f3211dfd29
Rolls up everything from the CMM imaging test iteration tonight. No
single concern - several small, related polish items on the option-3
patched-MSI pipeline and the shopfloor-setup / sync_intune handoff.
- Rename all type-specific "01-Setup-<Type>.ps1" scripts to
"09-Setup-<Type>.ps1" across CMM, Display, Genspect, Keyence, Lab,
and WaxAndTrace. The "01-" prefix implied the script runs first in
the overall sequence when it actually runs between baseline (00, 04)
and finalization (06, 07). Logs now read "Running CMM setup:
09-Setup-CMM.ps1" which matches the real position. Standard/
01-eDNC.ps1 + 02-MachineNumberACLs.ps1 left alone - those digits
represent real within-type ordering.
- playbook/shopfloor-setup/site-config.json CMM profile updates:
- startupItems = [] (empty). Previously had WJ Shopfloor auto-launch
which the user does not want on CMM workstations. Now relies on
the Get-ProfileValue empty-array fix to not fall through to site
defaults.
- desktopApps + taskbarPins gain entries for PC-DMIS 2016, PC-DMIS
2019 R2, CLM Admin, and goCMM so 06-OrganizeDesktop Phase 2
materializes them into C:\\Users\\Public\\Desktop\\Shopfloor Tools\\
and 07-TaskbarLayout pins them. goCMM is under C:\\Program Files
(x86)\\General Electric\\goCMM\\ (GE product, not Hexagon).
- playbook/shopfloor-setup/Run-ShopfloorSetup.ps1: remove the blocking
"UNPLUG ethernet cable, press any key" prompt + the interactive
wired-NIC re-enable. The whole prompt block was a hard blocker on
the imaging chain that required a human to walk to each PC.
- playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1:
re-enable wired NICs unconditionally at the top of the transcript.
This is the new home for the re-enable that used to live behind the
prompt in Run-ShopfloorSetup. By the time sync_intune fires (after
PPKG reboot + auto-login + Stage-Dispatcher), the tech has had
minutes of wall-clock time to physically rewire from PXE to
production without us blocking on a keypress. Tower case is a
no-op because migrate-to-wifi.ps1 already left wired enabled.
- Internal comment updates in 09-Setup-CMM.ps1, cmm-manifest.json,
Install-FromManifest.ps1, and startnet.cmd (+ startnet-template)
to reflect the new filename.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
261 lines
11 KiB
PowerShell
261 lines
11 KiB
PowerShell
# Run-ShopfloorSetup.ps1 - Main dispatcher for shopfloor PC type setup.
|
|
#
|
|
# Flow:
|
|
# 1. PreInstall apps (Oracle, VC++, OpenText, UDC) -- from local bundle
|
|
# 2. Type-specific scripts (eDNC, ACLs, CMM share apps, etc.)
|
|
# 3. Deferred baseline (desktop org, taskbar pins)
|
|
# 4. Copy desktop tools (sync_intune, Configure-PC, Set-MachineNumber)
|
|
# 5. Run enrollment (PPKG install + wait for completion)
|
|
# 6. Register sync_intune as @logon scheduled task
|
|
# 7. Reboot -- PPKG file operations complete, sync_intune fires on next logon
|
|
#
|
|
# Called by the unattend FirstLogonCommands as SupportUser (admin).
|
|
|
|
# --- Transcript logging ---
|
|
$logDir = 'C:\Logs\SFLD'
|
|
if (-not (Test-Path $logDir)) {
|
|
try { New-Item -ItemType Directory -Path $logDir -Force | Out-Null } catch { $logDir = $env:TEMP }
|
|
}
|
|
$transcriptPath = Join-Path $logDir 'shopfloor-setup.log'
|
|
try { Start-Transcript -Path $transcriptPath -Append -Force | Out-Null } catch {}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "=== Run-ShopfloorSetup.ps1 starting $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ==="
|
|
Write-Host " Transcript: $transcriptPath"
|
|
Write-Host "================================================================"
|
|
Write-Host ""
