fix: revert Atera to download approach, remove bundled MSI
All checks were successful
release / build-and-release (push) Successful in 31s
All checks were successful
release / build-and-release (push) Successful in 31s
MSI downloads fine via Invoke-WebRequest; MFA is an interactive window shown by the installer itself during registration - accepted as normal workflow. Bundled approach removed: assets/Atera/ dropped, no binary maintenance needed. Also closes CLAUDE.md open questions #2 (MFA resolved) and #3 (--resume already removed from prereboot task). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
X9 Dev
parent
0d46b0dc4b
commit
5ace2154a8
3 changed files with 37 additions and 34 deletions
|
|
@ -163,6 +163,13 @@ xetup.exe start
|
|||
|
||||
---
|
||||
|
||||
## Workflow
|
||||
|
||||
- Do NOT start coding until explicitly approved - discuss the plan first
|
||||
- Propose changes, wait for confirmation, then implement
|
||||
|
||||
---
|
||||
|
||||
## DO NOT
|
||||
|
||||
- Do not use `$ErrorActionPreference = "Stop"` - scripts must survive partial failure
|
||||
|
|
@ -183,5 +190,3 @@ xetup.exe start
|
|||
| # | Question | Status |
|
||||
|---|---|---|
|
||||
| 1 | Complete SW list for winget | TODO - list may be incomplete |
|
||||
| 2 | Atera MFA bypass | OPEN - does aeid parameter avoid MFA? |
|
||||
| 3 | `--resume` flag | Passed by prereboot task but not parsed - resume detected via state file |
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
7-zip-7zip-7zip: Installs 7-Zip (winget ID: 7zip.7zip). Used for archive management. Silent install with --accept-package-agreements --accept-source-agreements flags required for unattended deployment.
|
||||
adobe-acrobat-reader-64-bit-adobe-acroba: Installs Adobe Acrobat Reader DC 64-bit (Adobe.Acrobat.Reader.64-bit). Required as the default PDF viewer to prevent Edge from handling PDFs in browser mode, which limits functionality.
|
||||
openvpn-connect-openvpntechnologies-open: Installs OpenVPN Connect client. Used for client VPN access when the client network requires a VPN. The ovpn profile and credentials are configured separately per client.
|
||||
atera-agent-install: Atera RMM agent installed via msiexec /qn. Download: Invoke-WebRequest from https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337. Agent enables MSP monitoring, remote access, and ticketing integration with the Atera dashboard.
|
||||
atera-agent-install: Atera RMM agent downloaded from x9.servicedesk.atera.com and installed via msiexec /qn. During install, Atera MSI shows an interactive MFA window - technician enters the code to complete registration. Agent enables MSP monitoring, remote access, and ticketing integration.
|
||||
adobe-pdf-default-pdf-acrord32-po-instal: Sets .pdf -> AcroRd32 file association after Acrobat install via HKCR (system-wide, no UserChoice hash issue). UCPD driver is stopped immediately before the write and restarted after to ensure the association persists across Edge updates.
|
||||
ucpd-sys-kernel-driver-od-feb-2024-bloku: UCPD.sys (User Choice Protection Driver) is stopped before the PDF association write and restarted after. Pattern: Stop-Service ucpd -> set HKCR\.pdf -> Start-Service ucpd. Implemented in this script.
