UDC settings: pre-stage from server backups, fix arg format, action prompts
Root cause found via decompiling UDC_Setup.exe: it never writes udc_settings.json from CLI args. Instead it pulls Settings_Backups\udc_settings_<num>.json from \\tsgwp00525\shared\SPC\UDC -- which is unreachable at imaging time (no SFLD creds yet). Silent File.Exists() false, settings never copy, UDC lands on Evendale defaults. Fix: stage 80 udc_settings_*.json backups under shopfloor-setup/Standard/udc-backups/ (same tree as ntlars-backups, xcopy'd to C:\Enrollment\ by existing startnet.cmd). 00-PreInstall pre-creates C:\ProgramData\UDC\udc_settings.json from the matching backup BEFORE UDC_Setup.exe runs. Installer's server-side copy silently fails (unreachable), our pre-staged file survives. Also: - preinstall.json UDC InstallArgs corrected: "West Jefferson" -9999 (quoted spaced site + dash-prefixed number, confirmed via decompile) - Update-MachineNumber.ps1 UDC.exe relaunch: quoted site + dash number - Monitor-IntuneProgress: action prompts (Select Device Category after Phase 1; Initiate ARTS Lockdown after Phase 5/creds), Display flow (3-phase: Registration -> Config -> Lockdown), Phase 6 IME-based lockdown detection Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
@@ -122,21 +122,20 @@ if (-not $config.Applications) {
|
||||
Write-PreInstallLog "Staged installer dir: $installerDir"
|
||||
Write-PreInstallLog "Found $($config.Applications.Count) app entries in preinstall.json"
|
||||
|
||||
# --- Site-name override: replace 'WestJefferson' (compact, no space) in
|
||||
# InstallArgs if site-config says otherwise. UDC_Setup.exe expects the
|
||||
# compact site name as positional arg 1; the spaced variant is used in
|
||||
# other places (eDNC SITESELECTED MSI property) but not here.
|
||||
# --- Site-name override: replace 'West Jefferson' in InstallArgs if
|
||||
# site-config says otherwise. UDC_Setup.exe expects the spaced site
|
||||
# name in quotes as arg 1, with a dash-prefixed machine number as arg 2.
|
||||
$siteConfig = Get-SiteConfig
|
||||
if ($siteConfig -and $siteConfig.siteNameCompact -and $siteConfig.siteNameCompact -ne 'WestJefferson') {
|
||||
Write-PreInstallLog "Site config loaded - siteNameCompact: $($siteConfig.siteNameCompact)"
|
||||
if ($siteConfig -and $siteConfig.siteName -and $siteConfig.siteName -ne 'West Jefferson') {
|
||||
Write-PreInstallLog "Site config loaded - siteName: $($siteConfig.siteName)"
|
||||
foreach ($app in $config.Applications) {
|
||||
if ($app.InstallArgs -and $app.InstallArgs -match 'WestJefferson') {
|
||||
$app.InstallArgs = $app.InstallArgs -replace 'WestJefferson', $siteConfig.siteNameCompact
|
||||
if ($app.InstallArgs -and $app.InstallArgs -match 'West Jefferson') {
|
||||
$app.InstallArgs = $app.InstallArgs -replace 'West Jefferson', $siteConfig.siteName
|
||||
Write-PreInstallLog " Overrode site name in $($app.Name) args: $($app.InstallArgs)"
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Write-PreInstallLog "No site-config override for siteNameCompact (using defaults in preinstall.json)"
|
||||
Write-PreInstallLog "No site-config override for siteName (using defaults in preinstall.json)"
|
||||
}
|
||||
|
||||
# --- Machine-number override: replace "9999" in UDC InstallArgs if tech entered a number ---
|
||||
@@ -158,6 +157,29 @@ if (Test-Path -LiteralPath $machineNumFile) {
|
||||
Write-PreInstallLog "No machine-number.txt found (using 9999 default)"