|
|
|
|
# Bump AutoLogonCount HIGH at the start so reboots during setup (e.g. VC++ 2008
|
|
# triggering an immediate ExitWindowsEx) don't exhaust autologin attempts before
|
|
# the dispatcher can complete. The end-of-script reset puts it back to 2 once
|
|
# everything succeeds.
|
|
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null
|
|
|
|
# Cancel any pending reboot so it doesn't interrupt setup
|
|
cmd /c "shutdown /a 2>nul" *>$null
|
|
|
|
# Wired NIC state handling moved to sync_intune (Monitor-IntuneProgress.ps1).
|
|
# Previously this script prompted the tech to unplug the PXE cable and
|
|
# then re-enabled wired adapters interactively - that blocked the whole
|
|
# imaging chain on human keypress. The new flow leaves the wired state
|
|
# exactly as Order 5 (migrate-to-wifi.ps1) left it:
|
|
# - Tower (no WiFi): wired stays enabled, Run-ShopfloorSetup runs on wired.
|
|
# - Laptop (WiFi): wired disabled, Run-ShopfloorSetup runs on WiFi.
|
|
# Sync_intune re-enables wired at the start of its monitor loop, by which
|
|
# time the tech has had ample wall-clock time to physically unplug PXE
|
|
# and re-cable into production without blocking the chain on a keypress.
|
|
|
|
$enrollDir = "C:\Enrollment"
|
|
$typeFile = Join-Path $enrollDir "pc-type.txt"
|
|
$setupDir = Join-Path $enrollDir "shopfloor-setup"
|
|
|
|
if (-not (Test-Path $typeFile)) {
|
|
Write-Host "No pc-type.txt found - skipping shopfloor setup."
|
|
exit 0
|
|
}
|
|
|
|
$pcType = (Get-Content $typeFile -First 1).Trim()
|
|
if (-not $pcType) {
|
|
Write-Host "pc-type.txt is empty - skipping shopfloor setup."
|
|
exit 0
|
|
}
|
|
|
|
Write-Host "Shopfloor PC Type: $pcType"
|
|
|
|
# Scripts to skip in the alphabetical baseline loop. Each is either run
|
|
# explicitly in the finalization phase below, or invoked internally by
|
|
# another script:
|
|
#
|
|
# 05 - Office shortcuts. Invoked by 06 as Phase 0. Office isn't installed
|
|
# until after the PPKG + reboot, so 05 no-ops initially. 06's SYSTEM
|
|
# logon task re-runs it on the next boot.
|
|
# 06 - Desktop org. Phase 2 needs eDNC/NTLARS on disk (installed by
|
|
# type-specific 01-eDNC.ps1). Run in finalization phase.
|
|
# 07 - Taskbar pin layout. Reads 06's output. Run in finalization phase.
|
|
# 08 - Edge default browser + startup tabs. Invoked by 06 as Phase 4.
|
|
# Reads .url files delivered by DSC (after Intune enrollment). 06's
|
|
# SYSTEM logon task re-runs it to pick them up.
|
|
$skipInBaseline = @(
|
|
'05-OfficeShortcuts.ps1',
|
|
'06-OrganizeDesktop.ps1',
|
|
'07-TaskbarLayout.ps1',
|
|
'08-EdgeDefaultBrowser.ps1',
|
|
'Check-MachineNumber.ps1',
|
|
'Configure-PC.ps1'
|
|
)
