S: drive mapping via HKLM\Run, autologon-count non-intervention, Phase 4 no-scripts handling
- Register-MapSfldShare.ps1: swap scheduled task for HKLM\Run entry. Task with -GroupId runs in session 0 with no HKCU, so /persistent:yes fails and the drive mapping isn't visible to Explorer. Run key fires at Explorer startup in the interactive user's session with full token + HKCU. Unregisters legacy 'GE Shopfloor Map S: Drive' task for PCs already imaged. - Run-ShopfloorSetup.ps1: stop bumping AutoLogonCount (99 at start, 4 at end). Windows decrements per-logon and at 0 clears AutoAdminLogon + DefaultPassword, which nukes the lockdown-configured ShopFloor autologon. Re-enable-wired-NICs task now gates on Autologon_Remediation.log 'Autologon set for ShopFloor' instead of SFLD creds, so wired stays off through the whole Intune+DSC+lockdown chain. - Monitor-IntuneProgress.ps1: Phase 4 treats 'no custom scripts' as COMPLETE when DSC install is done (was WAITING, which stalled the state machine on PC types without scripts). Push retrigger out to 15min when entering lockdown-wait so a stale 5min retrigger doesn't fire mid-Remediation. Removed the AutoLogonCount delete in Invoke-SetupComplete since we no longer set it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
@@ -601,13 +601,19 @@ function Format-Snapshot {
|
||||
@{ Ok = $Snap.Phase3.InstallComplete; Failed = $false }
|
||||
)
|
||||
$p4HasFailed = $false; $p4AllDone = $true; $p4AnyStarted = $false
|
||||
if ($Snap.Phase4 -and $Snap.Phase4.Count -gt 0) {
|
||||
$p4HasScripts = ($Snap.Phase4 -and $Snap.Phase4.Count -gt 0)
|
||||
if ($p4HasScripts) {
|
||||
foreach ($s in $Snap.Phase4) {
|
||||
if ($s.Status -eq 'failed') { $p4HasFailed = $true }
|
||||
if ($s.Status -ne 'done') { $p4AllDone = $false }
|
||||
if ($s.Status -ne 'pending') { $p4AnyStarted = $true }
|
||||
}
|
||||
} else { $p4AllDone = $false }
|
||||
} else {
|
||||
# No scripts discovered. If DSC install is already complete,
|
||||
# there are simply no custom scripts for this image type --
|
||||
# that's COMPLETE, not WAITING.
|
||||
$p4AllDone = $Snap.Phase3.InstallComplete
|
||||
}
|
||||
$p4Status = if ($p4HasFailed) { 'FAILED' } elseif ($p4AllDone) { 'COMPLETE' } elseif ($p4AnyStarted) { 'IN PROGRESS' } else { 'WAITING' }
|
||||
|
||||
$p5Done = ($Snap.Phase5.ConsumeCredsTask -and $Snap.Phase5.CredsPopulated)
|
||||
@@ -736,15 +742,6 @@ function Invoke-SetupComplete {
|
||||
try { & $ConfigureScript -MachineNumberOnly } catch { Write-Warning "Configure-PC failed: $_" }
|
||||
}
|
||||
|
||||
# Delete AutoLogonCount so it can't deplete and nuke ShopFloor's
|
||||
# autologon. Run-ShopfloorSetup set it to 4 for the SupportUser
|
||||
# imaging chain; Windows decrements per-logon and at 0 clears
|
||||
# AutoAdminLogon + DefaultPassword, breaking the lockdown-set
|
||||
# ShopFloor autologon. Removing the value entirely leaves the
|
||||
# lockdown's Autologon.exe-configured autologon intact forever.
|
||||
& reg.exe delete 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' /v AutoLogonCount /f 2>$null | Out-Null
|
||||
Write-Host "Cleared AutoLogonCount (ShopFloor autologon will persist)."
|
||||
|
||||
# Reboot so Winlogon's new DefaultUserName=ShopFloor kicks in -
|
||||
# autologon only fires at the logon boundary. Next boot brings up
|
||||
# a clean ShopFloor session; this task will fire again for that
|
||||
@@ -925,6 +922,12 @@ try {
|
||||
}
|
||||
$currentInterval = if ($waitingForLockdownOnly) { 15 } else { $RetriggerMinutes }
|
||||
|
||||
# If we just entered lockdown-wait and the existing countdown is
|
||||
# shorter than 15 min, push it out immediately so we don't fire
|
||||
# a stale 5-min retrigger mid-Remediation.
|
||||
$minNext = $lastSync.AddMinutes($currentInterval)
|
||||
if ($minNext -gt $nextRetrigger) { $nextRetrigger = $minNext }
|
||||
|
||||
if ((Get-Date) -ge $nextRetrigger) {
|
||||
Write-Host ""
|
||||
Write-Host "Re-triggering Intune sync..." -ForegroundColor Cyan
|
||||
|
||||
Reference in New Issue
Block a user