|
||||
}
|
||||
|
||||
# --- Pre-stage UDC settings backup if available. UDC_Setup.exe tries to
|
||||
# pull udc_settings_<num>.json from \\tsgwp00525\shared\SPC\UDC\Settings_Backups\,
|
||||
# but at imaging time that share is unreachable (no SFLD creds yet).
|
||||
# We carry a local mirror of Settings_Backups on the PXE server at
|
||||
# Y:\pre-install\udc-backups\. Pre-creating C:\ProgramData\UDC\udc_settings.json
|
||||
# before UDC_Setup.exe runs means the installer's File.Copy (overwrite:true)
|
||||
# would overwrite it IF the share were reachable, but since it isn't, our
|
||||
# pre-staged file survives and UDC launches with correct settings.
|
||||
if ($machineNum -and $machineNum -ne '9999') {
|
||||
$udcBackupDir = 'C:\Enrollment\shopfloor-setup\Standard\udc-backups'
|
||||
$udcBackup = Join-Path $udcBackupDir "udc_settings_$machineNum.json"
|
||||
$udcTarget = 'C:\ProgramData\UDC\udc_settings.json'
|
||||
if (Test-Path -LiteralPath $udcBackup) {
|
||||
if (-not (Test-Path 'C:\ProgramData\UDC')) {
|
||||
New-Item -Path 'C:\ProgramData\UDC' -ItemType Directory -Force | Out-Null
|
||||
}
|
||||
Copy-Item -Path $udcBackup -Destination $udcTarget -Force
|
||||
Write-PreInstallLog "Pre-staged UDC settings from $udcBackup -> $udcTarget"
|
||||
} else {
|
||||
Write-PreInstallLog "No UDC settings backup for machine $machineNum in $udcBackupDir"
|
||||
}
|
||||
}
|
||||
|
||||
# --- Detection helper (mirrors Simple-Install.ps1's Test-ApplicationInstalled) ---
|
||||
function Test-AppInstalled {
|
||||
param($App)
|
||||
|
||||
@@ -571,47 +571,40 @@ function Format-Snapshot {
|
||||
}
|
||||
$lines += " $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
|
||||
$lines += ""
|
||||
$lines += " ============================================"
|
||||
foreach ($l in $lines) { Write-Host $l }
|
||||
Write-Host " ============================================"
|
||||
|
||||
# Phase 1
|
||||
# Phase 1: Intune Registration
|
||||
$p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and
|
||||
$Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesArriving)
|
||||
$p1Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase1.AzureAdJoined; Failed = $false },
|
||||
@{ Ok = $Snap.Phase1.IntuneEnrolled; Failed = $false },
|
||||
@{ Ok = $Snap.Phase1.EmTaskExists; Failed = $false },
|
||||
@{ Ok = $Snap.Phase1.PoliciesArriving; Failed = $false }
|
||||
)
|
||||
$lines += $null # placeholder - rendered with color below
|
||||
$p1Index = $lines.Count - 1
|
||||
|
||||
# Phase 6 / Lockdown (shared by both flows, rendered last)
|
||||
$p6Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase6.RemediationApplied; Failed = $false },
|
||||
@{ Ok = $Snap.Phase6.DetectionPassed; Failed = $false }
|
||||
)
|
||||
|
||||
if (-not $skipDsc) {
|
||||
# Phase 2
|
||||
$phase1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled)
|
||||
$phase2Done = ($Snap.Phase2.SfldRoot -and $Snap.Phase2.FunctionOk -and $Snap.Phase2.SasTokenOk)
|
||||
# ---- Standard / CMM / etc. (DSC flow) ----
|
||||
# Phases: 1 Registration -> 2 Config -> 3 Deployment -> 4 Apps -> 5 Creds -> 6 Lockdown
|
||||
|
||||
$p2Done = ($Snap.Phase2.SfldRoot -and $Snap.Phase2.FunctionOk -and $Snap.Phase2.SasTokenOk)
|
||||
$p2Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase2.SfldRoot; Failed = $false },
|
||||
@{ Ok = $Snap.Phase2.FunctionOk; Failed = $false },
|
||||
@{ Ok = $Snap.Phase2.SasTokenOk; Failed = $false }
|
||||
)
|
||||
$lines += $null
|
||||
$p2Index = $lines.Count - 1
|
||||
|
||||
$p2Action = $null
|
||||
if ($phase1Done -and -not $phase2Done) {
|
||||
$p2Action = ' >> Assign device category in Intune portal'
|
||||
}
|
||||
|
||||
# Phase 3
|
||||
$p3Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase3.DeployComplete; Failed = $false },
