Unified Common-Enforce for cross-type apps, add WJF Defect Tracker
Replaces the Acrobat-only enforcer with a generic Common-Enforce that
handles all cross-PC-type apps from one manifest + one scheduled task
on the SFLD share at \\tsgwp00525\shared\dt\shopfloor\common\apps\.
Renames:
Acrobat-Enforce.ps1 -> Common-Enforce.ps1
Register-AcrobatEnforce -> Register-CommonEnforce
acrobat-manifest.json -> common-apps-manifest.json
common.acrobatSharePath -> common.commonAppsSharePath
'GE Acrobat Enforce' task -> 'GE Common Apps Enforce' task
C:\Program Files\GE\Acrobat -> C:\Program Files\GE\CommonApps
Register-CommonEnforce cleans up the legacy 'GE Acrobat Enforce' task
if present from a prior image.
WJF Defect Tracker (replaces ClickOnce):
- Added to preinstall.json (PCTypes=*, fleet-wide imaging-time install)
- MSI staged on PXE at pre-install/installers/
- Added to common-apps-manifest with FileVersion detection on
C:\Program Files\WJF_Defect_Tracker\Defect_Tracker.exe
- site-config + 06-OrganizeDesktop: shortcut changed from ClickOnce
'existing' to exe-path pointing at the MSI-installed binary
- Update workflow: drop new MSI on share, bump DetectionValue
CMM 09-Setup-CMM: added goCMM + DODA to the ACL grant list.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
91
playbook/shopfloor-setup/common/Register-CommonEnforce.ps1
Normal file
91
playbook/shopfloor-setup/common/Register-CommonEnforce.ps1
Normal file
@@ -0,0 +1,91 @@
|
||||
# Register-CommonEnforce.ps1 - Stage Common-Enforce.ps1 + Install-FromManifest
|
||||
# and register the 'GE Common Apps Enforce' logon task. Cross-PC-type: called
|
||||
# from Run-ShopfloorSetup.ps1 for every shopfloor image.
|
||||
#
|
||||
# Replaces the former Acrobat-only enforcer with a single task that handles
|
||||
# all common apps (Acrobat, Defect Tracker, future additions) from one
|
||||
# manifest on the SFLD share.
|
||||
|
||||
$ErrorActionPreference = 'Continue'
|
||||
|
||||
$installRoot = 'C:\Program Files\GE\CommonApps'
|
||||
$runtimeLib = Join-Path $installRoot 'lib\Install-FromManifest.ps1'
|
||||
$runtimeEnforce = Join-Path $installRoot 'Common-Enforce.ps1'
|
||||
$logDir = 'C:\Logs\CommonApps'
|
||||
$setupLog = Join-Path $logDir 'setup.log'
|
||||
|
||||
$sourceLib = Join-Path $PSScriptRoot 'lib\Install-FromManifest.ps1'
|
||||
$sourceEnforce = Join-Path $PSScriptRoot 'Common-Enforce.ps1'
|
||||
|
||||
if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
|
||||
if (-not (Test-Path $installRoot)) { New-Item -Path $installRoot -ItemType Directory -Force | Out-Null }
|
||||
if (-not (Test-Path (Join-Path $installRoot 'lib'))) {
|
||||
New-Item -Path (Join-Path $installRoot 'lib') -ItemType Directory -Force | Out-Null
|
||||
}
|
||||
|
||||
function Write-SetupLog {
|
||||
param([string]$Message, [string]$Level = 'INFO')
|
||||
$line = "[{0}] [{1}] {2}" -f (Get-Date -Format 'yyyy-MM-dd HH:mm:ss'), $Level, $Message
|
||||
Write-Host $line
|
||||
Add-Content -Path $setupLog -Value $line -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Write-SetupLog "=== Register-CommonEnforce start ==="
|
||||
|
||||
foreach ($pair in @(
|
||||
@{ Src = $sourceLib; Dst = $runtimeLib },
|
||||
@{ Src = $sourceEnforce; Dst = $runtimeEnforce }
|
||||
)) {
|
||||
if (-not (Test-Path $pair.Src)) {
|
||||
Write-SetupLog "Source not found: $($pair.Src) - cannot stage" "ERROR"
|
||||
continue
|
||||
}
|
||||
Copy-Item -Path $pair.Src -Destination $pair.Dst -Force
|
||||
Write-SetupLog "Staged $($pair.Src) -> $($pair.Dst)"
|
||||
}
|
||||
|
||||
# Clean up old Acrobat-only enforcer if present (from prior images).
|
||||
foreach ($oldTask in @('GE Acrobat Enforce')) {
|
||||
$old = Get-ScheduledTask -TaskName $oldTask -ErrorAction SilentlyContinue
|
||||
if ($old) {
|
||||
Write-SetupLog "Removing legacy task '$oldTask'"
|
||||
Unregister-ScheduledTask -TaskName $oldTask -Confirm:$false -ErrorAction SilentlyContinue
|
||||
}
|
||||
}
|
||||
|
||||
$taskName = 'GE Common Apps Enforce'
|
||||
$existing = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
|
||||
if ($existing) {
|
||||
Write-SetupLog "Removing existing scheduled task '$taskName'"
|
||||
Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Write-SetupLog "Registering scheduled task '$taskName' (logon trigger, SYSTEM)"
|
||||
try {
|
||||
$action = New-ScheduledTaskAction `
|
||||
-Execute 'powershell.exe' `
|
||||
-Argument "-NoProfile -ExecutionPolicy Bypass -File `"$runtimeEnforce`""
|
||||
|
||||
$trigger = New-ScheduledTaskTrigger -AtLogOn
|
||||
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
|
||||
$settings = New-ScheduledTaskSettingsSet `
|
||||
-AllowStartIfOnBatteries `
|
||||
-DontStopIfGoingOnBatteries `
|
||||
-StartWhenAvailable `
|
||||
-ExecutionTimeLimit (New-TimeSpan -Minutes 30) `
|
||||
-MultipleInstances IgnoreNew
|
||||
|
||||
Register-ScheduledTask `
|
||||
-TaskName $taskName `
|
||||
-Action $action `
|
||||
-Trigger $trigger `
|
||||
-Principal $principal `
|
||||
-Settings $settings `
|
||||
-Description 'GE Common Apps: enforce Acrobat, Defect Tracker, and other cross-type apps against tsgwp00525 SFLD share on user logon' | Out-Null
|
||||
|
||||
Write-SetupLog "Scheduled task registered"
|
||||
} catch {
|
||||
Write-SetupLog "Failed to register scheduled task: $_" "ERROR"
|
||||
}
|
||||
|
||||
Write-SetupLog "=== Register-CommonEnforce end ==="
|
||||
Reference in New Issue
Block a user