imaging: renumber stages to be time-monotonic (1=WinPE, 7=Intune ID)
Previously the stage indices reflected logical milestones but not the order they fire in. Run-ShopfloorSetup posted idx=1 (start) and idx=4 (PPKG) - but 09-Setup-Keyence (inside per-type loop) ran BETWEEN them and posted idx=5/6. The dashboard then "regressed" from 6 back to 4 when PPKG fired, making it look stuck at the per-type-complete card. New numbering matches actual execution order: 1 - WinPE: PESetup / WIM apply (startnet.cmd) 2 - Run-ShopfloorSetup: starting (Run-ShopfloorSetup.ps1) 3 - 09-Setup-<Type>: starting (per-type) 4 - 09-Setup-<Type>: complete (per-type) 5 - Run-ShopfloorSetup: PPKG enrollment (Run-ShopfloorSetup.ps1) 6 - Run-ShopfloorSetup: handoff to Monitor (Run-ShopfloorSetup.ps1) 7 - Monitor-IntuneProgress: Intune Device ID captured services/imaging_status.py rewind threshold reverts to stage_index <= 1 now that WinPE startnet posts idx=1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
@@ -39,7 +39,7 @@ function Report-Stage {
|
||||
Send-PxeStatus -Stage $Stage -StageIndex $Index -StageTotal $Total -Status $Status -Error_ $Error_
|
||||
}
|
||||
}
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: starting' -Index 1
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: starting' -Index 2
|
||||
|
||||
# AutoLogonCount is NOT set here. Previously we bumped it to 99/4, but
|
||||
# Windows decrements it per-logon and at 0 clears AutoAdminLogon -- which
|
||||
@@ -467,7 +467,7 @@ if (-not $hasWifi -and -not $hasDefaultRoute) {
|
||||
$enrollScript = Join-Path $enrollDir 'run-enrollment.ps1'
|
||||
if (Test-Path -LiteralPath $enrollScript) {
|
||||
Write-Host ""
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: PPKG enrollment' -Index 4
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: PPKG enrollment' -Index 5
|
||||
Write-Host "=== Running enrollment (PPKG install) ==="
|
||||
Write-Host "NOTE: PPKG schedules a near-immediate reboot. We will cancel"
|
||||
Write-Host " it and hand off to Monitor-IntuneProgress -PostPpkg, which"
|
||||
@@ -482,7 +482,7 @@ if (Test-Path -LiteralPath $enrollScript) {
|
||||
# persistent @logon sync_intune task fires on the next boot to resume
|
||||
# tracking through device-category-assignment + lockdown.
|
||||
Write-Host ""
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: handoff to Monitor-IntuneProgress' -Index 7
|
||||
Report-Stage -Stage 'Run-ShopfloorSetup: handoff to Monitor-IntuneProgress' -Index 6
|
||||
Write-Host "=== Handing off to Monitor-IntuneProgress -PostPpkg ==="
|
||||
cmd /c "shutdown /a 2>nul" | Out-Null
|
||||
$monitor = Join-Path $setupDir 'Shopfloor\lib\Monitor-IntuneProgress.ps1'
|
||||
|
||||
@@ -55,7 +55,7 @@ Write-CMMLog "================================================================"
|
||||
# Status push to PXE webapp - best-effort, never blocks imaging.
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-CMM: starting' -StageIndex 5 -StageTotal 8 } catch { }
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-CMM: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
