x9/xetup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add all project assets, docs, and review page

Browse source 
- BackInfo (exe + ini + ps1) in assets/
- X9 logo (ico + jpeg) in assets/Logo/
- Colleague specs and review results in docs/
- Interactive review page v2 (review.html)
- Updated CLAUDE.md with all decisions from 2026-04-15 session
- Updated .gitignore (flash.zip, W11.pdf)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Filip Zubik 2026-04-15 19:43:18 +02:00
parent fe63de3ed7
commit 4611517a1d
11 changed files with 1770 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitignore vendored
View file

@ -15,3 +15,9 @@ Desktop.ini
# Temp
*.tmp
*.bak
# Build artifacts
flash.zip
# Large reference files
W11.pdf

87
CLAUDE.md
View file

@ -3,7 +3,7 @@
## Project context
MSP deployment script for X9.cz - automated preparation of new Windows 10/11 computers for clients.
Replaces ~3 hours of manual setup with a single PowerShell script.
Replaces ~3 hours of manual setup with a single PowerShell script (evolving toward Go TUI launcher).
**Key parameters:**
- Target OS: Windows 10 and Windows 11 (x64), including unsupported HW
@ -13,38 +13,41 @@ Replaces ~3 hours of manual setup with a single PowerShell script.
---
## Communication
- Communicate with the user in Czech
- Code, comments, log messages: English only (no diacritics rule still applies)
---
## Repo structure
```
windows-deployment/
windows-deployment-new/
├── CLAUDE.md <- this file
├── SPEC.md <- technical specification
├── Deploy-Windows.ps1 <- master script (entry point)
├── scripts/
│ ├── 00-admin-account.ps1 <- create hidden admin account
│ ├── 01-bloatware.ps1 <- remove AppX, Capabilities, Features
│ ├── 02-software.ps1 <- winget installs + Adobe PDF default
│ ├── 03-system-registry.ps1 <- HKLM tweaks
│ ├── 04-default-profile.ps1 <- C:\Users\Default\NTUSER.DAT changes
│ ├── 05-personalization.ps1 <- colors, wallpaper, theme
│ ├── 06-scheduled-tasks.ps1 <- register scheduled tasks
│ └── 07-desktop-info.ps1 <- custom desktop info (replaces BackInfo)
│ ├── 07-desktop-info.ps1 <- TO BE DELETED (replaced by BackInfo)
│ └── 08-activation.ps1 <- Windows activation via slmgr
├── config/
│ └── config.json <- per-client config (future)
│ └── config.json <- per-client config
├── assets/
│ └── DesktopInfo/ <- resources for desktop info script
│ ├── Backinfo/ <- BackInfo.exe + .ini + backinfo_W11.ps1
│ └── Logo/ <- X9-ikona.ico, X9-logo.jpeg
└── tests/
└── Test-Deployment.ps1 <- post-deployment verification
```
---
## Communication
- Communicate with the user in Czech
- Code, comments, log messages: English only (no diacritics rule still applies)
---
## Conventions and rules
### PowerShell
@ -83,16 +86,19 @@ windows-deployment/
## Important notes
### BackInfo replacement - custom solution
BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Triggers on every user logon
- PS script reads: hostname, IP, Windows version, username, install date
- Renders text onto desktop via WPF/System.Drawing -> saves as BMP -> sets as wallpaper
- Works on Win10 and Win11 without registry hacks
### BackInfo (replaces custom DesktopInfo)
BackInfo.exe IS used. Located in assets/Backinfo/. Deployment:
1. Copy assets/Backinfo/ to C:\Program Files\Backinfo\
2. Run backinfo_W11.ps1 (detects OS, writes registry, creates Startup shortcut)
3. BackInfo.exe auto-starts on every logon, reads INI, renders BMP with system info
- Configurable via BackInfo.ini (fonts, positions, data sources)
- Displays: hostname (centered, large), username, OS, HW info, network info
- DELETE 07-desktop-info.ps1 - no longer needed
### Adobe Reader as default PDF app
- After install: set .pdf -> AcroRd32 association
- Scheduled task PDF-DefaultApp restores association on every logon (guard against Edge overwriting it)
- NOTE: UCPD.sys (kernel driver since Feb 2024) blocks UserChoice writes. Consider disabling UCPD during deployment.
### Default Profile
- Changes to C:\Users\Default\NTUSER.DAT via reg load / reg unload
@ -104,6 +110,16 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Check winget availability before running installs
- Log result of every install
### Atera Agent
- Download: `Invoke-WebRequest -Uri "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337" -OutFile setup.msi`
- Install: `msiexec /i setup.msi /qn`
### Admin account (adminx9)
- NO PASSWORD (changed from previous version)
- FullName = "X9.cz s.r.o." (via ADSI)
- Hidden from login screen
- Added to Administrators group
---
## DO NOT
@ -115,6 +131,35 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Do not use hardcoded paths that do not exist on clean Windows
- NO diacritics - no accented characters in any part of any script
- NO emoticons - none in comments, log messages or output
- Do not remove OneDrive - must remain installable for M365
- Do not remove RDP/RDS - must remain functional
- Do not remove Microsoft-RemoteDesktopConnection from Optional Features
---
## Planned changes (from review v2, 2026-04-15)
### Must fix
- [ ] Remove OneDrive uninstall from 03-system-registry.ps1 and 04-default-profile.ps1
- [ ] Remove password from admin account, add FullName = "X9.cz s.r.o."
- [ ] Delete 07-desktop-info.ps1, replace with BackInfo deployment step
- [ ] Add powercfg settings (standby-timeout-ac 0, monitor-timeout-ac 60, etc.)
- [ ] Add proxy auto-detect disable (AutoDetect = 0)
- [ ] Add Atera Agent install step
- [ ] Extend Edge policies (~15 more keys)
### New features (from colleague spec v2)
- [ ] Taskbar pinned apps: admin vs user variants via XML layout + -ProfileType parameter
- [ ] Explorer: ShowRecent=0, ShowFrequent=0, FullPath=1 in CabinetState
- [ ] Network discovery: enable ping, set private network profile (post-restart step)
- [ ] PC rename: Rename-Computer as final step before restart
- [ ] C:\X9 directory structure with custom folder icon
### Architecture evolution
- [ ] Go TUI launcher (xetup.exe) embedding PS scripts
- [ ] spec.yaml as single source of truth
- [ ] Web platform at xetup.x9.cz (Forgejo + docs + comments)
- [ ] Self-update mechanism in xetup.exe
---
@ -122,7 +167,9 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
| # | Question | Status |
|---|---|---|
| 1 | BackInfo replacement | DONE - custom PS scheduled task DesktopInfo |
| 1 | BackInfo replacement | DONE - using BackInfo.exe from assets/ |
| 2 | Complete SW list for winget | TODO - list incomplete |
| 3 | Per-client variability via config.json | FUTURE |
| 4 | Admin account adminx9 - script or manual? | OPEN |
| 4 | Admin account adminx9 | DECIDED - no password, FullName "X9.cz s.r.o." |
| 5 | UCPD driver workaround for PDF default | TODO - disable during deployment |
| 6 | Atera MFA bypass | OPEN - does aeid parameter avoid MFA? |

BIN
assets/Backinfo/BackInfo.exe Normal file
View file

Binary file not shown.

