Wax/Trace: defer HKEY_USERS per-user prefs restore to first ShopFloor logon via SYSTEM scheduled task
Bay's ShopFloor user account exists but has never logged in at imaging time, so its NTUSER.DAT doesn't exist yet and we can't reg-load its hive to remap source SID -> ShopFloor SID. The in-line restore at 09-Setup Step 3b handles HKLM (controller config, device-map) + files, but per-user prefs (LouteditS Layout, Page margins, Recent Files, ~2700 rows in a typical WJF capture) get skipped. Fix: register a SYSTEM-context scheduled task at imaging time that fires AtLogOn UserId=ShopFloor. When ShopFloor first logs in, Windows loads their NTUSER.DAT automatically; task fires (running as SYSTEM so lockdown policies on ShopFloor's user-context don't block HKLM writes via the same Install script); SID-remap path finds the live hive and writes prefs into HKEY_USERS\<ShopFloor-sid>. Task writes a flag file + unregisters itself after one successful run. Pieces: - Install-FormtracepakSettings.ps1: new -HKEYUsersOnly switch that skips the HKLM .reg files + HKLM CSV rows (already restored at imaging time). Fallback user chain ShopFloor->SupportUser->$USERNAME. - Schedule-WaxTracePerUserRestore.ps1: registers the task, writes C:\WaxTrace-Install\Run-WaxTracePerUserRestore.ps1 task action which invokes Install with -HKEYUsersOnly and self-cleans on success. - 09-Setup-WaxAndTrace.ps1 Step 3b: in-line restore now uses -RestoreRegistry -RestoreData -RestoreConfig (HKLM + files now); calls Schedule-WaxTracePerUserRestore.ps1 to queue HKEY_USERS for first ShopFloor logon. - sync-waxtrace.sh: pushes Schedule-WaxTracePerUserRestore.ps1 to PXE share alongside Install-FormtracepakSettings.ps1. Smoke tested on win11 VM partially: task registration works, manual trigger fires + self-unregisters cleanly, flag file lands. Real per- user SID-remap happens at first ShopFloor logon (can't simulate from qga without an interactive ShopFloor session).
This commit is contained in:
cproudlock
@@ -329,27 +329,63 @@ if (-not $asset) {
|
||||
# does not exist on the freshly imaged bay). HKLM controller config / model
|
||||
# device-map / etc. came from the vendor MSI install in Step 2 already.
|
||||
$backupZip = $null
|
||||
$backupDir = 'C:\WaxTrace-Install\backup'
|
||||
if ($bayAsset -and (Test-Path -LiteralPath $backupDir)) {
|
||||
$candidate = Join-Path $backupDir ("$bayAsset.zip")
|
||||
# startnet.cmd robocopy's the whole installers-post\waxtrace\backups\ dir
|
||||
# to C:\WaxTrace-Install\backups\ (plural). Try plural first, then singular
|
||||
# for backward-compat with any older boot.wim that used the cherry-pick path.
|
||||
$backupDirCandidates = @(
|
||||
'C:\WaxTrace-Install\backups',
|
||||
'C:\WaxTrace-Install\backup'
|
||||
)
|
||||
foreach ($bd in $backupDirCandidates) {
|
||||
if (-not (Test-Path -LiteralPath $bd) -or -not $bayAsset) { continue }
|
||||
$candidate = Join-Path $bd ("$bayAsset.zip")
|
||||
if (Test-Path -LiteralPath $candidate) {
|
||||
$backupZip = $candidate
|
||||
} else {
|
||||
$newest = Get-ChildItem -LiteralPath $backupDir -Filter "${bayAsset}*.zip" -File -ErrorAction SilentlyContinue |
|
||||
Sort-Object LastWriteTime -Descending | Select-Object -First 1
|
||||
if ($newest) { $backupZip = $newest.FullName }
|
||||
break
|
||||
}
|
||||
$newest = Get-ChildItem -LiteralPath $bd -Filter "${bayAsset}*.zip" -File -ErrorAction SilentlyContinue |
|
||||
Sort-Object LastWriteTime -Descending | Select-Object -First 1
|
||||
if ($newest) {
|
||||
$backupZip = $newest.FullName
|
||||
break
|
||||
}
|
||||
}
|
||||
if ($backupZip) {
|
||||
$installPs1 = Join-Path $stagingRoot 'Install-FormtracepakSettings.ps1'
|
||||
if (Test-Path -LiteralPath $installPs1) {
|
||||
Write-WTLog "Restoring per-asset backup from $backupZip"
|
||||
Write-WTLog "Restoring per-asset backup from $backupZip (HKLM + files; HKEY_USERS deferred to first ShopFloor logon)"
|
||||
try {
|
||||
& $installPs1 -BackupPath $backupZip -RestoreData -RestoreConfig -Force
|
||||
# In-line restore: HKLM (controller config, device-map) + files
|
||||
# (layouts, prefs in install dir). HKEY_USERS per-user prefs would
|
||||
# need ShopFloor's hive loaded, which it isn't at imaging time -
|
||||
# deferred to a scheduled SYSTEM task that fires on first ShopFloor
|
||||
# logon (see Schedule-WaxTracePerUserRestore call below).
|
||||
& $installPs1 -BackupPath $backupZip -RestoreRegistry -RestoreData -RestoreConfig -Force
|
||||
Write-WTLog " Restore call returned (see restore log + Install-FormtracepakSettings output above)"
|
||||
} catch {
|
||||
Write-WTLog " Restore call threw: $_" 'WARN'
|
||||
}
|
||||
|
||||
# Schedule the per-user prefs restore as a SYSTEM task that fires on
|
||||
# first ShopFloor logon. The task self-removes after one successful
|
||||
# run via flag file at C:\WaxTrace-Install\per-user-restore-ShopFloor.flag.
|
||||
$schedScript = Join-Path $stagingRoot 'Schedule-WaxTracePerUserRestore.ps1'
|
||||
if (-not (Test-Path -LiteralPath $schedScript)) {
|
||||
# Fall back: pull from shopfloor-setup scripts/ sibling tree
|
||||
$alt = Join-Path $PSScriptRoot 'scripts\Schedule-WaxTracePerUserRestore.ps1'
|
||||
if (Test-Path -LiteralPath $alt) { $schedScript = $alt }
|
||||
}
|
||||
if (Test-Path -LiteralPath $schedScript) {
|
||||
Write-WTLog "Registering deferred ShopFloor per-user restore task ($schedScript)"
|
||||
try {
|
||||
& $schedScript -BackupPath $backupZip -InstallScript $installPs1 -TargetUser 'ShopFloor' -AssetNumber $bayAsset
|
||||
Write-WTLog " Scheduled task 'WaxTrace-PerUser-Restore' registered"
|
||||
} catch {
|
||||
Write-WTLog " Schedule task call threw: $_" 'WARN'
|
||||
}
|
||||
} else {
|
||||
Write-WTLog "Schedule-WaxTracePerUserRestore.ps1 not found - per-user prefs will NOT auto-restore at first ShopFloor logon" 'WARN'
|
||||
}
|
||||
} else {
|
||||
Write-WTLog "Install-FormtracepakSettings.ps1 not found at $installPs1 - skipping restore" 'WARN'
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user