Office Click-to-Run installs the binaries when an Office-bearing ppkg
is selected (e.g. GCCH_Prod_SFLD_StdOffice-x86_*) but doesn't create
desktop shortcuts - operators only see Office in the Start Menu's
Microsoft 365 folder. This baseline script fills that gap.
Self-detects Office by EXE existence at C:\\Program Files\\Microsoft
Office\\root\\Office16\\ or the (x86) equivalent. No Office found =
silent no-op, so it's safe to run on every PC type (Display kiosks,
Wax/Trace, Keyence, etc.) without needing a per-type filter.
Creates Excel.lnk / Word.lnk / PowerPoint.lnk in two places:
- C:\\Users\\Public\\Desktop\\ - visible to all users immediately
- C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start
Menu\\Programs\\ - inherited by every NEW user profile created
on the device (Azure AD operator logons after enrollment)
Numbered 05- so it runs after 00-PreInstall and 04-NetworkAndWinRM
in the Shopfloor baseline sequence. Idempotent - WScript.Shell's
CreateShortcut overwrites existing .lnks each run.
Outlook / OneNote / Access / Publisher intentionally not shortcutted
(scope decision; can be added by extending the $officeApps array).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two related fixes for the desktop helper:
1. Stop hammering the Intune sync trigger every 15 seconds. The old
loop called :do_sync (Start-ScheduledTask on Schedule #3) on every
failed check, which started a fresh CSP pull before the previous
one had time to complete - the Intune engine treats a re-trigger
as "start over" and kills in-flight policy application work, so
nothing ever finished. New cadence: trigger sync once at the start
of each step, then poll every 30 s, only re-trigger every 6 polls
(~3 min). POLL_SECS and RETRIGGER_POLLS are top-of-script knobs.
2. Stop pushing the QR code off the top of the window. The old loop
echoed "Checking again in 15s..." on a new line every iteration,
so after a few minutes the QR code (which contains the device ID
the operator scans) had scrolled out of view. Replaced the per-
iteration echo with a single self-redrawing status line using a
captured CR character (copy /Z trick) and <nul set /p, padded to
clear leftover characters. Important transitions ("Re-triggering
sync...", "[DONE] ...") still print echo. lines so they survive in
the scrollback as permanent history.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three observability fixes that made the VC++ MSI failures actually
debuggable instead of showing "Exit code - FAILED" with an empty
value for every install:
1. Switch from Start-Process -PassThru (without -Wait) to
[System.Diagnostics.Process]::Start() with a ProcessStartInfo.
PowerShell 5.1 has a known bug where Start-Process disposes the
Process object's OS handle when control returns to the script,
so $proc.ExitCode reads as $null even after WaitForExit() - which
was causing every MSI install to be reported as failed regardless
of the actual result.
2. Pass /L*v <log> to msiexec on every MSI install so we get a full
verbose log per app at C:\Logs\PreInstall\msi-<safename>.log.
3. On install failure, scan the verbose log for *meaningful* lines
(Note: 1: <code>, "return value 3", custom action errors, "Failed
to", "Installation failed", common 2xxx error codes) instead of
tailing the last 25 lines, which is rollback/cleanup noise. This
surfaces the actual root-cause line directly in the runner log so
you don't have to dig through C:\Logs to diagnose.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace em-dash characters with plain hyphens across the 5 shopfloor
setup scripts (avoids cp1252 mojibake in .bat files and keeps the
PowerShell sources consistent). Also adds [Parameter(Position=1)] to
Write-PreInstallLog so the Level argument can be passed positionally.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a local-install pipeline so Standard shopfloor PCs get Oracle, the
VC++ redists (2008-2022), and UDC installed during PXE imaging via Samba
instead of pulling ~215 MB per device from Azure blob over the corporate
WAN. Intune DSC then verifies (already-installed apps are skipped) and
the only Azure traffic on the happy path is ~11 KB of CustomScripts
wrapper polling.