182
assets/Backinfo/BackInfo.ini Normal file
View file

@ -0,0 +1,182 @@
;; This INI file should use the following format
;;
;; [General]
;; BackgroundColor = <COLORREF value> ; The background color to use (default = 0 (black))
;; AutoBackground = [0 | 1] ; Use background color of current desktop (default = 0)
;; BackgroundBitmap = <path to BMP file> ; Overrides AutoBackground and BackgroundColor values. Loads background bitmap from BMP file
;; XOffset = <horizontal offset in pixels> ; Horizontal offest of the entire text block from the bitmap's center. Can be negative. Default = 0
;; YOffset = <vertical offset in pixels> ; Vertical offest of the entire text block from the bitmap's center. Can be negative. Default = 0
;; Output = <file name> ; Name of output bitmap file (default = "", use popup message)
;; UpdateDesktop = [0 | 1] ; Update background desktop bitmap (default = 0)
;; ForceDesktopCenter = [0 | 1] ; Force the desktop to display the bitmap as cenetered (instead of tiled / streched). Default = 1
;; LineSpacing = <value> ; Line spacing (default = 3)
;; SuppressErrors = [0 | 1] ; If 1, errors are NOT displayed (default = 0)
;;
;; [LineN] ; Text settings for line N, where N between [1..20]
;; Type = [CompName | UserName | SysVer | ; Type of information to display on the line
;; SysInfo | NetInfo | FileVer |
;; RegValue | FreeText |
UpdateTime | Unused]
;; ; CompName - Computer name
;; ; UserName - User name
;; ; SysVer - Operating system version
;; ; SysInfo - Hardware information
;; ; NetInfo - Network information
;; ; FileVer - Version of a file specified in 'FileName' option
;; ; RegValue - Registry string value.
;; ; Reg root from 'RegRoot' (e.g. HKLM)
;; ; Reg path from 'RegPath' (e.g. SOFTWARE\Microsoft\Windows NT\CurrentVersion)
;; ; Reg value from 'RegValue' (e.g. CurrentType)
;; ; Reg title from 'RegTitle' (e.g. "The value of X is")
;; ; FreeText - Text specified in 'Text' will be displayed as is
;; ; UpdateTime - The date and time the bitmap was created
;; ; Unused - Line will not be displayed
;;
;; Font = <Face name> ; Font name (default = "Arial")
;; Size = <Font size> ; Font size (default = 22)
;; Color = <COLORREF value> ; Font color (default = WHITE)
;; Bold = [0 | 1] ; Font boldness (default = 0)
;; Italic = [0 | 1] ; Font italicness (default = 0)
;; Alignment = [Left | Right | Center] ; Font alignment (default = Left)
;;
;; ShadowX = <X offset value> ; Shadow X offset (positive only, 0 = No X shadow. Default = 0)
;; ShadowY = <Y offset value> ; Shadow Y offset (positive only, 0 = No Y shadow. Default = 0)
;; ShadowColor = <COLORREF value> ; Shadow Color (default = 0 (black))
;;
;; RegRoot = [HKLM | HKCU] ; Registry root to use for 'Type' = 'RegValue'
;; RegPath = <Registry path to read from> ; Registry path to use for 'Type' = 'RegValue'
;; RegValue = <Registry value to read from> ; Registry value to use for 'Type' = 'RegValue'. Must be of type REG_SZ
;; RegTitle = <Display title of read value> ; Registry value to use for 'Type' = 'RegValue'
;;
;; Text = <free text to display> ; Free text to display. Used if 'Type' = 'FreeText'
;;
;; FilePath = <full path to file> ; Path to file to display version for. Used if 'Type' = 'FileVer'
;; FileName = <display name of file> ; Display name of file specified in 'FilePath'. Used if 'Type' = 'FileVer'
;;
[General]
BackgroundColor = 2097152
AutoBackground = 1
Output = %temp%\backinfo.bmp
UpdateDesktop = 1
LineSpacing = 2
ForceDesktopCenter = 1
SuppressErrors = 1
[Line1]
Font = Trebuchet MS
Size = 42
Color = 16777215
Bold = 1
Italic = 0
Alignment = Center
ShadowX = 2
ShadowY = 2
ShadowColor = 4210752
Type = CompName
[Line2]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = UserName
[Line3]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 1
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = RegValue
RegRoot = HKLM
RegPath = SOFTWARE\BackInfo
RegValue = OSName
RegTitle = OS:
[Line4]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = SysInfo
[Line5]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = NetInfo
;;
;; SAMPLE - how to display free text lines
;;
; [Line6]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = FreeText
; Text = System path is %windir%
;;;
;; SAMPLE - how to display file version
;;
; [Line7]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = FileVer
; FilePath = %ProgramFiles%\backinfo\backinfo.exe
; FileName = backinfo.exe
;;
;; SAMPLE - how to display registry value
;;
; [Line8]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = RegValue
; RegRoot = HKLM
; RegPath = SOFTWARE\Microsoft\Windows NT\CurrentVersion
; RegValue = CurrentType
; RegTitle = OS type

60
assets/Backinfo/backinfo_W11.ps1 Normal file
View file

@ -0,0 +1,60 @@
# ================================
# BackInfo OS detection script
# Writes OS name for BGInfo/BackInfo
# ================================
Set-ExecutionPolicy Unrestricted
$cvPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$cv = Get-ItemProperty -Path $cvPath
# --- Detect OS by build number ---
$build = [int]$cv.CurrentBuild
if ($build -ge 22000) {
$osName = "Windows 11"
} else {
$osName = "Windows 10"
}
# --- Detect edition ---
switch ($cv.EditionID) {
"Professional" { $edition = "Pro" }
"ProfessionalN" { $edition = "Pro N" }
"Core" { $edition = "Home" }
"CoreN" { $edition = "Home N" }
"Enterprise" { $edition = "Enterprise" }
"Education" { $edition = "Education" }
default { $edition = $cv.EditionID }
}
$finalOSName = "$osName $edition"
# --- Registry paths for BackInfo (64bit + 32bit) ---
$regPaths = @(
"HKLM:\SOFTWARE\BackInfo",
"HKLM:\SOFTWARE\WOW6432Node\BackInfo"
)
foreach ($path in $regPaths) {
if (-not (Test-Path $path)) {
New-Item -Path $path -Force | Out-Null
}
New-ItemProperty `
-Path $path `
-Name "OSName" `
-Value $finalOSName `
-PropertyType String `
-Force | Out-Null
}
# --- Optional output for logging ---
Write-Output "BackInfo OSName set to: $finalOSName"
$SourceFilePath = "C:\Program Files\BackInfo\BackInfo.exe"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BackInfo.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()

BIN
assets/Logo/X9-logo-barevné-square.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 KiB

BIN
assets/Logo/X9-logo-barevné-square.jpeg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 292 KiB

111
docs/xetup-review.md Normal file
View file

@ -0,0 +1,111 @@
# Xetup - Review vysledek
Datum: 15. 4. 2026
## 1. Priprava prostredi
[ ] **Adresar C:\X9 + ikona slozky** (CEKA)
Vytvoreni adresarove struktury C:\X9 se slozkami install, vlastni ikonou a logem.
[ ] **Nextcloud - stahovani souboru** (CEKA)
Stahovani Backinfo, Atera, Flash2, X9-ikona.ico, X9-logo.jpg z Nextcloudu do C:\X9\install.
> nextcloud tam netřeba, Backinfo máme ve vlastní složce
[?] **Admin ucet (adminx9)** (K DISKUSI)
Vytvoreni skryteho lokalniho admin uctu adminx9 pro MSP spravce.
> adminX9 bude bez hesla
[ ] **Aktivace Windows** (CEKA)
Aktivace Windows pomoci klice z configu nebo GVLK (KMS). Spec kolegy toto nezminuje.
## 2. Odstranovani bloatware
[ ] **AppX balicky (UWP aplikace)** (CEKA)
Odebirame ~65 preinstalovanych aplikaci (Solitaire, Xbox, Teams, Copilot, Mail...). Kalkulacka zustava.
[ ] **Windows Capabilities** (CEKA)
Odebirame: Fax, IE, WordPad, PowerShell ISE, Steps Recorder, WMP, Handwriting...
[ ] **Optional Features** (CEKA)
Vypnuti: MediaPlayback, PowerShell 2.0, Recall (AI), SnippingTool.
[?] **Flash2 integrace** (K DISKUSI)
Flash2 je nastroj kolegy pro debloating. Integrovat, nebo pouzit nase kroky 2a-2c?
> flash2 je v podstatě tento setup, minulá verze :-) takže je hlavně pro inspiraci a zahrnutí
[?] **OneDrive - NEMAZAT** (K DISKUSI)
Nas skript agresivne maze OneDrive vcetne instalatoru. Spec kolegy OneDrive neresi = nechat!
> nevím jestli v poslední verzi už to bylo opravené, ale v první verzi se onedrive zabíjel nějakým regeditem nebo scheduled taskem
[?] **RDP/RDS - NEODEBIRAT** (K DISKUSI)
SPEC mel RDP klient k odebirani. Kolega to nechce - RDP musi zustat funkcni.
> nevím jestli v poslední verzi už to bylo opravené, ale v první verzi se rdp problematizovalo nějakým regeditem nebo scheduled taskem
## 3. Instalace software
[ ] **Winget balicky (7-Zip, Adobe, OpenVPN)** (CEKA)
Silent instalace 7-Zip, Adobe Acrobat Reader, OpenVPN Connect pres winget.
[?] **Atera Agent (MSI)** (K DISKUSI)
Silent instalace Atera monitoring agenta z C:\X9\install\atera-agent\.
> použít tohle a nejlíp najít parametr, u kterého ATERA nebude chtí MFA kod z mailu:-)
curl -L -o setup.msi "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337" && msiexec /i setup.msi /qn
[ ] **BackInfo (info na plose)** (CEKA)
BackInfo.exe zobrazi hostname, user, OS, HW, sit uprostred plochy. Konfigurovatelny pres INI.
## 4. Vzhled a personalizace
[ ] **Barvy a motiv** (CEKA)
Tmavy system, svetle aplikace, accent #223B47, plna barva pozadi.
[ ] **Ikona Tento pocitac na plose** (CEKA)
Zobrazit ikonu Tento pocitac na plose.
[?] **Avatar uctu (X9 logo)** (K DISKUSI)
Nastaveni X9-logo.jpg jako profiloveho obrazku admin uctu.
> přidal jsem logo a ico do rootu do složky LOGO
## 5. Hlavni panel a Start menu
[ ] **Taskbar - zarovnani, skryti prvku** (CEKA)
Zarovnani vlevo, skryti Search, Task View, Widgets, Chat, Copilot.
[ ] **System tray - zobrazit vsechny ikony** (CEKA)
EnableAutoTray=0 + mazani icon cache + scheduled task ShowAllTrayIcons.
[ ] **Prazdny taskbar pinlist + Start menu** (CEKA)
Prazdny LayoutModification.xml (zadne pripnute apps), prazdne Start menu pins.
## 6. Systemova nastaveni
[ ] **HKLM registry tweaky** (CEKA)
BypassNRO, vypnuti Teams/Widgets/Copilot/GameDVR/Recall, hesla bez expirace, casova zona.
[ ] **Default Profile (NTUSER.DAT)** (CEKA)
Nastaveni pro vsechny budouci uzivatele: Explorer, Num Lock, GameDVR, Copilot...
[ ] **Napajeni (powercfg)** (CEKA)
Spanek nikdy na siti, obrazovka 60min/15min, spanek baterie 60min.
[ ] **Scheduled tasks** (CEKA)
ShowAllTrayIcons, PDF-DefaultApp, UnlockStartLayout.
## 7. Sit a Edge
[ ] **Proxy - vypnout auto-detect** (CEKA)
Vypnuti automatickeho zjistovani proxy serveru.
[ ] **MS Edge - rozsirene nastaveni** (CEKA)
Striktni tracking protection, Google vyhledavac, panel oblibenych, toolbar tlacitka.
## 8. Finalizace
[ ] **Prejmenování PC** (CEKA)
Rename-Computer na nazev z parametru -ComputerName. Vyzaduje restart.
[ ] **Bootstrap spoustec (irm | iex)** (CEKA)
Jednoradkovy spoustec z webu: irm https://xetup.x9.cz/setup.ps1 | iex

