inf'
$runtimeRoot = 'C:\Program Files\GE\Keyence'
$runtimeLibDir = Join-Path $runtimeRoot 'lib'
$runtimeLib = Join-Path $runtimeLibDir 'Install-FromManifest.ps1'
$runtimeEnforce = Join-Path $runtimeRoot 'Keyence-Enforce.ps1'
$runtimeManifest= Join-Path $runtimeRoot 'keyence-manifest.json'
# Product registration - ProductCode read from the MSI via msiinfo: must match
# the value baked in, so idempotency works after a successful install.
$productCode = '{058E7194-BDF8-4FA2-9D69-978BB0F25214}'
$expectedVersion = '4.3.7'
$uninstallRegPaths = @(
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$productCode",
"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\$productCode"
)
$logDir = 'C:\Logs\Keyence'
$installLog = Join-Path $logDir 'install.log'
$transcriptLog = Join-Path $logDir '09-Setup-Keyence.log'
if (-not (Test-Path $logDir)) {
New-Item -Path $logDir -ItemType Directory -Force | Out-Null
@@ -55,82 +53,90 @@ function Write-KeyenceLog {
}
Write-KeyenceLog "================================================================"
Write-KeyenceLog "=== Keyence Setup session start (PID $PID) ==="
Write-KeyenceLog "=== Keyence Setup (imaging-time) session start (PID $PID) ==="
Write-KeyenceLog "Running as: $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)"
Write-KeyenceLog "Script root: $PSScriptRoot"
Write-KeyenceLog "================================================================"
# --- Detection: skip MSI if already installed at expected version ---
$msiAlreadyInstalled = $false
foreach ($regPath in $uninstallRegPaths) {
if (Test-Path $regPath) {
$installed = (Get-ItemProperty $regPath -ErrorAction SilentlyContinue).DisplayVersion
if ($installed -eq $expectedVersion) {
Write-KeyenceLog "MSI already installed (DisplayVersion=$installed at $regPath) - skipping"
$msiAlreadyInstalled = $true
break
} else {
Write-KeyenceLog "MSI registered but at version '$installed' (expected $expectedVersion) - will reinstall" "WARN"
}
}
}
# --- Install MSI ---
if (-not $msiAlreadyInstalled) {
if (-not (Test-Path $msiPath)) {
Write-KeyenceLog "MSI not found at $msiPath - aborting MSI install" "ERROR"
# Diagnostic dump
foreach ($file in @('pc-type.txt','pc-subtype.txt','machine-number.txt')) {
$path = "C:\Enrollment\$file"
if (Test-Path -LiteralPath $path) {
$content = (Get-Content -LiteralPath $path -First 1 -ErrorAction SilentlyContinue).Trim()
Write-KeyenceLog " $file = $content"
} else {
$msiSize = [math]::Round((Get-Item $msiPath).Length / 1MB, 1)
Write-KeyenceLog "Installing VR-6000 Series Software MSI ($msiSize MB)"
$msiArgs = @(
'/i', "`"$msiPath`"",
'/qn', '/norestart',
'ALLUSERS=1', 'REBOOT=ReallySuppress',
'/L*v', "`"$msiLog`""
)
$sw = [Diagnostics.Stopwatch]::StartNew()
$proc = Start-Process -FilePath 'msiexec.exe' -ArgumentList $msiArgs -Wait -PassThru -NoNewWindow
$sw.Stop()
# msiexec exit codes we tolerate: 0 = success, 3010 = success w/ reboot recommended
if ($proc.ExitCode -eq 0 -or $proc.ExitCode -eq 3010) {
Write-KeyenceLog "MSI install succeeded (exit=$($proc.ExitCode), elapsed=$([int]$sw.Elapsed.TotalSeconds)s)"
} else {
Write-KeyenceLog "MSI install FAILED (exit=$($proc.ExitCode)). See $msiLog" "ERROR"
}
Write-KeyenceLog " $file = (not present)"
}
}
# --- Detection: skip driver if already in DriverStore ---
$driverAlreadyStaged = $false
# ============================================================================
# Step 1: Install via manifest (imaging-time)
# ============================================================================
if (-not (Test-Path $manifestPath)) {
Write-KeyenceLog "keyence-manifest.json not found at $manifestPath" "ERROR"
} elseif (-not (Test-Path $libSource)) {
Write-KeyenceLog "Install-FromManifest.ps1 not found at $libSource" "ERROR"
} else {
Write-KeyenceLog "Running Install-FromManifest (InstallerRoot=$PSScriptRoot)"
& $libSource -ManifestPath $manifestPath -InstallerRoot $PSScriptRoot -LogFile $installLog
$rc = $LASTEXITCODE
Write-KeyenceLog "Install-FromManifest returned $rc"