|
||||
# Diagnostic dump - knowing WHY the script took a branch is half the battle.
|
||||
@@ -179,7 +179,7 @@ if (Test-Path $stagingRoot) {
|
||||
}
|
||||
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-CMM: complete' -StageIndex 6 -StageTotal 8
|
||||
Send-PxeStatus -Stage '09-Setup-CMM: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-CMMLog "=== CMM Setup Complete ==="
|
||||
try { Stop-Transcript | Out-Null } catch {}
|
||||
|
||||
@@ -11,7 +11,7 @@ $lib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Set-OpenTextAutoStart.ps1'
|
||||
Write-Host '=== Common Setup ==='
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Common: starting' -StageIndex 5 -StageTotal 8 } catch { }
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Common: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
if (Test-Path -LiteralPath $lib) {
|
||||
& $lib
|
||||
@@ -19,6 +19,6 @@ if (Test-Path -LiteralPath $lib) {
|
||||
Write-Warning "Set-OpenTextAutoStart.ps1 not found at $lib - OpenText auto-start NOT configured"
|
||||
}
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-Common: complete' -StageIndex 6 -StageTotal 8
|
||||
Send-PxeStatus -Stage '09-Setup-Common: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-Host '=== Common Setup Complete ==='
|
||||
|
||||
@@ -1,9 +1,58 @@
|
||||
# 09-Setup-Display.ps1 -- Display-specific setup (runs after Shopfloor baseline)
|
||||
# 09-Setup-Display.ps1 -- Display pc-type setup (runs after Shopfloor baseline)
|
||||
#
|
||||
# Kiosk app installation moved to preinstall.json (Install-KioskApp.cmd wrapper).
|
||||
# The wrapper reads display-type.txt and installs the matching kiosk app during
|
||||
# the baseline preinstall phase (00-PreInstall-MachineApps.ps1).
|
||||
# Display = lobby display / dashboard kiosk PC. Kiosk app itself
|
||||
# (LobbyDisplay or Dashboard) installs via preinstall.json (Install-
|
||||
# KioskApp.cmd reads display-type.txt). No OpenText, no eDNC, no UDC.
|
||||
#
|
||||
# This script is intentionally empty. Remove it once confirmed working.
|
||||
# This script applies Edge kiosk-mode relaunch policies so the
|
||||
# "An update is available - restart Edge" dialog auto-clears without
|
||||
# requiring keyboard/mouse interaction (display bays have neither).
|
||||
#
|
||||
# Refs:
|
||||
# https://learn.microsoft.com/en-us/deployedge/microsoft-edge-browser-policies/relaunchnotification
|
||||
# https://learn.microsoft.com/en-us/deployedge/microsoft-edge-configure-kiosk-mode
|
||||
|
||||
Write-Host "=== Display Setup: kiosk app installed via preinstall system ==="
|
||||
$ErrorActionPreference = 'Continue'
|
||||
|
||||
Write-Host '=== Display Setup ==='
|
||||
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Display: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
|
||||
# --- Edge relaunch policies (suppress update-prompt dialog on kiosks) ---
|
||||
$edgePolicy = 'HKLM:\SOFTWARE\Policies\Microsoft\Edge'
|
||||
if (-not (Test-Path -LiteralPath $edgePolicy)) {
|
||||
New-Item -Path $edgePolicy -Force | Out-Null
|
||||
}
|
||||
|
||||
# RelaunchNotification = 2 (Required): Edge auto-restarts itself after the
|
||||
# notification period. Display has no operator to click "dismiss" so this
|
||||
# is the only mode that recovers without intervention.
|
||||
New-ItemProperty -Path $edgePolicy -Name 'RelaunchNotification' -Value 2 -PropertyType DWord -Force | Out-Null
|
||||
|
||||
# RelaunchNotificationPeriod (ms): time before forced auto-restart.
|
||||
# 3600000 ms = 1 hour. Short window minimises how long the dialog is on
|
||||
# screen but still gives an active session a chance to finish.
|
||||
New-ItemProperty -Path $edgePolicy -Name 'RelaunchNotificationPeriod' -Value 3600000 -PropertyType DWord -Force | Out-Null
|
||||
|
||||
# RelaunchHeadsUpPeriod (ms): final warning duration before auto-restart.
|
||||
# 60000 ms = 1 min. Trims the visible warning to a minute before relaunch.
|
||||
New-ItemProperty -Path $edgePolicy -Name 'RelaunchHeadsUpPeriod' -Value 60000 -PropertyType DWord -Force | Out-Null
