x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 2 Packages Wiki Activity Actions

Compare commits

base: x9:fe63de3ed75513e8791451824b79dc1579b438e0
Branches Tags
x9:main
x9:latest
x9:v0.1.0
..
compare: x9:c8ff952bbb8527f2da904f5e8c5c0f4b49587362
Branches Tags
x9:main
x9:latest
x9:v0.1.0

2 commits
fe63de3ed7 ... c8ff952bbb

Author SHA1 Message Date
Filip Zubik
c8ff952bbb Add Claude Code memory and project context 
- User profile, feedback preferences
- Project state and architecture decisions
- Technical findings (UCPD, Win11 compat, code analysis)
- Reference pointers to colleague specs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-15 19:43:39 +02:00
Filip Zubik
4611517a1d Add all project assets, docs, and review page 
- BackInfo (exe + ini + ps1) in assets/
- X9 logo (ico + jpeg) in assets/Logo/
- Colleague specs and review results in docs/
- Interactive review page v2 (review.html)
- Updated CLAUDE.md with all decisions from 2026-04-15 session
- Updated .gitignore (flash.zip, W11.pdf)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-15 19:43:18 +02:00
18 changed files with 1984 additions and 20 deletions
Show stats Expand all files Collapse all files

14
.claude/MEMORY.md Normal file
View file

@ -0,0 +1,14 @@
# Memory Index
## User
- [Filip Zubik - X9.cz](user_filip.md) - MSP owner/developer, Czech communication, pragmatic approach
## Feedback
- [Communication preferences](feedback_preferences.md) - Czech, discussion first, interactive reviews, phased approach
## Project
- [Xetup project state](project_xetup_state.md) - Current state, architecture decisions, what's next (as of 2026-04-15)
- [Technical findings](project_technical_findings.md) - Deep code analysis, UCPD issue, Win11 compatibility, tools research
## Reference
- [Colleague specs and review](reference_colleague_specs.md) - Where to find colleague's input documents and review results

14
.claude/memory/MEMORY.md Normal file
View file

@ -0,0 +1,14 @@
# Memory Index
## User
- [Filip Zubik - X9.cz](user_filip.md) - MSP owner/developer, Czech communication, pragmatic approach
## Feedback
- [Communication preferences](feedback_preferences.md) - Czech, discussion first, interactive reviews, phased approach
## Project
- [Xetup project state](project_xetup_state.md) - Current state, architecture decisions, what's next (as of 2026-04-15)
- [Technical findings](project_technical_findings.md) - Deep code analysis, UCPD issue, Win11 compatibility, tools research
## Reference
- [Colleague specs and review](reference_colleague_specs.md) - Where to find colleague's input documents and review results

15
.claude/memory/feedback_preferences.md Normal file
View file

@ -0,0 +1,15 @@
---
name: Communication and workflow preferences
description: How Filip wants to work - Czech communication, discussion before coding, interactive reviews
type: feedback
---
- Communicate in Czech (code/comments/logs stay English)
- When Filip says "nekodujme, udelame diskusi" - he wants discussion first, not jumping to code
- Prefers interactive HTML pages for reviews/decisions (not just markdown)
- Likes phased approaches - start simple, evolve
- Values colleague's field experience over theoretical best practices
- When specs conflict, ask rather than assume
- Filip appreciates out-of-the-box thinking (Go binaries, web platforms) but wants practical solutions
- Don't over-engineer for 20 machines/month scale
- Filip works on macOS, targets Windows - cross-compilation matters

