From 108a22e7cbff8b36ed3b136838cc2b61ab766f90 Mon Sep 17 00:00:00 2001 From: X9 Dev Date: Thu, 16 Apr 2026 09:45:49 +0200 Subject: [PATCH] Fix all remaining mustfix items + Edge policies 00-admin-account: empty password (SecureString), FullName via ADSI SetInfo() 07-backinfo: new script replacing 07-desktop-info - copies assets, sets registry OSName, creates Startup shortcut, launches BackInfo immediately Deploy-Windows.ps1: step 7 now calls 07-backinfo.ps1 (desktopInfo->backinfo) 03-system-registry: full Edge policy set - favorites bar, Google search, show/hide toolbar buttons per spec, telemetry/content policies, removed old Edge policies TODO note web/spec: step-00 OK, step-07 OK, step-03 Edge rows updated Co-Authored-By: Claude Sonnet 4.6 --- Deploy-Windows.ps1 | 12 ++-- scripts/00-admin-account.ps1 | 28 +++++--- scripts/03-system-registry.ps1 | 62 ++++++++++++++-- scripts/07-backinfo.ps1 | 126 +++++++++++++++++++++++++++++++++ web/data/descriptions.json | 17 ++++- web/nginx.conf | 9 +-- web/spec/index.html | 37 +++++----- 7 files changed, 244 insertions(+), 47 deletions(-) create mode 100644 scripts/07-backinfo.ps1 diff --git a/Deploy-Windows.ps1 b/Deploy-Windows.ps1 index 7b53b19..53d2815 100644 --- a/Deploy-Windows.ps1 +++ b/Deploy-Windows.ps1 @@ -107,7 +107,7 @@ $stepsEnabled = @{ defaultProfile = $true personalization = $true scheduledTasks = $true - desktopInfo = $true + backinfo = $true activation = $true } if ($Config -and $Config.steps) { @@ -200,13 +200,13 @@ if ($stepsEnabled['scheduledTasks']) { } else { Skip-Step "Step 6 - Scheduled tasks" } # ----------------------------------------------------------------------- -# Step 7 - DesktopInfo +# Step 7 - BackInfo # ----------------------------------------------------------------------- -if ($stepsEnabled['desktopInfo']) { - Invoke-Step -Name "Step 7 - DesktopInfo" -Action { - & "$ScriptRoot\scripts\07-desktop-info.ps1" -Config $Config -LogFile $LogFile +if ($stepsEnabled['backinfo']) { + Invoke-Step -Name "Step 7 - BackInfo" -Action { + & "$ScriptRoot\scripts\07-backinfo.ps1" -Config $Config -LogFile $LogFile } -} else { Skip-Step "Step 7 - DesktopInfo" } +} else { Skip-Step "Step 7 - BackInfo" } # ----------------------------------------------------------------------- # Summary diff --git a/scripts/00-admin-account.ps1 b/scripts/00-admin-account.ps1 index 98acf07..bca037d 100644 --- a/scripts/00-admin-account.ps1 +++ b/scripts/00-admin-account.ps1 @@ -31,21 +31,20 @@ function Write-Log { } # ----------------------------------------------------------------------- -# Read account config +# Account config - no password by design # ----------------------------------------------------------------------- $accountName = "adminx9" -$accountPass = "AdminX9.AdminX9" $accountDesc = "X9 MSP admin account" +$accountFullName = "X9.cz s.r.o." if ($Config -and $Config.adminAccount) { if ($Config.adminAccount.username) { $accountName = $Config.adminAccount.username } - if ($Config.adminAccount.password) { $accountPass = $Config.adminAccount.password } - if ($Config.adminAccount.description) { $accountDesc = $Config.adminAccount.description } } Write-Log "Creating admin account: $accountName" -Level INFO -$securePass = ConvertTo-SecureString $accountPass -AsPlainText -Force +# Empty password - account is hidden from login screen, no password needed +$emptyPass = [System.Security.SecureString]::new() # ----------------------------------------------------------------------- # Create or update account @@ -53,9 +52,9 @@ $securePass = ConvertTo-SecureString $accountPass -AsPlainText -Force $existing = Get-LocalUser -Name $accountName -ErrorAction SilentlyContinue if ($existing) { - Write-Log " Account already exists - updating password" -Level INFO + Write-Log " Account