|
||||
|
||||
# RelaunchWindow: schedules the forced restart in an overnight window
|
||||
# (02:00-04:00) so business-hour updates wait until off-hours, leaving the
|
||||
# dialog effectively invisible during the day. JSON format per MS docs.
|
||||
$relaunchWindow = '{"entries":[{"start":{"hour":2,"minute":0},"duration_mins":120}]}'
|
||||
New-ItemProperty -Path $edgePolicy -Name 'RelaunchWindow' -Value $relaunchWindow -PropertyType String -Force | Out-Null
|
||||
|
||||
Write-Host " Edge RelaunchNotification=2 (Required, auto-restart)"
|
||||
Write-Host " Edge RelaunchNotificationPeriod=1h"
|
||||
Write-Host " Edge RelaunchHeadsUpPeriod=1m"
|
||||
Write-Host " Edge RelaunchWindow=02:00-04:00"
|
||||
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-Display: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-Host '=== Display Setup Complete ==='
|
||||
|
||||
@@ -1,12 +1,22 @@
|
||||
# 09-Setup-Genspect.ps1 - Genspect-specific setup (runs after Shopfloor baseline)
|
||||
# 09-Setup-Genspect.ps1 - Genspect pc-type setup
|
||||
#
|
||||
# PLACEHOLDER: add type-specific app installs when details are finalized.
|
||||
# This script will be called by Run-ShopfloorSetup.ps1 as part of the
|
||||
# type-specific phase, after all baseline scripts have completed.
|
||||
#
|
||||
# For share-based installs, copy the pattern from CMM/09-Setup-CMM.ps1
|
||||
# (credential lookup + share mount + install from share).
|
||||
# Currently OpenText-only (same as common). Genspect-specific software
|
||||
# will be added here when the application catalog is finalized.
|
||||
|
||||
Write-Host "=== Genspect Setup ==="
|
||||
Write-Host " (no type-specific apps configured yet)"
|
||||
Write-Host "=== Genspect Setup Complete ==="
|
||||
$lib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Set-OpenTextAutoStart.ps1'
|
||||
|
||||
Write-Host '=== Genspect Setup ==='
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Genspect: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
if (Test-Path -LiteralPath $lib) {
|
||||
& $lib
|
||||
} else {
|
||||
Write-Warning "Set-OpenTextAutoStart.ps1 not found at $lib - OpenText auto-start NOT configured"
|
||||
}
|
||||
# TODO: Genspect-specific apps go here.
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-Genspect: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-Host '=== Genspect Setup Complete ==='
|
||||
|
||||
@@ -8,7 +8,7 @@ $lib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Set-OpenTextAutoStart.ps1'
|
||||
Write-Host '=== Heattreat Setup ==='
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Heattreat: starting' -StageIndex 5 -StageTotal 8 } catch { }
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Heattreat: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
if (Test-Path -LiteralPath $lib) {
|
||||
& $lib
|
||||
@@ -17,6 +17,6 @@ if (Test-Path -LiteralPath $lib) {
|
||||
}
|
||||
# TODO: Heattreat-specific apps go here.
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-Heattreat: complete' -StageIndex 6 -StageTotal 8
|
||||
Send-PxeStatus -Stage '09-Setup-Heattreat: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-Host '=== Heattreat Setup Complete ==='
|
||||
|
||||
@@ -47,7 +47,7 @@ Write-KeyenceLog "==============================================================
|
||||
# Status push to PXE webapp - best-effort, never blocks imaging.
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Keyence: starting' -StageIndex 5 -StageTotal 8 } catch { }
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-Keyence: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
|
||||
# Diagnostic dump
|
||||
@@ -61,6 +61,61 @@ foreach ($file in @('pc-type.txt','pc-subtype.txt','machine-number.txt')) {
|
||||
}
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Step 0: Pre-stage Keyence VR Series USB driver + trust the publisher cert.
