diff --git a/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 b/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 index e97c817..baab2c7 100644 --- a/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 +++ b/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 @@ -180,6 +180,54 @@ if ($machineNum -and $machineNum -ne '9999') { } } +$udcWebSrc = 'C:\Enrollment\shopfloor-setup\Standard\udc_webserver_settings.json' +$udcWebDst = 'C:\ProgramData\UDC\udc_webserver_settings.json' +if (Test-Path -LiteralPath $udcWebSrc) { + if (-not (Test-Path 'C:\ProgramData\UDC')) { + New-Item -Path 'C:\ProgramData\UDC' -ItemType Directory -Force | Out-Null + } + Copy-Item -Path $udcWebSrc -Destination $udcWebDst -Force + Write-PreInstallLog "Pre-staged UDC webserver settings from $udcWebSrc -> $udcWebDst" +} else { + Write-PreInstallLog "No UDC webserver settings file at $udcWebSrc" "WARN" +} + +# --- Suppress Windows Defender Firewall "Allow access" prompts globally for +# this preinstall pass. Oracle's OUI extracts a JRE to a per-run +# %TEMP%\OraInstall\jdk\jre\bin\java.exe and binds a localhost +# port, which trips the unsigned-app firewall dialog. The temp path is +# timestamp-randomized so a path-based -Program rule can't match it. +# Turning off NotifyOnListen stops the prompt without weakening the +# firewall's actual block decisions. +try { + Set-NetFirewallProfile -Profile Domain,Public,Private -NotifyOnListen False -ErrorAction Stop + Write-PreInstallLog "Firewall NotifyOnListen disabled (Domain/Public/Private)" +} catch { + Write-PreInstallLog "Failed to disable firewall NotifyOnListen: $_" "WARN" +} + +# --- Pre-enable .NET Framework 3.5. Oracle 11.2 OUI uses a .NET 2.0/3.5 +# component on its welcome path; on Win10/11 NetFx3 is OFF by default +# and the first 3.5 API call pops the "Download and install this feature" +# dialog. Enable-WindowsOptionalFeature pulls payload from Windows Update +# when available; on hosts without internet at preinstall time this will +# fail and Oracle will still prompt (TODO: stage NetFx3 sxs cab on image +# and pass -Source for true air-gap support). Idempotent no-op when +# already enabled. Mirrors the per-PC enable in CMM/09-Setup-CMM.ps1. +try { + $netfx = Get-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -ErrorAction Stop + if ($netfx.State -eq 'Enabled') { + Write-PreInstallLog ".NET Framework 3.5 already enabled" + } else { + Write-PreInstallLog ".NET Framework 3.5 state is $($netfx.State) - enabling now (may take a minute)..." + $result = Enable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -All -NoRestart -ErrorAction Stop + Write-PreInstallLog " Enable-WindowsOptionalFeature RestartNeeded=$($result.RestartNeeded)" + } +} catch { + Write-PreInstallLog "Failed to enable .NET 3.5: $_" "WARN" + Write-PreInstallLog " Continuing - Oracle and other 3.5-dependent installers may surface a Windows feature-install prompt" +} + # --- Pre-create Windows Firewall rules for UDC + MTConnect Agent so the # installer doesn't pop firewall-allow dialogs during silent install. # Rules are idempotent (New-NetFirewallRule -ErrorAction SilentlyContinue diff --git a/playbook/shopfloor-setup/Standard/udc_webserver_settings.json b/playbook/shopfloor-setup/Standard/udc_webserver_settings.json new file mode 100755 index 0000000..dd7729a --- /dev/null +++ b/playbook/shopfloor-setup/Standard/udc_webserver_settings.json @@ -0,0 +1,8 @@ +{ + "ServerAddress": "10.233.113.139", + "ServerPort": 5100, + "Enabled": true, + "ReconnectDelaySeconds": 10, + "ConnectTimeoutSeconds": 10, + "MaxQueue": 1000 +} \ No newline at end of file