163
docs/xetup-win-setup-novinky.md Normal file
View file

@ -0,0 +1,163 @@
# Xetup Novinky oproti původní specifikaci (W11.pdf v3)
---
## A. Hlavní panel pinnované aplikace (diferenciace admin vs user)
Nový požadavek: různé sady připnutých aplikací podle typu profilu.
**Admin profil připnout na taskbar:**
- Nastavení (`ms-settings:`)
- Správa počítače (`compmgmt.msc`)
- Služby (`services.msc`)
- PowerShell (`pwsh.exe` nebo `powershell.exe`)
- Průzkumník Windows (`explorer.exe`)
- MS Edge (`msedge.exe`)
**User profil připnout na taskbar:**
- Průzkumník Windows (`explorer.exe`)
- MS Edge (`msedge.exe`)
**Implementace:**
Přímé pinnování přes registry/PS je v moderním Win11 neoficiální Microsoft odstranil `Pin-Application` cmdlet. Nejspolehlivější postup je XML layout policy:
```xml
<!-- TaskbarLayoutModification.xml admin varianta -->
<?xml version="1.0" encoding="utf-8"?>
<LayoutModificationTemplate xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" Version="1">
<CustomTaskbarLayoutCollection PinListPlacement="Replace">
<defaultlayout:TaskbarLayout xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
<taskbar:TaskbarPinList>
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk"/>
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk"/>
<taskbar:DesktopApp DesktopApplicationLinkPath="%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"/>
</taskbar:TaskbarPinList>
</defaultlayout:TaskbarLayout>
</CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>
```
```powershell
# Aplikovat layout policy (HKLM = platí pro všechny uživatele)
# Admin varianta
$xmlPathAdmin = "C:\X9\TaskbarAdmin.xml"
$xmlPathUser = "C:\X9\TaskbarUser.xml"
# Pro Default Profile (user) zapsat před prvním přihlášením uživatele
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" `
/v "LayoutXMLPath" /t REG_SZ /d $xmlPathUser /f
```
> **Upozornění:** `LayoutXMLPath` policy je dostupná ve Win11 22H2+. Před nasazením ověřit verzi. Shortcuty pro `compmgmt.msc` a `services.msc` je nutné vytvořit ručně jako `.lnk` soubory, protože XML přijímá pouze `.lnk` cesty.
---
## B. Průzkumník Windows nastavení
Tři změny oproti původní specifikaci:
| Nastavení | Hodnota |
|---|---|
| Otevřít Průzkumník pro | Tento počítač (místo Rychlý přístup) |
| Nedávné soubory / složky / Office.com | Vše vypnuto |
| Zobrazit úplnou cestu v záhlaví | Zapnuto |
**Registry (aplikovat do Default Profile hive):**
```registry
; Otevřít pro "Tento počítač" místo Rychlého přístupu
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- LaunchTo = 1 (DWORD) ; 1 = Tento počítač, 2 = Rychlý přístup
; Vypnout historii posledních souborů a složek
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
- ShowRecent = 0 (DWORD)
- ShowFrequent = 0 (DWORD)
; Zobrazit úplnou cestu v záhlaví
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
- FullPath = 1 (DWORD)
```
```powershell
# Blok pro vložení do sekce reg load/unload (Default Profile)
$hive = "HKU\DefaultUser"
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" `
-Name "LaunchTo" -Value 1 -Type DWord
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer" `
-Name "ShowRecent" -Value 0 -Type DWord
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer" `
-Name "ShowFrequent" -Value 0 -Type DWord
New-Item -Path "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" `
-Force | Out-Null
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" `
-Name "FullPath" -Value 1 -Type DWord
```
---
## C. Síťové zjišťování zapnout ping, přepnout na privátní síť
Nový krok: po přejmenování/připojení do domény zapnout zjišťování sítě a přepnout profil sítě na privátní (bez toho nefunguje ping na stanici).
```powershell
# Zapnout Network Discovery a File Sharing
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
# Přepnout aktuální síťový profil na Private (= "Ne, chci síť změnit na privátní")
# Funguje pro první aktivní síťové rozhraní
$adapter = Get-NetConnectionProfile | Select-Object -First 1
Set-NetConnectionProfile -InterfaceIndex $adapter.InterfaceIndex -NetworkCategory Private
```
> **Scope:** Toto nastavení se aplikuje na aktuální síťové připojení v době spuštění skriptu nelze předem uložit do Default Profile, protože se váže na konkrétní síťový adaptér/GUID. Skript musí být spuštěn po připojení k síti.
> **Závislost:** Pokud se stanice teprve připojuje do domény, spustit tento blok až po restartu a domain-join.
---
## D. Popis účtu adminx9
Nový krok: nastavit pole "Jméno a příjmení" u lokálního účtu `adminx9` na hodnotu `X9.cz s.r.o.`
Provádí se přes Správu počítače → Místní uživatelé a skupiny → Uživatelé → adminx9 → Vlastnosti → záložka Obecné.
**Automatizace:**
```powershell
# Nastavit Full Name pro lokální účet adminx9
$user = [ADSI]"WinNT://$env:COMPUTERNAME/adminx9,user"
$user.FullName = "X9.cz s.r.o."
$user.SetInfo()
```
> **Scope:** Platí pouze pro aktuální (admin) účet na tomto stroji není součástí Default Profile. Spustit před předáním stanice klientovi.
---
## Integrace do hlavního skriptu
Nové kroky přidat do architektury spuštění:
```
Deploy-Windows.ps1
├── ... (existující kroky)
├── NEW: Popis účtu adminx9 = "X9.cz s.r.o."
├── NEW: Průzkumník registry do Default Profile hive
├── NEW: Taskbar XML layout (admin nebo user varianta dle parametru)
├── 9. Přejmenování PC + restart
└── NEW: Po restartu zapnout síťové zjišťování + privátní profil
```
**Nový parametr skriptu:**
```powershell
[ValidateSet("admin","user")]
[string]$ProfileType = "user" # řídí TaskbarLayout XML i zarovnání panelu
```

