x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions

fix: revert Atera to download approach, remove bundled MSI
All checks were successful
release / build-and-release (push) Successful in 31s
Details

Browse source 
MSI downloads fine via Invoke-WebRequest; MFA is an interactive window
shown by the installer itself during registration - accepted as normal
workflow. Bundled approach removed: assets/Atera/ dropped, no binary
maintenance needed.

Also closes CLAUDE.md open questions #2 (MFA resolved) and #3 (--resume
already removed from prereboot task).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
X9 Dev 2026-04-17 13:43:12 +02:00
parent 0d46b0dc4b
commit 5ace2154a8
3 changed files with 37 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
CLAUDE.md
View file

@ -163,6 +163,13 @@ xetup.exe start
--- ---
## Workflow
- Do NOT start coding until explicitly approved - discuss the plan first
- Propose changes, wait for confirmation, then implement
---
## DO NOT ## DO NOT
- Do not use `$ErrorActionPreference = "Stop"` - scripts must survive partial failure - Do not use `$ErrorActionPreference = "Stop"` - scripts must survive partial failure
@ -183,5 +190,3 @@ xetup.exe start
| # | Question | Status | | # | Question | Status |
|---|---|---| |---|---|---|
| 1 | Complete SW list for winget | TODO - list may be incomplete | | 1 | Complete SW list for winget | TODO - list may be incomplete |
| 2 | Atera MFA bypass | OPEN - does aeid parameter avoid MFA? |
| 3 | `--resume` flag | Passed by prereboot task but not parsed - resume detected via state file |

0
assets/Atera/.gitkeep
View file

30
scripts/02-software.ps1
View file

@ -14,7 +14,7 @@
7-zip-7zip-7zip: Installs 7-Zip (winget ID: 7zip.7zip). Used for archive management. Silent install with --accept-package-agreements --accept-source-agreements flags required for unattended deployment. 7-zip-7zip-7zip: Installs 7-Zip (winget ID: 7zip.7zip). Used for archive management. Silent install with --accept-package-agreements --accept-source-agreements flags required for unattended deployment.
adobe-acrobat-reader-64-bit-adobe-acroba: Installs Adobe Acrobat Reader DC 64-bit (Adobe.Acrobat.Reader.64-bit). Required as the default PDF viewer to prevent Edge from handling PDFs in browser mode, which limits functionality. adobe-acrobat-reader-64-bit-adobe-acroba: Installs Adobe Acrobat Reader DC 64-bit (Adobe.Acrobat.Reader.64-bit). Required as the default PDF viewer to prevent Edge from handling PDFs in browser mode, which limits functionality.
openvpn-connect-openvpntechnologies-open: Installs OpenVPN Connect client. Used for client VPN access when the client network requires a VPN. The ovpn profile and credentials are configured separately per client. openvpn-connect-openvpntechnologies-open: Installs OpenVPN Connect client. Used for client VPN access when the client network requires a VPN. The ovpn profile and credentials are configured separately per client.
atera-agent-install: Atera RMM agent installed via msiexec /qn. Download: Invoke-WebRequest from https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337. Agent enables MSP monitoring, remote access, and ticketing integration with the Atera dashboard. atera-agent-install: Atera RMM agent downloaded from x9.servicedesk.atera.com and installed via msiexec /qn. During install, Atera MSI shows an interactive MFA window - technician enters the code to complete registration. Agent enables MSP monitoring, remote access, and ticketing integration.
adobe-pdf-default-pdf-acrord32-po-instal: Sets .pdf -> AcroRd32 file association after Acrobat install via HKCR (system-wide, no UserChoice hash issue). UCPD driver is stopped immediately before the write and restarted after to ensure the association persists across Edge updates. adobe-pdf-default-pdf-acrord32-po-instal: Sets .pdf -> AcroRd32 file association after Acrobat install via HKCR (system-wide, no UserChoice hash issue). UCPD driver is stopped immediately before the write and restarted after to ensure the association persists across Edge updates.
ucpd-sys-kernel-driver-od-feb-2024-bloku: UCPD.sys (User Choice Protection Driver) is stopped before the PDF association write and restarted after. Pattern: Stop-Service ucpd -> set HKCR\.pdf -> Start-Service ucpd. Implemented in this script. ucpd-sys-kernel-driver-od-feb-2024-bloku: UCPD.sys (User Choice Protection Driver) is stopped before the PDF association write and restarted after. Pattern: Stop-Service ucpd -> set HKCR\.pdf -> Start-Service ucpd. Implemented in this script.
#> #>
@ -185,27 +185,23 @@ if (Get-Feature $Config "software" "pdfDefault") {
# ----------------------------------------------------------------------- # -----------------------------------------------------------------------
# Install Atera RMM Agent # Install Atera RMM Agent
# The MSI is bundled in assets/Atera/ (downloaded once from the Atera # Download MSI from Atera dashboard API, install via msiexec /qn.
# dashboard). The download URL requires MFA in a browser session, so # During install, the Atera MSI shows an interactive MFA window -
# Invoke-WebRequest gets an HTML login page instead of the MSI binary. # the technician enters the code to complete agent registration.
# Bundling avoids this entirely - no network dependency for Atera.
# To update: download fresh MSI from Atera dashboard, replace in assets/.
# ----------------------------------------------------------------------- # -----------------------------------------------------------------------
if (Get-Feature $Config "software" "ateraAgent") { if (Get-Feature $Config "software" "ateraAgent") {
Write-Log "Installing Atera RMM Agent" -Level INFO Write-Log "Installing Atera RMM Agent" -Level INFO
# Look for bundled MSI in assets/Atera/ $ateraMsi = "$env:TEMP\AteraAgent.msi"
$ateraAssetsDir = Join-Path $PSScriptRoot "..\assets\Atera" $ateraUrl = "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337"
$ateraMsi = Get-ChildItem -Path $ateraAssetsDir -Filter "*.msi" -ErrorAction SilentlyContinue |
Select-Object -First 1
if (-not $ateraMsi) {
Write-Log " No Atera MSI found in assets/Atera/ - skipping" -Level WARN
Write-Log " Download MSI from Atera dashboard and place in assets/Atera/" -Level WARN
} else {
Write-Log " Using bundled MSI: $($ateraMsi.Name)" -Level INFO
try { try {
$msiProc = Start-Process msiexec -ArgumentList "/i `"$($ateraMsi.FullName)`" /qn" -Wait -PassThru Write-Log " Downloading Atera MSI..." -Level INFO
Invoke-WebRequest -Uri $ateraUrl -OutFile $ateraMsi -UseBasicParsing -ErrorAction Stop
Write-Log " Download complete" -Level OK
Write-Log " Running installer (MFA window will appear)..." -Level INFO
$msiProc = Start-Process msiexec -ArgumentList "/i `"$ateraMsi`" /qn" -Wait -PassThru
if ($msiProc.ExitCode -eq 0) { if ($msiProc.ExitCode -eq 0) {
Write-Log " Atera agent installed (msiexec exit 0)" -Level OK Write-Log " Atera agent installed (msiexec exit 0)" -Level OK
} else { } else {
@ -224,6 +220,8 @@ if (Get-Feature $Config "software" "ateraAgent") {
catch { catch {
Write-Log " Atera agent install failed: $_" -Level ERROR Write-Log " Atera agent install failed: $_" -Level ERROR
} }
finally {
Remove-Item $ateraMsi -ErrorAction SilentlyContinue
} }
} else { } else {
Write-Log "ateraAgent feature disabled - skipping" -Level INFO Write-Log "ateraAgent feature disabled - skipping" -Level INFO