ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Shopfloor imaging: CMM type, Configure-PC override fix, serial drivers

Browse Source 
- CMM imaging pipeline: WinPE-staged bootstrap + on-logon enforcer
  against tsgwp00525 share, manifest-driven installer runner shared via
  Install-FromManifest.ps1. Installs PC-DMIS 2016/2019 R2, CLM 1.8,
  goCMM; enables .NET 3.5 prereq; registers GE CMM Enforce logon task
  for ongoing version enforcement.
- Shopfloor serial drivers: StarTech PCIe serial + Prolific PL2303
  USB-to-serial via Install-Drivers.cmd wrapper calling pnputil
  /add-driver /subdirs /install. Scoped to Standard PCs.
- OpenText extended to CMM/Keyence/Genspect/WaxAndTrace via
  preinstall.json PCTypes; Defect Tracker added to CMM profile
  desktopApps + taskbarPins.
- Configure-PC startup-item toggle now persists across the logon
  sweep via C:\\ProgramData\\GE\\Shopfloor\\startup-overrides.json;
  06-OrganizeDesktop Phase 3 respects suppressed items.
- Get-ProfileValue helper added to Shopfloor/lib/Get-PCProfile.ps1;
  distinguishes explicit empty array from missing key (fixes Lab
  getting Plant Apps in startup because empty array was falsy).
- 06-OrganizeDesktop gains transcript logging at C:\\Logs\\SFLD\\
  06-OrganizeDesktop.log and now deletes the stale Shopfloor Intune
  Sync task when C:\\Enrollment\\sync-complete.txt is present (task
  was registered with Limited principal and couldn't self-unregister).
- startnet.cmd CMM xcopy block (gated on pc-type=CMM) stages the
  bundle to W:\\CMM-Install during WinPE.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-11 12:58:47 -04:00
parent bc123c1066
commit ee7d3bad66
17 changed files with 1069 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

331
playbook/shopfloor-setup/CMM/01-Setup-CMM.ps1
View File

@@ -1,173 +1,198 @@
# 01-Setup-CMM.ps1 - CMM-specific setup (runs after Shopfloor baseline)
# 01-Setup-CMM.ps1 - CMM type setup (runs during shopfloor-setup phase).
#
# Installs Hexagon CMM applications from a network share using credentials
# stored in the SFLD registry by SetupCredentials.ps1 (PPKG phase).
# At imaging time the tsgwp00525 SFLD share is NOT yet reachable - Azure DSC
# has not provisioned the share credentials that early. So we install from a
# WinPE-staged local copy at C:\CMM-Install (put there by startnet.cmd when
# the tech picks pc-type=CMM), then register a logon-triggered scheduled
# task that runs CMM-Enforce.ps1 for ongoing updates from the share.
#
# Unlike Standard PC apps (which are pre-staged locally via preinstall.json
# or pulled from Azure Blob via DSC), CMM apps live on a file share and
# are installed directly from there. The share credentials come from the
# PPKG's YAML config and are already in the registry by the time this
# script runs.
# Sequence:
# 1. Enable .NET Framework 3.5 (PC-DMIS 2016 prereq on Win10/11 where 3.5
# is an off-by-default optional feature).
# 2. Run Install-FromManifest against C:\CMM-Install\cmm-manifest.json.
# 3. Stage Install-FromManifest.ps1 + CMM-Enforce.ps1 + the manifest to
# C:\Program Files\GE\CMM so the scheduled task has them after imaging.
# 4. Register a SYSTEM scheduled task "GE CMM Enforce" that runs
# CMM-Enforce.ps1 on any user logon.
# 5. Delete C:\CMM-Install to reclaim the ~2 GB of bootstrap installers.
# The share-side enforcer takes over from here.
#
# The share path and app list are read from site-config.json's CMM profile
# when available, with hardcoded West Jefferson defaults as fallback.
#
# PLACEHOLDER: specific app installers (PC-DMIS, CLM License, etc.) are
# not yet finalized. The framework below handles credential lookup, share
# mounting, and has slots for each install step.
# Log: C:\Logs\CMM\01-Setup-CMM.log (stdout from this script) plus the
# install-time log at C:\Logs\CMM\install.log written by Install-FromManifest.
Write-Host "=== CMM Setup ==="
$ErrorActionPreference = 'Continue'
# --- Load site config + PC profile ---
. "$PSScriptRoot\..\Shopfloor\lib\Get-PCProfile.ps1"
$stagingRoot = 'C:\CMM-Install'
$stagingMani = Join-Path $stagingRoot 'cmm-manifest.json'
$libSource = Join-Path $PSScriptRoot 'lib\Install-FromManifest.ps1'
$enforceSource = Join-Path $PSScriptRoot 'CMM-Enforce.ps1'