347
docs/xetup-win-setup-spec.md Normal file
View file

@ -0,0 +1,347 @@
# Xetup Specifikace automatizovaného nastavení Windows 10/11
> **Účel:** Eliminovat ~3 hodiny ručního nastavování nových Windows stanic pro klienty X9.cz
> **Cíl:** Jeden PowerShell skript spustitelný z admina, výsledek uložen v Default Profile (aplikuje se všem budoucím uživatelům)
> **Repo:** `C:\x9\xetup`
> **Vstup:** Parametrizovaný spouštěč název PC, doména (volitelná), typ profilu (admin/user)
---
## 1. Struktura adresářů
```
C:\X9\
├── install\
│ ├── Backinfo\
│ ├── flash2\
│ ├── atera-agent\
│ ├── 7zip.exe
│ ├── AdobeReader.exe
│ └── OpenVPNConnect.exe
├── X9-ikona.ico
└── X9-logo.jpg
```
**Kroky:**
- [ ] Vytvořit `C:\X9` a `C:\X9\install`
- [ ] Stáhnout z Nextcloudu: Backinfo, Atera agent, Flash2, ikonu X9, logo X9
- [ ] Stáhnout z internetu: 7-zip, Adobe Reader, OpenVPN Connect
- [ ] Roztřídit soubory do správných adresářů dle výše
> **Automatizace:** `Invoke-WebRequest` pro stažení + `Copy-Item` pro přesun. Nextcloud vyžaduje autentizaci credentials parametrem nebo uloženým tokenem.
---
## 2. Přizpůsobení Pozadí a barvy (Default Profile)
Všechna nastavení ukládat do `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes` + Default Profile hive (`C:\Users\Default\NTUSER.DAT`).
| Nastavení | Hodnota |
|---|---|
| Typ pozadí | Plná barva |
| Barva pozadí | `#223B47` |
| Barevný režim | Vlastní |
| Režim Windows | Tmavý |
| Režim aplikací | Světlý |
| Barva motivu | Ruční `#223B47` |
| Barva v Start menu | Zapnuto |
| Barva v záhlavích oken | Zapnuto |
**Registry klíče (NTUSER.DAT / Default Profile):**
```
HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize
- AppsUseLightTheme = 1 (DWORD)
- SystemUsesLightTheme = 0 (DWORD)
- ColorPrevalence = 1 (DWORD)
HKCU\Control Panel\Desktop
- Wallpaper = "" (prázdný string = plná barva)
- WallpaperStyle = 0
HKCU\Control Panel\Colors
- Background = "34 59 71" (RGB hodnota #223B47)
```
> **Poznámka:** Barvu motivu (`AccentColor`) nastavit přes `HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent` hodnota `AccentColorMenu` = `0xFF3B2322` (ABGR formát).
---
## 3. Přizpůsobení Motivy (ikony na ploše)
- [ ] Zobrazit ikonu **Tento počítač** na ploše
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
- {20D04FE0-3AEA-1069-A2D8-08002B30309D} = 0 (DWORD) ; Tento počítač
```
> Aplikovat do Default Profile hive.
---
## 4. Hlavní panel (Taskbar)
| Nastavení | Hodnota |
|---|---|
| Vyhledávací pole | Skryto |
| Zobrazení úkolů (Task View) | Vypnuto |
| Widgety | Vypnuto |
| Zarovnání (uživatel) | Vlevo |
| Zarovnání (admin) | Na střed |
| Systémové ikony (overflow) | Vše viditelné |
**Registry (Win11):**
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Search
- SearchboxTaskbarMode = 0 (DWORD) ; skrýt hledání
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowTaskViewButton = 0 (DWORD)
- TaskbarAl = 0 (DWORD) ; 0=vlevo, 1=střed
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People
- PeopleBand = 0 (DWORD)
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds
- EnableFeeds = 0 (DWORD) ; widgety
```
**Viditelnost systémových ikon (overflow area):**
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
- EnableAutoTray = 0 (DWORD) ; zobrazit vše, nevracet do přetečení
```
> **Problém:** Automatické zobrazení VŠECH budoucích ikon (nový SW po instalaci) nelze 100% garantovat přes registry `EnableAutoTray=0` je nejbližší řešení. Individuální ikony aplikací závisí na tom, co si každá aplikace sama zapíše.
---
## 5. Připnutí složky X9 na hlavní panel
- [ ] Složce `C:\X9` nastavit vlastní ikonu (`X9-ikona.ico`)
- [ ] Připnout na panel rychlého spuštění (Quick Access / Taskbar)
```powershell
# Nastavení vlastní ikony složky (desktop.ini)
$iniPath = "C:\X9\desktop.ini"
Set-Content $iniPath "[.ShellClassInfo]`nIconResource=C:\X9\X9-ikona.ico,0`n[ViewState]`nMode=`nVid=`nFolderType=Generic"
attrib +s +h $iniPath
attrib +s "C:\X9"
# Připnutí na taskbar vyžaduje Shell COM objekt nebo workaround přes VBScript
```
> **Upozornění:** Připnutí složky na taskbar je v moderním Win11 omezené Microsoft tuto možnost odstranil. Alternativa: připnout jako Quick Access v Průzkumníku nebo vytvořit shortcut na ploše.
---
## 6. Profil účtu avatar
- [ ] Nahrát `X9-logo.jpg` jako profilový obrázek admin účtu
```powershell
$accountPicPath = "$env:APPDATA\Microsoft\Windows\AccountPictures"
New-Item -ItemType Directory -Force -Path $accountPicPath
Copy-Item "C:\X9\X9-logo.jpg" "$accountPicPath\X9-logo.jpg"
# Nastavit jako výchozí profilový obrázek přes registry
```
> **Scope:** Toto platí jen pro aktuální (admin) účet, nikoliv Default Profile je to záměr.
---
## 7. Napájení
| Nastavení | Hodnota |
|---|---|
| Spánek při napájení ze sítě | Nikdy |
| Vypnutí obrazovky (síť) | 1 hodina |
| Vypnutí obrazovky (baterie) | 15 minut |
| Spánek na baterii | 1 hodina |
| Zavření víka | Neautomatizovat |
```powershell
powercfg /change standby-timeout-ac 0 # nikdy - síť
powercfg /change monitor-timeout-ac 60 # 60 min - síť
powercfg /change monitor-timeout-dc 15 # 15 min - baterie
powercfg /change standby-timeout-dc 60 # 60 min - baterie
```
---
## 8. Síť Proxy server
- [ ] Vypnout automatické zjišťování nastavení proxy
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- AutoDetect = 0 (DWORD)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- AutoDetect = 0 (DWORD)
```
---
## 9. Přejmenování počítače
```powershell
param([string]$NewName)
Rename-Computer -NewName $NewName -Force -Restart
```
> Restart je nutný. Připojení do domény probíhá zvlášť přes stejné rozhraní není součástí tohoto skriptu (volitelný parametr `-Domain`).
---
## 10. Odinstalace bloatware
Aktuálně řešeno přes **Flash2** integrovat volání Flash2 instalačky nebo zachovat jako samostatný krok.
Alternativně vlastní seznam přes winget/AppX:
```powershell
# Příklady AppX balíčků k odebrání (rozšířit dle potřeby)
$bloatware = @(
"Microsoft.BingWeather",
"Microsoft.GetHelp",
"Microsoft.Getstarted",
"Microsoft.MicrosoftSolitaireCollection",
"Microsoft.People",
"Microsoft.WindowsFeedbackHub",
"Microsoft.Xbox.TCUI",
"Microsoft.XboxApp",
"Microsoft.ZuneMusic",
"Microsoft.ZuneVideo"
)
foreach ($app in $bloatware) {
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $app | Remove-AppxProvisionedPackage -Online -ErrorAction SilentlyContinue
}
```
> `Remove-AppxProvisionedPackage` zajistí, že se bloatware neobjeví ani novým uživatelům (Default Profile).
---
## 11. Nastavení uživatelského profilu (Default Profile)
Klíčový mechanismus: **načíst `C:\Users\Default\NTUSER.DAT` jako dočasný hive**, aplikovat registry změny, odpojit hive.
```powershell
reg load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
# ... zde všechny Set-ItemProperty operace s cestou HKU:\DefaultUser\...
reg unload "HKU\DefaultUser"
```
> Tímto způsobem se veškerá nastavení (barvy, taskbar, Edge, atd.) aplikují všem budoucím uživatelům při prvním přihlášení.
---
## 12. Instalace SW
| Aplikace | Zdroj | Metoda |
|---|---|---|
| 7-Zip | Internet / winget | `winget install 7zip.7zip` |
| Adobe Reader | Internet / winget | `winget install Adobe.Acrobat.Reader.64-bit` |
| OpenVPN Connect | Internet / winget | `winget install OpenVPNTechnologies.OpenVPNConnect` |
| Atera Agent | Nextcloud (`C:\X9\install`) | MSI silent install |
| Backinfo | Nextcloud (`C:\X9\install`) | PS skript |
```powershell
winget install --id 7zip.7zip --silent --accept-package-agreements --accept-source-agreements
winget install --id Adobe.Acrobat.Reader.64-bit --silent --accept-package-agreements --accept-source-agreements
winget install --id OpenVPNTechnologies.OpenVPNConnect --silent --accept-package-agreements --accept-source-agreements
```
---
## 13. Backinfo
```powershell
Copy-Item "C:\X9\install\Backinfo" "C:\Program Files\Backinfo" -Recurse
Set-ExecutionPolicy Unrestricted -Force
& "C:\Program Files\Backinfo\backinfo_W11.ps1"
Set-ExecutionPolicy Restricted -Force
```
> Backinfo zapíše do registru verzi W11 a nastaví autostart po přihlášení.
---
## 14. MS Edge nastavení
Nastavit přes registry (platí pro všechny uživatele pokud aplikováno do Default Profile nebo HKLM).
| Nastavení | Hodnota |
|---|---|
| Ochrana sledování | Striktní (`2`) |
| Panel oblíbených | Vždy zobrazit |
| Výchozí vyhledávač | Google |
| Tlačítka panelu nástrojů | Historie, Aplikace, Stažené soubory, Výkon |
```registry
HKLM\SOFTWARE\Policies\Microsoft\Edge
- TrackingPrevention = 3 (DWORD) ; Striktní
- FavoritesBarEnabled = 1 (DWORD) ; Oblíbené vždy
- DefaultSearchProviderEnabled = 1
- DefaultSearchProviderName = "Google"
- DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}"
; Toolbar tlačítka individuální nastavení přes Edge policy nebo NTUSER.DAT
```
> **Poznámka:** Edge nastavení přes GPO/registry mají přednost před uživatelskými preferencemi. Pro Default Profile alternativně upravit `%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Preferences` šablonou méně spolehlivé.
---
## 15. Spouštěč parametry hlavního skriptu
```powershell
# Deploy-Windows.ps1
param(
[Parameter(Mandatory=$true)]
[string]$ComputerName,
[string]$Domain = "", # prázdné = pracovní skupina
[ValidateSet("admin","user")]
[string]$TaskbarAlign = "user", # admin=střed, user=vlevo
[string]$NextcloudUrl = "",
[string]$NextcloudUser = "",
[string]$NextcloudPass = ""
)
```
---
## Otevřené otázky / TODO
- [ ] Jak řešit stahování z Nextcloudu bez interaktivního přihlášení? (token vs. credentials parametr)
- [ ] Flash2 integrovat nebo volat jako subprocess?
- [ ] Atera Agent silent install parametry MSI?
- [ ] Přejmenování PC + připojení do domény jako jeden průchod nebo dva samostatné kroky?
- [ ] Testování: Win10 vs Win11 některé registry klíče se liší (hlavně Taskbar)
- [ ] Složka X9 na Taskbaru Win11 nepodporuje připnutí složky; nahradit shortcutem na ploše?
---
## Architektura spuštění (navržená)
```
irm https://xetup.x9.cz/setup.ps1 | iex
└── Stáhne Deploy-Windows.ps1 z repa
└── Vyzve na parametry (nebo převezme z CLI)
└── Spustí Deploy-Windows.ps1 -ExecutionPolicy Bypass
├── 1. Vytvoří adresáře
├── 2. Stáhne soubory (Nextcloud + web)
├── 3. Odinstaluje bloatware (AppX + Flash2)
├── 4. Nainstaluje SW (winget)
├── 5. Aplikuje registry do Default Profile (reg load/unload)
├── 6. Nastaví napájení
├── 7. Nastaví proxy
├── 8. Spustí Backinfo
├── 9. Přejmenuje PC
└── 10. Restart
```

