# 02-MachineNumberACLs.ps1 - NO-OP (deprecated 2026-05-24).
#
# This script used to grant BUILTIN\Users SetValue on the eDNC reg key
# and Modify on the UDC ProgramData dir so the logged-in user could
# update machine number from the Check-MachineNumber logon dialog without
# elevation.
#
# That design had two flaws:
#   1. Security hole - any logged-in user could overwrite the machine-
#      identity reg key.
#   2. Fragile - ACL grants raced with eDNC install timing on some bays;
#      the OpenSubKey call returned null + the grant was silently skipped,
#      leaving Check-MachineNumber unable to update the bay (yet the old
#      Update-MachineNumber.ps1 reported success anyway because
#      Set-ItemProperty's PermissionDenied is non-terminating).
#
# Replaced by the two-task design in Register-CheckMachineNumberTask.ps1:
#   - "Prompt Machine Number"  : user-context GUI, no privileges
#   - "Apply Machine Number"   : SYSTEM-context worker, full HKLM access
#
# Left as a no-op so Stage-Dispatcher / Run-ShopfloorSetup discovery
# patterns don't have to be updated. Existing bays' ACL grants are still
# present and harmless (the SYSTEM Apply task ignores them).

$logDir = 'C:\Logs\SFLD'
if (-not (Test-Path $logDir)) { try { New-Item -ItemType Directory -Path $logDir -Force | Out-Null } catch {} }
try { Start-Transcript -Path (Join-Path $logDir '02-MachineNumberACLs.log') -Append -Force | Out-Null } catch {}
Write-Host "02-MachineNumberACLs.ps1: no-op (replaced by SYSTEM Apply task - see Register-CheckMachineNumberTask.ps1)"
try { Stop-Transcript | Out-Null } catch {}