# --- Configuration ---
# Share path for Hexagon CMM installers. Read from profile config,
# fall back to the known West Jefferson path.
$defaultSharePath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\cmm\hexagon\machineapps'
$runtimeRoot = 'C:\Program Files\GE\CMM'
$runtimeLibDir = Join-Path $runtimeRoot 'lib'
$runtimeLib = Join-Path $runtimeLibDir 'Install-FromManifest.ps1'
$runtimeEnforce = Join-Path $runtimeRoot 'CMM-Enforce.ps1'
$sharePath = $defaultSharePath
if ($pcProfile -and $pcProfile.cmmSharePath) {
$sharePath = $pcProfile.cmmSharePath
} elseif ($siteConfig -and $siteConfig.pcProfiles -and $siteConfig.pcProfiles.CMM -and $siteConfig.pcProfiles.CMM.cmmSharePath) {
$sharePath = $siteConfig.pcProfiles.CMM.cmmSharePath
$logDir = 'C:\Logs\CMM'
$logFile = Join-Path $logDir 'install.log'
$transcriptLog = Join-Path $logDir '01-Setup-CMM.log'
if (-not (Test-Path $logDir)) {
New-Item -Path $logDir -ItemType Directory -Force | Out-Null
}
Write-Host " Share: $sharePath"
# Independent transcript in addition to whatever Run-ShopfloorSetup.ps1 is
# capturing at the top level. Lets a tech open C:\Logs\CMM\01-Setup-CMM.log
# and see the entire CMM-type setup run without scrolling through the
# monolithic shopfloor-setup.log.
try { Start-Transcript -Path $transcriptLog -Append -Force | Out-Null } catch {}
# ============================================================================
# Credential lookup - reads from HKLM:\SOFTWARE\GE\SFLD\Credentials\*
# Written by SetupCredentials.ps1 during the PPKG phase. We scan all
# credential entries and find one whose TargetHost matches the share's
# server name.
# ============================================================================
function Get-SFLDCredential {
param([string]$ServerName)
$basePath = 'HKLM:\SOFTWARE\GE\SFLD\Credentials'
if (-not (Test-Path $basePath)) {
Write-Warning "SFLD credential registry not found at $basePath"
return $null
}
$entries = Get-ChildItem -Path $basePath -ErrorAction SilentlyContinue
foreach ($entry in $entries) {
$props = Get-ItemProperty -Path $entry.PSPath -ErrorAction SilentlyContinue
if (-not $props) { continue }
$targetHost = $props.TargetHost
if (-not $targetHost) { continue }
# Match by hostname (with or without domain suffix)
if ($targetHost -eq $ServerName -or
$targetHost -like "$ServerName.*" -or
$ServerName -like "$targetHost.*") {
return @{
Username = $props.Username
Password = $props.Password
TargetHost = $targetHost
KeyName = $entry.PSChildName
}
}
}
Write-Warning "No SFLD credential found for server '$ServerName'"
return $null
function Write-CMMLog {
param([string]$Message, [string]$Level = 'INFO')
$stamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Write-Host "[$stamp] [$Level] $Message"
}
# ============================================================================
# Mount the share
# ============================================================================
# Extract server name from UNC path: \\server\share\... -> server
$serverName = ($sharePath -replace '^\\\\', '') -split '\\' | Select-Object -First 1
Write-CMMLog "================================================================"
Write-CMMLog "=== CMM Setup (imaging-time) session start (PID $PID) ==="
Write-CMMLog "Running as: $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)"
Write-CMMLog "================================================================"
$cred = Get-SFLDCredential -ServerName $serverName
$driveLetter = 'S:'
if ($cred) {
Write-Host " Credential: $($cred.KeyName) (user: $($cred.Username))"
} else {
Write-Host " No credential found for $serverName - attempting guest/current-user access"
}
# Disconnect any stale mapping
net use $driveLetter /delete /y 2>$null | Out-Null
$mountOk = $false
if ($cred -and $cred.Username -and $cred.Password) {
$result = & net use $driveLetter $sharePath /user:$($cred.Username) $($cred.Password) /persistent:no 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host " Mounted $sharePath as $driveLetter"