57
.claude/memory/project_technical_findings.md Normal file
View file

@ -0,0 +1,57 @@
---
name: Technical findings from deep code analysis and research (2026-04-15)
description: Detailed technical analysis results - Win11 compatibility issues, UCPD driver, code quality assessment, and modernization opportunities
type: project
---
## Code quality assessment (all scripts in windows-deployment-new/scripts/)
- Overall: solid, production-ready for Win10/11 22H2
- 3-level registry fallback in 03-system-registry.ps1: direct write → ACL fix (SeTakeOwnershipPrivilege) → SYSTEM scheduled task
- Proper hive handling: GC.Collect + WaitForPendingFinalizers + 500ms sleep before reg unload, always in finally block
- Error handling: $ErrorActionPreference = "Continue", try/catch everywhere, WARN level for non-critical failures
- Logging: every step to C:\Windows\Setup\Scripts\Deploy.log with color-coded console output
## Critical issues found
### 1. UCPD.sys (User Choice Protection Driver)
- Kernel-mode driver since Feb 2024, v4.3 as of early 2026
- Blocks direct registry writes to UserChoice for .pdf, .htm, .html etc.
- Our HKCR approach works as system-wide fallback but isn't clean
- Fix: disable UCPD service + scheduled task during deployment, set associations, re-enable
- Or use SetUserFTA tool (~$20, kolbi.cz)
### 2. System tray EnableAutoTray=0 broken on 24H2
- Win11 23H2/24H2 ignores this registry key
- Icon stream cache clearing is a workaround but not 100%
- No reliable registry-only solution exists for 24H2
### 3. OneDrive removal too aggressive
- 03-system-registry.ps1 lines 244-273: uninstalls + deletes OneDriveSetup.exe
- 04-default-profile.ps1 lines 240-261: removes RunOnce keys + Explorer namespace
- Must remove these blocks entirely
### 4. Edge policies incomplete
- Currently only: HideFirstRunExperience, CreateDesktopShortcutDefault
- Need to add: BrowserSignin=0, CopilotPageContext=0, NewTabPageContentEnabled=0, StandaloneHubsSidebarEnabled=0, ShowRecommendationsEnabled=0, DefaultBrowserSettingsCampaignEnabled=0, and ~10 more
### 5. ConfigureStartPins applyOnce
- New in 24H2 (KB5062660): {"pinnedList":[], "applyOnce": true}
- Applies layout once, then users can customize
- Better than our current approach (XML lock + UnlockStartLayout task)
## Win10/Win11 compatibility matrix
- All core registry keys work on both versions
- Win11-specific keys (TaskbarAl, ShowCopilotButton, TaskbarDa, TaskbarMn) harmlessly create empty keys on Win10
- Scripts handle version differences through graceful degradation
## Config.json issues
- desktopInfo settings (position, fontSize, color) are defined but ignored by 07-desktop-info.ps1
- deployment.locale is not used anywhere
- Software list has only 3 packages (TODO in SPEC)
## Tools landscape (researched 2026-04-15)
- Chris Titus WinUtil: PS-based, `irm christitus.com/win | iex`, has Win11 Creator tab
- Win11Debloat (Raphire): got GUI in Feb 2026, configurable via Apps.json
- Sophia Script: 150+ tweaks, most granular but slower
- Go binary advantages: bypasses execution policy, single file, no dependencies, cross-compile from macOS
- Charmbracelet stack (bubbletea/huh/lipgloss): best for TUI forms in Go

