xetup/flash/Deploy-Windows.ps1

#Requires -RunAsAdministrator

[CmdletBinding()]
param(
    [switch]$SkipBloatware,
    [switch]$SkipSoftware,
    [switch]$SkipDefaultProfile,
    [switch]$DryRun
)

$ErrorActionPreference = "Continue"

# -----------------------------------------------------------------------
# Paths
# -----------------------------------------------------------------------
$ScriptRoot  = $PSScriptRoot
$LogDir      = "C:\Windows\Setup\Scripts"
$LogFile     = "$LogDir\Deploy.log"
$ConfigFile  = "$ScriptRoot\config\config.json"

# -----------------------------------------------------------------------
# Logging
# -----------------------------------------------------------------------
function Write-Log {
    param(
        [string]$Message,
        [ValidateSet("INFO","OK","ERROR","WARN","STEP")]
        [string]$Level = "INFO"
    )
    $timestamp = Get-Date -Format "HH:mm:ss"
    $line = "[$timestamp] [$Level] $Message"
    Add-Content -Path $LogFile -Value $line -Encoding UTF8
    switch ($Level) {
        "OK"    { Write-Host $line -ForegroundColor Green }
        "ERROR" { Write-Host $line -ForegroundColor Red }
        "WARN"  { Write-Host $line -ForegroundColor Yellow }
        "STEP"  { Write-Host $line -ForegroundColor Cyan }
        default { Write-Host $line }
    }
}

# -----------------------------------------------------------------------
# Step runner - catches errors, logs, always continues
# -----------------------------------------------------------------------
$StepResults = [System.Collections.Generic.List[hashtable]]::new()

function Invoke-Step {
    param(
        [string]$Name,
        [scriptblock]$Action
    )

    Write-Log "---- $Name ----" -Level STEP

    if ($DryRun) {
        Write-Log "DryRun - skipping execution" -Level WARN
        $StepResults.Add(@{ Name = $Name; Status = "DRYRUN" })
        return
    }

    try {
        & $Action
        Write-Log "$Name - OK" -Level OK
        $StepResults.Add(@{ Name = $Name; Status = "OK" })
    }
    catch {
        Write-Log "$Name - ERROR: $_" -Level ERROR
        $StepResults.Add(@{ Name = $Name; Status = "ERROR" })
    }
}

# -----------------------------------------------------------------------
# Init
# -----------------------------------------------------------------------
if (-not (Test-Path $LogDir)) {
    New-Item -ItemType Directory -Path $LogDir -Force | Out-Null
}

Write-Log "========================================" -Level INFO
Write-Log "Deploy-Windows.ps1 started" -Level INFO
Write-Log "Computer: $env:COMPUTERNAME" -Level INFO
Write-Log "User: $env:USERNAME" -Level INFO
Write-Log "Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" -Level INFO
if ($DryRun) { Write-Log "Mode: DRY RUN" -Level WARN }
Write-Log "========================================" -Level INFO

# -----------------------------------------------------------------------
# Load config
# -----------------------------------------------------------------------
$Config = $null
Invoke-Step -Name "Load config.json" -Action {
    if (-not (Test-Path $ConfigFile)) {
        throw "config.json not found: $ConfigFile"
    }
    $script:Config = Get-Content $ConfigFile -Raw -Encoding UTF8 | ConvertFrom-Json
    Write-Log "Config loaded from $ConfigFile" -Level INFO
}

