Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Single-site bay-stuck issue at WJ: GE Intune Report IP script filters Get-NetIPAddress on StartsWith("10.") and posts everything matching to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP captured and reported -> GE backend tags bays as on a non-corp 10.x subnet -> dynamic group eligibility for SFLD policy never matches. Other GE sites work because their PXE LANs aren't on 10.x at all. Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally skips wired PXE addresses without any disable-NIC dance. Server-side already in flight (netplan dual-bound, dnsmasq scope + boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript all sed'd to 172.16.9.1). This commit is the playbook / scripts / docs side: 109 hits across 35 files sed'd in one shot. After this lands + boot.wim is rebuilt + bays renumber off DHCP, the 10.9.100.1 binding will be dropped from netplan as the final cleanup step. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 16:30:32 -04:00
parent c6b249f866
commit ce604adcda
87 changed files with 697 additions and 139 deletions
--- a/playbook/preinstall/installers/powershell7/PowerShell-7.5.4-win-x64.msi
+++ b/playbook/preinstall/installers/powershell7/PowerShell-7.5.4-win-x64.msi
--- a/playbook/preinstall/preinstall.json
+++ b/playbook/preinstall/preinstall.json
@@ -2,6 +2,17 @@
  "Version": "1.0",
  "Site": "West Jefferson",
  "Applications": [
+    {
+      "_comment": "PowerShell 7.5.4 - installed BEFORE PPKG via FlatUnattendW10-shopfloor.xml FirstLogonCommand Order 6 (race fix: Intune SetupCredentials Win32App install command starts with pwsh.exe; if PS7 not yet installed when that Win32App fires, it errors with FILE_NOT_FOUND 0x80070002 and IME's GRS retry never re-fires under V3Processor). This entry is a backstop - no-op via ProductCode detection if unattend Order 6 already installed it. PreEnrollment flag is informational; runner does not currently filter on it.",
+      "Name": "PowerShell 7.5.4",
+      "Installer": "powershell7\\PowerShell-7.5.4-win-x64.msi",
+      "Type": "MSI",
+      "InstallArgs": "/qn /norestart ADD_PATH=1 USE_MU=0 ENABLE_MU=0 DISABLE_TELEMETRY=1",
+      "DetectionMethod": "Registry",
+      "DetectionPath": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{E8159677-ACF8-4D64-9D36-5C36B8BBEA39}",
+      "PreEnrollment": true,
+      "PCTypes": ["*"]
+    },
    {
      "_comment": "Oracle Client 11.2 Administrator - installed first because downstream apps (eDNC/NTLARS/UDC and CMM tooling) link against the Oracle home and fail cold if it's missing. Installer is a .cmd wrapper (Type=EXE is the preinstall runner's shim for non-MSI launchers, same pattern as OpenText Setup-OpenText.cmd). The wrapper expects Oracle_OracleDatabase_11r2_V03.zip (686 MB) staged next to it, unpacks to %TEMP%, runs Oracle Universal Installer silently with ge_client_install.rsp, then cleans up the staging dir. OUI exit 3 is treated as success (warnings-but-ok). Detection via the registered home key; downstream upgrades or version pins are handled by the runtime enforcer's Oracle Client 11.2 manifest entry in common/manifest.json.",
      "Name": "Oracle Client 11.2",
@@ -153,7 +164,7 @@
      "Type": "EXE",
      "InstallArgs": "",
      "LogFile": "C:\\Logs\\PreInstall\\Setup-OpenText.log",
-      "PCTypes": ["Standard", "CMM", "Keyence", "Genspect", "WaxAndTrace", "Lab"]
+      "PCTypes": ["Standard", "CMM", "Keyence", "Genspect", "WaxAndTrace", "Lab", "Heattreat"]
    },
    {
      "_comment": "UDC_Setup.exe spawns a hidden WPF window (UDC.exe) after install and never exits, so the runner needs KillAfterDetection: true to terminate UDC_Setup.exe + UDC.exe once the registry detection passes. This is an OPT-IN flag - normal installers should NOT set it because killing msiexec mid-install leaves msiserver holding the install mutex and the next msiexec call returns 1618 (Oracle hit this exact bug).",
@@ -164,7 +175,9 @@
      "KillAfterDetection": true,
      "DetectionMethod": "Registry",
      "DetectionPath": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\UDC",
-      "PCTypes": ["Standard-Machine"]
+      "PCTypes": ["gea-shopfloor-collections"],
+      "PCTypesStrict": true,
+      "_pcTypesNote": "UDC = the C in 'collections'. nocollections does NOT collect data so MUST NOT install UDC. PCTypesStrict bypasses the alias-expansion matcher so a nocollections PC's myNames (which transitively contains gea-shopfloor-collections via the Standard group) still won't match this entry."
    },
    {
      "_comment": "Display kiosk app (Lobby Display or Dashboard). Install-KioskApp.cmd wrapper reads C:\\Enrollment\\display-type.txt to determine which installer to run. Both GEAerospaceLobbyDisplaySetup.exe and GEAerospaceDashboardSetup.exe must be staged in the display\\ subtree alongside the wrapper. Inno Setup /VERYSILENT is idempotent so no detection needed.",