73
.claude/memory/project_xetup_state.md Normal file
View file

@ -0,0 +1,73 @@
---
name: Xetup project state as of 2026-04-15
description: Current state of the xetup Windows deployment project - architecture decisions, what exists, what's planned
type: project
---
## What xetup is
Automated Windows 10/11 setup for X9.cz MSP clients. Replaces ~3 hours of manual work with a single script/tool.
## Current repo structure (cleaned 2026-04-15)
```
xetup/
├── review.html ← interactive review page v2 (with colleague comments)
├── xetup-review.md ← exported review v1 results from colleague
├── xetup-win-setup-spec.md ← original spec from colleague
├── xetup-win-setup-novinky.md ← v2 additions from colleague (taskbar pins, explorer, network, admin desc)
├── W11.pdf ← reference PDF
└── windows-deployment-new/ ← the active codebase
├── Deploy-Windows.ps1 ← master script
├── CLAUDE.md / SPEC.md
├── config/config.json
├── assets/
│ ├── Backinfo/ ← BackInfo.exe + ini + ps1 (ready to use)
│ └── Logo/ ← X9 ico + jpeg (moved here 2026-04-15)
└── scripts/
├── 00-admin-account.ps1
├── 01-bloatware.ps1
├── 02-software.ps1
├── 03-system-registry.ps1
├── 04-default-profile.ps1
├── 05-personalization.ps1
├── 06-scheduled-tasks.ps1
├── 07-desktop-info.ps1 ← TO BE REPLACED by BackInfo
└── 08-activation.ps1
```
## Key decisions made (2026-04-15 session)
1. **BackInfo wins over custom DesktopInfo** - colleague prefers it (INI config, auto-update, centered text). Our 07-desktop-info.ps1 will be deleted.
2. **OneDrive must NOT be removed** - current code aggressively deletes it, breaks M365. Must fix 03-system-registry.ps1 and 04-default-profile.ps1.
3. **RDP must NOT be removed** - was in SPEC but never implemented (good). Remove from SPEC entirely.
4. **Colleague's spec has priority** over our implementation when they overlap.
5. **adminx9 account: no password** (changed from config-driven password), FullName = "X9.cz s.r.o."
6. **Nextcloud not needed** - assets are in repo, only Atera MSI downloads from web.
7. **Flash2 not integrated** - it's the old version of this tool, just for inspiration.
8. **Atera Agent**: curl from `https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337` then `msiexec /i setup.msi /qn`
## Architecture direction (decided 2026-04-15)
- **Go TUI launcher** (xetup.exe) - single binary, embeds PS scripts + assets
- Charmbracelet stack: bubbletea, huh, lipgloss
- Self-update from web (version.json check)
- **Web platform** at xetup.x9.cz:
- Forgejo for git hosting + issues + CI
- Auto-generated documentation from spec.yaml
- Comments via Forgejo Issues API
- Landing page + download + changelog
- Deployment reporting dashboard (later)
- **spec.yaml** as single source of truth for both exe and docs
## What needs to happen next
1. Create spec.yaml from all gathered specs + review
2. Initialize Go project structure
3. Fix PS scripts (OneDrive removal, admin password, BackInfo integration)
4. Set up repo (GitHub initially, Forgejo later)
5. First Go build with TUI form
6. CI pipeline (GitHub Actions)
7. Web landing page
## Technical findings from deep analysis
- UCPD kernel driver (since Feb 2024) blocks PDF default association via UserChoice - need to disable UCPD during deployment
- System tray "show all icons" broken in Win11 24H2 - EnableAutoTray=0 ignored
- Edge needs ~15 more policy keys than we currently set
- ConfigureStartPins has new applyOnce property in 24H2
- Current code quality is solid: 3-level registry fallback, proper hive handling with GC+finally

24
.claude/memory/reference_colleague_specs.md Normal file
View file

@ -0,0 +1,24 @@
---
name: Colleague spec documents and review results
description: Where to find colleague's input - specs, review comments, and novinky files in repo root
type: reference
---
## Input documents from colleague (in repo root)
- `xetup-win-setup-spec.md` - original full spec (15 sections covering directory structure, personalization, taskbar, power, proxy, PC rename, bloatware, SW install, BackInfo, Edge, bootstrap launcher)
- `xetup-win-setup-novinky.md` - v2 additions: A) taskbar pinned apps (admin vs user XML layout), B) Explorer settings (ShowRecent/Frequent off, FullPath), C) network discovery + private network, D) admin account FullName
- `xetup-review.md` - exported review v1 with colleague's comments
- `W11.pdf` - reference PDF from colleague
## Key colleague comments from review v1
- Nextcloud not needed for assets
- adminX9 without password
- Flash2 is just the old version, for inspiration only
- OneDrive and RDP problems reported from first version
- Atera: specific curl URL provided with cid=31 and aeid parameter
- Logo files added to repo (now in assets/Logo/)
## Review v2
- `review.html` in repo root - interactive review page with all steps organized into 9 groups
- Uses localStorage prefix `xr2-` for state
- 27 steps total, incorporates all colleague feedback + novinky

17
.claude/memory/user_filip.md Normal file
View file

@ -0,0 +1,17 @@
---
name: Filip Zubik - X9.cz
description: MSP owner/developer at X9.cz, builds Windows deployment automation, prefers Czech communication, pragmatic approach
type: user
---
- Runs X9.cz - MSP (Managed Service Provider) deploying ~20 Windows machines/month
- Developer + business owner - makes architectural decisions
- Works on macOS, deploys to Windows
- Prefers Czech for communication, English for code/comments/logs
- Pragmatic - wants working solutions, not over-engineering
- Open to modern approaches (Go binaries, TUI, web platforms)
- Has a colleague ("kolega") who is the hands-on technician doing the actual deployments
- Colleague provides real-world specs and feedback from field experience
- Filip values colleague's input - "spec kolegy ma prednost"
- Likes interactive review workflows (HTML review pages with approve/reject/discuss)
- Thinks long-term - wants living documentation, feedback loops, continuous improvement

6
.gitignore vendored
View file

@ -15,3 +15,9 @@ Desktop.ini
# Temp
*.tmp
*.bak
# Build artifacts
flash.zip
# Large reference files
W11.pdf

