ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ef981f19e253a9ad065dd571b1017814774ff7e
pxe-server/playbook/shopfloor-setup/Standard/machineapps-manifest.template.json
cproudlock 3ef981f19e Add Standard-Machine logon enforcer for UDC/eDNC/NTLARS 
Reason: Intune DSC's main-category YAML was pushing these to every main
device, including Timeclocks - DSC has no awareness of our pc-subtype
distinction. After UDC/eDNC/NTLARS are removed from the DSC YAML, ongoing
version drift would no longer be corrected. This enforcer replaces that,
scoped correctly by subtype.

Structure mirrors CMM (CMM-Enforce.ps1) and common (Acrobat-Enforce.ps1):
- Machine-Enforce.ps1: SYSTEM logon task; mounts SFLD share with HKLM-
  backed creds; hands off to Install-FromManifest.
- machineapps-manifest.template.json: repo reference; authoritative copy
  lives on the share at \\tsgwp00525.wjs.geaerospace.net\shared\dt\
  shopfloor\main\machineapps\machineapps-manifest.json.
- Register-MachineEnforce.ps1: idempotent setup; stages scripts to
  C:\Program Files\GE\MachineApps and registers the task.
- lib/Install-FromManifest.ps1: copy of the common/ version (already has
  Type=CMD support).

Sub-type gating belt-and-suspenders:
- Run-ShopfloorSetup.ps1 only calls Register-MachineEnforce when
  $pcType -eq "Standard" -and $pcSubType -eq "Machine".
- Machine-Enforce.ps1 itself re-reads pc-subtype.txt and exits early if
  not "Machine", so a mistakenly-deployed copy no-ops.

site-config.json:
- Added "machineappsSharePath" to Standard-Machine pcProfile.

Drive letter U: to stay clear of CMM (S:) and Acrobat (T:) enforcers
that may run concurrently at logon.

Update workflow:
  drop new UDC/eDNC/NTLARS installer on the SFLD share,
  bump DetectionValue in machineapps-manifest.json,
  every Machine PC catches up on next user logon.
2026-04-15 12:16:17 -04:00

37 lines
2.6 KiB
JSON
Raw Blame History

{
"Version": "1.0",
"_comment": "Standard-Machine shopfloor app enforcement manifest. This is the TEMPLATE kept in the repo; the authoritative copy lives on the SFLD share at \\\\tsgwp00525.wjs.geaerospace.net\\shared\\dt\\shopfloor\\main\\machineapps\\machineapps-manifest.json. Machine-Enforce.ps1 reads the share copy on every user logon via the 'GE Shopfloor Machine Apps Enforce' scheduled task (registered by Register-MachineEnforce.ps1 at imaging time, Standard-Machine only). Initial install still happens during the preinstall phase on the imaging PXE server; this enforcer is the ongoing drift-correction side. On a freshly-imaged PC detection passes immediately and the enforcer no-ops. Replaces DSC-based enforcement of these apps which was pulled because Intune DSC has no pc-subtype awareness and was pushing UDC/eDNC/NTLARS to Standard-Timeclock PCs.",
"Applications": [
{
"_comment": "UDC. Install args follow the preinstall.json pattern: Site name in quotes, then machine number placeholder (Configure-PC.ps1 re-runs UDC_Setup with the real machine number after imaging, so the placeholder is overwritten in HKLM at that point). KillAfterDetection is only meaningful during preinstall; the enforcer lets Install-FromManifest wait for the process normally.",
"Name": "UDC",
"Installer": "UDC_Setup.exe",
"Type": "EXE",
"InstallArgs": "\"West Jefferson\" 9999",
"DetectionMethod": "Registry",
"DetectionPath": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\UDC",
"DetectionName": "DisplayVersion",
"DetectionValue": "REPLACE_WITH_PINNED_UDC_VERSION"
},
{
"_comment": "eDNC 6.4.3. SITESELECTED is the property that encodes the site (was a recurring bug in early shopfloor-setup scripts that omitted it). Adjust to your site's value if not West Jefferson.",
"Name": "eDNC",
"Installer": "eDNC-6.4.3.msi",
"Type": "MSI",
"InstallArgs": "/qn /norestart ALLUSERS=1 REBOOT=ReallySuppress SITESELECTED=\"West Jefferson\"",
"DetectionMethod": "Registry",
"DetectionPath": "HKLM:\\SOFTWARE\\WOW6432Node\\GE Aircraft Engines\\DNC\\General",
"DetectionName": "MachineNo"
},
{
"_comment": "NTLARS. Replace installer filename + args once we know what the vendor ships. Registry detection path guessed from the Defect_Tracker pattern; verify with a real install before relying on it.",
"Name": "NTLARS",
"Installer": "NTLARS_Setup.exe",
"Type": "EXE",
"InstallArgs": "/S",
"DetectionMethod": "File",
"DetectionPath": "C:\\Program Files (x86)\\Dnc\\Common\\NTLARS.exe"
}
]
}
Reference in New Issue View Git Blame Copy Permalink