834
review.html Normal file
View file

@ -0,0 +1,834 @@
<!DOCTYPE html>
<html lang="cs">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Xetup - Review v2</title>
<style>
:root {
--bg: #0f1117;
--card: #1a1d27;
--border: #2a2d3a;
--text: #e0e0e0;
--muted: #888;
--accent: #223B47;
--green: #2ea043;
--green-bg: rgba(46,160,67,.12);
--red: #da3633;
--red-bg: rgba(218,54,51,.12);
--yellow: #d29922;
--yellow-bg: rgba(210,153,34,.12);
--blue: #58a6ff;
--blue-bg: rgba(88,166,255,.12);
--purple: #a371f7;
--purple-bg: rgba(163,113,247,.12);
}
* { box-sizing: border-box; margin: 0; padding: 0; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: var(--bg);
color: var(--text);
padding: 2rem;
max-width: 960px;
margin: 0 auto;
line-height: 1.5;
}
h1 { font-size: 1.6rem; margin-bottom: .3rem; color: #fff; }
.subtitle { color: var(--muted); margin-bottom: 1.5rem; font-size: .9rem; }
.stats {
display: flex; gap: 1rem; margin-bottom: 2rem; flex-wrap: wrap;
}
.stat {
background: var(--card); border: 1px solid var(--border); border-radius: 8px;
padding: .6rem 1rem; font-size: .85rem; min-width: 100px; text-align: center;
}
.stat .num { font-size: 1.4rem; font-weight: 700; display: block; }
.stat.s-pending .num { color: var(--muted); }
.stat.s-approved .num { color: var(--green); }
.stat.s-rejected .num { color: var(--red); }
.stat.s-discuss .num { color: var(--yellow); }
.group { margin-bottom: 2rem; }
.group-header {
display: flex; align-items: center; gap: .6rem;
margin-bottom: .7rem; padding-bottom: .4rem; border-bottom: 1px solid var(--border);
}
.group-icon {
font-size: 1rem; width: 26px; height: 26px;
display: flex; align-items: center; justify-content: center;
border-radius: 6px; background: rgba(255,255,255,.05); font-weight: 700;
}
.group-title { font-size: 1.05rem; font-weight: 600; color: #fff; }
.group-count { color: var(--muted); font-size: .85rem; }
.step {
background: var(--card); border: 1px solid var(--border); border-radius: 10px;
margin-bottom: .6rem; overflow: hidden; transition: border-color .2s;
}
.step.status-approved { border-left: 3px solid var(--green); }
.step.status-rejected { border-left: 3px solid var(--red); }
.step.status-discuss { border-left: 3px solid var(--yellow); }
.step-header {
display: flex; align-items: center; padding: .7rem 1rem;
cursor: pointer; gap: .6rem; user-select: none;
}
.step-header:hover { background: rgba(255,255,255,.03); }
.step-title { font-weight: 600; flex: 1; font-size: .92rem; }
.step-source {
font-size: .65rem; padding: .12rem .4rem; border-radius: 3px; white-space: nowrap;
}
.source-impl { background: var(--blue-bg); color: var(--blue); }
.source-spec { background: var(--yellow-bg); color: var(--yellow); }
.source-new { background: var(--purple-bg); color: var(--purple); }
.source-both { background: var(--green-bg); color: var(--green); }
.source-problem { background: var(--red-bg); color: var(--red); }
.source-resolved { background: rgba(255,255,255,.06); color: var(--muted); }
.status-badge {
font-size: .65rem; padding: .1rem .35rem; border-radius: 3px; font-weight: 600; display: none;
}
.step.status-approved .status-badge { display: inline; background: var(--green-bg); color: var(--green); }
.step.status-rejected .status-badge { display: inline; background: var(--red-bg); color: var(--red); }
.step.status-discuss .status-badge { display: inline; background: var(--yellow-bg); color: var(--yellow); }
.chevron {
color: var(--muted); transition: transform .2s; font-size: .75rem;
}
.step.open .chevron { transform: rotate(90deg); }
.step-body {
display: none; padding: 0 1rem 1rem 1rem; font-size: .86rem;
}
.step.open .step-body { display: block; }
.step-body p { margin-bottom: .4rem; }
.detail-label {
color: var(--muted); font-size: .75rem; text-transform: uppercase;
letter-spacing: .05em; margin-top: .7rem; margin-bottom: .25rem;
}
.step-body ul { margin-left: 1.2rem; margin-bottom: .4rem; }
.step-body li { margin-bottom: .2rem; }
.step-body code {
background: rgba(255,255,255,.08); padding: .08rem .3rem; border-radius: 3px;
font-size: .8rem; font-family: 'SF Mono', 'Fira Code', monospace;
}
.step-body pre {
background: rgba(0,0,0,.3); padding: .5rem .7rem; border-radius: 6px;
overflow-x: auto; font-size: .78rem; margin: .4rem 0;
font-family: 'SF Mono', 'Fira Code', monospace; line-height: 1.4;
}
.issue {
background: var(--red-bg); border: 1px solid rgba(218,54,51,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.issue strong { color: var(--red); }
.note {
background: var(--blue-bg); border: 1px solid rgba(88,166,255,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.note strong { color: var(--blue); }
.resolved {
background: rgba(255,255,255,.04); border: 1px solid var(--border);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.resolved strong { color: var(--green); }
.prev-comment {
background: var(--yellow-bg); border: 1px solid rgba(210,153,34,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.prev-comment strong { color: var(--yellow); }
.actions { display: flex; gap: .4rem; margin-top: .7rem; flex-wrap: wrap; }
.btn {
padding: .3rem .65rem; border: 1px solid var(--border); border-radius: 6px;
background: transparent; color: var(--text); cursor: pointer;
font-size: .78rem; transition: all .15s;
}
.btn:hover { background: rgba(255,255,255,.06); }
.btn-approve { border-color: var(--green); color: var(--green); }
.btn-approve:hover, .btn-approve.active { background: var(--green-bg); }
.btn-reject { border-color: var(--red); color: var(--red); }
.btn-reject:hover, .btn-reject.active { background: var(--red-bg); }
.btn-discuss { border-color: var(--yellow); color: var(--yellow); }
.btn-discuss:hover, .btn-discuss.active { background: var(--yellow-bg); }
.comment-area { margin-top: .5rem; display: none; }
.comment-area.visible { display: block; }
.comment-area textarea {
width: 100%; background: rgba(0,0,0,.3); border: 1px solid var(--border);
border-radius: 6px; color: var(--text); padding: .45rem; font-size: .83rem;
font-family: inherit; resize: vertical; min-height: 55px;
}
.comment-area textarea:focus { outline: none; border-color: var(--blue); }
.export-bar {
position: sticky; bottom: 0; background: var(--card);
border: 1px solid var(--border); border-radius: 10px;
padding: .7rem 1rem; margin-top: 1.5rem;
display: flex; align-items: center; gap: .8rem;
justify-content: space-between; flex-wrap: wrap; z-index: 10;
}
.btn-export {
padding: .45rem 1rem; background: var(--accent); color: #fff; border: none;
border-radius: 6px; cursor: pointer; font-size: .85rem; font-weight: 600;
}
.btn-export:hover { opacity: .85; }
.btn-minor {
padding: .35rem .7rem; background: transparent; border: 1px solid var(--border);
color: var(--muted); border-radius: 6px; cursor: pointer; font-size: .78rem;
}
.btn-minor:hover { color: var(--text); border-color: var(--text); }
@media (max-width: 600px) {
body { padding: 1rem; }
.stats { gap: .5rem; }
.stat { min-width: 70px; padding: .4rem .5rem; }
}
</style>
</head>
<body>
<h1>Xetup - Windows Deployment Review v2</h1>
<p class="subtitle">Vcetne novinek od kolegy + zapracovane komentare z review v1. Schval / zamitni / okomentuj.</p>
<div class="stats">
<div class="stat s-pending"><span class="num" id="cnt-pending">0</span>Ceka</div>
<div class="stat s-approved"><span class="num" id="cnt-approved">0</span>OK</div>
<div class="stat s-rejected"><span class="num" id="cnt-rejected">0</span>Ne</div>
<div class="stat s-discuss"><span class="num" id="cnt-discuss">0</span>Diskuse</div>
</div>
<div id="app"></div>
<div class="export-bar">
<div style="display:flex;gap:.5rem;flex-wrap:wrap">
<button class="btn-minor" onclick="toggleAll()">Rozbalit/sbalit vse</button>
<button class="btn-minor" onclick="expandDetails()">Otevrit detaily</button>
<button class="btn-minor" onclick="clearAll()">Reset vsech hlasu</button>
</div>
<div style="display:flex;gap:.5rem;flex-wrap:wrap">
<button class="btn-export" onclick="copyToClipboard()">Kopirovat Markdown</button>
<button class="btn-export" onclick="exportMarkdown()" style="background:#333;border:1px solid var(--border)">Stahnout .md</button>
</div>
</div>
<script>
const groups = [
{
id: "prep",
icon: "1",
title: "Priprava prostredi",
steps: [
{
id: "v2-dirs",
title: "Adresar C:\\X9 + ikona slozky",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Vytvoreni C:\\X9, kopirovani assets (BackInfo, Logo, ikona). Vlastni ikona slozky pres desktop.ini.",
