pxe-server

ge-aerospace/pxe-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
cproudlock	2ab6055125	Fix ShopFloor autologon persistence, S: drive mapping, sync throttle AutoLogonCount depletion: Run-ShopfloorSetup set AutoLogonCount=4 for SupportUser. Windows decrements per-logon; at 0 it clears AutoAdminLogon + DefaultPassword, nuking the lockdown-configured ShopFloor autologon. Fix: delete AutoLogonCount in Invoke-SetupComplete before the lockdown reboot. ShopFloor's Autologon.exe-set config persists indefinitely. Sync_intune window on ShopFloor: The marker-check path used 'exit 0' but the task runs with -NoExit, leaving a dangling PowerShell window on every ShopFloor logon. Fix: [Environment]::Exit(0) kills the host outright, defeating -NoExit. S: drive mapping: Vendor ConsumeCredentials.ps1 calls New-StoredCredential -Persist LocalMachine (needs admin) before net use. ShopFloor is non-admin so cred-store fails silently and net use has no auth. Fix: new Map-SfldShare.ps1 reads HKLM creds and passes them inline to net use /user: -- no Credential Manager needed, works as Limited. Register-MapSfldShare updated to stage + reference our script. Wired NIC re-enable: SYSTEM task polls for SFLD creds (Phase 5), re-enables wired NICs, self-deletes. Replaces the broken Enable-NetAdapter in Monitor (Limited principal can't enable NICs). No-WiFi devices unaffected (migrate-to-wifi never disables, re-enable is a no-op). Sync throttle: 15 min retrigger when only waiting for lockdown (was 5 min for all phases). Avoids interrupting the Intune Remediation script. Defect Tracker path: All references corrected to C:\Program Files (x86)\WJF_Defect_Tracker. QR code retry: Build-QRCodeText retried every poll cycle until DeviceId appears (was single-shot that could miss the dsregcmd timing window). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 12:29:02 -04:00
cproudlock	a4de11814d	Force-Lockdown.bat + S: drive logon mapper for ShopFloor end-user Force-Lockdown.bat (SupportUser desktop): Vendor escape hatch when Intune Lockdown push hasn't applied within ~30 minutes. Self-elevates via UAC, prompts for typed YES confirmation that an ARTS request is in place, then runs sfld_autologon.ps1. Register-MapSfldShare.ps1 (every PC type): The SFLD vendor's 'SFLD - Consume Credentials' scheduled task is principal-restricted (admin-only) so it fires for SupportUser logon but not for ShopFloor logon -- ShopFloor lands at the desktop with no S: drive and no way to reach \\tsgwp00525\shared. Workaround: register a parallel 'GE Shopfloor Map S: Drive' AtLogOn task with Principal=BUILTIN\Users + RunLevel=Limited that invokes the vendor's C:\ProgramData\SFLD\CredentialManager\ConsumeCredentials.ps1 in the interactive user's session. Vendor script handles cred-store + net use end to end; we just give it a wider trigger principal. Cross-PC-type because every shopfloor account needs S:. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 18:31:18 -04:00

Author

SHA1

Message

Date

cproudlock

2ab6055125

Fix ShopFloor autologon persistence, S: drive mapping, sync throttle

AutoLogonCount depletion:
  Run-ShopfloorSetup set AutoLogonCount=4 for SupportUser. Windows
  decrements per-logon; at 0 it clears AutoAdminLogon + DefaultPassword,
  nuking the lockdown-configured ShopFloor autologon. Fix: delete
  AutoLogonCount in Invoke-SetupComplete before the lockdown reboot.
  ShopFloor's Autologon.exe-set config persists indefinitely.

Sync_intune window on ShopFloor:
  The marker-check path used 'exit 0' but the task runs with -NoExit,
  leaving a dangling PowerShell window on every ShopFloor logon. Fix:
  [Environment]::Exit(0) kills the host outright, defeating -NoExit.

S: drive mapping:
  Vendor ConsumeCredentials.ps1 calls New-StoredCredential -Persist
  LocalMachine (needs admin) before net use. ShopFloor is non-admin so
  cred-store fails silently and net use has no auth. Fix: new
  Map-SfldShare.ps1 reads HKLM creds and passes them inline to
  net use /user: -- no Credential Manager needed, works as Limited.
  Register-MapSfldShare updated to stage + reference our script.

Wired NIC re-enable:
  SYSTEM task polls for SFLD creds (Phase 5), re-enables wired NICs,
  self-deletes. Replaces the broken Enable-NetAdapter in Monitor
  (Limited principal can't enable NICs). No-WiFi devices unaffected
  (migrate-to-wifi never disables, re-enable is a no-op).

Sync throttle:
  15 min retrigger when only waiting for lockdown (was 5 min for all
  phases). Avoids interrupting the Intune Remediation script.

Defect Tracker path:
  All references corrected to C:\Program Files (x86)\WJF_Defect_Tracker.

QR code retry:
  Build-QRCodeText retried every poll cycle until DeviceId appears
  (was single-shot that could miss the dsregcmd timing window).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-16 12:29:02 -04:00

cproudlock

a4de11814d

Force-Lockdown.bat + S: drive logon mapper for ShopFloor end-user

Force-Lockdown.bat (SupportUser desktop):
  Vendor escape hatch when Intune Lockdown push hasn't applied within
  ~30 minutes. Self-elevates via UAC, prompts for typed YES confirmation
  that an ARTS request is in place, then runs sfld_autologon.ps1.

Register-MapSfldShare.ps1 (every PC type):
  The SFLD vendor's 'SFLD - Consume Credentials' scheduled task is
  principal-restricted (admin-only) so it fires for SupportUser logon
  but not for ShopFloor logon -- ShopFloor lands at the desktop with
  no S: drive and no way to reach \\tsgwp00525\shared. Workaround:
  register a parallel 'GE Shopfloor Map S: Drive' AtLogOn task with
  Principal=BUILTIN\Users + RunLevel=Limited that invokes the vendor's
  C:\ProgramData\SFLD\CredentialManager\ConsumeCredentials.ps1 in the
  interactive user's session. Vendor script handles cred-store + net use
  end to end; we just give it a wider trigger principal. Cross-PC-type
  because every shopfloor account needs S:.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 18:31:18 -04:00

2 Commits