MSI downloads fine via Invoke-WebRequest; MFA is an interactive window
shown by the installer itself during registration - accepted as normal
workflow. Bundled approach removed: assets/Atera/ dropped, no binary
maintenance needed.
Also closes CLAUDE.md open questions #2 (MFA resolved) and #3 (--resume
already removed from prereboot task).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Atera agent: download URL requires MFA in browser session, so
Invoke-WebRequest gets HTML instead of MSI. Changed to bundled
MSI from assets/Atera/ - download once from dashboard, no network
dependency. Graceful skip with log message when MSI not present.
Removed unused --resume argument from X9-Resume scheduled task
registration. Resume is detected via state file, not CLI flag.
CI pipeline: added mingw-w64-gcc and CGO_ENABLED=1 for Walk
cross-compilation (required since Walk migration from Fyne).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Email report: HTML summary sent via SMTP2Go (mail-eu.smtp2go.com)
at the end of every deployment. Subject "xetup report HOSTNAME",
body contains per-step status table with timestamps. Non-blocking
(goroutine) so it doesn't delay the summary screen.
Pre-flight checks: admin rights, winget availability, network
connectivity (DNS resolve), and disk space verified before the
config form. Results shown as colored status lines at the top
of the GUI - red warnings tell the technician what's wrong
before starting a 30-minute deployment.
Parallel winget: 02-software.ps1 now launches all winget installs
as background jobs (Start-Job) and waits for all to complete.
7-Zip, Acrobat, OpenVPN run simultaneously instead of sequentially,
saving 3-5 minutes per deployment.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause fix: runner.go passed config as unevaluated PS expression
via -File mode - scripts received a literal string instead of parsed
object. Changed to -ConfigPath; scripts load JSON themselves via
shared common.ps1 (Write-Log, Get-Feature, Load-Config).
GUI now regenerates runtime config before run so user selections
actually reach the scripts.
Merged 04-default-profile + 05-personalization into single script
(one hive load/unload, no Explorer restart, no hive contention).
Deleted Deploy-Windows.ps1 (xetup.exe is sole entry point),
06-scheduled-tasks.ps1 (tasks caused more harm than good),
07-desktop-info.ps1 (replaced by BackInfo long ago).
Step ordering: activation moved early, pcIdentity before WU
(exit 9 on rename only when rename actually happened).
Edge policies split into mandatory (telemetry, first-run) vs
recommended (UI preferences user can override).
Atera install uses Start-Process -Wait instead of fragile sleep.
Updated config.json, tests, DefaultConfig to match current state.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
xetup.exe now acts as an orchestrator across system reboots:
- PS scripts exit 9 to signal "reboot needed, re-run me" (WU) or
"done but reboot needed to finalize" (Dell BIOS)
- On exit 9: xetup saves state.json, ensures adminx9 account,
copies itself to stable path, enables autologon, registers
X9-Resume scheduled task (AtLogOn adminx9, RunLevel Highest)
- On resume: loads pending steps from state, continues seamlessly
with "Pokracuji po restartu..." label in the run window
- On completion: disables autologon, removes X9-Resume task,
deletes state file, shows summary with accumulated results
across all reboot rounds
New packages: internal/state, internal/prereboot
Script 12: simplified to exit 0 (done) or exit 9 (reboot needed)
Script 11: exit 9 when DCU exit code 1 (BIOS staged, reboot needed)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When X9-WindowsUpdate finds no more updates:
- Creates "! WU HOTOVO yyyy-MM-dd HH:mm.txt" on C:\Users\Public\Desktop
- Locks the workstation via one-shot task running as adminx9
(login screen = unambiguous visual signal for the operator)
- One-shot lock task self-deletes after 5 minutes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
04-default-profile: Create File Explorer.lnk (and PowerShell.lnk for
admin profile) in C:\Users\Default\AppData\Roaming\...\Start Menu
before writing LayoutModification.xml. On a clean Windows 11 install
the System Tools folder is often missing from the Default profile,
which causes the taskbar pin to be silently skipped.
12-windows-update: Enable temporary autologon for adminx9 so the
machine logs in automatically after each update reboot without
operator intervention. AutoLogonCount=10 as safety cap.
Autologon is disabled (and DefaultPassword removed) by the
scheduled task when no more updates are found.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BackInfo.ini:
- AutoBackground=0: don't read live desktop color during deployment;
Windows hasn't propagated the registry background color to the
live session yet, so AutoBackground reads black
- BackgroundColor=4668194: explicit COLORREF for #223B47
(was 2097152 = 0x200000 = RGB(0,0,32), near-black)
05-personalization.ps1:
- Add Explorer\Accent\AccentColorMenu = 0xFF473B22
- Add Explorer\Accent\StartColorMenu = 0xFF473B22
Windows taskbar reads AccentColorMenu for its color when
ColorPrevalence=1; DWM\AccentColor only controls title bars.
Without these keys the taskbar shows Windows default blue
(RGB 130, 232, 253 = Windows 11 "Steel" default accent).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 04-default-profile: default profile now pins Explorer+Edge (was empty),
preventing MS Store and other defaults from appearing in taskbar
- 03-system-registry: disable Edge new tab page quick links, background,
content feed (NewTabPageQuickLinksEnabled/BackgroundEnabled/AllowedBackgroundTypes)
- 05-personalization: set Wallpaper="" in default hive so new user accounts
get solid-color background instead of black fallback
- runner: add onStepStart callback, fires before each script launch
- gui: step progress strip in run phase — color-coded labels per step
(pending gray · / running blue ► / ok green ✓ / error red ✗ / skipped gray –)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HKCR: is not available by default in PS sessions - must be explicitly
mounted via New-PSDrive before any registry operations on it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