|
||||
# ============================================================================
|
||||
# The VR-6000 MSI invokes dpinst.exe internally as a custom action to install
|
||||
# the USB driver. dpinst inherits the MSI's silent context inconsistently and
|
||||
# usually pops a Setup-wizard GUI even with /qn on the parent MSI.
|
||||
#
|
||||
# Two pre-steps suppress the prompt:
|
||||
# 1. pnputil /add-driver /install stages the INF + co-installers into the
|
||||
# Windows DriverStore. dpinst then sees the driver as already present and
|
||||
# skips its install path (the GUI lives behind the "needs to install"
|
||||
# branch).
|
||||
# 2. Add the publisher cert (extracted from the catalog file) to
|
||||
# LocalMachine\TrustedPublisher so dpinst's "Would you like to install
|
||||
# this device software?" Windows Security dialog auto-accepts.
|
||||
#
|
||||
# If either step fails, log + continue - the MSI is still expected to install
|
||||
# successfully; the only fallout is the GUI prompt the operator would have
|
||||
# had to click through anyway.
|
||||
$driverInf = Join-Path $PSScriptRoot 'drivers\keyence_vr_series.inf'
|
||||
$driverCat = Join-Path $PSScriptRoot 'drivers\KEYENCE_VR_SERIES.cat'
|
||||
|
||||
if (Test-Path -LiteralPath $driverInf) {
|
||||
Write-KeyenceLog "Pre-staging USB driver via pnputil (suppresses dpinst GUI inside MSI)"
|
||||
try {
|
||||
$pnpOut = & pnputil /add-driver $driverInf /install 2>&1
|
||||
Write-KeyenceLog " pnputil exit $LASTEXITCODE"
|
||||
foreach ($line in ($pnpOut | Where-Object { $_ })) { Write-KeyenceLog " $line" }
|
||||
} catch {
|
||||
Write-KeyenceLog " pnputil failed: $_" 'WARN'
|
||||
}
|
||||
} else {
|
||||
Write-KeyenceLog "Driver INF not found at $driverInf - skipping pre-stage" 'WARN'
|
||||
}
|
||||
|
||||
if (Test-Path -LiteralPath $driverCat) {
|
||||
Write-KeyenceLog "Adding Keyence publisher cert to LocalMachine\TrustedPublisher store"
|
||||
try {
|
||||
$sig = Get-AuthenticodeSignature -FilePath $driverCat -ErrorAction Stop
|
||||
if ($sig -and $sig.SignerCertificate) {
|
||||
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store('TrustedPublisher','LocalMachine')
|
||||
$store.Open('ReadWrite')
|
||||
$store.Add($sig.SignerCertificate)
|
||||
$store.Close()
|
||||
Write-KeyenceLog " Added: $($sig.SignerCertificate.Subject) thumb=$($sig.SignerCertificate.Thumbprint)"
|
||||
} else {
|
||||
Write-KeyenceLog " Catalog is not signed - cert pre-trust skipped" 'WARN'
|
||||
}
|
||||
} catch {
|
||||
Write-KeyenceLog " Cert add failed: $_" 'WARN'
|
||||
}
|
||||
} else {
|
||||
Write-KeyenceLog "Driver catalog not found at $driverCat - cert pre-trust skipped" 'WARN'
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Step 1: Install via manifest (imaging-time)
|
||||
# ============================================================================
|
||||
@@ -75,6 +130,32 @@ if (-not (Test-Path $manifestPath)) {
|
||||
Write-KeyenceLog "Install-FromManifest returned $rc"
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Step 1.5: Install Keyence-bundled DirectX End-User Runtimes