# -----------------------------------------------------------------------
# Build step enable/disable map from config + CLI overrides
# -----------------------------------------------------------------------
$stepsEnabled = @{
    adminAccount    = $true
    bloatware       = $true
    software        = $true
    systemRegistry  = $true
    defaultProfile  = $true
    personalization = $true
    scheduledTasks  = $true
    desktopInfo     = $true
    activation      = $true
}
if ($Config -and $Config.steps) {
    foreach ($key in @($stepsEnabled.Keys)) {
        $val = $Config.steps.$key
        if ($null -ne $val) { $stepsEnabled[$key] = [bool]$val }
    }
}
# CLI switches override config.steps
if ($SkipBloatware)      { $stepsEnabled['bloatware']      = $false }
if ($SkipSoftware)       { $stepsEnabled['software']       = $false }
if ($SkipDefaultProfile) { $stepsEnabled['defaultProfile'] = $false }

function Skip-Step {
    param([string]$Name)
    Write-Log "$Name - SKIPPED (disabled in config)" -Level WARN
    $StepResults.Add(@{ Name = $Name; Status = "SKIPPED" })
}

# -----------------------------------------------------------------------
# Step 0a - Admin account
# -----------------------------------------------------------------------
if ($stepsEnabled['adminAccount']) {
    Invoke-Step -Name "Step 0a - Admin account" -Action {
        & "$ScriptRoot\scripts\00-admin-account.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 0a - Admin account" }

# -----------------------------------------------------------------------
# Step 0b - Windows activation
# -----------------------------------------------------------------------
if ($stepsEnabled['activation']) {
    Invoke-Step -Name "Step 0b - Windows activation" -Action {
        & "$ScriptRoot\scripts\08-activation.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 0b - Windows activation" }

# -----------------------------------------------------------------------
# Step 1 - Bloatware removal
# -----------------------------------------------------------------------
if ($stepsEnabled['bloatware']) {
    Invoke-Step -Name "Step 1 - Bloatware removal" -Action {
        & "$ScriptRoot\scripts\01-bloatware.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 1 - Bloatware removal" }

# -----------------------------------------------------------------------
# Step 2 - Software installation
# -----------------------------------------------------------------------
if ($stepsEnabled['software']) {
    Invoke-Step -Name "Step 2 - Software installation" -Action {
        & "$ScriptRoot\scripts\02-software.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 2 - Software installation" }

# -----------------------------------------------------------------------
# Step 3 - System registry (HKLM)
# -----------------------------------------------------------------------
if ($stepsEnabled['systemRegistry']) {
    Invoke-Step -Name "Step 3 - System registry" -Action {
        & "$ScriptRoot\scripts\03-system-registry.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 3 - System registry" }

# -----------------------------------------------------------------------
# Step 4 - Default profile (NTUSER.DAT)
# -----------------------------------------------------------------------
if ($stepsEnabled['defaultProfile']) {
    Invoke-Step -Name "Step 4 - Default profile" -Action {
        & "$ScriptRoot\scripts\04-default-profile.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 4 - Default profile" }

# -----------------------------------------------------------------------
# Step 5 - Personalization
# -----------------------------------------------------------------------
if ($stepsEnabled['personalization']) {
    Invoke-Step -Name "Step 5 - Personalization" -Action {
        & "$ScriptRoot\scripts\05-personalization.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 5 - Personalization" }

# -----------------------------------------------------------------------
# Step 6 - Scheduled tasks
# -----------------------------------------------------------------------
if ($stepsEnabled['scheduledTasks']) {
    Invoke-Step -Name "Step 6 - Scheduled tasks" -Action {
        & "$ScriptRoot\scripts\06-scheduled-tasks.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 6 - Scheduled tasks" }

# -----------------------------------------------------------------------
# Step 7 - DesktopInfo
# -----------------------------------------------------------------------
if ($stepsEnabled['desktopInfo']) {
    Invoke-Step -Name "Step 7 - DesktopInfo" -Action {
        & "$ScriptRoot\scripts\07-desktop-info.ps1" -Config $Config -LogFile $LogFile
    }
} else { Skip-Step "Step 7 - DesktopInfo" }

# -----------------------------------------------------------------------
# Summary
# -----------------------------------------------------------------------
Write-Log "========================================" -Level INFO
Write-Log "SUMMARY" -Level INFO
Write-Log "========================================" -Level INFO