|
||||
#>
|
||||
|
|
@ -185,46 +185,44 @@ if (Get-Feature $Config "software" "pdfDefault") {
|
|||
|
||||
# -----------------------------------------------------------------------
|
||||
# Install Atera RMM Agent
|
||||
# The MSI is bundled in assets/Atera/ (downloaded once from the Atera
|
||||
# dashboard). The download URL requires MFA in a browser session, so
|
||||
# Invoke-WebRequest gets an HTML login page instead of the MSI binary.
|
||||
# Bundling avoids this entirely - no network dependency for Atera.
|
||||
# To update: download fresh MSI from Atera dashboard, replace in assets/.
|
||||
# Download MSI from Atera dashboard API, install via msiexec /qn.
|
||||
# During install, the Atera MSI shows an interactive MFA window -
|
||||
# the technician enters the code to complete agent registration.
|
||||
# -----------------------------------------------------------------------
|
||||
if (Get-Feature $Config "software" "ateraAgent") {
|
||||
Write-Log "Installing Atera RMM Agent" -Level INFO
|
||||
|
||||
# Look for bundled MSI in assets/Atera/
|
||||
$ateraAssetsDir = Join-Path $PSScriptRoot "..\assets\Atera"
|
||||
$ateraMsi = Get-ChildItem -Path $ateraAssetsDir -Filter "*.msi" -ErrorAction SilentlyContinue |
|
||||
Select-Object -First 1
|
||||
$ateraMsi = "$env:TEMP\AteraAgent.msi"
|
||||
$ateraUrl = "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337"
|
||||
|
||||
if (-not $ateraMsi) {
|
||||
Write-Log " No Atera MSI found in assets/Atera/ - skipping" -Level WARN
|
||||
Write-Log " Download MSI from Atera dashboard and place in assets/Atera/" -Level WARN
|
||||
} else {
|
||||
Write-Log " Using bundled MSI: $($ateraMsi.Name)" -Level INFO
|
||||
try {
|
||||
$msiProc = Start-Process msiexec -ArgumentList "/i `"$($ateraMsi.FullName)`" /qn" -Wait -PassThru
|
||||
if ($msiProc.ExitCode -eq 0) {
|
||||
Write-Log " Atera agent installed (msiexec exit 0)" -Level OK
|
||||
} else {
|
||||
Write-Log " Atera agent install exit code: $($msiProc.ExitCode)" -Level WARN
|
||||
}
|
||||
try {
|
||||
Write-Log " Downloading Atera MSI..." -Level INFO
|
||||
Invoke-WebRequest -Uri $ateraUrl -OutFile $ateraMsi -UseBasicParsing -ErrorAction Stop
|
||||
Write-Log " Download complete" -Level OK
|
||||
|
||||
# Verify binary exists
|
||||
$ateraExe = "$env:ProgramFiles\ATERA Networks\AteraAgent\AteraAgent.exe"
|
||||
$ateraExe86 = "${env:ProgramFiles(x86)}\ATERA Networks\AteraAgent\AteraAgent.exe"
|
||||
if ((Test-Path $ateraExe) -or (Test-Path $ateraExe86)) {
|
||||
Write-Log " Atera agent binary verified" -Level OK
|
||||
} else {
|
||||
Write-Log " Atera agent binary not found at expected paths" -Level WARN
|
||||
}
|
||||
Write-Log " Running installer (MFA window will appear)..." -Level INFO
|
||||
$msiProc = Start-Process msiexec -ArgumentList "/i `"$ateraMsi`" /qn" -Wait -PassThru
|
||||
if ($msiProc.ExitCode -eq 0) {
|
||||
Write-Log " Atera agent installed (msiexec exit 0)" -Level OK
|
||||
} else {
|
||||
Write-Log " Atera agent install exit code: $($msiProc.ExitCode)" -Level WARN
|
||||
}
|
||||
catch {
|
||||
Write-Log " Atera agent install failed: $_" -Level ERROR
|
||||
|
||||
# Verify binary exists
|
||||
$ateraExe = "$env:ProgramFiles\ATERA Networks\AteraAgent\AteraAgent.exe"
|
||||
$ateraExe86 = "${env:ProgramFiles(x86)}\ATERA Networks\AteraAgent\AteraAgent.exe"
|
||||
if ((Test-Path $ateraExe) -or (Test-Path $ateraExe86)) {
|
||||
Write-Log " Atera agent binary verified" -Level OK
|
||||
} else {
|
||||
Write-Log " Atera agent binary not found at expected paths" -Level WARN
|
||||
}
|
||||
}
|
||||
catch {
|
||||
Write-Log " Atera agent install failed: $_" -Level ERROR
|
||||
}
|
||||
finally {
|
||||
Remove-Item $ateraMsi -ErrorAction SilentlyContinue
|
||||
}
|
||||
} else {
|
||||
Write-Log "ateraAgent feature disabled - skipping" -Level INFO
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue