diff --git a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 index 4b8a604..461b85b 100644 --- a/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 +++ b/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 @@ -41,38 +41,6 @@ function Report-Stage { } Report-Stage -Stage 'Run-ShopfloorSetup: starting' -Index 2 -# ---- Pre-stage GE Machine Auth (802.1X / AESFMA WiFi) profiles ---- -# Drops the V02 MA package (8021x.xml + AESFMA.xml + bat) to a known -# location and imports profiles to every physical wired/wireless NIC. -# Profile XML is GE-internal (Intune-managed PSK + RADIUS root CA -# thumbprint) so it lives on the PXE enrollment share, NOT git. -# -# Effect: bay has the AESFMA WiFi profile ready (connectionMode=auto). -# Once Intune SCEP cert provisioning lands (a few minutes after PPKG -# enrollment), the WLAN service auto-joins AESFMA and the bay gets a -# real GE corp 10.x address. GE Report-IP script then sees that 10.x, -# POSTs cleanly to the webhook, dynamic group eligibility flips, SFLD -# ConfigurationProfile delivers, Phase 2 completes naturally. -$maShare = '\\10.9.100.1\enrollment\MachineAuth' -$maLocal = 'C:\Windows\Options\Packages\GEAerospace_MA_4x1_V02' -if (Test-Path -LiteralPath $maShare) { - try { - if (-not (Test-Path $maLocal)) { New-Item -ItemType Directory -Path $maLocal -Force | Out-Null } - Copy-Item -Path (Join-Path $maShare '*') -Destination $maLocal -Recurse -Force -ErrorAction Stop - $maBat = Join-Path $maLocal 'MA4NetworkConfigv2.bat' - if (Test-Path -LiteralPath $maBat) { - Write-Host "Running MA4NetworkConfigv2.bat (imports 8021x + AESFMA profiles)..." - Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', "`"$maBat`"" -Wait -NoNewWindow -ErrorAction SilentlyContinue - } else { - Write-Warning "MA bat not at $maBat - profiles NOT imported." - } - } catch { - Write-Warning "MachineAuth stage failed: $_" - } -} else { - Write-Warning "MachineAuth share not reachable at $maShare - skipping profile import." -} - # AutoLogonCount is NOT set here. Previously we bumped it to 99/4, but # Windows decrements it per-logon and at 0 clears AutoAdminLogon -- which # nukes the lockdown-configured ShopFloor autologon later in the chain.