detail: `<p class="detail-label">Struktura</p>
<pre>C:\\X9\\
+-- install\\ (staging pro Atera MSI atd.)
+-- X9-ikona.ico (ikona slozky)
+-- X9-logo.jpg (avatar uctu)</pre>
<p class="detail-label">Ikona slozky</p>
<pre>[.ShellClassInfo]
IconResource=C:\\X9\\X9-ikona.ico,0
attrib +s +h "C:\\X9\\desktop.ini"
attrib +s "C:\\X9"</pre>
<div class="resolved"><strong>Z review v1:</strong> Nextcloud neni potreba - Backinfo mame v assets/ repa, logo taky. Stahovat se bude jen Atera MSI (viz krok 3b).</div>
<div class="note"><strong>Pozn:</strong> Pripnuti slozky na taskbar Win11 nepodporuje. Shortcut na plose nebo Quick Access.</div>`
},
{
id: "v2-admin",
title: "Admin ucet (adminx9)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Vytvoreni skryteho admin uctu adminx9 BEZ HESLA. FullName = \"X9.cz s.r.o.\"",
detail: `<p class="detail-label">Co delame</p>
<ul>
<li>Vytvoreni <code>adminx9</code></li>
<li><strong>Bez hesla</strong> (zmena oproti v1, kde bylo heslo z config.json)</li>
<li>Pridani do Administrators</li>
<li>Heslo nevyprsi, uzivatel nesmi menit</li>
<li>Skryti z login screen (SpecialAccounts\\UserList = 0)</li>
</ul>
<div class="prev-comment"><strong>Review v1:</strong> "adminX9 bude bez hesla"</div>
<p class="detail-label">NOVINKA: Popis uctu</p>
<pre>\$user = [ADSI]"WinNT://\$env:COMPUTERNAME/adminx9,user"
\$user.FullName = "X9.cz s.r.o."
\$user.SetInfo()</pre>
<p>Nastavi pole "Jmeno a prijmeni" na <code>X9.cz s.r.o.</code> - viditelne ve Sprave pocitace.</p>
<p class="detail-label">Skript</p>
<p><code>scripts/00-admin-account.ps1</code> (upravit: odstranit heslo, pridat FullName)</p>`
},
{
id: "v2-activation",
title: "Aktivace Windows",
source: "impl", sourceLabel: "Nase implementace",
summary: "Aktivace Windows pomoci klice z configu nebo GVLK (KMS). Spec kolegy toto nezminuje.",
detail: `<p class="detail-label">Co delame</p>
<ul>
<li>Kontrola stavu aktivace</li>
<li>Pouziti klice z <code>config.json</code> nebo GVLK fallback</li>
<li>Volitelne nastaveni KMS serveru</li>
<li><code>slmgr.vbs /ipk</code> + <code>/ato</code></li>
</ul>
<div class="note"><strong>Pozn:</strong> Spec kolegy aktivaci vubec neresi. Ponechat? Nebo vyradit a resit rucne?</div>
<p class="detail-label">Skript</p>
<p><code>scripts/08-activation.ps1</code></p>`
}
]
},
{
id: "debloat",
icon: "2",
title: "Odstranovani bloatware",
steps: [
{
id: "v2-appx",
title: "AppX balicky (UWP aplikace)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Odebirame ~65 preinstalovanych aplikaci. Kalkulacka zustava.",
detail: `<p class="detail-label">Hlavni balicky</p>
<pre>BingSearch, Camera, Clipchamp, Alarms, Copilot, Cortana,
DevHome, Family, FeedbackHub, GetHelp, Getstarted, Mail,
Maps, BingNews, OfficeHub, OneNote, Outlook, Paint, People,
Photos, PowerAutomate, QuickAssist, Skype, ScreenSketch,
Solitaire, StickyNotes, Teams, Todos, SoundRecorder, Wallet,
BingWeather, Terminal, Xbox (6x), GamingApp, YourPhone,
ZuneMusic, ZuneVideo, LinkedIn</pre>
<p class="detail-label">Zachovavame</p>
<ul><li><code>Microsoft.WindowsCalculator</code></li></ul>
<div class="resolved"><strong>Z review v1:</strong> "Flash2 je v podstate tento setup, minula verze - hlavne pro inspiraci a zahrnuti." = Flash2 neintegrujeme, nas seznam je kompletnejsi.</div>
<p class="detail-label">Skript</p>
<p><code>scripts/01-bloatware.ps1</code></p>`
},
{
id: "v2-caps",
title: "Windows Capabilities",
source: "impl", sourceLabel: "Implementovano",
summary: "Odebirame: Fax, IE, WordPad, PowerShell ISE, Steps Recorder, WMP, Handwriting...",
detail: `<pre>Print.Fax.Scan, Language.Handwriting, Browser.InternetExplorer,
MathRecognizer, OneCoreUAP.OneSync, OpenSSH.Client,
Microsoft.Windows.MSPaint, PowerShell.ISE,
QuickAssist, SnippingTool, StepsRecorder,
Hello.Face.*, WindowsMediaPlayer, WordPad</pre>`
},
{
id: "v2-features",
title: "Optional Features",
source: "impl", sourceLabel: "Implementovano",
summary: "Vypnuti: MediaPlayback, PowerShell 2.0, Recall (AI), SnippingTool. RDP se NEODEBIRA.",
detail: `<pre>MediaPlayback, MicrosoftWindowsPowerShellV2Root,
Recall (Windows AI), Microsoft-SnippingTool</pre>
<div class="resolved"><strong>Vyreseno:</strong> RDP klient (<code>Microsoft-RemoteDesktopConnection</code>) se NEODEBIRA. Puvodne byl ve SPEC, kolega potvrdil ze musi zustat.</div>`
},
{
id: "v2-onedrive",
title: "OneDrive - oprava",
source: "problem", sourceLabel: "OPRAVIT",
summary: "Nas skript agresivne maze OneDrive. Nutno opravit - nechat OneDrive instalovatelny.",
detail: `<p class="detail-label">Co aktualne spatne delame</p>
<ul>
<li><code>OneDriveSetup.exe /uninstall</code> + mazani exe</li>
<li>Mazani Start menu shortcutu</li>
<li>Mazani RunOnce klicu a Explorer namespace z Default Profile</li>
</ul>
<div class="prev-comment"><strong>Review v1:</strong> "nevim jestli v posledni verzi uz to bylo opravene, ale v prvni verzi se onedrive zabijel nejakym regeditem nebo scheduled taskem"</div>
<p class="detail-label">Stav v kodu</p>
<p>V aktualnim <code>03-system-registry.ps1</code> (radky 244-273) + <code>04-default-profile.ps1</code> (radky 240-261) je OneDrive stale agresivne mazany.</p>
<p class="detail-label">Reseni</p>
<p>Odstranit cely OneDrive blok z obou skriptu. OneDrive musi zustat instalovatelny pro M365.</p>`
},
{
id: "v2-rdp",
title: "RDP/RDS - overeni",
source: "problem", sourceLabel: "OVERIT",
summary: "RDP se v kodu neodebira (neni v seznamu). Overit, ze zadny registry tweak neblokuje RDS.",
detail: `<div class="prev-comment"><strong>Review v1:</strong> "nevim jestli v posledni verzi uz to bylo opravene, ale v prvni verzi se rdp problematizovalo nejakym regeditem nebo scheduled taskem"</div>
<p class="detail-label">Stav</p>
<p>V aktualnim kodu <code>01-bloatware.ps1</code> RDP NENI v seznamu k odebirani. Ale je mozne, ze nektery registry tweak v <code>03-system-registry.ps1</code> neprimo ovlivnuje RDS.</p>
<p class="detail-label">TODO</p>
<p>Prozkoumat vsechny HKLM zmeny a overit, ze zadna neblokuje Remote Desktop Services. Otestovat na VM.</p>`
}
]
},
{
id: "software",
icon: "3",
title: "Instalace software",
steps: [
{
id: "v2-winget",
title: "Winget balicky (7-Zip, Adobe, OpenVPN)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Silent instalace 7-Zip, Adobe Acrobat Reader, OpenVPN Connect pres winget.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem .4rem"><code>7zip.7zip</code></td><td>7-Zip</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem .4rem"><code>Adobe.Acrobat.Reader.64-bit</code></td><td>Adobe Reader</td></tr>
<tr><td style="padding:.25rem .4rem"><code>OpenVPNTechnologies.OpenVPNConnect</code></td><td>OpenVPN Connect</td></tr>
</table>
<p class="detail-label">Adobe jako vychozi PDF</p>
<ul>
<li>Po instalaci: <code>.pdf -&gt; AcroRd32</code> pres HKCR</li>
<li>Scheduled task <code>PDF-DefaultApp</code> obnovi asociaci pri kazdem prihlaseni</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/02-software.ps1</code></p>`
},
{
id: "v2-atera",
title: "Atera Agent",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Stahnout MSI z Atera API a provest silent install. MFA problem k reseni.",
detail: `<div class="prev-comment"><strong>Review v1 - kolega dodal presny postup:</strong></div>
<pre>curl -L -o setup.msi "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337"
msiexec /i setup.msi /qn</pre>
<p class="detail-label">PowerShell ekvivalent</p>
<pre>\$ateraUrl = "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&amp;aeid=50b72e7113e54a63ac76b96c54c7e337"
\$ateraMsi = "C:\\X9\\install\\atera-setup.msi"
Invoke-WebRequest -Uri \$ateraUrl -OutFile \$ateraMsi
Start-Process msiexec -ArgumentList "/i \$ateraMsi /qn" -Wait</pre>
<div class="note"><strong>Otevrena otazka:</strong> Kolega rika "nejlip najit parametr, u ktereho ATERA nebude chtit MFA kod z mailu". Overit, jestli URL s aeid parametrem to obchazi.</div>`
},
{
id: "v2-backinfo",
title: "BackInfo (info na plose)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "BackInfo.exe - hostname, user, OS, HW, sit uprostred plochy. Mame v assets/, jen zkopirovat a spustit.",
detail: `<p class="detail-label">Instalace</p>
<ol>
<li>Zkopirovat <code>assets/Backinfo/</code> do <code>C:\\Program Files\\Backinfo\\</code></li>
<li>Spustit <code>backinfo_W11.ps1</code>:
<ul>
<li>Detekuje Win10/Win11 + edici</li>
<li>Zapise <code>HKLM:\\SOFTWARE\\BackInfo\\OSName</code></li>
<li>Vytvori shortcut do Startup (<code>StartUp\\BackInfo.lnk</code>)</li>
</ul>
</li>
<li>BackInfo.exe se pak spousti automaticky po kazdem prihlaseni</li>