87
CLAUDE.md
View file

@ -3,7 +3,7 @@
## Project context
MSP deployment script for X9.cz - automated preparation of new Windows 10/11 computers for clients.
Replaces ~3 hours of manual setup with a single PowerShell script.
Replaces ~3 hours of manual setup with a single PowerShell script (evolving toward Go TUI launcher).
**Key parameters:**
- Target OS: Windows 10 and Windows 11 (x64), including unsupported HW
@ -13,38 +13,41 @@ Replaces ~3 hours of manual setup with a single PowerShell script.
---
## Communication
- Communicate with the user in Czech
- Code, comments, log messages: English only (no diacritics rule still applies)
---
## Repo structure
```
windows-deployment/
windows-deployment-new/
├── CLAUDE.md <- this file
├── SPEC.md <- technical specification
├── Deploy-Windows.ps1 <- master script (entry point)
├── scripts/
│ ├── 00-admin-account.ps1 <- create hidden admin account
│ ├── 01-bloatware.ps1 <- remove AppX, Capabilities, Features
│ ├── 02-software.ps1 <- winget installs + Adobe PDF default
│ ├── 03-system-registry.ps1 <- HKLM tweaks
│ ├── 04-default-profile.ps1 <- C:\Users\Default\NTUSER.DAT changes
│ ├── 05-personalization.ps1 <- colors, wallpaper, theme
│ ├── 06-scheduled-tasks.ps1 <- register scheduled tasks
│ └── 07-desktop-info.ps1 <- custom desktop info (replaces BackInfo)
│ ├── 07-desktop-info.ps1 <- TO BE DELETED (replaced by BackInfo)
│ └── 08-activation.ps1 <- Windows activation via slmgr
├── config/
│ └── config.json <- per-client config (future)
│ └── config.json <- per-client config
├── assets/
│ └── DesktopInfo/ <- resources for desktop info script
│ ├── Backinfo/ <- BackInfo.exe + .ini + backinfo_W11.ps1
│ └── Logo/ <- X9-ikona.ico, X9-logo.jpeg
└── tests/
└── Test-Deployment.ps1 <- post-deployment verification
```
---
## Communication
- Communicate with the user in Czech
- Code, comments, log messages: English only (no diacritics rule still applies)
---
## Conventions and rules
### PowerShell
@ -83,16 +86,19 @@ windows-deployment/
## Important notes
### BackInfo replacement - custom solution
BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Triggers on every user logon
- PS script reads: hostname, IP, Windows version, username, install date
- Renders text onto desktop via WPF/System.Drawing -> saves as BMP -> sets as wallpaper
- Works on Win10 and Win11 without registry hacks
### BackInfo (replaces custom DesktopInfo)
BackInfo.exe IS used. Located in assets/Backinfo/. Deployment:
1. Copy assets/Backinfo/ to C:\Program Files\Backinfo\
2. Run backinfo_W11.ps1 (detects OS, writes registry, creates Startup shortcut)
3. BackInfo.exe auto-starts on every logon, reads INI, renders BMP with system info
- Configurable via BackInfo.ini (fonts, positions, data sources)
- Displays: hostname (centered, large), username, OS, HW info, network info
- DELETE 07-desktop-info.ps1 - no longer needed
### Adobe Reader as default PDF app
- After install: set .pdf -> AcroRd32 association
- Scheduled task PDF-DefaultApp restores association on every logon (guard against Edge overwriting it)
- NOTE: UCPD.sys (kernel driver since Feb 2024) blocks UserChoice writes. Consider disabling UCPD during deployment.
### Default Profile
- Changes to C:\Users\Default\NTUSER.DAT via reg load / reg unload
@ -104,6 +110,16 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Check winget availability before running installs
- Log result of every install
### Atera Agent
- Download: `Invoke-WebRequest -Uri "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337" -OutFile setup.msi`
- Install: `msiexec /i setup.msi /qn`
### Admin account (adminx9)
- NO PASSWORD (changed from previous version)
- FullName = "X9.cz s.r.o." (via ADSI)
- Hidden from login screen
- Added to Administrators group
---
## DO NOT
@ -115,6 +131,35 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
- Do not use hardcoded paths that do not exist on clean Windows
- NO diacritics - no accented characters in any part of any script
- NO emoticons - none in comments, log messages or output
- Do not remove OneDrive - must remain installable for M365
- Do not remove RDP/RDS - must remain functional
- Do not remove Microsoft-RemoteDesktopConnection from Optional Features
---
## Planned changes (from review v2, 2026-04-15)
### Must fix
- [ ] Remove OneDrive uninstall from 03-system-registry.ps1 and 04-default-profile.ps1
- [ ] Remove password from admin account, add FullName = "X9.cz s.r.o."
- [ ] Delete 07-desktop-info.ps1, replace with BackInfo deployment step
- [ ] Add powercfg settings (standby-timeout-ac 0, monitor-timeout-ac 60, etc.)
- [ ] Add proxy auto-detect disable (AutoDetect = 0)
- [ ] Add Atera Agent install step
- [ ] Extend Edge policies (~15 more keys)
### New features (from colleague spec v2)
- [ ] Taskbar pinned apps: admin vs user variants via XML layout + -ProfileType parameter
- [ ] Explorer: ShowRecent=0, ShowFrequent=0, FullPath=1 in CabinetState
- [ ] Network discovery: enable ping, set private network profile (post-restart step)
- [ ] PC rename: Rename-Computer as final step before restart
- [ ] C:\X9 directory structure with custom folder icon
### Architecture evolution
- [ ] Go TUI launcher (xetup.exe) embedding PS scripts
- [ ] spec.yaml as single source of truth
- [ ] Web platform at xetup.x9.cz (Forgejo + docs + comments)
- [ ] Self-update mechanism in xetup.exe
---
@ -122,7 +167,9 @@ BackInfo.exe is NOT used. Instead: custom scheduled task DesktopInfo:
| # | Question | Status |
|---|---|---|
| 1 | BackInfo replacement | DONE - custom PS scheduled task DesktopInfo |
| 1 | BackInfo replacement | DONE - using BackInfo.exe from assets/ |
| 2 | Complete SW list for winget | TODO - list incomplete |
| 3 | Per-client variability via config.json | FUTURE |
| 4 | Admin account adminx9 - script or manual? | OPEN |
| 4 | Admin account adminx9 | DECIDED - no password, FullName "X9.cz s.r.o." |
| 5 | UCPD driver workaround for PDF default | TODO - disable during deployment |
| 6 | Atera MFA bypass | OPEN - does aeid parameter avoid MFA? |

