From ac237594864be080f5dce17146bf5adf38c8e226 Mon Sep 17 00:00:00 2001 From: cproudlock Date: Thu, 16 Apr 2026 09:18:44 -0400 Subject: [PATCH] UDC firewall rules + Acrobat Reader as default PDF viewer - Pre-create Windows Firewall inbound-allow rules for UDC.exe and MTConnect agent.exe before UDC_Setup.exe runs, suppressing the interactive "allow through firewall?" dialogs during silent install. - Set Adobe Acrobat Reader (Acrobat.Document.DC) as the default .pdf handler via dism /import-defaultappassociations. Runs in 03-ShellDefaults.ps1 so the OEMDefaultAssociations.xml is in place before ShopFloor's profile is created on first logon. Edge no longer claims .pdf on new profiles. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../Shopfloor/00-PreInstall-MachineApps.ps1 | 19 +++++++++++++ .../Shopfloor/03-ShellDefaults.ps1 | 28 ++++++++++++++++++- 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 b/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 index 6f504f0..e97c817 100644 --- a/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 +++ b/playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 @@ -180,6 +180,25 @@ if ($machineNum -and $machineNum -ne '9999') { } } +# --- Pre-create Windows Firewall rules for UDC + MTConnect Agent so the +# installer doesn't pop firewall-allow dialogs during silent install. +# Rules are idempotent (New-NetFirewallRule -ErrorAction SilentlyContinue +# on existing rule name is a no-op in practice; we remove-then-add). +$fwRules = @( + @{ Name = 'UDC'; Program = 'C:\Program Files\UDC\UDC.exe' }, + @{ Name = 'UDC MTConnect Agent'; Program = 'C:\ProgramData\UDC\MTConnect_UDC\Agent\agent.exe' } +) +foreach ($r in $fwRules) { + try { + Remove-NetFirewallRule -DisplayName $r.Name -ErrorAction SilentlyContinue + New-NetFirewallRule -DisplayName $r.Name -Direction Inbound -Program $r.Program ` + -Action Allow -Profile Any -ErrorAction Stop | Out-Null + Write-PreInstallLog "Firewall rule created: $($r.Name) -> $($r.Program)" + } catch { + Write-PreInstallLog "Firewall rule '$($r.Name)' failed: $_" "WARN" + } +} + # --- Detection helper (mirrors Simple-Install.ps1's Test-ApplicationInstalled) --- function Test-AppInstalled { param($App) diff --git a/playbook/shopfloor-setup/Shopfloor/03-ShellDefaults.ps1 b/playbook/shopfloor-setup/Shopfloor/03-ShellDefaults.ps1 index c0e6eaf..3897da9 100644 --- a/playbook/shopfloor-setup/Shopfloor/03-ShellDefaults.ps1 +++ b/playbook/shopfloor-setup/Shopfloor/03-ShellDefaults.ps1 @@ -58,7 +58,33 @@ foreach ($p in $hklmPolicies) { } } -# ---- 2. Taskbar left-align via Default User hive ---- +# ---- 2. Set Adobe Acrobat Reader as default PDF viewer ---- +# OEMDefaultAssociations.xml is read when a new user profile is created. +# Deploying it before ShopFloor's first logon means the profile lands with +# Acrobat as the PDF handler instead of Edge. Existing profiles (SupportUser) +# are not affected. DISM /import-defaultappassociations writes the XML to +# C:\Windows\System32\OEMDefaultAssociations.xml and sets the policy key. +$assocXml = @" + + + + +"@ +$assocPath = Join-Path $env:TEMP 'DefaultAssociations.xml' +try { + Set-Content -Path $assocPath -Value $assocXml -Encoding UTF8 -Force + $out = & dism.exe /online /import-defaultappassociations:"$assocPath" 2>&1 + if ($LASTEXITCODE -eq 0) { + Write-Host "Set .pdf default to Acrobat.Document.DC via DISM" + } else { + Write-Warning "DISM import-defaultappassociations returned $LASTEXITCODE" + } + Remove-Item $assocPath -Force -ErrorAction SilentlyContinue +} catch { + Write-Warning "Failed to set default PDF viewer: $_" +} + +# ---- 3. Taskbar left-align via Default User hive ---- $defaultHive = 'C:\Users\Default\NTUSER.DAT' $mountPoint = 'HKU\SFLDDefault' $regPath = 'Registry::HKEY_USERS\SFLDDefault\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'