Use path.Join (always '/') for embed.FS reads, filepath.Join only for OS paths.
filepath.Join on Windows produces backslashes which embed.FS doesn't accept,
causing "failed to extract scripts" on startup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- nginx.conf: add /dl -> latest xetup.exe release redirect (update on each release)
- index.html: replace irm/iex command with 'curl -Lo xetup.exe xetup.x9.cz/dl'
works with built-in curl.exe on Win10/11, no PowerShell execution policy needed
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- BackInfo (exe + ini + ps1) in assets/
- X9 logo (ico + jpeg) in assets/Logo/
- Colleague specs and review results in docs/
- Interactive review page v2 (review.html)
- Updated CLAUDE.md with all decisions from 2026-04-15 session
- Updated .gitignore (flash.zip, W11.pdf)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Windows reuses TranscodedWallpaper cache and ignores updated BMP
if the path stays the same. Clear cache before SystemParametersInfo
so wallpaper always reloads.
Add per-run logging to desktopinfo.log for diagnostics.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without delay the task fires before network init, causing
Get-NetIPAddress to return nothing and IP showing as N/A.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Centered block on desktop: hostname large bold (36pt), then detail
lines in Segoe UI 14pt - user, OS (bold), CPU+RAM on one line,
IPs+domain on one line. Collects CPU count/speed, total RAM, all
IPv4 addresses, and domain/workgroup. Background #556364.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Microsoft-RemoteDesktopConnection is required for Remote Desktop
connections and must not be disabled on business machines.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
DisableFileSyncNGSC=1 prevented OneDrive from launching after M365
installation. Keep uninstall for clean PCs but drop the policy key so
Office 365 can reinstall and run OneDrive without restrictions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Search subkey for Win10 search box hiding
- Clear TrayNotify icon streams as Win11 systray workaround
- Restart Explorer to apply taskbar changes in current session
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 04-default-profile.ps1 + 05-personalization.ps1: show This PC icon on
desktop via HideDesktopIcons CLSID {20D04FE0...} = 0
- 03-system-registry.ps1: HideRecommendedSection = 1 hides Win11 Start
menu Recommended section (HKLM policy)
- 04-default-profile.ps1: Start_TrackProgs = 0 and Start_TrackDocs = 0
hide recently added/opened items from Start menu
- 01-bloatware.ps1: add 7EE7776C.LinkedInforWindows to removal list
- tests/Test-Deployment.ps1: add checks for all three new settings
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 03-system-registry.ps1: replace .NET OpenSubKey approach with proper
P/Invoke that enables SeTakeOwnershipPrivilege and SeRestorePrivilege
before attempting to take ownership of TrustedInstaller-owned keys
(e.g. HKLM\...\Communications\ConfigureChatAutoInstall)
- Remove SYSTEM scheduled task fallback (not needed with token approach)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 03-system-registry.ps1: Set-Reg now has 3-tier retry: direct write,
ACL manipulation, fallback to scheduled task running as SYSTEM (which
has unrestricted registry access - handles TrustedInstaller-owned keys)
- 02-software.ps1: add Acrobat DC path (Acrobat.exe) before legacy
AcroRd32.exe paths - winget installs Acrobat DC not Reader DC
- 06-scheduled-tasks.ps1: same Adobe path fix in PDF-DefaultApp script
- tests/Test-Deployment.ps1: Adobe check covers both Acrobat DC and
Reader DC install paths
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 03-system-registry.ps1: add Grant-RegWriteAccess helper; Set-Reg now
retries with ACL fix when Set-ItemProperty throws SecurityException
(e.g. HKLM\...\Communications owned by TrustedInstaller)
- 04-default-profile.ps1: add Grant-HiveWriteAccess helper; Set-ProfileReg
retries with ACL fix on Default hive keys with restricted permissions
- Both scripts: add -ErrorAction Stop to Set-ItemProperty so errors are
properly caught by try/catch instead of bypassing it
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- 00-admin-account.ps1: create/update adminx9, add to Administrators,
hide from login screen via SpecialAccounts\UserList
- 08-activation.ps1: activate via config key or GVLK fallback matched
by OS edition; supports optional KMS server; skips if already active
- config.json: add adminAccount block (password), activation block
(productKey placeholder, kmsServer)
- Deploy-Windows.ps1: add Step 0a and Step 0b before bloatware removal
- Test-Deployment.ps1: add checks for admin account and activation
- SPEC.md: document new steps, close open question #4
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