New files:
- playbook/preinstall/preinstall.json — curated app list with PCTypes
filter and per-app detection rules. Install order puts VC++ 2008
LAST so its (formerly) reboot-triggering bootstrapper doesn't kill
the runner mid-loop. (2008 itself now uses extracted vc_red.msi with
REBOOT=ReallySuppress; the reorder is defense in depth.)
- playbook/shopfloor-setup/Shopfloor/00-PreInstall-MachineApps.ps1 —
the runner. Numbered 00- so it runs first in the baseline sequence.
Reads preinstall.json, filters by PCTYPE, polls for completion via
detection check (handles UDC's hung WPF process by killing it once
detection passes), uses synchronous WriteThrough logging that
survives hard reboots, preserves log history across runs.
- playbook/shopfloor-setup/Standard/Set-MachineNumber.{ps1,bat} — desktop
helper for SupportUser. Reads current UDC + eDNC machine numbers,
prompts via VB InputBox, validates digits-only, kills running UDC,
edits both C:\ProgramData\UDC\udc_settings.json and HKLM\…\GE Aircraft
Engines\DNC\General\MachineNo, relaunches UDC. Lets a tech assign a
real machine number to a mass-produced PC without admin/LAPS.
- playbook/sync-preinstall.sh — workstation helper to push installer
binaries from /home/camp/pxe-images/main/ to the live PXE Samba.
Changes:
- playbook/startnet.cmd + startnet-template.cmd — add xcopy to stage
preinstall bundle from Y:\preinstall\ to W:\PreInstall\ during the
WinPE imaging phase, gated on PCTYPE being set.
- playbook/pxe_server_setup.yml — create /srv/samba/enrollment/preinstall
+ installers/ directories and deploy preinstall.json there.
- playbook/shopfloor-setup/Run-ShopfloorSetup.ps1 — bump AutoLogonCount
to 99 at start (defense against any installer triggering an immediate
reboot mid-dispatcher; final line still resets to 2 on successful
completion). Copy Set-MachineNumber.{ps1,bat} to SupportUser desktop
on Standard PCs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete 02-OpenTextCSF.ps1 (CSF profile delivery moved to Intune YAML's
CopyFiles section in main/device-config.yaml — no longer needed at the
PXE/baseline layer)
- Strip MarkZebra install + post-config from 01-eDNC.ps1 (no longer
needed; only eDNC core install + Dnc x86→x64 mirror + Site reg + eMxInfo
deployment remain). Section numbering tightened.
- Add SITESELECTED="West Jefferson" to eDNC msiexec args so the MSI's
site-specific Components (NtLarsWjfRegComp — FTP/FMS/PPDCS hosts +
credentials) actually install. Without it, only the bare Site value was
being set and all the connection details were unconfigured.
- gitignore: blanket-block any **/eMxInfo*.txt from being committed —
the file contains obfuscated eDNC site credentials and must never go
in git. Canonical source lives at /home/camp/pxe-images/main/eMxInfo.txt
outside the repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bundles QRCoder.dll (184KB, .NET 4.0) to render the Azure AD device
GUID as a scannable QR code in the console when sync_intune.bat runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- AutoLogonCount reduced from 2 to 1 in Run-ShopfloorSetup.ps1
- Remove default pinned Start Menu tiles and set blank layout for future users
- Add sync_intune.bat: triggers MDM sync and polls for SFLD group policies
- Update README.md and SETUP.md with current project state (boot chain, new
scripts, samba shares, webapp pages, commit history)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix check-bios.cmd: replace parenthesized if blocks with goto labels
(cmd.exe fails silently with if/else on network-mapped drives)
- Move BIOS check files to winpeapps/_shared/BIOS for reliable SMB access
- Add network wait loop before BIOS check in startnet.cmd
- Show firmware status in WinPE menu header (BIOS_STATUS variable)
- Add BypassNRO registry key to skip OOBE network requirement
- Refactor download-drivers.py with --parallel N flag (ThreadPoolExecutor)
- Set SupportUser AutoLogonCount to 3 in shopfloor unattend
- Add shutdown -a at start + shutdown /r /t 10 at end of Run-ShopfloorSetup.ps1
- Switch download-drivers.py from wget to curl for reliable stall detection
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