BIN
assets/Backinfo/BackInfo.exe Normal file
View file

Binary file not shown.

182
assets/Backinfo/BackInfo.ini Normal file
View file

@ -0,0 +1,182 @@
;; This INI file should use the following format
;;
;; [General]
;; BackgroundColor = <COLORREF value> ; The background color to use (default = 0 (black))
;; AutoBackground = [0 | 1] ; Use background color of current desktop (default = 0)
;; BackgroundBitmap = <path to BMP file> ; Overrides AutoBackground and BackgroundColor values. Loads background bitmap from BMP file
;; XOffset = <horizontal offset in pixels> ; Horizontal offest of the entire text block from the bitmap's center. Can be negative. Default = 0
;; YOffset = <vertical offset in pixels> ; Vertical offest of the entire text block from the bitmap's center. Can be negative. Default = 0
;; Output = <file name> ; Name of output bitmap file (default = "", use popup message)
;; UpdateDesktop = [0 | 1] ; Update background desktop bitmap (default = 0)
;; ForceDesktopCenter = [0 | 1] ; Force the desktop to display the bitmap as cenetered (instead of tiled / streched). Default = 1
;; LineSpacing = <value> ; Line spacing (default = 3)
;; SuppressErrors = [0 | 1] ; If 1, errors are NOT displayed (default = 0)
;;
;; [LineN] ; Text settings for line N, where N between [1..20]
;; Type = [CompName | UserName | SysVer | ; Type of information to display on the line
;; SysInfo | NetInfo | FileVer |
;; RegValue | FreeText |
UpdateTime | Unused]
;; ; CompName - Computer name
;; ; UserName - User name
;; ; SysVer - Operating system version
;; ; SysInfo - Hardware information
;; ; NetInfo - Network information
;; ; FileVer - Version of a file specified in 'FileName' option
;; ; RegValue - Registry string value.
;; ; Reg root from 'RegRoot' (e.g. HKLM)
;; ; Reg path from 'RegPath' (e.g. SOFTWARE\Microsoft\Windows NT\CurrentVersion)
;; ; Reg value from 'RegValue' (e.g. CurrentType)
;; ; Reg title from 'RegTitle' (e.g. "The value of X is")
;; ; FreeText - Text specified in 'Text' will be displayed as is
;; ; UpdateTime - The date and time the bitmap was created
;; ; Unused - Line will not be displayed
;;
;; Font = <Face name> ; Font name (default = "Arial")
;; Size = <Font size> ; Font size (default = 22)
;; Color = <COLORREF value> ; Font color (default = WHITE)
;; Bold = [0 | 1] ; Font boldness (default = 0)
;; Italic = [0 | 1] ; Font italicness (default = 0)
;; Alignment = [Left | Right | Center] ; Font alignment (default = Left)
;;
;; ShadowX = <X offset value> ; Shadow X offset (positive only, 0 = No X shadow. Default = 0)
;; ShadowY = <Y offset value> ; Shadow Y offset (positive only, 0 = No Y shadow. Default = 0)
;; ShadowColor = <COLORREF value> ; Shadow Color (default = 0 (black))
;;
;; RegRoot = [HKLM | HKCU] ; Registry root to use for 'Type' = 'RegValue'
;; RegPath = <Registry path to read from> ; Registry path to use for 'Type' = 'RegValue'
;; RegValue = <Registry value to read from> ; Registry value to use for 'Type' = 'RegValue'. Must be of type REG_SZ
;; RegTitle = <Display title of read value> ; Registry value to use for 'Type' = 'RegValue'
;;
;; Text = <free text to display> ; Free text to display. Used if 'Type' = 'FreeText'