$countOK      = ($StepResults | Where-Object { $_.Status -eq "OK"      }).Count
$countError   = ($StepResults | Where-Object { $_.Status -eq "ERROR"   }).Count
$countSkipped = ($StepResults | Where-Object { $_.Status -eq "SKIPPED" }).Count
$countDryRun  = ($StepResults | Where-Object { $_.Status -eq "DRYRUN"  }).Count

foreach ($r in $StepResults) {
    $lvl = switch ($r.Status) {
        "OK"      { "OK" }
        "ERROR"   { "ERROR" }
        "SKIPPED" { "WARN" }
        "DRYRUN"  { "WARN" }
    }
    Write-Log "$($r.Status.PadRight(8)) $($r.Name)" -Level $lvl
}

Write-Log "----------------------------------------" -Level INFO
Write-Log "OK: $countOK  ERROR: $countError  SKIPPED: $countSkipped  DRYRUN: $countDryRun" -Level INFO
Write-Log "Log saved to: $LogFile" -Level INFO
Write-Log "========================================" -Level INFO

if ($countError -gt 0) {
    Write-Log "Deployment finished with errors. Review log: $LogFile" -Level ERROR
    exit 1
} else {
    Write-Log "Deployment finished successfully." -Level OK
    exit 0
}
Add config GUI, USB launcher, flash folder; fix bugs - config-editor.hta: lightweight WYSIWYG HTA editor for config.json - Step on/off toggles with info tooltips - Editable software list (winget packages) - Settings: timezone, admin account, desktopInfo, PDF default - Run.cmd: USB launcher with UAC auto-elevation and deployment menu - flash/: minimal USB-ready subset (Deploy, scripts, config, GUI, launcher) - config.json: add steps section for per-step enable/disable - Deploy-Windows.ps1: read steps from config, CLI switches override - 03-system-registry.ps1: add SearchOnTaskbarMode HKLM policy (Win11 search fix) - 04-default-profile.ps1: fix systray - clear TrayNotify cache + proper Explorer restart - 06-scheduled-tasks.ps1: fix Register-Task trigger array, ShowAllTrayIcons Win11 fix, PDF-DefaultApp runs as SYSTEM via HKCR (bypasses UserChoice Hash validation) - 02-software.ps1: remove unreliable UserChoice ProgId write without Hash Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-16 09:35:42 +01:00			`#Requires -RunAsAdministrator`

			`[CmdletBinding()]`
			`param(`
			`[switch]$SkipBloatware,`
			`[switch]$SkipSoftware,`
			`[switch]$SkipDefaultProfile,`
			`[switch]$DryRun`
			`)`

			`$ErrorActionPreference = "Continue"`

			`# -----------------------------------------------------------------------`
			`# Paths`
			`# -----------------------------------------------------------------------`
			`$ScriptRoot = $PSScriptRoot`
			`$LogDir = "C:\Windows\Setup\Scripts"`
			`$LogFile = "$LogDir\Deploy.log"`
			`$ConfigFile = "$ScriptRoot\config\config.json"`

			`# -----------------------------------------------------------------------`
			`# Logging`
			`# -----------------------------------------------------------------------`
			`function Write-Log {`
			`param(`
			`[string]$Message,`
			`[ValidateSet("INFO","OK","ERROR","WARN","STEP")]`
			`[string]$Level = "INFO"`
			`)`
			`$timestamp = Get-Date -Format "HH:mm:ss"`
			`$line = "[$timestamp] [$Level] $Message"`
			`Add-Content -Path $LogFile -Value $line -Encoding UTF8`
			`switch ($Level) {`
			`"OK" { Write-Host $line -ForegroundColor Green }`
			`"ERROR" { Write-Host $line -ForegroundColor Red }`
			`"WARN" { Write-Host $line -ForegroundColor Yellow }`
			`"STEP" { Write-Host $line -ForegroundColor Cyan }`
			`default { Write-Host $line }`
			`}`
			`}`

			`# -----------------------------------------------------------------------`
			`# Step runner - catches errors, logs, always continues`
			`# -----------------------------------------------------------------------`
			`$StepResults = [System.Collections.Generic.List[hashtable]]::new()`

