# Run-ShopfloorSetup.ps1 - Dispatcher for shopfloor PC type setup # Runs Shopfloor baseline scripts first, then type-specific scripts on top. param( # Stage-Dispatcher.ps1 passes -FromDispatcher to bypass the stage-file # gate below. When called by the unattend's FirstLogonCommands (no flag), # the gate defers to the dispatcher if a stage file exists. [switch]$FromDispatcher ) # --- Stage-file gate --- # If run-enrollment.ps1 wrote a stage file, the imaging chain is managed by # Stage-Dispatcher.ps1 via RunOnce. Exit immediately so the FirstLogonCommands # chain finishes, the PPKG reboot fires, and the dispatcher takes over on # the next boot. Without this gate, the unattend's FirstLogonCommands runs # this script right after run-enrollment in the same session (before the # PPKG reboot), bypassing the entire staged chain. if (-not $FromDispatcher) { $stageFile = 'C:\Enrollment\setup-stage.txt' if (Test-Path -LiteralPath $stageFile) { $stage = (Get-Content -LiteralPath $stageFile -First 1 -ErrorAction SilentlyContinue) Write-Host "Stage file found ($stage) - deferring to Stage-Dispatcher.ps1 on next logon." exit 0 } } # --- Transcript logging --- # Captures everything the dispatcher and all child scripts write to host so # we can diagnose setup failures after the fact. -Append + -Force so repeat # invocations (e.g. after a reboot mid-setup) accumulate instead of clobbering. $logDir = 'C:\Logs\SFLD' if (-not (Test-Path $logDir)) { try { New-Item -ItemType Directory -Path $logDir -Force | Out-Null } catch { $logDir = $env:TEMP } } $transcriptPath = Join-Path $logDir 'shopfloor-setup.log' try { Start-Transcript -Path $transcriptPath -Append -Force | Out-Null } catch {} Write-Host "" Write-Host "================================================================" Write-Host "=== Run-ShopfloorSetup.ps1 starting $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ===" Write-Host " Transcript: $transcriptPath" Write-Host "================================================================" Write-Host "" # Bump AutoLogonCount HIGH at the start so reboots during setup (e.g. VC++ 2008 # triggering an immediate ExitWindowsEx) don't exhaust autologin attempts before # the dispatcher can complete. The end-of-script reset puts it back to 2 once # everything succeeds. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null # Cancel any pending reboot so it doesn't interrupt setup cmd /c "shutdown /a 2>nul" *>$null # Prompt user to unplug from PXE switch before re-enabling wired adapters Write-Host "" Write-Host "========================================" -ForegroundColor Yellow Write-Host " UNPLUG the ethernet cable from the" -ForegroundColor Yellow Write-Host " PXE imaging switch NOW." -ForegroundColor Yellow Write-Host "========================================" -ForegroundColor Yellow Write-Host "" Write-Host "Press any key to continue..." -ForegroundColor Yellow $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") # Re-enable wired adapters Get-NetAdapter -Physical | Where-Object { $_.InterfaceDescription -notmatch 'Wi-Fi|Wireless' } | Enable-NetAdapter -Confirm:$false -ErrorAction SilentlyContinue $enrollDir = "C:\Enrollment" $typeFile = Join-Path $enrollDir "pc-type.txt" $setupDir = Join-Path $enrollDir "shopfloor-setup" if (-not (Test-Path $typeFile)) { Write-Host "No pc-type.txt found - skipping shopfloor setup." exit 0 } $pcType = (Get-Content $typeFile -First 1).Trim() if (-not $pcType) { Write-Host "pc-type.txt is empty - skipping shopfloor setup." exit 0 } Write-Host "Shopfloor PC Type: $pcType" # Scripts to skip in the alphabetical baseline loop. Each is either run # explicitly in the finalization phase below, or invoked internally by # another script: # # 05 - Office shortcuts. Invoked by 06 as Phase 0. Office isn't installed # until after the first reboot, so 05 no-ops on the imaging run. # 06's SYSTEM logon task re-runs it on the second boot. # 06 - Desktop org. Phase 2 needs eDNC/NTLARS on disk (installed by # type-specific 01-eDNC.ps1). Run in finalization phase. # 07 - Taskbar pin layout. Reads 06's output. Run in finalization phase. # 08 - Edge default browser + startup tabs. Invoked by 06 as Phase 4. # Reads .url files delivered by DSC (after setup reboots). 