;;
;; FilePath = <full path to file> ; Path to file to display version for. Used if 'Type' = 'FileVer'
;; FileName = <display name of file> ; Display name of file specified in 'FilePath'. Used if 'Type' = 'FileVer'
;;
[General]
BackgroundColor = 2097152
AutoBackground = 1
Output = %temp%\backinfo.bmp
UpdateDesktop = 1
LineSpacing = 2
ForceDesktopCenter = 1
SuppressErrors = 1
[Line1]
Font = Trebuchet MS
Size = 42
Color = 16777215
Bold = 1
Italic = 0
Alignment = Center
ShadowX = 2
ShadowY = 2
ShadowColor = 4210752
Type = CompName
[Line2]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = UserName
[Line3]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 1
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = RegValue
RegRoot = HKLM
RegPath = SOFTWARE\BackInfo
RegValue = OSName
RegTitle = OS:
[Line4]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = SysInfo
[Line5]
Font = Trebuchet MS
Size = 20
Color = 10526880
Bold = 0
Italic = 0
Alignment = Center
ShadowX = 0
ShadowY = 0
ShadowColor = 4210752
Type = NetInfo
;;
;; SAMPLE - how to display free text lines
;;
; [Line6]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = FreeText
; Text = System path is %windir%
;;;
;; SAMPLE - how to display file version
;;
; [Line7]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = FileVer
; FilePath = %ProgramFiles%\backinfo\backinfo.exe
; FileName = backinfo.exe
;;
;; SAMPLE - how to display registry value
;;
; [Line8]
; Font = Trebuchet MS
; Size = 20
; Color = 10526880
; Bold = 0
; Italic = 0
; Alignment = Center
; ShadowX = 0
; ShadowY = 0
; ShadowColor = 4210752
; Type = RegValue
; RegRoot = HKLM
; RegPath = SOFTWARE\Microsoft\Windows NT\CurrentVersion
; RegValue = CurrentType
; RegTitle = OS type

60
assets/Backinfo/backinfo_W11.ps1 Normal file
View file

@ -0,0 +1,60 @@
# ================================
# BackInfo OS detection script
# Writes OS name for BGInfo/BackInfo
# ================================
Set-ExecutionPolicy Unrestricted
$cvPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$cv = Get-ItemProperty -Path $cvPath
# --- Detect OS by build number ---
$build = [int]$cv.CurrentBuild
if ($build -ge 22000) {
$osName = "Windows 11"
} else {
$osName = "Windows 10"
}
# --- Detect edition ---
switch ($cv.EditionID) {
"Professional" { $edition = "Pro" }
"ProfessionalN" { $edition = "Pro N" }
"Core" { $edition = "Home" }
"CoreN" { $edition = "Home N" }
"Enterprise" { $edition = "Enterprise" }
"Education" { $edition = "Education" }
default { $edition = $cv.EditionID }
}
$finalOSName = "$osName $edition"
# --- Registry paths for BackInfo (64bit + 32bit) ---
$regPaths = @(
"HKLM:\SOFTWARE\BackInfo",
"HKLM:\SOFTWARE\WOW6432Node\BackInfo"
)
foreach ($path in $regPaths) {
if (-not (Test-Path $path)) {
New-Item -Path $path -Force | Out-Null
}
New-ItemProperty `
-Path $path `
-Name "OSName" `
-Value $finalOSName `
-PropertyType String `
-Force | Out-Null
}
# --- Optional output for logging ---
Write-Output "BackInfo OSName set to: $finalOSName"
$SourceFilePath = "C:\Program Files\BackInfo\BackInfo.exe"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\BackInfo.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()