|
|
|
|
# Scripts run AFTER type-specific scripts complete. 05 and 08 are NOT
|
|
# here because 06 calls them internally as sub-phases.
|
|
$runAfterTypeSpecific = @(
|
|
'06-OrganizeDesktop.ps1',
|
|
'07-TaskbarLayout.ps1'
|
|
)
|
|
|
|
# --- Run Shopfloor baseline scripts first (skipping deferred ones) ---
|
|
$baselineDir = Join-Path $setupDir "Shopfloor"
|
|
if (Test-Path $baselineDir) {
|
|
$scripts = Get-ChildItem -Path $baselineDir -Filter "*.ps1" -File | Sort-Object Name
|
|
foreach ($script in $scripts) {
|
|
if ($skipInBaseline -contains $script.Name) {
|
|
Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)"
|
|
continue
|
|
}
|
|
cmd /c "shutdown /a 2>nul" *>$null
|
|
Write-Host "Running baseline: $($script.Name)"
|
|
try {
|
|
& $script.FullName
|
|
} catch {
|
|
Write-Warning "Baseline script $($script.Name) failed: $_"
|
|
}
|
|
}
|
|
}
|
|
|
|
# --- Run type-specific scripts (if not just baseline Shopfloor) ---
|
|
if ($pcType -ne "Shopfloor") {
|
|
$typeDir = Join-Path $setupDir $pcType
|
|
if (Test-Path $typeDir) {
|
|
# Only run numbered scripts (01-eDNC.ps1, 02-MachineNumberACLs.ps1).
|
|
# Unnumbered .ps1 files (Set-MachineNumber.ps1) are desktop tools,
|
|
# not installer scripts, and must not auto-run during setup.
|
|
$scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File |
|
|
Where-Object { $_.Name -match '^\d' } |
|
|
Sort-Object Name
|
|
foreach ($script in $scripts) {
|
|
cmd /c "shutdown /a 2>nul" *>$null
|
|
Write-Host "Running $pcType setup: $($script.Name)"
|
|
try {
|
|
& $script.FullName
|
|
} catch {
|
|
Write-Warning "Script $($script.Name) failed: $_"
|
|
}
|
|
}
|
|
} else {
|
|
Write-Host "No type-specific scripts found for $pcType."
|
|
}
|
|
}
|
|
|
|
# --- Finalization: run deferred baseline scripts (desktop org, taskbar pins)
|
|
# ---
|
|
# These needed to wait until all apps (eDNC, NTLARS, UDC, OpenText) were
|
|
# installed by the baseline + type-specific phases above. 06 internally
|
|
# calls 05 (Office shortcuts) and 08 (Edge config) as sub-phases, so we
|
|
# only need to invoke 06 and 07 explicitly here.
|
|
foreach ($name in $runAfterTypeSpecific) {
|
|
$script = Join-Path $baselineDir $name
|
|
if (-not (Test-Path $script)) {
|
|
Write-Warning "Deferred script not found: $script"
|
|
continue
|
|
}
|
|
cmd /c "shutdown /a 2>nul" *>$null
|
|
Write-Host "Running deferred baseline: $name"
|
|
try {
|
|
& $script
|
|
} catch {
|
|
Write-Warning "Deferred script $name failed: $_"
|
|
}
|
|
}
|
|
|
|
Write-Host "Shopfloor setup complete for $pcType."
|
|
|
|
# --- Copy utility scripts to SupportUser desktop ---
|
|
foreach ($tool in @('sync_intune.bat', 'Configure-PC.bat')) {
|
|
$src = Join-Path $setupDir "Shopfloor\$tool"
|
|
if (Test-Path $src) {
|
|
Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$tool" -Force
|
|
Write-Host "$tool copied to desktop."
|
|
}
|
|
}
|
|
|
|
# Standard PCs get the UDC/eDNC machine number helper
|
|
if ($pcType -eq "Standard") {
|
|
foreach ($helper in @("Set-MachineNumber.bat", "Set-MachineNumber.ps1")) {
|
|
$src = Join-Path $setupDir "Standard\$helper"
|
|
if (Test-Path $src) {
|
|
Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$helper" -Force
|
|
Write-Host "$helper copied to SupportUser desktop."