|
||||
@{ Ok = $Snap.Phase3.InstallComplete; Failed = $false }
|
||||
)
|
||||
$lines += $null
|
||||
$p3Index = $lines.Count - 1
|
||||
|
||||
# Phase 4
|
||||
$p4HasFailed = $false
|
||||
$p4AllDone = $true
|
||||
$p4AnyStarted = $false
|
||||
$p4HasFailed = $false; $p4AllDone = $true; $p4AnyStarted = $false
|
||||
if ($Snap.Phase4 -and $Snap.Phase4.Count -gt 0) {
|
||||
foreach ($s in $Snap.Phase4) {
|
||||
if ($s.Status -eq 'failed') { $p4HasFailed = $true }
|
||||
@@ -619,73 +612,53 @@ function Format-Snapshot {
|
||||
if ($s.Status -ne 'pending') { $p4AnyStarted = $true }
|
||||
}
|
||||
} else { $p4AllDone = $false }
|
||||
$p4Status = if ($p4HasFailed) { 'FAILED' }
|
||||
elseif ($p4AllDone) { 'COMPLETE' }
|
||||
elseif ($p4AnyStarted) { 'IN PROGRESS' }
|
||||
else { 'WAITING' }
|
||||
$lines += $null
|
||||
$p4Index = $lines.Count - 1
|
||||
$p4Status = if ($p4HasFailed) { 'FAILED' } elseif ($p4AllDone) { 'COMPLETE' } elseif ($p4AnyStarted) { 'IN PROGRESS' } else { 'WAITING' }
|
||||
|
||||
# Phase 5
|
||||
$p5Done = ($Snap.Phase5.ConsumeCredsTask -and $Snap.Phase5.CredsPopulated)
|
||||
$p5Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase5.ConsumeCredsTask; Failed = $false },
|
||||
@{ Ok = $Snap.Phase5.CredsPopulated; Failed = $false }
|
||||
)
|
||||
$lines += $null
|
||||
$p5Index = $lines.Count - 1
|
||||
|
||||
# Phase 6
|
||||
$p6Status = Get-PhaseStatus @(
|
||||
@{ Ok = $Snap.Phase6.RemediationApplied; Failed = $false },
|
||||
@{ Ok = $Snap.Phase6.DetectionPassed; Failed = $false }
|
||||
)
|
||||
$lines += $null
|
||||
$p6Index = $lines.Count - 1
|
||||
# Render
|
||||
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
|
||||
if ($p1Done -and -not $p2Done) {
|
||||
Write-Host ' >> Select Device Category in Intune portal' -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2Status; Write-Host ''
|
||||
Write-Host ' 3. Software Deployment ' -NoNewline; Format-StatusTag $p3Status; Write-Host ''
|
||||
Write-Host ' 4. Application Install ' -NoNewline; Format-StatusTag $p4Status; Write-Host ''
|
||||
Write-Host ' 5. Credential Setup ' -NoNewline; Format-StatusTag $p5Status; Write-Host ''
|
||||
if ($p5Done -and $p6Status -ne 'COMPLETE') {
|
||||
Write-Host ' >> Initiate ARTS Lockdown request' -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ' 6. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
|
||||
} else {
|
||||
# ---- Display (no DSC, no credentials) ----
|
||||
# Phases: 1 Registration -> 2 Device Configuration -> 3 Lockdown
|
||||
# Device Configuration for Display = policies arriving from Intune.
|
||||
$p2DisplayDone = $Snap.Phase1.PoliciesArriving
|
||||
$p2DisplayStatus = if ($p2DisplayDone) { 'COMPLETE' }
|
||||
elseif ($p1Done) { 'IN PROGRESS' }
|
||||
else { 'WAITING' }
|
||||
|
||||
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
|
||||
if ($p1Done -and -not $p2DisplayDone) {
|
||||
Write-Host ' >> Select Device Category in Intune portal' -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2DisplayStatus; Write-Host ''
|
||||
if ($p2DisplayDone -and $p6Status -ne 'COMPLETE') {
|
||||
Write-Host ' >> Initiate ARTS Lockdown request' -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ' 3. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
|
||||
}
|
||||
|
||||
$lines += " ============================================"
|
||||
$lines += ""
|
||||
Write-Host " ============================================"
|
||||
Write-Host ""
|
||||
$sinceSync = ((Get-Date) - $LastSync).TotalSeconds
|
||||
$untilNext = ($NextRetrigger - (Get-Date)).TotalSeconds
|
||||
$lines += " Last sync: $(Format-Age $sinceSync) ago | Next: $(Format-Age $untilNext)"
|
||||
Write-Host " Last sync: $(Format-Age $sinceSync) ago | Next: $(Format-Age $untilNext)"
