ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
05fa74574a8f72cb55253130db12d07e647613ef
pxe-server/playbook/shopfloor-setup/Shopfloor/sync_intune.bat
cproudlock 05fa74574a Intune sync: 3-step lockdown monitor, fix batch detection, remove backup_lockdown 
sync_intune.bat now monitors three stages sequentially:
1. SFLD registry key (device configuration received)
2. DSCInstall.log success string (DSC installation complete)
3. SFLD - Consume Credentials scheduled task (lockdown complete)
Triggers Intune sync before each poll. Prompts reboot on completion.

Fixed batch delayed expansion bugs, removed nested if/goto blocks.
Removed backup_lockdown.bat and its desktop copy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 10:52:31 -04:00

131 lines
4.1 KiB
Batchfile
Raw Blame History

@echo off
setlocal enabledelayedexpansion
title Intune Policy Sync
:: Self-elevate to administrator
net session >nul 2>&1
if !errorlevel! neq 0 (
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)
echo.
echo ========================================
echo Intune Policy Sync - %COMPUTERNAME%
echo ========================================
echo.
:: Show Intune Device ID and QR code
powershell -ExecutionPolicy Bypass -Command ^
"$dsreg = dsregcmd /status 2>&1; "^
"$line = $dsreg | Select-String DeviceId; "^
"if ($line) { "^
" $deviceId = $line.ToString().Split(':')[1].Trim(); "^
" Write-Host \"Intune Device ID: $deviceId\" -ForegroundColor Cyan; "^
" Write-Host ''; "^
" $dllPath = 'C:\Enrollment\shopfloor-setup\Shopfloor\QRCoder.dll'; "^
" if (Test-Path $dllPath) { "^
" Add-Type -Path $dllPath; "^
" $gen = New-Object QRCoder.QRCodeGenerator; "^
" $data = $gen.CreateQrCode($deviceId, [QRCoder.QRCodeGenerator+ECCLevel]::L); "^
" $ascii = New-Object QRCoder.AsciiQRCode($data); "^
" $qr = $ascii.GetGraphic(1, [char]0x2588 + [char]0x2588, ' '); "^
" Write-Host $qr; "^
" } else { "^
" Write-Host 'QRCoder.dll not found - skipping QR code' -ForegroundColor Yellow; "^
" } "^
"} else { "^
" Write-Host 'Device not yet Azure AD joined.' -ForegroundColor Yellow; "^
"}"
echo.
echo ========================================
echo Monitoring lockdown progress...
echo ========================================
echo Step 1: SFLD device configuration
echo Step 2: DSC installation
echo Step 3: SFLD - Consume Credentials task
echo ========================================
echo.
:: ---- STEP 1: Wait for SFLD registry key ----
echo [Step 1/3] Waiting for SFLD device configuration...
:poll_sfld
reg query "HKLM\Software\GE\SFLD" >nul 2>&1
if !errorlevel! equ 0 goto sfld_done
call :do_sync
echo Checking again in 15s...
timeout /t 15 /nobreak >nul
goto poll_sfld
:sfld_done
echo [DONE] SFLD device configuration received.
:: ---- STEP 2: Wait for DSC install completion ----
echo.
echo [Step 2/3] Waiting for DSC installation to complete...
:poll_dsc
set "dsc_ok=0"
if exist "C:\LOGS\SFLD\DSCInstall.log" (
findstr /C:"Installation completed successfully" "C:\LOGS\SFLD\DSCInstall.log" >nul 2>&1
if !errorlevel! equ 0 set "dsc_ok=1"
)
if !dsc_ok! equ 1 goto dsc_done
call :do_sync
echo Checking again in 15s...
timeout /t 15 /nobreak >nul
goto poll_dsc
:dsc_done
echo [DONE] DSC installation completed successfully.
:: ---- STEP 3: Wait for Consume Credentials scheduled task ----
echo.
echo [Step 3/3] Waiting for SFLD - Consume Credentials task...
:poll_task
schtasks /query /tn "SFLD - Consume Credentials" >nul 2>&1
if !errorlevel! equ 0 goto task_done
call :do_sync
echo Checking again in 15s...
timeout /t 15 /nobreak >nul
goto poll_task
:task_done
echo [DONE] SFLD - Consume Credentials task found.
:: ---- COMPLETE ----
echo.
echo ========================================
echo Shopfloor Lockdown complete!
echo ========================================
echo.
echo All 3 steps passed:
echo 1. SFLD device configuration
echo 2. DSC installation
echo 3. Consume Credentials task
echo.
echo A reboot is required to finalize.
echo.
choice /c YN /m "Reboot now"
if !errorlevel! equ 1 shutdown /r /t 5
exit /b
:: ---- Subroutine: trigger Intune sync ----
:do_sync
powershell -ExecutionPolicy Bypass -Command ^
"$enrollPath = 'HKLM:\SOFTWARE\Microsoft\Enrollments'; "^
"Get-ChildItem $enrollPath -ErrorAction SilentlyContinue | ForEach-Object { "^
" $provider = (Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).ProviderID; "^
" if ($provider -eq 'MS DM Server') { "^
" $id = $_.PSChildName; "^
" $taskPath = \"\Microsoft\Windows\EnterpriseMgmt\$id\\\"; "^
" Get-ScheduledTask -TaskPath $taskPath -ErrorAction SilentlyContinue | "^
" Where-Object { $_.TaskName -match 'Schedule #3' } | "^
" ForEach-Object { Start-ScheduledTask -InputObject $_ }; "^
" } "^
"}" >nul 2>&1
exit /b
Reference in New Issue View Git Blame Copy Permalink