ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 5 bugs from shopfloor-setup transcript review

Browse Source 
1. UDC JSON ACL: set on directory C:\ProgramData\UDC\ with
   ContainerInherit+ObjectInherit instead of the file. UDC_Setup.exe
   gets killed by KillAfterDetection before UDC.exe creates
   udc_settings.json, so the file doesn't exist at ACL-grant time.
   Directory-level ACL with inheritance covers any file created later.

2. Set-MachineNumber.ps1 auto-running: the type-specific loop's
   Get-ChildItem -Filter "*.ps1" picked up the desktop tool alongside
   the numbered installer scripts. Added Where-Object { $_.Name -match
   '^\d' } so only numbered-prefix scripts (01-eDNC, 02-ACLs) run.

3. WJ Shopfloor copy-to-self: Phase 1 sweep moved WJ Shopfloor.lnk
   into Shopfloor Tools\, then Phase 2's Find-ExistingLnk found it
   there and tried to Copy-Item to the same path. Now checks if
   resolved source path == destination and prints "exists: (already
   in Shopfloor Tools)" instead of erroring.

4. NTLARS missing from taskbar pins: the $pinSpec entry was never
   added to 07-TaskbarLayout.ps1 despite the comment update. Added
   between eDNC and Defect_Tracker in pin order.

5. shutdown /a stderr noise: 15+ red "Unable to abort system shutdown"
   lines in the transcript from shutdown.exe writing to stderr when no
   shutdown is pending. Changed all occurrences in Run-ShopfloorSetup,
   00-PreInstall-MachineApps to: cmd /c "shutdown /a 2>nul" *>$null
   which suppresses both native stderr and PS error stream.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-10 09:28:25 -04:00
parent cb2a9d48a1
commit e17b3a521d
5 changed files with 49 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
View File

@@ -26,7 +26,7 @@ Write-Host ""
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null
# Cancel any pending reboot so it doesn't interrupt setup # Cancel any pending reboot so it doesn't interrupt setup
shutdown -a 2>$null cmd /c "shutdown /a 2>nul" *>$null
# Prompt user to unplug from PXE switch before re-enabling wired adapters # Prompt user to unplug from PXE switch before re-enabling wired adapters
Write-Host "" Write-Host ""
@@ -96,7 +96,7 @@ if (Test-Path $baselineDir) {
Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)" Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)"
continue continue
} }
shutdown /a 2>$null cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running baseline: $($script.Name)" Write-Host "Running baseline: $($script.Name)"
try { try {
& $script.FullName & $script.FullName
@@ -110,9 +110,14 @@ if (Test-Path $baselineDir) {
if ($pcType -ne "Shopfloor") { if ($pcType -ne "Shopfloor") {
$typeDir = Join-Path $setupDir $pcType $typeDir = Join-Path $setupDir $pcType
if (Test-Path $typeDir) { if (Test-Path $typeDir) {
$scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File | Sort-Object Name # Only run numbered scripts (01-eDNC.ps1, 02-MachineNumberACLs.ps1).
# Unnumbered .ps1 files (Set-MachineNumber.ps1) are desktop tools,
# not installer scripts, and must not auto-run during setup.
$scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File |
Where-Object { $_.Name -match '^\d' } |
Sort-Object Name
foreach ($script in $scripts) { foreach ($script in $scripts) {
shutdown /a 2>$null cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running $pcType setup: $($script.Name)" Write-Host "Running $pcType setup: $($script.Name)"
try { try {
& $script.FullName & $script.FullName
@@ -137,7 +142,7 @@ foreach ($name in $runAfterTypeSpecific) {
Write-Warning "Deferred script not found: $script" Write-Warning "Deferred script not found: $script"
continue continue
} }
shutdown /a 2>$null cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running deferred baseline: $name" Write-Host "Running deferred baseline: $name"
try { try {
& $script & $script

4
playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1
View File

@@ -151,7 +151,7 @@ foreach ($app in $config.Applications) {
# Cancel any reboot a previous installer scheduled (some respect /norestart, some # Cancel any reboot a previous installer scheduled (some respect /norestart, some
# don't - VC++ 2008's bootstrapper sometimes triggers an immediate Windows reboot # don't - VC++ 2008's bootstrapper sometimes triggers an immediate Windows reboot
# despite the flag). Doing this BEFORE each install protects the rest of the loop. # despite the flag). Doing this BEFORE each install protects the rest of the loop.
& shutdown.exe /a 2>$null cmd /c "shutdown /a 2>nul" *>$null
Write-PreInstallLog "==> $($app.Name)" Write-PreInstallLog "==> $($app.Name)"
@@ -369,6 +369,6 @@ Write-PreInstallLog "============================================"
# Final reboot cancel - if the last installer in the loop scheduled one, the # Final reboot cancel - if the last installer in the loop scheduled one, the
# dispatcher's later `shutdown /a` won't fire until the next baseline script starts. # dispatcher's later `shutdown /a` won't fire until the next baseline script starts.
# Cancel here so control returns cleanly to Run-ShopfloorSetup.ps1. # Cancel here so control returns cleanly to Run-ShopfloorSetup.ps1.
& shutdown.exe /a 2>$null cmd /c "shutdown /a 2>nul" *>$null
exit 0 exit 0