|
||||
|
||||
# --- Render with color ---
|
||||
# Lines are printed manually so phase rows get colored status tags.
|
||||
# $lines entries that are $null are phase-row placeholders rendered
|
||||
# inline with Format-StatusTag.
|
||||
for ($i = 0; $i -lt $lines.Count; $i++) {
|
||||
if ($null -eq $lines[$i]) {
|
||||
# Phase row: print label then colored tag
|
||||
if ($i -eq $p1Index) {
|
||||
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
|
||||
}
|
||||
elseif (-not $skipDsc -and $i -eq $p2Index) {
|
||||
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2Status; Write-Host ''
|
||||
if ($p2Action) { Write-Host $p2Action -ForegroundColor Yellow }
|
||||
}
|
||||
elseif (-not $skipDsc -and $i -eq $p3Index) {
|
||||
Write-Host ' 3. Software Deployment ' -NoNewline; Format-StatusTag $p3Status; Write-Host ''
|
||||
}
|
||||
elseif (-not $skipDsc -and $i -eq $p4Index) {
|
||||
Write-Host ' 4. Application Install ' -NoNewline; Format-StatusTag $p4Status; Write-Host ''
|
||||
}
|
||||
elseif (-not $skipDsc -and $i -eq $p5Index) {
|
||||
Write-Host ' 5. Credential Setup ' -NoNewline; Format-StatusTag $p5Status; Write-Host ''
|
||||
}
|
||||
elseif (-not $skipDsc -and $i -eq $p6Index) {
|
||||
Write-Host ' 6. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
|
||||
}
|
||||
} else {
|
||||
Write-Host $lines[$i]
|
||||
}
|
||||
}
|
||||
|
||||
if ($skipDsc) {
|
||||
Write-Host ''
|
||||
Write-Host " (Phases 2-6 not applicable for $pcType)" -ForegroundColor DarkGray
|
||||
}
|
||||
|
||||
# Return empty - we rendered directly via Write-Host for color support.
|
||||
return @()
|
||||
}
|
||||
|
||||
@@ -900,10 +873,10 @@ try {
|
||||
Invoke-SetupComplete
|
||||
}
|
||||
|
||||
# No-DSC types (Display, Lab): complete once Phase 1 identity is solid
|
||||
if ($skipDsc -and $snap.Phase1.AzureAdJoined -and $snap.Phase1.IntuneEnrolled -and $snap.Phase1.PoliciesArriving) {
|
||||
Write-Host ""
|
||||
Write-Host "Phase 1 complete - no DSC needed for $pcType. Finishing up." -ForegroundColor Green
|
||||
# No-DSC types (Display): wait for lockdown just like DSC types.
|
||||
# Display skips Phases 3-5 (no DSC/creds) but still needs the
|
||||
# Intune Remediation lockdown to land before we reboot.
|
||||
if ($skipDsc -and $snap.LockdownComplete) {
|
||||
Invoke-SetupComplete
|
||||
}
|
||||
|
||||
|
||||
@@ -129,10 +129,9 @@ function Update-MachineNumber {
|
||||
# --- Relaunch UDC with new args ---
|
||||
if ((Test-Path $script:UdcExePath) -and $out.UdcUpdated) {
|
||||
try {
|
||||
# UDC.exe arg signature: positional compact-site (no space), then
|
||||
# dash-prefixed machine number. Example: UDC.exe WestJefferson -7605
|
||||
$siteCompact = ($Site -replace '\s+','')
|
||||
Start-Process -FilePath $script:UdcExePath -ArgumentList @($siteCompact, "-$NewNumber")
|
||||
# UDC.exe arg signature: quoted site name (with space), then
|
||||
# dash-prefixed machine number. Example: UDC.exe "West Jefferson" -7605
|
||||
Start-Process -FilePath $script:UdcExePath -ArgumentList @("`"$Site`"", "-$NewNumber")
|
||||
} catch {
|
||||
$out.Errors += "UDC relaunch failed: $_"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user