BIN
assets/Logo/X9-logo-barevné-square.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 KiB

BIN
assets/Logo/X9-logo-barevné-square.jpeg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 292 KiB

111
docs/xetup-review.md Normal file
View file

@ -0,0 +1,111 @@
# Xetup - Review vysledek
Datum: 15. 4. 2026
## 1. Priprava prostredi
[ ] **Adresar C:\X9 + ikona slozky** (CEKA)
Vytvoreni adresarove struktury C:\X9 se slozkami install, vlastni ikonou a logem.
[ ] **Nextcloud - stahovani souboru** (CEKA)
Stahovani Backinfo, Atera, Flash2, X9-ikona.ico, X9-logo.jpg z Nextcloudu do C:\X9\install.
> nextcloud tam netřeba, Backinfo máme ve vlastní složce
[?] **Admin ucet (adminx9)** (K DISKUSI)
Vytvoreni skryteho lokalniho admin uctu adminx9 pro MSP spravce.
> adminX9 bude bez hesla
[ ] **Aktivace Windows** (CEKA)
Aktivace Windows pomoci klice z configu nebo GVLK (KMS). Spec kolegy toto nezminuje.
## 2. Odstranovani bloatware
[ ] **AppX balicky (UWP aplikace)** (CEKA)
Odebirame ~65 preinstalovanych aplikaci (Solitaire, Xbox, Teams, Copilot, Mail...). Kalkulacka zustava.
[ ] **Windows Capabilities** (CEKA)
Odebirame: Fax, IE, WordPad, PowerShell ISE, Steps Recorder, WMP, Handwriting...
[ ] **Optional Features** (CEKA)
Vypnuti: MediaPlayback, PowerShell 2.0, Recall (AI), SnippingTool.
[?] **Flash2 integrace** (K DISKUSI)
Flash2 je nastroj kolegy pro debloating. Integrovat, nebo pouzit nase kroky 2a-2c?
> flash2 je v podstatě tento setup, minulá verze :-) takže je hlavně pro inspiraci a zahrnutí
[?] **OneDrive - NEMAZAT** (K DISKUSI)
Nas skript agresivne maze OneDrive vcetne instalatoru. Spec kolegy OneDrive neresi = nechat!
> nevím jestli v poslední verzi už to bylo opravené, ale v první verzi se onedrive zabíjel nějakým regeditem nebo scheduled taskem
[?] **RDP/RDS - NEODEBIRAT** (K DISKUSI)
SPEC mel RDP klient k odebirani. Kolega to nechce - RDP musi zustat funkcni.
> nevím jestli v poslední verzi už to bylo opravené, ale v první verzi se rdp problematizovalo nějakým regeditem nebo scheduled taskem
## 3. Instalace software
[ ] **Winget balicky (7-Zip, Adobe, OpenVPN)** (CEKA)
Silent instalace 7-Zip, Adobe Acrobat Reader, OpenVPN Connect pres winget.
[?] **Atera Agent (MSI)** (K DISKUSI)
Silent instalace Atera monitoring agenta z C:\X9\install\atera-agent\.
> použít tohle a nejlíp najít parametr, u kterého ATERA nebude chtí MFA kod z mailu:-)
curl -L -o setup.msi "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337" && msiexec /i setup.msi /qn
[ ] **BackInfo (info na plose)** (CEKA)
BackInfo.exe zobrazi hostname, user, OS, HW, sit uprostred plochy. Konfigurovatelny pres INI.
## 4. Vzhled a personalizace
[ ] **Barvy a motiv** (CEKA)
Tmavy system, svetle aplikace, accent #223B47, plna barva pozadi.
[ ] **Ikona Tento pocitac na plose** (CEKA)
Zobrazit ikonu Tento pocitac na plose.
[?] **Avatar uctu (X9 logo)** (K DISKUSI)
Nastaveni X9-logo.jpg jako profiloveho obrazku admin uctu.
> přidal jsem logo a ico do rootu do složky LOGO
## 5. Hlavni panel a Start menu
[ ] **Taskbar - zarovnani, skryti prvku** (CEKA)
Zarovnani vlevo, skryti Search, Task View, Widgets, Chat, Copilot.
[ ] **System tray - zobrazit vsechny ikony** (CEKA)
EnableAutoTray=0 + mazani icon cache + scheduled task ShowAllTrayIcons.
[ ] **Prazdny taskbar pinlist + Start menu** (CEKA)
Prazdny LayoutModification.xml (zadne pripnute apps), prazdne Start menu pins.
## 6. Systemova nastaveni
[ ] **HKLM registry tweaky** (CEKA)
BypassNRO, vypnuti Teams/Widgets/Copilot/GameDVR/Recall, hesla bez expirace, casova zona.
[ ] **Default Profile (NTUSER.DAT)** (CEKA)
Nastaveni pro vsechny budouci uzivatele: Explorer, Num Lock, GameDVR, Copilot...
[ ] **Napajeni (powercfg)** (CEKA)
Spanek nikdy na siti, obrazovka 60min/15min, spanek baterie 60min.
[ ] **Scheduled tasks** (CEKA)
ShowAllTrayIcons, PDF-DefaultApp, UnlockStartLayout.
## 7. Sit a Edge
[ ] **Proxy - vypnout auto-detect** (CEKA)
Vypnuti automatickeho zjistovani proxy serveru.
[ ] **MS Edge - rozsirene nastaveni** (CEKA)
Striktni tracking protection, Google vyhledavac, panel oblibenych, toolbar tlacitka.
## 8. Finalizace
[ ] **Prejmenování PC** (CEKA)
Rename-Computer na nazev z parametru -ComputerName. Vyzaduje restart.
[ ] **Bootstrap spoustec (irm | iex)** (CEKA)
Jednoradkovy spoustec z webu: irm https://xetup.x9.cz/setup.ps1 | iex

