pxe-server

ge-aerospace/pxe-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
cproudlock	d49f516b16	FlatUnattendW10: catch repo up to deployed state + Win10/Win11 search cleanup Two things in one pass because the repo copy was 162 lines behind the deployed one already: 1. Sync repo to the currently-deployed FlatUnattendW10.xml baseline (Java JRE 8 u441 + Java auto-update pins + Cortana/Bing/Search disable block that had been added on-server but never committed). 2. Prune three ineffective registry entries and replace the Bing suppression with a documented equivalent that works on both Win10 and Win11: - DROP #32 HKLM\...\Search\CortanaEnabled=0 Undocumented at HKLM (the real key is HKCU). No effect. - DROP #37 AllowCortanaAboveLock=0 Deprecated per AboveLock Policy CSP. Cortana app was removed from Win11 in Canary 25967 anyway. - REPLACE #34 BingSearchEnabled (HKLM, undocumented) with DisableSearchBoxSuggestions=1 written into the Default User hive so every new account inherits it. This is the Microsoft-documented kill-switch for Bing / web results in Start-menu search on both Win10 and Win11. Validated XML well-formed (xmllint + Python ET). RunSynchronous orders remain unique and ascending after the deletions. Deployed to both PXE servers under /srv/samba/winpeapps/{gea-engineer,gea-standard}/Deploy/ with timestamped .pre-winsearch-cleanup-* backups. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 16:55:16 -04:00
cproudlock	d6776f7c7f	Reorganize repo, enrollment share taxonomy, Blancco USB-build fixes, v4.10 PPKGs Workstation reorganization: - All build/deploy/helper scripts moved into scripts/ (paths updated to use REPO_ROOT instead of SCRIPT_DIR so they resolve sibling dirs from the new depth) - New config/ directory placeholder for site-specific overrides - Removed stale: mok-keys/, test-vm.sh, test-lab.sh, setup-guide-original.txt, unattend/ (duplicate of moved playbook/FlatUnattendW10.xml) - README.md and SETUP.md structure listings updated, dead "Testing with KVM" section removed - .claude/ gitignored Enrollment share internal taxonomy (forward-looking; existing servers unaffected since they keep their current boot.wim with flat paths): - Single SMB share kept (WinPE only mounts one Y: drive), but content now organised into ppkgs/, scripts/, config/, shopfloor-setup/, pre-install/{bios, installers}, installers-post/cmm/, blancco/, logs/ - README.md deployed to share root explaining each subdir - New playbook tasks deploy site-config.json + wait-for-internet.ps1 + migrate-to-wifi.ps1 explicitly (were ad-hoc on legacy servers) - BIOS subdir moved into pre-install/bios/, preinstall/ renamed to pre-install/ - startnet.cmd + startnet-template.cmd updated with new Y:\subdir\ paths - Bumped GCCH PPKG references v4.9 -> v4.10 Blancco USB-build fixes (so next fresh USB install boots Blancco end-to-end without the manual fixup we did against GOLD): - grub-blancco.cfg: kernel/initrd switched HTTP -> TFTP (GRUB's HTTP module times out on multi-MB files); added modprobe.blacklist=iwlwifi,iwlmvm,btusb (WiFi drivers hang udev on Intel business PCs) - grubx64.efi rebuilt from updated cfg - Playbook task added to create /srv/tftp/blancco/ symlinks pointing at the HTTP-served binaries run-enrollment.ps1: OOBEComplete is now set AFTER PPKG install (Win11 22H2+ hangs indefinitely if OOBEComplete is set before the bulk-enrollment PPKG runs). Also includes deploy-bios.sh / pull-bios.sh / busybox-static / models.txt that were sitting untracked at the repo root.	2026-04-14 16:01:02 -04:00

Author

SHA1

Message

Date

cproudlock

d49f516b16

FlatUnattendW10: catch repo up to deployed state + Win10/Win11 search cleanup

Two things in one pass because the repo copy was 162 lines behind the
deployed one already:

1. Sync repo to the currently-deployed FlatUnattendW10.xml baseline
   (Java JRE 8 u441 + Java auto-update pins + Cortana/Bing/Search
   disable block that had been added on-server but never committed).

2. Prune three ineffective registry entries and replace the Bing
   suppression with a documented equivalent that works on both Win10
   and Win11:
   - DROP #32  HKLM\...\Search\CortanaEnabled=0
               Undocumented at HKLM (the real key is HKCU). No effect.
   - DROP #37  AllowCortanaAboveLock=0
               Deprecated per AboveLock Policy CSP. Cortana app was
               removed from Win11 in Canary 25967 anyway.
   - REPLACE #34  BingSearchEnabled (HKLM, undocumented) with
                  DisableSearchBoxSuggestions=1 written into the
                  Default User hive so every new account inherits it.
                  This is the Microsoft-documented kill-switch for
                  Bing / web results in Start-menu search on both
                  Win10 and Win11.

Validated XML well-formed (xmllint + Python ET). RunSynchronous orders
remain unique and ascending after the deletions. Deployed to both PXE
servers under /srv/samba/winpeapps/{gea-engineer,gea-standard}/Deploy/
with timestamped .pre-winsearch-cleanup-* backups.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 16:55:16 -04:00

cproudlock

d6776f7c7f

Reorganize repo, enrollment share taxonomy, Blancco USB-build fixes, v4.10 PPKGs

Workstation reorganization:
- All build/deploy/helper scripts moved into scripts/ (paths updated to use
  REPO_ROOT instead of SCRIPT_DIR so they resolve sibling dirs from the new
  depth)
- New config/ directory placeholder for site-specific overrides
- Removed stale: mok-keys/, test-vm.sh, test-lab.sh, setup-guide-original.txt,
  unattend/ (duplicate of moved playbook/FlatUnattendW10.xml)
- README.md and SETUP.md structure listings updated, dead "Testing with KVM"
  section removed
- .claude/ gitignored

Enrollment share internal taxonomy (forward-looking; existing servers
unaffected since they keep their current boot.wim with flat paths):
- Single SMB share kept (WinPE only mounts one Y: drive), but content now
  organised into ppkgs/, scripts/, config/, shopfloor-setup/, pre-install/{bios,
  installers}, installers-post/cmm/, blancco/, logs/
- README.md deployed to share root explaining each subdir
- New playbook tasks deploy site-config.json + wait-for-internet.ps1 +
  migrate-to-wifi.ps1 explicitly (were ad-hoc on legacy servers)
- BIOS subdir moved into pre-install/bios/, preinstall/ renamed to pre-install/
- startnet.cmd + startnet-template.cmd updated with new Y:\subdir\ paths
- Bumped GCCH PPKG references v4.9 -> v4.10

Blancco USB-build fixes (so next fresh USB install boots Blancco end-to-end
without the manual fixup we did against GOLD):
- grub-blancco.cfg: kernel/initrd switched HTTP -> TFTP (GRUB's HTTP module
  times out on multi-MB files); added modprobe.blacklist=iwlwifi,iwlmvm,btusb
  (WiFi drivers hang udev on Intel business PCs)
- grubx64.efi rebuilt from updated cfg
- Playbook task added to create /srv/tftp/blancco/ symlinks pointing at the
  HTTP-served binaries

run-enrollment.ps1: OOBEComplete is now set AFTER PPKG install (Win11 22H2+
hangs indefinitely if OOBEComplete is set before the bulk-enrollment PPKG runs).

Also includes deploy-bios.sh / pull-bios.sh / busybox-static / models.txt
that were sitting untracked at the repo root.

2026-04-14 16:01:02 -04:00

2 Commits