8848fca88a
Acrobat Reader enforcement:
- playbook/shopfloor-setup/common/ is the cross-PC-type staging dir. Mirrors
CMM/ structure (enforce script + its Install-FromManifest copy + manifest
template + register script).
- Acrobat-Enforce.ps1 runs as SYSTEM on every logon, reads
acrobatSharePath from site-config.common, mounts the SFLD share with
the same HKLM-backed credential lookup CMM-Enforce uses, hands the
acrobat-manifest.json from the share to Install-FromManifest.
- Install-FromManifest extended with Type=CMD so it can invoke vendor-
supplied .cmd wrappers (Install-AcroReader.cmd does a two-step MSI+MSP
install that does not fit MSI/EXE types cleanly). cmd.exe /c wraps it
because UseShellExecute=false cannot launch .cmd directly.
- Register-AcrobatEnforce.ps1 stages scripts to C:\Program Files\GE\Acrobat
and registers "GE Acrobat Enforce" scheduled task. Called from
Run-ShopfloorSetup.ps1 right before the enrollment (PPKG) step so it
applies to every PC type, not just CMM.
- acrobat-manifest.template.json is the repo reference; the authoritative
copy lives on the SFLD share at
\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\common\acrobat\
Bumping Acrobat updates = drop new MSP on share, bump DetectionValue in
manifest; enforcer catches every PC on next logon.
- site-config.json: add "common": { "acrobatSharePath": ... }. Uses a
new top-level block rather than a PC-type-specific one since Acrobat
applies everywhere.
Initial install still happens via the preinstall flow
(Install-AcroReader.cmd during WinPE). The enforcer is the ongoing-
updates side; on a freshly-imaged PC detection passes and it no-ops.
Also in this commit:
- run-enrollment.ps1: provtool.exe argument syntax fix. First test
returned 0x80004005 E_FAIL in 1s because /ppkg: and /log: are not
valid provtool flags; the cmdlet's internal call used positional
path + /quiet + /source. Switched to that syntax.
18 lines
1.5 KiB
JSON
18 lines
1.5 KiB
JSON
{
|
|
"Version": "1.0",
|
|
"_comment": "Adobe Acrobat Reader DC enforcement manifest. This is the TEMPLATE kept in the repo; the authoritative copy lives on the SFLD share at \\\\tsgwp00525.wjs.geaerospace.net\\shared\\dt\\shopfloor\\common\\acrobat\\acrobat-manifest.json. Acrobat-Enforce.ps1 reads the share copy on every user logon via the 'GE Acrobat Enforce' scheduled task. To push a new Acrobat update to the entire fleet: drop the new AcroRdrDCUpd*.msp in the share, update Install-AcroReader.cmd to reference its filename, bump DetectionValue below to the new version string, and the enforcer catches every PC on next logon. Initial install still happens during preinstall (not this enforcer) - the enforcer only kicks in when detection fails, which on fresh installs is never.",
|
|
"Applications": [
|
|
{
|
|
"_comment": "Two-step install (MSI + MST transform, then MSP patch) done via the vendor-shipped Install-AcroReader.cmd wrapper. Wrapper uses %~dp0 so it finds AcroRead.msi, AcroRead.mst, Data1.cab, and AcroRdrDCUpd*.msp next to itself on the share. DetectionValue pins the patched version: bump it when replacing the MSP.",
|
|
"Name": "Adobe Acrobat Reader DC",
|
|
"Installer": "Install-AcroReader.cmd",
|
|
"Type": "CMD",
|
|
"LogFile": "C:\\Logs\\Acrobat\\install.log",
|
|
"DetectionMethod": "Registry",
|
|
"DetectionPath": "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}",
|
|
"DetectionName": "DisplayVersion",
|
|
"DetectionValue": "25.001.20531"
|
|
}
|
|
]
|
|
}
|