---
name: Technical findings from deep code analysis and research (2026-04-15)
description: Detailed technical analysis results - Win11 compatibility issues, UCPD driver, code quality assessment, and modernization opportunities
type: project
---

## Code quality assessment (all scripts in windows-deployment-new/scripts/)
- Overall: solid, production-ready for Win10/11 22H2
- 3-level registry fallback in 03-system-registry.ps1: direct write → ACL fix (SeTakeOwnershipPrivilege) → SYSTEM scheduled task
- Proper hive handling: GC.Collect + WaitForPendingFinalizers + 500ms sleep before reg unload, always in finally block
- Error handling: $ErrorActionPreference = "Continue", try/catch everywhere, WARN level for non-critical failures
- Logging: every step to C:\Windows\Setup\Scripts\Deploy.log with color-coded console output

## Critical issues found

### 1. UCPD.sys (User Choice Protection Driver)
- Kernel-mode driver since Feb 2024, v4.3 as of early 2026
- Blocks direct registry writes to UserChoice for .pdf, .htm, .html etc.
- Our HKCR approach works as system-wide fallback but isn't clean
- Fix: disable UCPD service + scheduled task during deployment, set associations, re-enable
- Or use SetUserFTA tool (~$20, kolbi.cz)

### 2. System tray EnableAutoTray=0 broken on 24H2
- Win11 23H2/24H2 ignores this registry key
- Icon stream cache clearing is a workaround but not 100%
- No reliable registry-only solution exists for 24H2

### 3. OneDrive removal too aggressive
- 03-system-registry.ps1 lines 244-273: uninstalls + deletes OneDriveSetup.exe
- 04-default-profile.ps1 lines 240-261: removes RunOnce keys + Explorer namespace
- Must remove these blocks entirely

### 4. Edge policies incomplete
- Currently only: HideFirstRunExperience, CreateDesktopShortcutDefault
- Need to add: BrowserSignin=0, CopilotPageContext=0, NewTabPageContentEnabled=0, StandaloneHubsSidebarEnabled=0, ShowRecommendationsEnabled=0, DefaultBrowserSettingsCampaignEnabled=0, and ~10 more

### 5. ConfigureStartPins applyOnce
- New in 24H2 (KB5062660): {"pinnedList":[], "applyOnce": true}
- Applies layout once, then users can customize
- Better than our current approach (XML lock + UnlockStartLayout task)

## Win10/Win11 compatibility matrix
- All core registry keys work on both versions
- Win11-specific keys (TaskbarAl, ShowCopilotButton, TaskbarDa, TaskbarMn) harmlessly create empty keys on Win10
- Scripts handle version differences through graceful degradation

## Config.json issues
- desktopInfo settings (position, fontSize, color) are defined but ignored by 07-desktop-info.ps1
- deployment.locale is not used anywhere
- Software list has only 3 packages (TODO in SPEC)

## Tools landscape (researched 2026-04-15)
- Chris Titus WinUtil: PS-based, `irm christitus.com/win | iex`, has Win11 Creator tab
- Win11Debloat (Raphire): got GUI in Feb 2026, configurable via Apps.json
- Sophia Script: 150+ tweaks, most granular but slower
- Go binary advantages: bypasses execution policy, single file, no dependencies, cross-compile from macOS
- Charmbracelet stack (bubbletea/huh/lipgloss): best for TUI forms in Go