$mountOk = $true
# Diagnostic dump - knowing WHY the script took a branch is half the battle.
Write-CMMLog "Script root: $PSScriptRoot"
foreach ($file in @('pc-type.txt','pc-subtype.txt','machine-number.txt')) {
$path = "C:\Enrollment\$file"
if (Test-Path -LiteralPath $path) {
$content = (Get-Content -LiteralPath $path -First 1 -ErrorAction SilentlyContinue).Trim()
Write-CMMLog " $file = $content"
} else {
Write-Warning " net use failed (exit $LASTEXITCODE): $result"
Write-CMMLog " $file = (not present)"
}
}
if (Test-Path $stagingRoot) {
$bootstrapFiles = @(Get-ChildItem -LiteralPath $stagingRoot -File -ErrorAction SilentlyContinue)
Write-CMMLog "Bootstrap staging: $stagingRoot ($($bootstrapFiles.Count) files)"
foreach ($f in $bootstrapFiles) {
Write-CMMLog " - $($f.Name) ($([math]::Round($f.Length/1MB)) MB)"
}
} else {
# Try without explicit credentials (rely on CredMan or current user)
$result = & net use $driveLetter $sharePath /persistent:no 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host " Mounted $sharePath as $driveLetter (no explicit creds)"
$mountOk = $true
Write-CMMLog "Bootstrap staging: $stagingRoot (DOES NOT EXIST - startnet.cmd did not stage it)" "ERROR"
}
# ============================================================================
# Step 1: Enable .NET Framework 3.5
# ============================================================================
# PC-DMIS 2016 lists .NET 3.5 as a prereq for some older components. On Win10/
# Win11 it's an optional Windows feature that is OFF by default. Enable-
# WindowsOptionalFeature pulls the payload from Windows Update when the PC
# has internet; sources from the installed Windows image otherwise. Idempotent
# (no-op if already enabled). We swallow failures because if internet and
# media are both unavailable this becomes a known gap rather than an imaging
# blocker - we'd still rather try to install PC-DMIS and surface the real
# failure in its log.
Write-CMMLog "Checking .NET Framework 3.5 state..."
try {
$netfx = Get-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -ErrorAction Stop
if ($netfx.State -eq 'Enabled') {
Write-CMMLog " .NET 3.5 already enabled"
} else {
Write-Warning " net use failed (exit $LASTEXITCODE): $result"
Write-CMMLog " .NET 3.5 state is $($netfx.State) - enabling now (may take a minute)..."
$result = Enable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -All -NoRestart -ErrorAction Stop
Write-CMMLog " Enable-WindowsOptionalFeature RestartNeeded=$($result.RestartNeeded)"
}
} catch {
Write-CMMLog " Failed to enable .NET 3.5: $_" "WARN"
Write-CMMLog " Continuing anyway - PC-DMIS installers will surface any hard dependency."
}
# ============================================================================
# Step 2: Install apps from the WinPE-staged bootstrap at C:\CMM-Install
# ============================================================================
if (-not (Test-Path $stagingRoot)) {
Write-CMMLog "$stagingRoot does not exist - startnet.cmd did not stage CMM installers" "ERROR"
Write-CMMLog "Skipping install. The logon enforcer will pick up from the share when SFLD creds are available."
}
elseif (-not (Test-Path $stagingMani)) {
Write-CMMLog "$stagingMani missing - staging directory is incomplete" "ERROR"
}
elseif (-not (Test-Path $libSource)) {
Write-CMMLog "Shared library not found at $libSource" "ERROR"
}
else {
Write-CMMLog "Running Install-FromManifest against $stagingRoot"
& $libSource -ManifestPath $stagingMani -InstallerRoot $stagingRoot -LogFile $logFile
$rc = $LASTEXITCODE
Write-CMMLog "Install-FromManifest returned $rc"
}
# ============================================================================
# Step 3: Stage runtime scripts to C:\Program Files\GE\CMM
# ============================================================================
# These files survive past the bootstrap cleanup so the logon-triggered
# scheduled task can run them. The manifest is staged as well so the enforcer
# has a fallback in case the share copy is unreachable on first logon.
Write-CMMLog "Staging runtime scripts to $runtimeRoot"
foreach ($dir in @($runtimeRoot, $runtimeLibDir)) {
if (-not (Test-Path $dir)) {
New-Item -Path $dir -ItemType Directory -Force | Out-Null
}
}
Copy-Item -Path $libSource -Destination $runtimeLib -Force
Copy-Item -Path $enforceSource -Destination $runtimeEnforce -Force
# ============================================================================
# Step 4: Register "GE CMM Enforce" scheduled task (logon trigger, SYSTEM)
# ============================================================================
$taskName = 'GE CMM Enforce'