06's # SYSTEM logon task re-runs it to pick them up. $skipInBaseline = @( '05-OfficeShortcuts.ps1', '06-OrganizeDesktop.ps1', '07-TaskbarLayout.ps1', '08-EdgeDefaultBrowser.ps1', 'Check-MachineNumber.ps1', 'Configure-PC.ps1' ) # Scripts run AFTER type-specific scripts complete. 05 and 08 are NOT # here because 06 calls them internally as sub-phases. $runAfterTypeSpecific = @( '06-OrganizeDesktop.ps1', '07-TaskbarLayout.ps1' ) # --- Run Shopfloor baseline scripts first (skipping deferred ones) --- $baselineDir = Join-Path $setupDir "Shopfloor" if (Test-Path $baselineDir) { $scripts = Get-ChildItem -Path $baselineDir -Filter "*.ps1" -File | Sort-Object Name foreach ($script in $scripts) { if ($skipInBaseline -contains $script.Name) { Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)" continue } cmd /c "shutdown /a 2>nul" *>$null Write-Host "Running baseline: $($script.Name)" try { & $script.FullName } catch { Write-Warning "Baseline script $($script.Name) failed: $_" } } } # --- Run type-specific scripts (if not just baseline Shopfloor) --- if ($pcType -ne "Shopfloor") { $typeDir = Join-Path $setupDir $pcType if (Test-Path $typeDir) { # Only run numbered scripts (01-eDNC.ps1, 02-MachineNumberACLs.ps1). # Unnumbered .ps1 files (Set-MachineNumber.ps1) are desktop tools, # not installer scripts, and must not auto-run during setup. $scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File | Where-Object { $_.Name -match '^\d' } | Sort-Object Name foreach ($script in $scripts) { cmd /c "shutdown /a 2>nul" *>$null Write-Host "Running $pcType setup: $($script.Name)" try { & $script.FullName } catch { Write-Warning "Script $($script.Name) failed: $_" } } } else { Write-Host "No type-specific scripts found for $pcType." } } # --- Finalization: run deferred baseline scripts (desktop org, taskbar pins) # --- # These needed to wait until all apps (eDNC, NTLARS, UDC, OpenText) were # installed by the baseline + type-specific phases above. 06 internally # calls 05 (Office shortcuts) and 08 (Edge config) as sub-phases, so we # only need to invoke 06 and 07 explicitly here. foreach ($name in $runAfterTypeSpecific) { $script = Join-Path $baselineDir $name if (-not (Test-Path $script)) { Write-Warning "Deferred script not found: $script" continue } cmd /c "shutdown /a 2>nul" *>$null Write-Host "Running deferred baseline: $name" try { & $script } catch { Write-Warning "Deferred script $name failed: $_" } } Write-Host "Shopfloor setup complete for $pcType." # Copy utility scripts to SupportUser desktop foreach ($tool in @('sync_intune.bat', 'Configure-PC.bat')) { $src = Join-Path $setupDir "Shopfloor\$tool" if (Test-Path $src) { Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$tool" -Force Write-Host "$tool copied to desktop." } } # Standard PCs get the UDC/eDNC machine number helper if ($pcType -eq "Standard") { foreach ($helper in @("Set-MachineNumber.bat", "Set-MachineNumber.ps1")) { $src = Join-Path $setupDir "Standard\$helper" if (Test-Path $src) { Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$helper" -Force Write-Host "$helper copied to SupportUser desktop." } } } # Set auto-logon to expire after 2 more logins reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 2 /f | Out-Null Write-Host "Auto-logon set to 2 remaining logins." Write-Host "" Write-Host "================================================================" Write-Host "=== Run-ShopfloorSetup.ps1 complete $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ===" Write-Host "================================================================" # Flush transcript before shutdown so the log file is complete on next boot try { Stop-Transcript | Out-Null } catch {} if ($FromDispatcher) { # Dispatcher owns the reboot — it cancels ours and reboots on its own # terms after advancing the stage and re-registering RunOnce. We still # schedule one as a safety net (dispatcher cancels it immediately). Write-Host "Returning to Stage-Dispatcher for reboot." shutdown /r /t 30 } else { # Standalone run (manual or legacy FirstLogonCommands) — reboot directly. Write-Host "Rebooting in 10 seconds..." shutdown /r /t 10 }