20
playbook/shopfloor-setup/Shopfloor/06-OrganizeDesktop.ps1
View File

@@ -319,12 +319,20 @@ function Add-ShopfloorToolsApps {
'existing' { 'existing' {
$src = Find-ExistingLnk $app.SourceName $src = Find-ExistingLnk $app.SourceName
if ($src) { if ($src) {
if (-not (& $ensureToolsDir)) { break } # Skip if the sweep already moved the source into the
try { # destination folder (src == dest → "cannot overwrite
Copy-Item -LiteralPath $src -Destination $dest -Force -ErrorAction Stop # the item with itself").
Write-Host " copied: $($app.Name) from $src" if ((Resolve-Path -LiteralPath $src -ErrorAction SilentlyContinue).Path -eq
} catch { (Join-Path $shopfloorToolsDir $app.SourceName)) {
Write-Warning "Failed to copy $src -> $dest : $_" Write-Host " exists: $($app.Name) (already in Shopfloor Tools)"
} else {
if (-not (& $ensureToolsDir)) { break }
try {
Copy-Item -LiteralPath $src -Destination $dest -Force -ErrorAction Stop
Write-Host " copied: $($app.Name) from $src"
} catch {
Write-Warning "Failed to copy $src -> $dest : $_"
}
} }
} else { } else {
Write-Host " skip: $($app.Name) - no source .lnk found" -ForegroundColor DarkGray Write-Host " skip: $($app.Name) - no source .lnk found" -ForegroundColor DarkGray

5
playbook/shopfloor-setup/Shopfloor/07-TaskbarLayout.ps1
View File

@@ -65,6 +65,11 @@ $pinSpec = @(
Path = '%PUBLIC%\Desktop\Shopfloor Tools\eDNC.lnk' Path = '%PUBLIC%\Desktop\Shopfloor Tools\eDNC.lnk'
Literal = (Join-Path $shopfloorToolsDir 'eDNC.lnk') Literal = (Join-Path $shopfloorToolsDir 'eDNC.lnk')
} }
@{
Name = 'NTLARS'
Path = '%PUBLIC%\Desktop\Shopfloor Tools\NTLARS.lnk'
Literal = (Join-Path $shopfloorToolsDir 'NTLARS.lnk')
}
@{ @{
Name = 'Defect_Tracker' Name = 'Defect_Tracker'
Path = '%PUBLIC%\Desktop\Shopfloor Tools\Defect_Tracker.lnk' Path = '%PUBLIC%\Desktop\Shopfloor Tools\Defect_Tracker.lnk'

27
playbook/shopfloor-setup/Standard/02-MachineNumberACLs.ps1
View File

@@ -16,21 +16,30 @@ Write-Host "Running as: $([System.Security.Principal.WindowsIdentity]::GetCurren
Write-Host "" Write-Host ""
Write-Host "Setting ACLs for standard-user machine number access..." Write-Host "Setting ACLs for standard-user machine number access..."
# --- UDC settings JSON --- # --- UDC settings directory ---
$udcJson = 'C:\ProgramData\UDC\udc_settings.json' # Set ACL on the DIRECTORY (not the file) with inheritance so that
if (Test-Path -LiteralPath $udcJson) { # udc_settings.json inherits the permission whenever UDC.exe creates it.
# UDC_Setup.exe is killed by KillAfterDetection before UDC.exe writes the
# JSON, so the file doesn't exist at this point. Directory-level ACL with
# ContainerInherit + ObjectInherit covers any file created inside later.
$udcDir = 'C:\ProgramData\UDC'
if (Test-Path -LiteralPath $udcDir) {
try { try {
$acl = Get-Acl -LiteralPath $udcJson $acl = Get-Acl -LiteralPath $udcDir
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule( $rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
'BUILTIN\Users', 'Modify', 'Allow') 'BUILTIN\Users', 'Modify',
([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor
[System.Security.AccessControl.InheritanceFlags]::ObjectInherit),
[System.Security.AccessControl.PropagationFlags]::None,
'Allow')
$acl.AddAccessRule($rule) $acl.AddAccessRule($rule)
Set-Acl -LiteralPath $udcJson -AclObject $acl -ErrorAction Stop Set-Acl -LiteralPath $udcDir -AclObject $acl -ErrorAction Stop
Write-Host " UDC JSON: BUILTIN\Users granted Modify on $udcJson" Write-Host " UDC dir: BUILTIN\Users granted Modify (inherited) on $udcDir"
} catch { } catch {
Write-Warning " Failed to set ACL on $udcJson : $_" Write-Warning " Failed to set ACL on $udcDir : $_"
} }
} else { } else {
Write-Host " UDC JSON not found at $udcJson - skipping (UDC not installed?)" -ForegroundColor DarkGray Write-Host " UDC dir not found at $udcDir - skipping (UDC not installed?)" -ForegroundColor DarkGray
} }
# --- eDNC registry key --- # --- eDNC registry key ---