</ol>
<p class="detail-label">INI</p>
<pre>AutoBackground=1, ForceDesktopCenter=1
Line1: CompName (42pt, bold, white, center)
Line2: UserName (20pt, gray, center)
Line3: OS z registru (20pt, bold, gray)
Line4: HW SysInfo (20pt, gray)
Line5: Network NetInfo (20pt, gray)</pre>
<div class="resolved"><strong>Vyreseno:</strong> BackInfo uz je v <code>assets/Backinfo/</code>. Nahrazuje nas custom 07-desktop-info.ps1 (smazat).</div>`
}
]
},
{
id: "appearance",
icon: "4",
title: "Vzhled a personalizace",
steps: [
{
id: "v2-theme",
title: "Barvy a motiv",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Tmavy system, svetle aplikace, accent #223B47, plna barva pozadi.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Rezim Windows</td><td><strong>Tmavy</strong></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Rezim aplikaci</td><td><strong>Svetly</strong></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent barva</td><td><strong>#223B47</strong> <span style="display:inline-block;width:13px;height:13px;background:#223B47;border-radius:3px;vertical-align:middle;border:1px solid #555"></span></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent v Start/taskbar</td><td>Ano</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent v zahlavi oken</td><td>Ano</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Pruhlednost</td><td>Vypnuta</td></tr>
<tr><td style="padding:.25rem">Pozadi</td><td><strong>Plna barva #223B47</strong> (BackInfo prepise BMP)</td></tr>
</table>
<p class="detail-label">Skript</p>
<p><code>scripts/05-personalization.ps1</code></p>`
},
{
id: "v2-desktop",
title: "Ikona Tento pocitac na plose",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Zobrazit ikonu Tento pocitac na plose (Default Profile + HKCU).",
detail: `<pre>HKCU\\...\\HideDesktopIcons\\NewStartPanel
{20D04FE0-3AEA-1069-A2D8-08002B30309D} = 0</pre>`
},
{
id: "v2-avatar",
title: "Avatar uctu (X9 logo)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "X9-logo.jpg jako profilovy obrazek admin uctu. Logo mame v assets/Logo/.",
detail: `<pre>\$accountPicPath = "\$env:APPDATA\\Microsoft\\Windows\\AccountPictures"
Copy-Item "C:\\X9\\X9-logo.jpg" "\$accountPicPath\\X9-logo.jpg"</pre>
<div class="resolved"><strong>Vyreseno:</strong> Logo (ico + jpeg) presunuto do <code>assets/Logo/</code>. Plati jen pro admin ucet.</div>`
}
]
},
{
id: "taskbar",
icon: "5",
title: "Hlavni panel a Start menu",
steps: [
{
id: "v2-tb-layout",
title: "Taskbar - zarovnani, skryti prvku",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Skryti Search, Task View, Widgets, Chat, Copilot. Zarovnani dle parametru -ProfileType.",
detail: `<p class="detail-label">Skryte prvky</p>
<ul>
<li>Search box (SearchboxTaskbarMode=0)</li>
<li>Task View (ShowTaskViewButton=0)</li>
<li>Widgets (TaskbarDa=0)</li>
<li>Chat/Teams (TaskbarMn=0)</li>
<li>Copilot (ShowCopilotButton=0)</li>
</ul>
<p class="detail-label">Zarovnani</p>
<ul>
<li><code>-ProfileType user</code> = vlevo (TaskbarAl=0)</li>
<li><code>-ProfileType admin</code> = na stred (TaskbarAl=1)</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/04-default-profile.ps1</code></p>`
},
{
id: "v2-tb-pins",
title: "NOVINKA: Taskbar pinnovane aplikace (admin vs user)",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Ruzne sady pripnutych aplikaci podle -ProfileType. Admin: Settings, ComputerMgmt, Services, PS, Explorer, Edge. User: Explorer, Edge.",
detail: `<p class="detail-label">Admin profil - pripnout</p>
<ul>
<li>Nastaveni (<code>ms-settings:</code>)</li>
<li>Sprava pocitace (<code>compmgmt.msc</code>)</li>
<li>Sluzby (<code>services.msc</code>)</li>
<li>PowerShell</li>
<li>Pruzkumnik Windows</li>
<li>MS Edge</li>
</ul>
<p class="detail-label">User profil - pripnout</p>
<ul>
<li>Pruzkumnik Windows</li>
<li>MS Edge</li>
</ul>
<p class="detail-label">Implementace</p>
<p>XML layout policy (<code>LayoutXMLPath</code>). Pro <code>compmgmt.msc</code> a <code>services.msc</code> nutno vytvorit .lnk soubory, XML prijima jen .lnk cesty.</p>
<pre>&lt;CustomTaskbarLayoutCollection PinListPlacement="Replace"&gt;
&lt;taskbar:TaskbarPinList&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\PowerShell.lnk"/&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\File Explorer.lnk"/&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\Microsoft Edge.lnk"/&gt;
&lt;/taskbar:TaskbarPinList&gt;
&lt;/CustomTaskbarLayoutCollection&gt;</pre>
<div class="note"><strong>Pozn:</strong> <code>LayoutXMLPath</code> policy je dostupna ve Win11 22H2+. Nutno overit verzi pred nasazenim.</div>`
},
{
id: "v2-tray",
title: "System tray - zobrazit vsechny ikony",
source: "both", sourceLabel: "Implementovano",
summary: "EnableAutoTray=0 + mazani icon cache + scheduled task ShowAllTrayIcons.",
detail: `<ul>
<li><code>EnableAutoTray = 0</code> (Win10)</li>
<li>Mazani TrayNotify icon streams (Win11 workaround)</li>
<li>Scheduled task <code>ShowAllTrayIcons</code> pri kazdem prihlaseni</li>
</ul>`
},
{
id: "v2-start",
title: "Start menu - prazdne piny, bez Bing",
source: "impl", sourceLabel: "Implementovano",
summary: "Prazdny LayoutModification.xml, prazdne Start pins, vypnuty Bing suggestions.",
detail: `<ul>
<li><code>ConfigureStartPins = {"pinnedList":[]}</code></li>
<li><code>DisableSearchBoxSuggestions = 1</code></li>
<li>Scheduled task <code>UnlockStartLayout</code> po 5 min odemkne pro uzivatele</li>
</ul>`
}
]
},
{
id: "explorer",
icon: "6",
title: "Pruzkumnik Windows",
steps: [
{
id: "v2-explorer-base",
title: "Zakladni nastaveni (implementovano)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Otevirat do Tento pocitac, zobrazit pripony souboru.",
detail: `<pre>LaunchTo = 1 (Tento pocitac misto Rychly pristup)
HideFileExt = 0 (zobrazit pripony)</pre>
<p class="detail-label">Skript</p>
<p><code>scripts/04-default-profile.ps1</code></p>`
},
{
id: "v2-explorer-new",
title: "NOVINKA: Dalsi nastaveni Pruzkumniku",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Vypnout nedavne soubory/slozky, zobrazit uplnou cestu v zahlavi.",
detail: `<p class="detail-label">Nova nastaveni</p>
<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Nedavne soubory</td><td><strong>Vypnuto</strong> (ShowRecent=0)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Caste slozky</td><td><strong>Vypnuto</strong> (ShowFrequent=0)</td></tr>
<tr><td style="padding:.25rem">Uplna cesta v zahlavi</td><td><strong>Zapnuto</strong> (FullPath=1)</td></tr>
</table>
<p class="detail-label">Registry</p>
<pre>HKCU\\...\\Explorer
ShowRecent = 0 (DWORD)
ShowFrequent = 0 (DWORD)
HKCU\\...\\Explorer\\CabinetState
FullPath = 1 (DWORD)</pre>
<p>Aplikovat do Default Profile hive + HKCU.</p>`
}
]
},
{
id: "system",
icon: "7",
title: "Systemova nastaveni",
steps: [
{
id: "v2-registry",
title: "HKLM registry tweaky",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "BypassNRO, vypnuti Teams/Widgets/Copilot/GameDVR/Recall, hesla bez expirace, casova zona.",
detail: `<ul>
<li>Bypass NRO (OOBE sit)</li>
<li>Vypnuti auto-instalace Teams</li>
<li>Vypnuti Cloud Optimized Content</li>
<li>Vypnuti Widgets</li>
<li>Edge: HideFirstRunExperience, zadny desktop shortcut</li>
<li>Hesla bez expirace</li>
<li>Casova zona: Central Europe Standard Time</li>
<li>Vypnuti GameDVR + Recall</li>
<li>Skryti Search (HKLM policy)</li>
<li>Skryti Recommended v Start menu</li>
<li>Vypnuti auto-instalace Outlooku</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/03-system-registry.ps1</code></p>`
},
{
id: "v2-defprofile",
title: "Default Profile (NTUSER.DAT)",
source: "both", sourceLabel: "Implementovano",
summary: "Nastaveni pro budouci uzivatele: Explorer, Num Lock, GameDVR, Copilot...",
detail: `<pre>reg load "HKU\\DefaultProfile" "C:\\Users\\Default\\NTUSER.DAT"
... zmeny ...
reg unload "HKU\\DefaultProfile"</pre>
<ul>
<li>Explorer: pripony, Tento pocitac, ShowRecent/Frequent off, FullPath</li>
<li>Num Lock zapnut</li>
<li>Copilot vypnut</li>
<li>GameDVR vypnut</li>
<li>Start menu: prazdne piny, bez Bing</li>
</ul>`
},
{
id: "v2-power",
title: "Napajeni (powercfg)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Spanek nikdy na siti, obrazovka 60min/15min, spanek baterie 60min.",
detail: `<pre>powercfg /change standby-timeout-ac 0 # spanek sit: nikdy
powercfg /change monitor-timeout-ac 60 # obrazovka sit: 60 min
powercfg /change monitor-timeout-dc 15 # obrazovka bat: 15 min
powercfg /change standby-timeout-dc 60 # spanek bat: 60 min</pre>