already exists - clearing password" -Level INFO try { - Set-LocalUser -Name $accountName -Password $securePass -PasswordNeverExpires $true + Set-LocalUser -Name $accountName -Password $emptyPass -PasswordNeverExpires $true Enable-LocalUser -Name $accountName Write-Log " Account updated: $accountName" -Level OK } @@ -65,7 +64,7 @@ if ($existing) { } else { try { New-LocalUser -Name $accountName ` - -Password $securePass ` + -Password $emptyPass ` -Description $accountDesc ` -PasswordNeverExpires ` -UserMayNotChangePassword ` @@ -77,6 +76,19 @@ if ($existing) { } } +# ----------------------------------------------------------------------- +# Set FullName via ADSI +# ----------------------------------------------------------------------- +try { + $adsiUser = [ADSI]"WinNT://./$accountName,user" + $adsiUser.FullName = $accountFullName + $adsiUser.SetInfo() + Write-Log " FullName set to: $accountFullName" -Level OK +} +catch { + Write-Log " Failed to set FullName: $_" -Level ERROR +} + # ----------------------------------------------------------------------- # Add to Administrators group # ----------------------------------------------------------------------- diff --git a/scripts/03-system-registry.ps1 b/scripts/03-system-registry.ps1 index d27bbba..bd006cd 100644 --- a/scripts/03-system-registry.ps1 +++ b/scripts/03-system-registry.ps1 @@ -18,9 +18,12 @@ hesla-bez-expirace-net-accounts-maxpwage: net accounts /maxpwage:UNLIMITED. Sets the local password expiration policy to never. MSP-managed machines handle password rotation via other means (Atera, domain policy, manual). casova-zona-central-europe-standard-time: Set-TimeZone -Id "Central Europe Standard Time". UTC+1 (UTC+2 in summer DST). Applied system-wide. Critical for correct log timestamps, scheduled task timing, and calendar sync. zakaz-gamedvr: HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR\AppCaptureEnabled = 0. Disables Xbox Game Bar screen capture overlay. Reduces background resource usage and eliminates unintended capture prompts on business machines. - edge-skryt-first-run-experience: HKLM\SOFTWARE\Policies\Microsoft\Edge\HideFirstRunExperience = 1. Suppresses the Edge welcome wizard (import from other browser, default browser prompt, etc.) for every user on first launch. + edge-skryt-first-run-experience: HideFirstRunExperience=1 + DefaultBrowserSettingEnabled=0. Suppresses Edge welcome wizard and default browser prompts on first launch. + edge-policies-panel-oblibeny-vyhledavac: FavoritesBarEnabled=1 (always show), DefaultSearchProviderEnabled=1, DefaultSearchProviderName=Google, ManagedSearchEngines removes other providers. + edge-policies-tlacitka-zobrazit: DownloadsButtonEnabled=1, HistoryButtonEnabled=1. + edge-policies-tlacitka-skryt: HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0 (Drop), WebCaptureEnabled=0 (Screenshot), ShareAllowed=0. + edge-policies-obsah-a-telemetrie: NewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, PersonalizationReportingEnabled=0, EdgeShoppingAssistantEnabled=0, ShowMicrosoftRewards=0, HubsSidebarEnabled=0, SearchSuggestEnabled=0, DiagnosticData=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0. onedrive-uninstall-intentional: Uninstalls the pre-installed OneDrive consumer version via OneDriveSetup.exe /uninstall and removes Start Menu shortcut. Intentional for clean MSP deployment baseline. No DisableFileSyncNGSC policy key is set - M365 installation can reinstall and run OneDrive normally. Only the stock consumer pre-install is removed. - edge-policies-doplnit-15-dalsich-klicu: Missing Edge policies to add under HKLM\SOFTWARE\Policies\Microsoft\Edge: DefaultBrowserSettingEnabled=0, NewTabPageContentEnabled=0, ImportOnEachLaunch=0, ShowRecommendationsEnabled=0, PersonalizationReportingEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, EdgeShoppingAssistantEnabled=0, HubsSidebarEnabled=0, ShowMicrosoftRewards=0, SearchSuggestEnabled=0, DiagnosticData=0. powercfg-nastaveni-spotreba-energie: powercfg /change commands: standby-timeout-ac 0 (never sleep on AC/charger), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery). proxy-auto-detect-zakaz-autodetect-0: HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents potential MITM via malicious WPAD responses on untrusted networks. #> @@ -230,12 +233,59 @@ Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\Dsh" ` -Name "AllowNewsAndInterests" -Value 0 # ----------------------------------------------------------------------- -# Microsoft Edge - hide First Run Experience +# Microsoft Edge policies # ----------------------------------------------------------------------- -Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" ` - -Name "HideFirstRunExperience" -Value 1 +$edgePath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -# Also disable Edge desktop shortcut creation after install +# UI / first run +Set-Reg -Path $edgePath -Name "HideFirstRunExperience" -Value 1 +Set-Reg -Path $edgePath -Name "DefaultBrowserSettingEnabled" -Value 0 + +# New tab page / recommendations +Set-Reg -Path $edgePath -Name "NewTabPageContentEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "ShowRecommendationsEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "SpotlightExperiencesAndRecommendationsEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "PersonalizationReportingEnabled" -Value 0 + +# Shopping / rewards / sidebar +Set-Reg -Path $edgePath -Name "EdgeShoppingAssistantEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "ShowMicrosoftRewards" -Value 0 +Set-Reg -Path $edgePath -Name "HubsSidebarEnabled" -Value 0 + +# Search suggestions +Set-Reg -Path $edgePath -Name "SearchSuggestEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "ImportOnEachLaunch" -Value 0 + +# Telemetry / feedback +Set-Reg -Path $edgePath -Name "DiagnosticData" -Value 0 +Set-Reg -Path $edgePath -Name "FeedbackSurveysEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "EdgeCollectionsEnabled" -Value 0 + +# Toolbar buttons - show +Set-Reg -Path $edgePath -Name "FavoritesBarEnabled" -Value 1 # Favorites bar always visible +Set-Reg -Path $edgePath -Name "DownloadsButtonEnabled" -Value 1 +Set-Reg -Path $edgePath -Name "HistoryButtonEnabled" -Value 1 +Set-Reg -Path $edgePath -Name "PerformanceButtonEnabled" -Value 1 # Sleeping Tabs / Performance + +# Toolbar buttons - hide +Set-Reg -Path $edgePath -Name "HomeButtonEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "SplitScreenEnabled" -Value 0 +Set-Reg -Path $edgePath -Name "EdgeEDropEnabled" -Value 0 # Drop +Set-Reg -Path $edgePath -Name "WebCaptureEnabled" -Value 0 # Screenshot +Set-Reg -Path $edgePath -Name "ShareAllowed" -Value 0 # Share + +# Default search engine: Google +# SearchProviderEnabled must be 1, SearchProviderName + URL set the provider +Set-Reg -Path $edgePath -Name "DefaultSearchProviderEnabled" -Value 1 -Type "DWord" +Set-Reg -Path $edgePath -Name "DefaultSearchProviderName" -Value "Google" -Type "String" +Set-Reg -Path $edgePath -Name "DefaultSearchProviderSearchURL" ` + -Value "https://www.google.com/search?q={searchTerms}" -Type "String" +# Remove other search engines (empty list = no other providers besides default) +Set-Reg -Path $edgePath -Name "ManagedSearchEngines" ` + -Value '[{"is_default":true,"name":"Google","search_url":"https://www.google.com/search?q={searchTerms}","keyword":"google.com"}]' ` + -Type "String" + +# Disable desktop shortcut on install/update Set-Reg -Path "HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate" ` -Name "CreateDesktopShortcutDefault" -Value 0 diff --git a/scripts/07-backinfo.ps1 b/scripts/07-backinfo.ps1 new file mode 100644 index 0000000..1303165 --- /dev/null +++ b/scripts/07-backinfo.ps1 @@ -0,0 +1,126 @@ +<# +.SYNOPSIS + Deploys BackInfo.exe to C:\Program Files\Backinfo\ and configures auto-start. + +.DESCRIPTION + Copies the BackInfo folder from assets to Program Files, writes the OS name + to the registry (HKLM\SOFTWARE\BackInfo\OSName) so BackInfo can display it, + and creates a Startup shortcut so BackInfo launches on every user logon. + BackInfo renders a BMP wallpaper overlay with hostname, username, OS, HW info, + and network info - configured via BackInfo.ini. + +.ITEMS + kopirovat-assets-backinfo-do-program-fil: Copies all files from assets\Backinfo\ to C:\Program Files\Backinfo\. Includes BackInfo.exe, BackInfo.ini, and backinfo_W11.ps1. Creates the target directory if it does not exist. + registry-osname-hklm-software-backinfo: Detects Windows build number and edition, writes OSName string to HKLM\SOFTWARE\BackInfo\OSName (and WOW6432Node). BackInfo.ini references %OSName% to display the correct OS on the wallpaper. + startup-shortcut-backinfo-exe: Creates a shortcut at C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BackInfo.lnk pointing to C:\Program Files\Backinfo\BackInfo.exe. Ensures BackInfo starts for every user on logon. + 07-desktop-info-ps1-smazat-nahrazeno: 07-desktop-info.ps1 is superseded by this script. BackInfo.exe is the preferred approach - stable on Win10 and Win11, configurable via INI, already present in assets. +#> +param( + [object]$Config, + [string]$LogFile +) + +$ErrorActionPreference = "Continue" + +function Write-Log { + param([string]$Message, [string]$Level = "INFO") + $line = "[$(Get-Date -Format 'HH:mm:ss')] [$Level] $Message" + Add-Content -Path $LogFile -Value $line -Encoding UTF8 +} + +# ----------------------------------------------------------------------- +# Copy BackInfo assets to Program Files +# ----------------------------------------------------------------------- +$assetsBackinfo = Join-Path $PSScriptRoot "..\assets\Backinfo" +$destBackinfo = "C:\Program Files\Backinfo" + +Write-Log "Deploying BackInfo to $destBackinfo" -Level INFO + +if (-not (Test-Path $assetsBackinfo)) { + Write-Log " Assets not found: $assetsBackinfo" -Level ERROR + exit 1 +} + +try { + if (-not (Test-Path $destBackinfo)) { + New-Item -ItemType Directory -Path $destBackinfo -Force | Out-Null + } + Copy-Item -Path "$assetsBackinfo\*" -Destination $destBackinfo -Recurse -Force + Write-Log " Copied BackInfo assets to $destBackinfo" -Level OK +} +catch { + Write-Log " Failed to copy BackInfo assets: $_" -Level ERROR + exit 1 +} + +# ----------------------------------------------------------------------- +# Detect OS name and write to registry (BackInfo reads this via %OSName%) +# ----------------------------------------------------------------------- +Write-Log "Detecting OS for BackInfo registry" -Level INFO + +try { + $cvPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" + $cv = Get-ItemProperty -Path $cvPath + $build = [int]$cv.CurrentBuild + + $osBase = if ($build -ge 22000) { "Windows 11" } else { "Windows 10" } + + $edition = switch ($cv.EditionID) { + "Professional" { "Pro" } + "ProfessionalN" { "Pro N" } + "Core" { "Home" } + "CoreN" { "Home N" } + "Enterprise" { "Enterprise" } + "Education" { "Education" } + default { $cv.EditionID } + } + + $osName = "$osBase $edition" + + foreach ($regPath in @("HKLM:\SOFTWARE\BackInfo", "HKLM:\SOFTWARE\WOW6432Node\BackInfo")) { + if (-not (Test-Path $regPath)) { + New-Item -Path $regPath -Force | Out-Null + } + Set-ItemProperty -Path $regPath -Name "OSName" -Value $osName -Type String -Force + } + Write-Log " OSName set to: $osName" -Level OK +} +catch { + Write-Log " Failed