|
||||
# ============================================================================
|
||||
# VR-6000's MSI deploys DXSETUP.exe to the install dir but never runs it.
|
||||
# Without DirectX, the app's first launch errors: "Runtime required to move
|
||||
# the application is not installed correctly. Install from the following
|
||||
# folder: C:\Program Files\Keyence\VR-6000\Common\DirectX End-User Runtimes\
|
||||
# DXSETUP.exe". Run it silently here; /silent suppresses all UI + reboot.
|
||||
$dxSetup = 'C:\Program Files\KEYENCE\VR-6000\Common\DirectX End-User Runtimes\DXSETUP.exe'
|
||||
$dxSetupAlt = 'C:\Program Files (x86)\KEYENCE\VR-6000\Common\DirectX End-User Runtimes\DXSETUP.exe'
|
||||
if (Test-Path -LiteralPath $dxSetup) { $dxPath = $dxSetup }
|
||||
elseif (Test-Path -LiteralPath $dxSetupAlt) { $dxPath = $dxSetupAlt }
|
||||
else { $dxPath = $null }
|
||||
|
||||
if ($dxPath) {
|
||||
Write-KeyenceLog "Running DirectX End-User Runtimes: $dxPath /silent"
|
||||
try {
|
||||
$p = Start-Process -FilePath $dxPath -ArgumentList '/silent' -Wait -PassThru -NoNewWindow
|
||||
Write-KeyenceLog " DXSETUP exit $($p.ExitCode)"
|
||||
} catch {
|
||||
Write-KeyenceLog " DXSETUP failed: $_" 'WARN'
|
||||
}
|
||||
} else {
|
||||
Write-KeyenceLog "DXSETUP.exe not found under either Program Files - DirectX install skipped" 'WARN'
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Step 2: OpenText auto-start at login (HostExplorer "WJ Shopfloor" session)
|
||||
# ============================================================================
|
||||
@@ -89,7 +170,7 @@ if (Test-Path -LiteralPath $autoStartLib) {
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
$finalStatus = if ($rc -eq 0) { 'in_progress' } else { 'failed' }
|
||||
$finalErr = if ($rc -ne 0) { "Install-FromManifest exit $rc" } else { '' }
|
||||
Send-PxeStatus -Stage '09-Setup-Keyence: complete' -StageIndex 6 -StageTotal 8 -Status $finalStatus -Error_ $finalErr
|
||||
Send-PxeStatus -Stage '09-Setup-Keyence: complete' -StageIndex 4 -StageTotal 8 -Status $finalStatus -Error_ $finalErr
|
||||
}
|
||||
|
||||
Write-KeyenceLog "================================================================"
|
||||
|
||||
@@ -1,12 +1,22 @@
|
||||
# 09-Setup-WaxAndTrace.ps1 - Wax and Trace-specific setup (runs after Shopfloor baseline)
|
||||
# 09-Setup-WaxAndTrace.ps1 - Wax and Trace pc-type setup
|
||||
#
|
||||
# PLACEHOLDER: add type-specific app installs when details are finalized.
|
||||
# This script will be called by Run-ShopfloorSetup.ps1 as part of the
|
||||
# type-specific phase, after all baseline scripts have completed.
|
||||
#
|
||||
# For share-based installs, copy the pattern from CMM/09-Setup-CMM.ps1
|
||||
# (credential lookup + share mount + install from share).
|
||||
# Currently OpenText-only (same as common). Wax-and-Trace-specific software
|
||||
# will be added here when the application catalog is finalized.
|
||||
|
||||
Write-Host "=== Wax and Trace Setup ==="
|
||||
Write-Host " (no type-specific apps configured yet)"
|
||||
Write-Host "=== Wax and Trace Setup Complete ==="
|
||||
$lib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Set-OpenTextAutoStart.ps1'
|
||||
|
||||
Write-Host '=== Wax and Trace Setup ==='
|
||||
$pxeStatusLib = Join-Path $PSScriptRoot '..\Shopfloor\lib\Send-PxeStatus.ps1'
|
||||
if (Test-Path $pxeStatusLib) {
|
||||
try { . $pxeStatusLib; Send-PxeStatus -Stage '09-Setup-WaxAndTrace: starting' -StageIndex 3 -StageTotal 8 } catch { }
|
||||
}
|
||||
if (Test-Path -LiteralPath $lib) {
|
||||
& $lib
|
||||
} else {
|
||||
Write-Warning "Set-OpenTextAutoStart.ps1 not found at $lib - OpenText auto-start NOT configured"
|
||||
}
|
||||
# TODO: Wax and Trace-specific apps go here.
|
||||
if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
|
||||
Send-PxeStatus -Stage '09-Setup-WaxAndTrace: complete' -StageIndex 4 -StageTotal 8
|
||||
}
|
||||
Write-Host '=== Wax and Trace Setup Complete ==='
|
||||
|
||||
Reference in New Issue
Block a user