|
|
}
|
|
}
|
|
}
|
|
|
|
# --- Register sync_intune as persistent @logon scheduled task ---
|
|
# Must be registered BEFORE enrollment because Install-ProvisioningPackage
|
|
# triggers an immediate reboot that kills run-enrollment.ps1. The task
|
|
# registration must survive the PPKG reboot, so we do it here while
|
|
# Run-ShopfloorSetup.ps1 is still running.
|
|
#
|
|
# The task fires at every logon until sync_intune detects completion and
|
|
# unregisters itself. It monitors Intune enrollment (Phase 1-5), NOT BPRT
|
|
# app installs -- BPRT finishes on its own in the background after the
|
|
# PPKG reboot, and is irrelevant to the Intune lifecycle.
|
|
$taskName = 'Shopfloor Intune Sync'
|
|
$monitorScript = Join-Path $setupDir 'Shopfloor\lib\Monitor-IntuneProgress.ps1'
|
|
$configureScript = Join-Path $setupDir 'Shopfloor\Configure-PC.ps1'
|
|
|
|
if (Test-Path -LiteralPath $monitorScript) {
|
|
try {
|
|
$action = New-ScheduledTaskAction `
|
|
-Execute 'powershell.exe' `
|
|
-Argument "-NoProfile -NoExit -ExecutionPolicy Bypass -File `"$monitorScript`" -AsTask -ConfigureScript `"$configureScript`""
|
|
|
|
$trigger = New-ScheduledTaskTrigger -AtLogOn
|
|
|
|
$principal = New-ScheduledTaskPrincipal `
|
|
-GroupId 'S-1-5-32-545' `
|
|
-RunLevel Limited
|
|
|
|
$settings = New-ScheduledTaskSettingsSet `
|
|
-AllowStartIfOnBatteries `
|
|
-DontStopIfGoingOnBatteries `
|
|
-StartWhenAvailable `
|
|
-ExecutionTimeLimit (New-TimeSpan -Hours 2)
|
|
|
|
Register-ScheduledTask `
|
|
-TaskName $taskName `
|
|
-Action $action `
|
|
-Trigger $trigger `
|
|
-Principal $principal `
|
|
-Settings $settings `
|
|
-Force `
|
|
-ErrorAction Stop | Out-Null
|
|
|
|
Write-Host "Registered '$taskName' logon task."
|
|
} catch {
|
|
Write-Warning "Failed to register sync task: $_"
|
|
}
|
|
} else {
|
|
Write-Warning "Monitor-IntuneProgress.ps1 not found at $monitorScript"
|
|
}
|
|
|
|
# Set auto-logon to expire after 4 more logins (2 needed for sync_intune
|
|
# pre-reboot + post-reboot, plus 2 margin for unexpected reboots from
|
|
# Windows Update, PPKG file operations, or script crashes).
|
|
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 4 /f | Out-Null
|
|
Write-Host "Auto-logon set to 4 remaining logins."
|
|
|
|
# --- Run enrollment (PPKG install) ---
|
|
# Enrollment is the LAST thing we do. Install-ProvisioningPackage triggers
|
|
# an immediate reboot -- everything after this call is unlikely to execute.
|
|
# The sync_intune task is already registered above, so the PPKG reboot
|
|
# can kill us and the chain continues on the next boot.
|
|
$enrollScript = Join-Path $enrollDir 'run-enrollment.ps1'
|
|
if (Test-Path -LiteralPath $enrollScript) {
|
|
Write-Host ""
|
|
Write-Host "=== Running enrollment (PPKG install) ==="
|
|
Write-Host "NOTE: PPKG will trigger an immediate reboot. This is expected."
|
|
try { Stop-Transcript | Out-Null } catch {}
|
|
& $enrollScript
|
|
# If we get here, the PPKG didn't reboot (maybe no PPKG file found).
|
|
Write-Host "Enrollment returned without rebooting. Rebooting now..."
|
|
shutdown /r /t 10
|
|
} else {
|
|
Write-Host "run-enrollment.ps1 not found - skipping enrollment."
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "=== Run-ShopfloorSetup.ps1 complete $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ==="
|
|
Write-Host "================================================================"
|
|
try { Stop-Transcript | Out-Null } catch {}
|
|
Write-Host "Rebooting in 10 seconds..."
|
|
shutdown /r /t 10
|
|
}
|