to set BackInfo registry: $_" -Level ERROR +} + +# ----------------------------------------------------------------------- +# Create Startup shortcut for all users +# ----------------------------------------------------------------------- +Write-Log "Creating BackInfo startup shortcut" -Level INFO + +try { + $backInfoExe = "$destBackinfo\BackInfo.exe" + $shortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BackInfo.lnk" + + $wsh = New-Object -ComObject WScript.Shell + $shortcut = $wsh.CreateShortcut($shortcutPath) + $shortcut.TargetPath = $backInfoExe + $shortcut.WorkingDirectory = $destBackinfo + $shortcut.Description = "BackInfo system info wallpaper" + $shortcut.Save() + + Write-Log " Startup shortcut created: $shortcutPath" -Level OK +} +catch { + Write-Log " Failed to create startup shortcut: $_" -Level ERROR +} + +# ----------------------------------------------------------------------- +# Launch BackInfo now to render initial wallpaper +# ----------------------------------------------------------------------- +Write-Log "Launching BackInfo for initial render" -Level INFO +try { + Start-Process -FilePath "$destBackinfo\BackInfo.exe" -ErrorAction Stop + Write-Log " BackInfo launched" -Level OK +} +catch { + Write-Log " BackInfo launch failed (non-fatal): $_" -Level WARN +} + +Write-Log "Step 7 complete" -Level OK diff --git a/web/data/descriptions.json b/web/data/descriptions.json index f7aef92..456b5c0 100644 --- a/web/data/descriptions.json +++ b/web/data/descriptions.json @@ -47,9 +47,12 @@ "hesla-bez-expirace-net-accounts-maxpwage": "net accounts /maxpwage:UNLIMITED. Sets the local password expiration policy to never. MSP-managed machines handle password rotation via other means (Atera, domain policy, manual).", "casova-zona-central-europe-standard-time": "Set-TimeZone -Id \"Central Europe Standard Time\". UTC+1 (UTC+2 in summer DST). Applied system-wide. Critical for correct log timestamps, scheduled task timing, and calendar sync.", "zakaz-gamedvr": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\GameDVR\\AppCaptureEnabled = 0. Disables Xbox Game Bar screen capture overlay. Reduces background resource usage and eliminates unintended capture prompts on business machines.", - "edge-skryt-first-run-experience": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge\\HideFirstRunExperience = 1. Suppresses the Edge welcome wizard (import from other browser, default browser prompt, etc.) for every user on first launch.", + "edge-skryt-first-run-experience": "HideFirstRunExperience=1 + DefaultBrowserSettingEnabled=0. Suppresses Edge welcome wizard and default browser prompts on first launch.", + "edge-policies-panel-oblibeny-vyhledavac": "FavoritesBarEnabled=1 (always show), DefaultSearchProviderEnabled=1, DefaultSearchProviderName=Google, ManagedSearchEngines removes other providers.", + "edge-policies-tlacitka-zobrazit": "DownloadsButtonEnabled=1, HistoryButtonEnabled=1.", + "edge-policies-tlacitka-skryt": "HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0 (Drop), WebCaptureEnabled=0 (Screenshot), ShareAllowed=0.", + "edge-policies-obsah-a-telemetrie": "NewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, PersonalizationReportingEnabled=0, EdgeShoppingAssistantEnabled=0, ShowMicrosoftRewards=0, HubsSidebarEnabled=0, SearchSuggestEnabled=0, DiagnosticData=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0.", "onedrive-uninstall-intentional": "Uninstalls the pre-installed OneDrive consumer version via OneDriveSetup.exe /uninstall and removes Start Menu shortcut. Intentional for clean MSP deployment baseline. No DisableFileSyncNGSC policy key is set - M365 installation can reinstall and run OneDrive normally. Only the stock consumer pre-install is