# Drop any stale version first so re-imaging is idempotent.
$existing = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
if ($existing) {
Write-CMMLog "Removing existing scheduled task '$taskName'"
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
}
Write-CMMLog "Registering scheduled task '$taskName' (logon trigger, SYSTEM)"
try {
$action = New-ScheduledTaskAction `
-Execute 'powershell.exe' `
-Argument "-NoProfile -ExecutionPolicy Bypass -File `"$runtimeEnforce`""
$trigger = New-ScheduledTaskTrigger -AtLogOn
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet `
-AllowStartIfOnBatteries `
-DontStopIfGoingOnBatteries `
-StartWhenAvailable `
-ExecutionTimeLimit (New-TimeSpan -Hours 2) `
-MultipleInstances IgnoreNew
Register-ScheduledTask `
-TaskName $taskName `
-Action $action `
-Trigger $trigger `
-Principal $principal `
-Settings $settings `
-Description 'GE CMM: enforce Hexagon apps against tsgwp00525 SFLD share on user logon' | Out-Null
Write-CMMLog "Scheduled task registered"
} catch {
Write-CMMLog "Failed to register scheduled task: $_" "ERROR"
}
# ============================================================================
# Step 5: Clean up the bootstrap staging dir
# ============================================================================
# ~2 GB reclaimed. From here on, CMM-Enforce.ps1 runs against the tsgwp00525
# share, which is the canonical source for ongoing updates.
if (Test-Path $stagingRoot) {
Write-CMMLog "Deleting bootstrap staging at $stagingRoot"
try {
Remove-Item -LiteralPath $stagingRoot -Recurse -Force -ErrorAction Stop
Write-CMMLog "Bootstrap cleanup complete"
} catch {
Write-CMMLog "Failed to delete $stagingRoot : $_" "WARN"
}
}
if (-not $mountOk) {
Write-Warning "Cannot access $sharePath - skipping CMM app installs."
Write-Host "=== CMM Setup Complete (share unavailable) ==="
exit 0
}
# ============================================================================
# Install apps from the share
#
# PLACEHOLDER: uncomment and adjust when app details are finalized.
# Each block follows the pattern:
# 1. Find installer on the share
# 2. Run it with silent args
# 3. Check exit code
# 4. Log result
# ============================================================================
$installRoot = $driveLetter
# --- Example: CLM Tools (license manager, install first) ---
# $clm = Get-ChildItem -Path $installRoot -Filter "CLM_*.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
# if ($clm) {
# Write-Host "Installing CLM Tools: $($clm.Name)..."
# $p = Start-Process -FilePath $clm.FullName -ArgumentList "-q -norestart" -Wait -PassThru
# Write-Host " CLM Tools exit code: $($p.ExitCode)"
# } else {
# Write-Warning "CLM Tools installer not found (expected CLM_*.exe)"
# }
# --- Example: PC-DMIS 2016 ---
# $pcdmis16 = Get-ChildItem -Path $installRoot -Filter "Pcdmis2016*x64.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
# if ($pcdmis16) {
# Write-Host "Installing PC-DMIS 2016: $($pcdmis16.Name)..."
# $p = Start-Process -FilePath $pcdmis16.FullName -ArgumentList "-q INSTALLPDFCONVERTER=0 INSTALLOFFLINEHELP=0 HEIP=0 -norestart" -Wait -PassThru
# Write-Host " PC-DMIS 2016 exit code: $($p.ExitCode)"
# } else {
# Write-Warning "PC-DMIS 2016 installer not found"
# }
# --- Example: PC-DMIS 2019 R2 ---
# $pcdmis19 = Get-ChildItem -Path $installRoot -Filter "Pcdmis2019*x64.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
# if ($pcdmis19) {
# Write-Host "Installing PC-DMIS 2019 R2: $($pcdmis19.Name)..."
# $p = Start-Process -FilePath $pcdmis19.FullName -ArgumentList "-q INSTALLPDFCONVERTER=0 INSTALLOFFLINEHELP=0 HEIP=0 -norestart" -Wait -PassThru
# Write-Host " PC-DMIS 2019 exit code: $($p.ExitCode)"
# } else {
# Write-Warning "PC-DMIS 2019 installer not found"
# }
Write-Host " (no apps configured yet - uncomment install blocks when ready)"
# ============================================================================
# Cleanup
# ============================================================================
Write-Host "Disconnecting $driveLetter..."
net use $driveLetter /delete /y 2>$null | Out-Null
Write-Host "=== CMM Setup Complete ==="
Write-CMMLog "=== CMM Setup Complete ==="
try { Stop-Transcript | Out-Null } catch {}