3ef981f19e
Reason: Intune DSC's main-category YAML was pushing these to every main device, including Timeclocks - DSC has no awareness of our pc-subtype distinction. After UDC/eDNC/NTLARS are removed from the DSC YAML, ongoing version drift would no longer be corrected. This enforcer replaces that, scoped correctly by subtype. Structure mirrors CMM (CMM-Enforce.ps1) and common (Acrobat-Enforce.ps1): - Machine-Enforce.ps1: SYSTEM logon task; mounts SFLD share with HKLM- backed creds; hands off to Install-FromManifest. - machineapps-manifest.template.json: repo reference; authoritative copy lives on the share at \\tsgwp00525.wjs.geaerospace.net\shared\dt\ shopfloor\main\machineapps\machineapps-manifest.json. - Register-MachineEnforce.ps1: idempotent setup; stages scripts to C:\Program Files\GE\MachineApps and registers the task. - lib/Install-FromManifest.ps1: copy of the common/ version (already has Type=CMD support). Sub-type gating belt-and-suspenders: - Run-ShopfloorSetup.ps1 only calls Register-MachineEnforce when $pcType -eq "Standard" -and $pcSubType -eq "Machine". - Machine-Enforce.ps1 itself re-reads pc-subtype.txt and exits early if not "Machine", so a mistakenly-deployed copy no-ops. site-config.json: - Added "machineappsSharePath" to Standard-Machine pcProfile. Drive letter U: to stay clear of CMM (S:) and Acrobat (T:) enforcers that may run concurrently at logon. Update workflow: drop new UDC/eDNC/NTLARS installer on the SFLD share, bump DetectionValue in machineapps-manifest.json, every Machine PC catches up on next user logon.
12 KiB
12 KiB