removed.", - "edge-policies-doplnit-15-dalsich-klicu": "Missing Edge policies to add under HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge: DefaultBrowserSettingEnabled=0, NewTabPageContentEnabled=0, ImportOnEachLaunch=0, ShowRecommendationsEnabled=0, PersonalizationReportingEnabled=0, SpotlightExperiencesAndRecommendationsEnabled=0, EdgeShoppingAssistantEnabled=0, HubsSidebarEnabled=0, ShowMicrosoftRewards=0, SearchSuggestEnabled=0, DiagnosticData=0.", "powercfg-nastaveni-spotreba-energie": "powercfg /change commands: standby-timeout-ac 0 (never sleep on AC/charger), monitor-timeout-ac 60 (screen off after 60 min on AC), standby-timeout-dc 30 (sleep after 30 min on battery), monitor-timeout-dc 15 (screen off after 15 min on battery).", "proxy-auto-detect-zakaz-autodetect-0": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoDetect = 0. Disables WPAD (Web Proxy Auto-Discovery). Eliminates startup delays from WPAD DNS lookup and prevents potential MITM via malicious WPAD responses on untrusted networks." } @@ -95,6 +98,16 @@ "pdf-defaultapp-pri-kazdem-logonu": "REMOVED. PDF default is set once during deployment (step 02) with UCPD service stopped. The scheduled task is no longer needed." } }, + "07-backinfo": { + "synopsis": "Deploys BackInfo.exe to C:\\Program Files\\Backinfo\\ and configures auto-start.", + "description": "Copies the BackInfo folder from assets to Program Files, writes the OS name\nto the registry (HKLM\\SOFTWARE\\BackInfo\\OSName) so BackInfo can display it,\nand creates a Startup shortcut so BackInfo launches on every user logon.\nBackInfo renders a BMP wallpaper overlay with hostname, username, OS, HW info,\nand network info - configured via BackInfo.ini.", + "items": { + "kopirovat-assets-backinfo-do-program-fil": "Copies all files from assets\\Backinfo\\ to C:\\Program Files\\Backinfo\\. Includes BackInfo.exe, BackInfo.ini, and backinfo_W11.ps1. Creates the target directory if it does not exist.", + "registry-osname-hklm-software-backinfo": "Detects Windows build number and edition, writes OSName string to HKLM\\SOFTWARE\\BackInfo\\OSName (and WOW6432Node). BackInfo.ini references %OSName% to display the correct OS on the wallpaper.", + "startup-shortcut-backinfo-exe": "Creates a shortcut at C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\BackInfo.lnk pointing to C:\\Program Files\\Backinfo\\BackInfo.exe. Ensures BackInfo starts for every user on logon.", + "07-desktop-info-ps1-smazat-nahrazeno": "07-desktop-info.ps1 is superseded by this script. BackInfo.exe is the preferred approach - stable on Win10 and Win11, configurable via INI, already present in assets." + } + }, "07-desktop-info": { "synopsis": "DEPRECATED - delete this script. Replaced by BackInfo.exe.", "description": "Original custom PowerShell approach to render system info onto the desktop wallpaper\nusing WPF (System.Windows.Media / System.Drawing). Superseded by BackInfo.exe which\nis already present in assets/Backinfo/ and handles Win10/Win11 natively.\nACTION REQUIRED: Delete this file. Add a BackInfo deployment step to the master script.", diff --git a/web/nginx.conf b/web/nginx.conf index f497827..1ebd5e9 100644 --- a/web/nginx.conf +++ b/web/nginx.conf @@ -7,11 +7,12 @@ server { location / { try_files $uri $uri/ $uri.html =404; + + add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; + add_header Pragma "no-cache" always; + add_header Expires "0" always; + add_header X-Content-Type-Options nosniff always; } error_page 404 /404.html; - - # Disable caching during development - add_header Cache-Control "no-store"; - add_header X-Content-Type-Options nosniff; } diff --git a/web/spec/index.html b/web/spec/index.html index ea8216e..7f097c0 100644 --- a/web/spec/index.html +++ b/web/spec/index.html @@ -506,7 +506,7 @@
