ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Wax/Trace: defer HKEY_USERS per-user prefs restore to first ShopFloor logon via SYSTEM scheduled task

Browse Source 
Bay's ShopFloor user account exists but has never logged in at imaging
time, so its NTUSER.DAT doesn't exist yet and we can't reg-load its
hive to remap source SID -> ShopFloor SID. The in-line restore at
09-Setup Step 3b handles HKLM (controller config, device-map) + files,
but per-user prefs (LouteditS Layout, Page margins, Recent Files, ~2700
rows in a typical WJF capture) get skipped.

Fix: register a SYSTEM-context scheduled task at imaging time that
fires AtLogOn UserId=ShopFloor. When ShopFloor first logs in, Windows
loads their NTUSER.DAT automatically; task fires (running as SYSTEM
so lockdown policies on ShopFloor's user-context don't block HKLM
writes via the same Install script); SID-remap path finds the live
hive and writes prefs into HKEY_USERS\<ShopFloor-sid>. Task writes a
flag file + unregisters itself after one successful run.

Pieces:
- Install-FormtracepakSettings.ps1: new -HKEYUsersOnly switch that
  skips the HKLM .reg files + HKLM CSV rows (already restored at
  imaging time). Fallback user chain ShopFloor->SupportUser->$USERNAME.
- Schedule-WaxTracePerUserRestore.ps1: registers the task, writes
  C:\WaxTrace-Install\Run-WaxTracePerUserRestore.ps1 task action which
  invokes Install with -HKEYUsersOnly and self-cleans on success.
- 09-Setup-WaxAndTrace.ps1 Step 3b: in-line restore now uses
  -RestoreRegistry -RestoreData -RestoreConfig (HKLM + files now);
  calls Schedule-WaxTracePerUserRestore.ps1 to queue HKEY_USERS for
  first ShopFloor logon.
- sync-waxtrace.sh: pushes Schedule-WaxTracePerUserRestore.ps1 to
  PXE share alongside Install-FormtracepakSettings.ps1.

Smoke tested on win11 VM partially: task registration works, manual
trigger fires + self-unregisters cleanly, flag file lands. Real per-
user SID-remap happens at first ShopFloor logon (can't simulate from
qga without an interactive ShopFloor session).
This commit is contained in:
cproudlock
2026-05-24 16:19:45 -04:00
parent f95d305cca
commit de7d41f5e5
4 changed files with 359 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
playbook/sync-waxtrace.sh
View File

@@ -81,6 +81,14 @@ fi
if [ -f "$WAXTRACE_DIR/scripts/Install-FormtracepakSettings.ps1" ]; then
cp "$WAXTRACE_DIR/scripts/Install-FormtracepakSettings.ps1" "$STAGE/"
fi
# Schedule-WaxTracePerUserRestore.ps1 - registers a SYSTEM scheduled task
# that fires on first ShopFloor logon to restore HKEY_USERS per-user prefs
# (deferred from imaging time because ShopFloor's hive isn't loaded yet).
# Path on the bay post-startnet-robocopy:
# C:\WaxTrace-Install\Schedule-WaxTracePerUserRestore.ps1.
if [ -f "$WAXTRACE_DIR/scripts/Schedule-WaxTracePerUserRestore.ps1" ]; then
cp "$WAXTRACE_DIR/scripts/Schedule-WaxTracePerUserRestore.ps1" "$STAGE/"
fi
cp "$WAXTRACE_DIR/captured-binary/prereqs/"*.exe "$STAGE/prereqs/"
# FormTracePak vendor installer ISOs - all available versions get pushed.