ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UDC firewall rules + Acrobat Reader as default PDF viewer

Browse Source 
- Pre-create Windows Firewall inbound-allow rules for UDC.exe and
  MTConnect agent.exe before UDC_Setup.exe runs, suppressing the
  interactive "allow through firewall?" dialogs during silent install.

- Set Adobe Acrobat Reader (Acrobat.Document.DC) as the default .pdf
  handler via dism /import-defaultappassociations. Runs in
  03-ShellDefaults.ps1 so the OEMDefaultAssociations.xml is in place
  before ShopFloor's profile is created on first logon. Edge no longer
  claims .pdf on new profiles.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-16 09:18:44 -04:00
parent 85e74e5dd1
commit ac23759486
2 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1
View File

@@ -180,6 +180,25 @@ if ($machineNum -and $machineNum -ne '9999') {
} }
} }
# --- Pre-create Windows Firewall rules for UDC + MTConnect Agent so the
# installer doesn't pop firewall-allow dialogs during silent install.
# Rules are idempotent (New-NetFirewallRule -ErrorAction SilentlyContinue
# on existing rule name is a no-op in practice; we remove-then-add).
$fwRules = @(
@{ Name = 'UDC'; Program = 'C:\Program Files\UDC\UDC.exe' },
@{ Name = 'UDC MTConnect Agent'; Program = 'C:\ProgramData\UDC\MTConnect_UDC\Agent\agent.exe' }
)
foreach ($r in $fwRules) {
try {
Remove-NetFirewallRule -DisplayName $r.Name -ErrorAction SilentlyContinue
New-NetFirewallRule -DisplayName $r.Name -Direction Inbound -Program $r.Program `
-Action Allow -Profile Any -ErrorAction Stop | Out-Null
Write-PreInstallLog "Firewall rule created: $($r.Name) -> $($r.Program)"
} catch {
Write-PreInstallLog "Firewall rule '$($r.Name)' failed: $_" "WARN"
}
}
# --- Detection helper (mirrors Simple-Install.ps1's Test-ApplicationInstalled) --- # --- Detection helper (mirrors Simple-Install.ps1's Test-ApplicationInstalled) ---
function Test-AppInstalled { function Test-AppInstalled {
param($App) param($App)

28
playbook/shopfloor-setup/Shopfloor/03-ShellDefaults.ps1
View File

@@ -58,7 +58,33 @@ foreach ($p in $hklmPolicies) {
} }
} }
# ---- 2. Taskbar left-align via Default User hive ---- # ---- 2. Set Adobe Acrobat Reader as default PDF viewer ----
# OEMDefaultAssociations.xml is read when a new user profile is created.
# Deploying it before ShopFloor's first logon means the profile lands with
# Acrobat as the PDF handler instead of Edge. Existing profiles (SupportUser)
# are not affected. DISM /import-defaultappassociations writes the XML to
# C:\Windows\System32\OEMDefaultAssociations.xml and sets the policy key.
$assocXml = @"
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
<Association Identifier=".pdf" ProgId="Acrobat.Document.DC" ApplicationName="Adobe Acrobat" />
</DefaultAssociations>
"@
$assocPath = Join-Path $env:TEMP 'DefaultAssociations.xml'
try {
Set-Content -Path $assocPath -Value $assocXml -Encoding UTF8 -Force
$out = & dism.exe /online /import-defaultappassociations:"$assocPath" 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "Set .pdf default to Acrobat.Document.DC via DISM"
} else {
Write-Warning "DISM import-defaultappassociations returned $LASTEXITCODE"
}
Remove-Item $assocPath -Force -ErrorAction SilentlyContinue
} catch {
Write-Warning "Failed to set default PDF viewer: $_"
}
# ---- 3. Taskbar left-align via Default User hive ----
$defaultHive = 'C:\Users\Default\NTUSER.DAT' $defaultHive = 'C:\Users\Default\NTUSER.DAT'
$mountPoint = 'HKU\SFLDDefault' $mountPoint = 'HKU\SFLDDefault'
$regPath = 'Registry::HKEY_USERS\SFLDDefault\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced' $regPath = 'Registry::HKEY_USERS\SFLDDefault\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'