ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d441abd20f69b3986dbe02ae9bc97474cd6b29c4
pxe-server/playbook/shopfloor-setup/gea-shopfloor-cmm/scripts/Modify-PCDMISRights.ps1
cproudlock 1d65103cc0 CMM: add PC-DMIS + combined CMM backup/restore + diagnostic scripts 
Adds the PC-DMIS settings/probe backup-restore set alongside the existing
goCMM scripts, plus a single combined CMM backup and the diagnostics built
while debugging the live bays:

- Backup-PCDMISSettings / Install-PCDMISSettings: capture+restore PC-DMIS
  registry + data/probe/cal files per installed version (2016/2019/2026).
  Hardened from real-bay failures: detect install dir via Program Files
  fallback; capture compens.dat (not just comp.dat) + interfac.dll; identify
  the controller by hash-matching interfac.dll to its source DLL AND reading
  the PE OriginalFilename (covers rename-without-copy); EXCLUDE the whole
  Homepage state (Recent/Favorites/DetailsView) which null-refs PC-DMIS on
  launch via stale routine paths; restore routes HKCU into the target user's
  hive (-TargetUser ShopFloor), fails loud on a non-backup path, and applies
  the legacy->new FQDN rewrite across reg + data files incl .bas.
- Backup-CMM: one wrapper running goCMM + PC-DMIS (all versions) into one
  per-CMM folder + index, for staging on PXE and restore-by-machine-number.
- Clear-PCDMISRecent: fixes the Homepage recent-list NullReferenceException
  crash on an already-broken bay.
- pcdmis-probe-debug / Export-PCDMISCrashEvents: diagnostics for the
  custom-probe-not-showing and crash investigations.
- Modify-PCDMISRights / Grant-FullControl: grant the operator the registry +
  filesystem access PC-DMIS needs under lockdown.
- Install-goCMMSettings: add .bas to the FQDN-rewrite include list.

Not yet wired into 09-Setup-CMM auto-restore - staging + the gated restore
block come next.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-12 08:42:32 -04:00

111 lines
3.5 KiB
PowerShell
Executable File
Raw Blame History

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Start-Transcript -Path "C:\Logs\PC-DMISrights.txt" -Append
# 1. Define the authorized username
$authorizedUser = "SupportUser"
# 2. Check if the current environment user matches
if ($env:USERNAME -ne $authorizedUser) {
Write-Warning "Unauthorized user detected. Run as SupportUser instead."
return
}
# 3. Access granted for SupportUser
Write-Host "Welcome, $authorizedUser. Access granted."
# 4. Define the list of registry keys to modify
$registryKeys = @(
"HKLM:\SOFTWARE\Classes\PCDLRN.Application",
"HKCU:\SOFTWARE\Hexagon"
"HKCU:\SOFTWARE\WAI"
"HKLM:\SOFTWARE\Hexagon"
"HKLM:\SOFTWARE\WAI"
"HKLM:\SOFTWARE\Wow6432Node\Hexagon"
"HKLM:\SOFTWARE\Wow6432Node\WAI"
"Registry::HKU\.DEFAULT\SOFTWARE\Hexagon"
"Registry::HKU\.DEFAULT\SOFTWARE\WAI"
)
# 5. Define the permission rule details
$identity = "BUILTIN\Users" # The target group
$rights = "FullControl" # Permission level
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subkeys and values
$propagation = "None"
$type = "Allow"
# 6. Create the Access Rule object
$accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($identity, $rights, $inheritance, $propagation, $type)
# 7. Loop through each key and apply the new rule
foreach ($keyPath in $registryKeys) {
try {
if (Test-Path $keyPath) {
Write-Host "Applying permissions to: $keyPath" -ForegroundColor Cyan
# Get existing ACL (Access Control List)
$acl = Get-Acl -Path $keyPath
# Add the new rule to the existing ACL
$acl.SetAccessRule($accessRule)
# Apply the updated ACL back to the registry key
Set-Acl -Path $keyPath -AclObject $acl
Write-Host "Success!" -ForegroundColor Green
} else {
Write-Warning "Registry key not found: $keyPath"
}
} catch {
Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
}
}
# 8. Define the list of root folders to modify
$folderPaths = @(
"C:\Program Files\Hexagon",
"C:\Program Files\WAI",
"C:\Program Files (x86)\Hexagon"
"C:\Program Files (x86)\WAI"
"C:\ProgramData\Hexagon"
"C:\ProgramData\WAI"
)
# 9. Define the permission rule details
$identity = "BUILTIN\Users" # The target group
$rights = "FullControl" # Permission level
$inheritance = "ContainerInherit, ObjectInherit" # Applies to subfolders and files
$propagation = "None"
$type = "Allow"
# 10. Create the Access Rule object
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($identity, $rights, $inheritance, $propagation, $type)
# 11. Loop through each folder path and apply the new rule
foreach ($path in $folderPaths) {
try {
if (Test-Path $path) {
Write-Host "Applying permissions to: $path" -ForegroundColor Cyan
# Get existing ACL (Access Control List)
$acl = Get-Acl -Path $path
# Add the new rule to the existing ACL
$acl.SetAccessRule($accessRule)
# Apply the updated ACL back to the folder
Set-Acl -Path $path -AclObject $acl
Write-Host "Success!" -ForegroundColor Green
} else {
Write-Warning "Folder not found: $path"
}
} catch {
Write-Error "Failed to update $keyPath. Error: $($_.Exception.Message)"
}
}
pause
exit 1
Stop-Transcript
Reference in New Issue View Git Blame Copy Permalink