a4de11814d
Force-Lockdown.bat (SupportUser desktop): Vendor escape hatch when Intune Lockdown push hasn't applied within ~30 minutes. Self-elevates via UAC, prompts for typed YES confirmation that an ARTS request is in place, then runs sfld_autologon.ps1. Register-MapSfldShare.ps1 (every PC type): The SFLD vendor's 'SFLD - Consume Credentials' scheduled task is principal-restricted (admin-only) so it fires for SupportUser logon but not for ShopFloor logon -- ShopFloor lands at the desktop with no S: drive and no way to reach \\tsgwp00525\shared. Workaround: register a parallel 'GE Shopfloor Map S: Drive' AtLogOn task with Principal=BUILTIN\Users + RunLevel=Limited that invokes the vendor's C:\ProgramData\SFLD\CredentialManager\ConsumeCredentials.ps1 in the interactive user's session. Vendor script handles cred-store + net use end to end; we just give it a wider trigger principal. Cross-PC-type because every shopfloor account needs S:. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
13 KiB
13 KiB