}
# ============================================================================
# Step 2: Stage runtime scripts to C:\Program Files\GE\Keyence
# ============================================================================
# These survive past any bootstrap cleanup so the logon-triggered scheduled
# task can run them. The manifest is staged too as a fallback for the first
# logon if the share is unreachable.
Write-KeyenceLog "Staging runtime scripts to $runtimeRoot"
foreach ($dir in @($runtimeRoot, $runtimeLibDir)) {
if (-not (Test-Path $dir)) {
New-Item -Path $dir -ItemType Directory -Force | Out-Null
}
}
Copy-Item -Path $libSource -Destination $runtimeLib -Force
Copy-Item -Path $enforceSource -Destination $runtimeEnforce -Force
Copy-Item -Path $manifestPath -Destination $runtimeManifest -Force
# ============================================================================
# Step 3: Register "GE Keyence Enforce" scheduled task (logon trigger, SYSTEM)
# ============================================================================
$taskName = 'GE Keyence Enforce'
# Drop any stale version first so re-imaging is idempotent.
$existing = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
if ($existing) {
Write-KeyenceLog "Removing existing scheduled task '$taskName'"
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
}
Write-KeyenceLog "Registering scheduled task '$taskName' (logon trigger, SYSTEM)"
try {
$pnpOut = & pnputil.exe /enum-drivers 2>&1 | Out-String
if ($pnpOut -match 'keyence_vr_series\.inf') {
Write-KeyenceLog "Keyence USB driver already in DriverStore - skipping"
$driverAlreadyStaged = $true
}
} catch {
Write-KeyenceLog "pnputil /enum-drivers failed ($($_.Exception.Message)); attempting install anyway" "WARN"
}
$action = New-ScheduledTaskAction `
-Execute 'powershell.exe' `
-Argument "-NoProfile -ExecutionPolicy Bypass -File `"$runtimeEnforce`""
# --- Install driver ---
if (-not $driverAlreadyStaged) {
if (-not (Test-Path $driverInf)) {
Write-KeyenceLog "Driver INF not found at $driverInf - aborting driver install" "ERROR"
} else {
Write-KeyenceLog "Adding KEYENCE VR Series USB driver to DriverStore via pnputil"
$pnp = Start-Process -FilePath 'pnputil.exe' `
-ArgumentList '/add-driver', "`"$driverInf`"", '/install' `
-Wait -PassThru -NoNewWindow `
-RedirectStandardOutput (Join-Path $logDir 'pnputil-stdout.log') `
-RedirectStandardError (Join-Path $logDir 'pnputil-stderr.log')
# pnputil exit codes: 0 = ok, 3010 = ok (reboot recommended),
# 259 = ERROR_NO_MORE_ITEMS (no INFs matched)
if ($pnp.ExitCode -eq 0 -or $pnp.ExitCode -eq 3010) {
Write-KeyenceLog "Driver install succeeded (exit=$($pnp.ExitCode))"
} else {
Write-KeyenceLog "Driver install FAILED (exit=$($pnp.ExitCode))" "ERROR"
}
}
$trigger = New-ScheduledTaskTrigger -AtLogOn
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet `
-AllowStartIfOnBatteries `
-DontStopIfGoingOnBatteries `
-StartWhenAvailable `
-ExecutionTimeLimit (New-TimeSpan -Hours 1) `
-MultipleInstances IgnoreNew
Register-ScheduledTask `
-TaskName $taskName `
-Action $action `
-Trigger $trigger `
-Principal $principal `
-Settings $settings `
-Description 'GE Keyence: enforce VR-6000 Series Software + USB driver against tsgwp00525 SFLD share on user logon' | Out-Null
Write-KeyenceLog "Scheduled task registered"
} catch {
Write-KeyenceLog "Failed to register scheduled task: $_" "ERROR"
}
Write-KeyenceLog "================================================================"