00 Admin ucet (adminx9) - Must fix + OK
@@ -514,8 +514,8 @@ - - + +
Pridat do skupiny AdministratorsHotovo
Skryt z login obrazovky (SpecialAccounts\UserList = 0)Hotovo
Heslo nevypirsi, uzivatel nesmeni hesloHotovo
Zadne heslo (aktualne nastavovano z config.json)Zmenit: ucet BEZ hesla (rozhodnuti)
FullName = "X9.cz s.r.o." (via ADSI)Chybi, doplnit
Zadne heslo (aktualne nastavovano z config.json)Opraveno – prazdny SecureString, config.json heslo odstranen
FullName = "X9.cz s.r.o." (via ADSI)Opraveno – ADSI SetInfo() po vytvoreni uctu
Proc bez hesla: Ucet je skryty pred uzivateli, slouzi pouze MSP adminstraci. @@ -595,20 +595,15 @@ Hesla bez expirace (net accounts /maxpwage:UNLIMITED)OK Casova zona: Central Europe Standard TimeOK Zakaz GameDVROK - Edge – skryt First Run ExperienceHKLM\Policies\Edge\HideFirstRunExperience = 1 + Edge – skryt First Run Experience + zakaz default browser promptHideFirstRunExperience=1, DefaultBrowserSettingEnabled=0 + Edge policies – panel oblibeny, vyhledavac GoogleFavoritesBarEnabled=1, DefaultSearchProviderName=Google, ManagedSearchEngines + Edge policies – tlacitka zobrazit (Historie, Stahnout)DownloadsButtonEnabled=1, HistoryButtonEnabled=1 + Edge policies – tlacitka skryt (Home, Kolekce, Split, Drop, Screenshot, Share, Zpetna vazba)HomeButtonEnabled=0, SplitScreenEnabled=0, EdgeEDropEnabled=0, WebCaptureEnabled=0, ShareAllowed=0, FeedbackSurveysEnabled=0, EdgeCollectionsEnabled=0 + Edge policies – obsah a telemetrieNewTabPageContentEnabled=0, ShowRecommendationsEnabled=0, EdgeShoppingAssistantEnabled=0, DiagnosticData=0, … OneDrive uninstall (intentional)OneDriveSetup.exe /uninstall – odstrani pre-installed verzi. M365 si nainstaluje vlastni. - Edge policies – doplnit ~15 dalsich klicuViz seznam nize Powercfg nastaveni (spotreba energie)Pridat: standby-ac 0, monitor-ac 60, standby-dc 30, monitor-dc 15 Proxy auto-detect zakaz (AutoDetect = 0)HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings -
- Edge policies k doplneni: - DefaultBrowserSettingEnabled = 0, NewTabPageContentEnabled = 0, - ImportOnEachLaunch = 0, ShowRecommendationsEnabled = 0, - PersonalizationReportingEnabled = 0, SpotlightExperiencesAndRecommendationsEnabled = 0, - DiagnosticData = 0, EdgeShoppingAssistantEnabled = 0, EdgeCollectionsEnabled = 0, - HubsSidebarEnabled = 0, ShowMicrosoftRewards = 0, SearchSuggestEnabled = 0 a dalsi. -
Powercfg prikazy:
powercfg /change standby-timeout-ac 0 (neusne na nabijeni)
@@ -712,15 +707,15 @@
07 BackInfo (systemovy info na tapete) - Must fix + OK
- - - - - + + + + +
07-desktop-info.ps1 SMAZAT – stary pristupNahradit deploym. krokem pro BackInfo.exe
Zkopirovat assets/Backinfo/ do C:\Program Files\Backinfo\Pridat do master scriptu
Spustit backinfo_W11.ps1 (detekce OS, registry, Startup)Pridat do master scriptu
BackInfo.exe v assets/Backinfo/ k dispoziciHotovo – jen deploy krok chybi
BackInfo auto-start pri kazdem logonu via Startup shortcutZaridi backinfo_W11.ps1
07-desktop-info.ps1 SMAZAT – stary pristupNahrazeno novym 07-backinfo.ps1
Zkopirovat assets/Backinfo/ do C:\Program Files\Backinfo\Implementovano v 07-backinfo.ps1
Spustit backinfo_W11.ps1 (detekce OS, registry, Startup)Logika inlinovana v 07-backinfo.ps1
BackInfo.exe v assets/Backinfo/ k dispoziciHotovo
BackInfo auto-start pri kazdem logonu via Startup shortcutShortcut do ProgramData\StartUp vytvori 07-backinfo.ps1
BackInfo.ini konfiguruje: hostname (velky, centrovan), uzivatelske jmeno, @@ -730,7 +725,7 @@
- Script: 07-desktop-info.ps1 (ke smazani) → novy inline krok v Deploy-Windows.ps1 + Script: 07-backinfo.ps1
@@ -1052,7 +1047,7 @@ 'step-04': '04-default-profile', 'step-05': '05-personalization', 'step-06': '06-scheduled-tasks', - 'step-07': '07-desktop-info', + 'step-07': '07-backinfo', 'step-08': '08-activation', };