pxe-server/playbook/shopfloor-setup/run-enrollment.ps1

# run-enrollment.ps1
# Installs GCCH enrollment provisioning package. That's it.
#
# Install-ProvisioningPackage triggers an immediate reboot -- nothing after
# that call executes. The sync_intune task and all other post-enrollment
# setup are registered by Run-ShopfloorSetup.ps1 BEFORE calling this script.

$ErrorActionPreference = 'Continue'
$logFile = "C:\Logs\enrollment.log"
New-Item -ItemType Directory -Path "C:\Logs" -Force -ErrorAction SilentlyContinue | Out-Null

function Log {
    param([string]$Message)
    $ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $line = "$ts  $Message"
    Write-Host $line
    Add-Content -Path $logFile -Value $line
}

Log "=== GE Aerospace GCCH Enrollment ==="

# --- Find the .ppkg ---
$ppkgFile = Get-ChildItem "C:\Enrollment\*.ppkg" -ErrorAction SilentlyContinue | Select-Object -First 1
if (-not $ppkgFile) {
    Log "No .ppkg found in C:\Enrollment\ - skipping enrollment."
    return
}
Log "Package: $($ppkgFile.Name)"

# --- Set computer name to E<serial> ---
$serial = (Get-CimInstance Win32_BIOS).SerialNumber
$newName = "E$serial"
Log "Setting computer name to $newName"
Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue

# --- Install provisioning package ---
# IMPORTANT: The PPKG must be installed BEFORE OOBEComplete is set. Bulk
# enrollment PPKGs are designed to run during OOBE; on Windows 11 22H2+ they
# can hang indefinitely if OOBE is already marked complete.
#
# Install-ProvisioningPackage triggers an IMMEDIATE reboot. Nothing below
# this line executes. BPRT app installs (Chrome, Office, Tanium, etc.) happen
# on the next boot. The sync_intune scheduled task (registered by
# Run-ShopfloorSetup.ps1 before calling us) fires at the next logon to
# monitor Intune enrollment.
$ppkgLogDir = "C:\Logs\PPKG"
New-Item -ItemType Directory -Path $ppkgLogDir -Force -ErrorAction SilentlyContinue | Out-Null
Log "Installing provisioning package (PPKG will reboot immediately)..."
Log "PPKG diagnostic logs -> $ppkgLogDir"
try {
    Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
    Log "Install-ProvisioningPackage returned (reboot may be imminent)."
} catch {
    Log "ERROR: Install-ProvisioningPackage failed: $_"
    Log "Attempting fallback with Add-ProvisioningPackage..."
    try {
        Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
        Log "Add-ProvisioningPackage returned."
    } catch {
        Log "ERROR: Fallback also failed: $_"
    }
}

# --- Set OOBE complete (only reached if PPKG didn't trigger immediate reboot) ---
Log "Setting OOBE as complete..."
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v OOBEComplete /t REG_DWORD /d 1 /f | Out-Null
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v SetupDisplayedEula /t REG_DWORD /d 1 /f | Out-Null

# If we get here, the PPKG didn't reboot immediately. Unlikely but handle it.
Log "PPKG did not trigger immediate reboot. Returning to caller."