			`function Invoke-Step {`
			`param(`
			`[string]$Name,`
			`[scriptblock]$Action`
			`)`

			`Write-Log "---- $Name ----" -Level STEP`

			`if ($DryRun) {`
			`Write-Log "DryRun - skipping execution" -Level WARN`
			`$StepResults.Add(@{ Name = $Name; Status = "DRYRUN" })`
			`return`
			`}`

			`try {`
			`& $Action`
			`Write-Log "$Name - OK" -Level OK`
			`$StepResults.Add(@{ Name = $Name; Status = "OK" })`
			`}`
			`catch {`
			`Write-Log "$Name - ERROR: $_" -Level ERROR`
			`$StepResults.Add(@{ Name = $Name; Status = "ERROR" })`
			`}`
			`}`

			`# -----------------------------------------------------------------------`
			`# Init`
			`# -----------------------------------------------------------------------`
			`if (-not (Test-Path $LogDir)) {`
			`New-Item -ItemType Directory -Path $LogDir -Force \| Out-Null`
			`}`

			`Write-Log "========================================" -Level INFO`
			`Write-Log "Deploy-Windows.ps1 started" -Level INFO`
			`Write-Log "Computer: $env:COMPUTERNAME" -Level INFO`
			`Write-Log "User: $env:USERNAME" -Level INFO`
			`Write-Log "Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" -Level INFO`
			`if ($DryRun) { Write-Log "Mode: DRY RUN" -Level WARN }`
			`Write-Log "========================================" -Level INFO`

			`# -----------------------------------------------------------------------`
			`# Load config`
			`# -----------------------------------------------------------------------`
			`$Config = $null`
			`Invoke-Step -Name "Load config.json" -Action {`
			`if (-not (Test-Path $ConfigFile)) {`
			`throw "config.json not found: $ConfigFile"`
			`}`
			`$script:Config = Get-Content $ConfigFile -Raw -Encoding UTF8 \| ConvertFrom-Json`
			`Write-Log "Config loaded from $ConfigFile" -Level INFO`
			`}`

			`# -----------------------------------------------------------------------`
			`# Build step enable/disable map from config + CLI overrides`
			`# -----------------------------------------------------------------------`
			`$stepsEnabled = @{`
			`adminAccount = $true`
			`bloatware = $true`
			`software = $true`
			`systemRegistry = $true`
			`defaultProfile = $true`
			`personalization = $true`
			`scheduledTasks = $true`
			`desktopInfo = $true`
			`activation = $true`
			`}`
			`if ($Config -and $Config.steps) {`
			`foreach ($key in @($stepsEnabled.Keys)) {`
			`$val = $Config.steps.$key`
			`if ($null -ne $val) { $stepsEnabled[$key] = [bool]$val }`
			`}`
			`}`
			`# CLI switches override config.steps`
			`if ($SkipBloatware) { $stepsEnabled['bloatware'] = $false }`
			`if ($SkipSoftware) { $stepsEnabled['software'] = $false }`
			`if ($SkipDefaultProfile) { $stepsEnabled['defaultProfile'] = $false }`

			`function Skip-Step {`
			`param([string]$Name)`
			`Write-Log "$Name - SKIPPED (disabled in config)" -Level WARN`
			`$StepResults.Add(@{ Name = $Name; Status = "SKIPPED" })`
			`}`

			`# -----------------------------------------------------------------------`
			`# Step 0a - Admin account`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['adminAccount']) {`
			`Invoke-Step -Name "Step 0a - Admin account" -Action {`
			`& "$ScriptRoot\scripts\00-admin-account.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 0a - Admin account" }`

			`# -----------------------------------------------------------------------`
			`# Step 0b - Windows activation`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['activation']) {`
			`Invoke-Step -Name "Step 0b - Windows activation" -Action {`
			`& "$ScriptRoot\scripts\08-activation.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 0b - Windows activation" }`

