x9/xetup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7 commits 1 branch 0 tags 462 KiB
Commit graph

5 commits

Author SHA1 Message Date
X9
3a3513c3bc Fix TrustedInstaller-owned registry key write via token privileges 
- 03-system-registry.ps1: replace .NET OpenSubKey approach with proper
  P/Invoke that enables SeTakeOwnershipPrivilege and SeRestorePrivilege
  before attempting to take ownership of TrustedInstaller-owned keys
  (e.g. HKLM\...\Communications\ConfigureChatAutoInstall)
- Remove SYSTEM scheduled task fallback (not needed with token approach)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-14 20:06:01 +01:00
X9
d853df0aa4 Fix Communications key ACL and Adobe path detection 
- 03-system-registry.ps1: Set-Reg now has 3-tier retry: direct write,
  ACL manipulation, fallback to scheduled task running as SYSTEM (which
  has unrestricted registry access - handles TrustedInstaller-owned keys)
- 02-software.ps1: add Acrobat DC path (Acrobat.exe) before legacy
  AcroRd32.exe paths - winget installs Acrobat DC not Reader DC
- 06-scheduled-tasks.ps1: same Adobe path fix in PDF-DefaultApp script
- tests/Test-Deployment.ps1: Adobe check covers both Acrobat DC and
  Reader DC install paths

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-14 20:03:30 +01:00
X9
31646112bf Fix registry ACL errors in steps 3 and 4 
- 03-system-registry.ps1: add Grant-RegWriteAccess helper; Set-Reg now
  retries with ACL fix when Set-ItemProperty throws SecurityException
  (e.g. HKLM\...\Communications owned by TrustedInstaller)
- 04-default-profile.ps1: add Grant-HiveWriteAccess helper; Set-ProfileReg
  retries with ACL fix on Default hive keys with restricted permissions
- Both scripts: add -ErrorAction Stop to Set-ItemProperty so errors are
  properly caught by try/catch instead of bypassing it

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-14 19:37:47 +01:00
X9
30d930c667 Implement full deployment script suite (steps 1-7) 
- Deploy-Windows.ps1: master script with Write-Log, Invoke-Step, summary report, DryRun support
- 01-bloatware.ps1: remove AppX packages, Windows Capabilities, Optional Features
- 02-software.ps1: winget installs from config.json, set Adobe Reader as default PDF app
- 03-system-registry.ps1: HKLM tweaks (NRO bypass, Teams, Widgets, Edge, OneDrive, GameDVR, Recall, timezone)
- 04-default-profile.ps1: NTUSER.DAT changes for taskbar, Explorer, Start menu, NumLock, Copilot
- 05-personalization.ps1: dark/light theme, accent color #223B47, transparency off, wallpaper
- 06-scheduled-tasks.ps1: ShowAllTrayIcons, PDF-DefaultApp, UnlockStartLayout tasks
- 07-desktop-info.ps1: DesktopInfo render script (System.Drawing BMP), scheduled task, deploy date registry
- tests/Test-Deployment.ps1: post-deployment verification, 30+ checks
- CLAUDE.md: add Czech communication preference

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-14 09:44:38 +01:00
Filip Zubík
8e413ab06d Initial repo structure 2026-03-13 16:34:45 +01:00