b69d68f7b5
Install-ProvisioningPackage triggers an immediate reboot that kills
run-enrollment.ps1 before it can register the sync_intune task or do
any post-install work. BPRT app installs happen on the NEXT boot, not
before the reboot.
Fix: move sync task registration into Run-ShopfloorSetup.ps1, executed
BEFORE calling run-enrollment.ps1. The task is safely registered while
we still have control. Then enrollment installs the PPKG and lets it
reboot. After reboot, BPRT finishes in background, sync task fires at
logon, monitors Intune enrollment (which is independent of BPRT).
Run-ShopfloorSetup.ps1:
- Registers "Shopfloor Intune Sync" @logon task after desktop tool
copies but BEFORE enrollment
- Flushes transcript before calling enrollment (since PPKG reboot
will kill us, ensures log is complete)
- Enrollment is the absolute last call
run-enrollment.ps1:
- Stripped to essentials: find PPKG, rename computer, set OOBE,
Install-ProvisioningPackage
- No BPRT polling (irrelevant - happens after reboot)
- No task registration (already done by caller)
- No shutdown call (PPKG handles it)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
63 lines
2.5 KiB
PowerShell
Executable File
63 lines
2.5 KiB
PowerShell
Executable File
# run-enrollment.ps1
|
|
# Installs GCCH enrollment provisioning package. That's it.
|
|
#
|
|
# Install-ProvisioningPackage triggers an immediate reboot -- nothing after
|
|
# that call executes. The sync_intune task and all other post-enrollment
|
|
# setup are registered by Run-ShopfloorSetup.ps1 BEFORE calling this script.
|
|
|
|
$ErrorActionPreference = 'Continue'
|
|
$logFile = "C:\Logs\enrollment.log"
|
|
New-Item -ItemType Directory -Path "C:\Logs" -Force -ErrorAction SilentlyContinue | Out-Null
|
|
|
|
function Log {
|
|
param([string]$Message)
|
|
$ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
|
|
$line = "$ts $Message"
|
|
Write-Host $line
|
|
Add-Content -Path $logFile -Value $line
|
|
}
|
|
|
|
Log "=== GE Aerospace GCCH Enrollment ==="
|
|
|
|
# --- Find the .ppkg ---
|
|
$ppkgFile = Get-ChildItem "C:\Enrollment\*.ppkg" -ErrorAction SilentlyContinue | Select-Object -First 1
|
|
if (-not $ppkgFile) {
|
|
Log "No .ppkg found in C:\Enrollment\ - skipping enrollment."
|
|
return
|
|
}
|
|
Log "Package: $($ppkgFile.Name)"
|
|
|
|
# --- Set computer name to E<serial> ---
|
|
$serial = (Get-CimInstance Win32_BIOS).SerialNumber
|
|
$newName = "E$serial"
|
|
Log "Setting computer name to $newName"
|
|
Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue
|
|
|
|
# --- Set OOBE complete (must happen before PPKG reboot) ---
|
|
Log "Setting OOBE as complete..."
|
|
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v OOBEComplete /t REG_DWORD /d 1 /f | Out-Null
|
|
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v SetupDisplayedEula /t REG_DWORD /d 1 /f | Out-Null
|
|
|
|
# --- Install provisioning package ---
|
|
# This triggers an IMMEDIATE reboot. Nothing below this line executes.
|
|
# BPRT app installs (Chrome, Office, Tanium, etc.) happen on the next boot.
|
|
# The sync_intune scheduled task (registered by Run-ShopfloorSetup.ps1
|
|
# before calling us) fires at the next logon to monitor Intune enrollment.
|
|
Log "Installing provisioning package (PPKG will reboot immediately)..."
|
|
try {
|
|
Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall
|
|
Log "Install-ProvisioningPackage returned (reboot may be imminent)."
|
|
} catch {
|
|
Log "ERROR: Install-ProvisioningPackage failed: $_"
|
|
Log "Attempting fallback with Add-ProvisioningPackage..."
|
|
try {
|
|
Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall
|
|
Log "Add-ProvisioningPackage returned."
|
|
} catch {
|
|
Log "ERROR: Fallback also failed: $_"
|
|
}
|
|
}
|
|
|
|
# If we get here, the PPKG didn't reboot immediately. Unlikely but handle it.
|
|
Log "PPKG did not trigger immediate reboot. Returning to caller."
|