- 03-system-registry.ps1: add Grant-RegWriteAccess helper; Set-Reg now
retries with ACL fix when Set-ItemProperty throws SecurityException
(e.g. HKLM\...\Communications owned by TrustedInstaller)
- 04-default-profile.ps1: add Grant-HiveWriteAccess helper; Set-ProfileReg
retries with ACL fix on Default hive keys with restricted permissions
- Both scripts: add -ErrorAction Stop to Set-ItemProperty so errors are
properly caught by try/catch instead of bypassing it
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 00-admin-account.ps1: create/update adminx9, add to Administrators,
hide from login screen via SpecialAccounts\UserList
- 08-activation.ps1: activate via config key or GVLK fallback matched
by OS edition; supports optional KMS server; skips if already active
- config.json: add adminAccount block (password), activation block
(productKey placeholder, kmsServer)
- Deploy-Windows.ps1: add Step 0a and Step 0b before bloatware removal
- Test-Deployment.ps1: add checks for admin account and activation
- SPEC.md: document new steps, close open question #4
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