			`# -----------------------------------------------------------------------`
			`# Step 1 - Bloatware removal`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['bloatware']) {`
			`Invoke-Step -Name "Step 1 - Bloatware removal" -Action {`
			`& "$ScriptRoot\scripts\01-bloatware.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 1 - Bloatware removal" }`

			`# -----------------------------------------------------------------------`
			`# Step 2 - Software installation`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['software']) {`
			`Invoke-Step -Name "Step 2 - Software installation" -Action {`
			`& "$ScriptRoot\scripts\02-software.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 2 - Software installation" }`

			`# -----------------------------------------------------------------------`
			`# Step 3 - System registry (HKLM)`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['systemRegistry']) {`
			`Invoke-Step -Name "Step 3 - System registry" -Action {`
			`& "$ScriptRoot\scripts\03-system-registry.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 3 - System registry" }`

			`# -----------------------------------------------------------------------`
			`# Step 4 - Default profile (NTUSER.DAT)`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['defaultProfile']) {`
			`Invoke-Step -Name "Step 4 - Default profile" -Action {`
			`& "$ScriptRoot\scripts\04-default-profile.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 4 - Default profile" }`

			`# -----------------------------------------------------------------------`
			`# Step 5 - Personalization`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['personalization']) {`
			`Invoke-Step -Name "Step 5 - Personalization" -Action {`
			`& "$ScriptRoot\scripts\05-personalization.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 5 - Personalization" }`

			`# -----------------------------------------------------------------------`
			`# Step 6 - Scheduled tasks`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['scheduledTasks']) {`
			`Invoke-Step -Name "Step 6 - Scheduled tasks" -Action {`
			`& "$ScriptRoot\scripts\06-scheduled-tasks.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 6 - Scheduled tasks" }`

			`# -----------------------------------------------------------------------`
			`# Step 7 - DesktopInfo`
			`# -----------------------------------------------------------------------`
			`if ($stepsEnabled['desktopInfo']) {`
			`Invoke-Step -Name "Step 7 - DesktopInfo" -Action {`
			`& "$ScriptRoot\scripts\07-desktop-info.ps1" -Config $Config -LogFile $LogFile`
			`}`
			`} else { Skip-Step "Step 7 - DesktopInfo" }`

			`# -----------------------------------------------------------------------`
			`# Summary`
			`# -----------------------------------------------------------------------`
			`Write-Log "========================================" -Level INFO`
			`Write-Log "SUMMARY" -Level INFO`
			`Write-Log "========================================" -Level INFO`

			`$countOK = ($StepResults \| Where-Object { $_.Status -eq "OK" }).Count`
			`$countError = ($StepResults \| Where-Object { $_.Status -eq "ERROR" }).Count`
			`$countSkipped = ($StepResults \| Where-Object { $_.Status -eq "SKIPPED" }).Count`
			`$countDryRun = ($StepResults \| Where-Object { $_.Status -eq "DRYRUN" }).Count`

			`foreach ($r in $StepResults) {`
			`$lvl = switch ($r.Status) {`
			`"OK" { "OK" }`
			`"ERROR" { "ERROR" }`
			`"SKIPPED" { "WARN" }`
			`"DRYRUN" { "WARN" }`
			`}`
			`Write-Log "$($r.Status.PadRight(8)) $($r.Name)" -Level $lvl`
			`}`

			`Write-Log "----------------------------------------" -Level INFO`
			`Write-Log "OK: $countOK ERROR: $countError SKIPPED: $countSkipped DRYRUN: $countDryRun" -Level INFO`
			`Write-Log "Log saved to: $LogFile" -Level INFO`
			`Write-Log "========================================" -Level INFO`

			`if ($countError -gt 0) {`
			`Write-Log "Deployment finished with errors. Review log: $LogFile" -Level ERROR`
			`exit 1`
			`} else {`
			`Write-Log "Deployment finished successfully." -Level OK`
			`exit 0`
			`}`