<div class="note"><strong>Pozn:</strong> Zavreni vika - nechat vychozi.</div>`
},
{
id: "v2-tasks",
title: "Scheduled tasks",
source: "both", sourceLabel: "Implementovano",
summary: "ShowAllTrayIcons, PDF-DefaultApp, UnlockStartLayout.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem"><strong>ShowAllTrayIcons</strong></td><td>Logon: systray ikony</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem"><strong>PDF-DefaultApp</strong></td><td>Logon: .pdf -&gt; Adobe (SYSTEM)</td></tr>
<tr><td style="padding:.25rem"><strong>UnlockStartLayout</strong></td><td>5 min po startu, pak se smaze</td></tr>
</table>
<p class="detail-label">Skripty</p>
<p><code>C:\\Windows\\Setup\\Scripts\\</code></p>`
}
]
},
{
id: "network",
icon: "8",
title: "Sit a Edge",
steps: [
{
id: "v2-proxy",
title: "Proxy - vypnout auto-detect",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Vypnuti automatickeho zjistovani proxy serveru.",
detail: `<pre>HKCU\\...\\Internet Settings\\AutoDetect = 0
HKLM\\...\\Internet Settings\\AutoDetect = 0</pre>
<p>Aplikovat do Default Profile i HKCU.</p>`
},
{
id: "v2-edge",
title: "MS Edge - rozsirene nastaveni",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Striktni tracking protection, Google vyhledavac, panel oblibenych.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Tracking</td><td><strong>Striktni</strong> (TrackingPrevention=3)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Oblibene</td><td><strong>Vzdy videt</strong> (FavoritesBarEnabled=1)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Vyhledavac</td><td><strong>Google</strong></td></tr>
<tr><td style="padding:.25rem">Toolbar</td><td>Historie, Aplikace, Stazene, Vykon</td></tr>
</table>
<pre>HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge
TrackingPrevention = 3
FavoritesBarEnabled = 1
DefaultSearchProviderEnabled = 1
DefaultSearchProviderName = "Google"
DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}"</pre>`
},
{
id: "v2-network",
title: "NOVINKA: Sitove zjistovani + privatni sit",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Zapnout Network Discovery, File Sharing, prepnout sit na Private (aby fungoval ping).",
detail: `<pre># Zapnout Network Discovery a File Sharing
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
# Prepnout sitovy profil na Private
\$adapter = Get-NetConnectionProfile | Select-Object -First 1
Set-NetConnectionProfile -InterfaceIndex \$adapter.InterfaceIndex -NetworkCategory Private</pre>
<div class="note"><strong>Dulezite:</strong> Vaze se na aktualni sitovy adapter - nelze ulozit do Default Profile. Spustit az po pripojeni k siti. Pokud domain-join, az po restartu.</div>`
}
]
},
{
id: "finish",
icon: "9",
title: "Finalizace",
steps: [
{
id: "v2-rename",
title: "Prejmenování PC",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Rename-Computer na nazev z parametru -ComputerName. Posledni krok pred restartem.",
detail: `<pre>Rename-Computer -NewName $ComputerName -Force -Restart</pre>
<ul>
<li>Restart je nutny</li>
<li>Pripojeni do domeny = volitelne, nezavisle</li>
</ul>`
},
{
id: "v2-bootstrap",
title: "Bootstrap spoustec (irm | iex)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Jednoradkovy spoustec: irm https://xetup.x9.cz/setup.ps1 | iex",
detail: `<pre>irm https://xetup.x9.cz/setup.ps1 | iex</pre>
<p class="detail-label">Parametry</p>
<pre>-ComputerName (povinny)
-Domain (volitelny)
-ProfileType "admin"|"user" (default "user")
ridi: taskbar zarovnani + pinnovane apps</pre>
<div class="note"><strong>Novy parametr -ProfileType</strong> (z novinek v2): nahrazuje puvodni -TaskbarAlign. Ridi zarovnani taskbaru I sadu pinnovanych aplikaci.</div>`
}
]
}
];
// --- Rendering ---
const STORAGE_PREFIX = 'xr2-';
function render() {
const app = document.getElementById('app');
app.innerHTML = '';
groups.forEach(g => {
const div = document.createElement('div');
div.className = 'group';
div.innerHTML = `
<div class="group-header">
<div class="group-icon">${g.icon}</div>
<span class="group-title">${g.title}</span>
<span class="group-count">(${g.steps.length})</span>
</div>`;
g.steps.forEach(s => {
const saved = load(s.id);
const sc = saved.status ? `status-${saved.status}` : '';
const badge = {approved:'OK',rejected:'NE',discuss:'?'}[saved.status]||'';
const el = document.createElement('div');
el.className = `step ${sc}`;
el.dataset.id = s.id;
el.innerHTML = `
<div class="step-header" onclick="toggle(this)">
<span class="step-title">${s.title}</span>
<span class="status-badge">${badge}</span>
<span class="step-source source-${s.source}">${s.sourceLabel}</span>
<span class="chevron">&#9654;</span>
</div>
<div class="step-body">
<p>${s.summary}</p>
<details style="margin-top:.5rem">
<summary style="cursor:pointer;color:var(--blue);font-size:.83rem;user-select:none">Zobrazit detaily</summary>
<div style="margin-top:.4rem">${s.detail}</div>
</details>
<div class="actions">
<button class="btn btn-approve ${saved.status==='approved'?'active':''}" onclick="setStatus('${s.id}','approved',this)">Schvalit</button>
<button class="btn btn-reject ${saved.status==='rejected'?'active':''}" onclick="setStatus('${s.id}','rejected',this)">Zamitnout</button>
<button class="btn btn-discuss ${saved.status==='discuss'?'active':''}" onclick="setStatus('${s.id}','discuss',this)">K diskusi</button>
</div>
<div class="comment-area ${saved.comment?'visible':''}">
<textarea placeholder="Poznamka / komentar..." oninput="saveComment('${s.id}',this.value)">${saved.comment||''}</textarea>
</div>
</div>`;
div.appendChild(el);
});
app.appendChild(div);
});
updateCounts();
}
function toggle(h){h.closest('.step').classList.toggle('open')}
let allOpen=false;
function toggleAll(){allOpen=!allOpen;document.querySelectorAll('.step').forEach(s=>s.classList.toggle('open',allOpen))}
function expandDetails(){document.querySelectorAll('.step-body details').forEach(d=>d.open=true);document.querySelectorAll('.step').forEach(s=>s.classList.add('open'));allOpen=true}
function setStatus(id,status,btn){
const st=load(id);
st.status=st.status===status?'':status;
save(id,st);
const step=btn.closest('.step');
step.className=`step ${st.status?'status-'+st.status:''} open`;
step.querySelector('.status-badge').textContent={approved:'OK',rejected:'NE',discuss:'?'}[st.status]||'';
step.querySelectorAll('.actions .btn').forEach(b=>b.classList.remove('active'));
if(st.status)btn.classList.add('active');
const ca=step.querySelector('.comment-area');
if(st.status==='discuss'||st.status==='rejected'){ca.classList.add('visible');ca.querySelector('textarea').focus()}
updateCounts();
}
function saveComment(id,v){const s=load(id);s.comment=v;save(id,s)}
function load(id){try{return JSON.parse(localStorage.getItem(STORAGE_PREFIX+id))||{}}catch{return{}}}
function save(id,s){localStorage.setItem(STORAGE_PREFIX+id,JSON.stringify(s))}
function allSteps(){return groups.flatMap(g=>g.steps)}
function updateCounts(){
let c={pending:0,approved:0,rejected:0,discuss:0};
allSteps().forEach(s=>{const st=load(s.id).status;if(st&&c[st]!==undefined)c[st]++;else c.pending++});
document.getElementById('cnt-pending').textContent=c.pending;
document.getElementById('cnt-approved').textContent=c.approved;
document.getElementById('cnt-rejected').textContent=c.rejected;
document.getElementById('cnt-discuss').textContent=c.discuss;
}
function clearAll(){if(!confirm('Opravdu smazat vsechny hlasy a komentare?'))return;allSteps().forEach(s=>localStorage.removeItem(STORAGE_PREFIX+s.id));render()}
function genMd(){
let md=`# Xetup - Review v2 vysledek\n\nDatum: ${new Date().toLocaleDateString('cs-CZ')}\n\n`;
const ic={approved:'[OK]',rejected:'[X]',discuss:'[?]',pending:'[ ]'};
const lb={approved:'SCHVALENO',rejected:'ZAMITNUTO',discuss:'K DISKUSI',pending:'CEKA'};
groups.forEach(g=>{
md+=`## ${g.icon}. ${g.title}\n\n`;
g.steps.forEach(s=>{
const st=load(s.id);const status=st.status||'pending';
md+=`${ic[status]} **${s.title}** (${lb[status]})\n`;
md+=`${s.summary}\n`;
if(st.comment)md+=`> ${st.comment}\n`;
md+=`\n`;
});
});
return md;
}
function exportMarkdown(){const b=new Blob([genMd()],{type:'text/markdown'});const a=document.createElement('a');a.href=URL.createObjectURL(b);a.download='xetup-review-v2.md';a.click()}
function copyToClipboard(){navigator.clipboard.writeText(genMd()).then(()=>{const b=event.target;const o=b.textContent;b.textContent='Skopirovano!';setTimeout(()=>b.textContent=o,1500)})}
render();
</script>
</body>
</html>