163
docs/xetup-win-setup-novinky.md Normal file
View file

@ -0,0 +1,163 @@
# Xetup Novinky oproti původní specifikaci (W11.pdf v3)
---
## A. Hlavní panel pinnované aplikace (diferenciace admin vs user)
Nový požadavek: různé sady připnutých aplikací podle typu profilu.
**Admin profil připnout na taskbar:**
- Nastavení (`ms-settings:`)
- Správa počítače (`compmgmt.msc`)
- Služby (`services.msc`)
- PowerShell (`pwsh.exe` nebo `powershell.exe`)
- Průzkumník Windows (`explorer.exe`)
- MS Edge (`msedge.exe`)
**User profil připnout na taskbar:**
- Průzkumník Windows (`explorer.exe`)
- MS Edge (`msedge.exe`)
**Implementace:**
Přímé pinnování přes registry/PS je v moderním Win11 neoficiální Microsoft odstranil `Pin-Application` cmdlet. Nejspolehlivější postup je XML layout policy:
```xml
<!-- TaskbarLayoutModification.xml admin varianta -->
<?xml version="1.0" encoding="utf-8"?>
<LayoutModificationTemplate xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" Version="1">
<CustomTaskbarLayoutCollection PinListPlacement="Replace">
<defaultlayout:TaskbarLayout xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
<taskbar:TaskbarPinList>
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk"/>
<taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk"/>
<taskbar:DesktopApp DesktopApplicationLinkPath="%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"/>
</taskbar:TaskbarPinList>
</defaultlayout:TaskbarLayout>
</CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>
```
```powershell
# Aplikovat layout policy (HKLM = platí pro všechny uživatele)
# Admin varianta
$xmlPathAdmin = "C:\X9\TaskbarAdmin.xml"
$xmlPathUser = "C:\X9\TaskbarUser.xml"
# Pro Default Profile (user) zapsat před prvním přihlášením uživatele
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" `
/v "LayoutXMLPath" /t REG_SZ /d $xmlPathUser /f
```
> **Upozornění:** `LayoutXMLPath` policy je dostupná ve Win11 22H2+. Před nasazením ověřit verzi. Shortcuty pro `compmgmt.msc` a `services.msc` je nutné vytvořit ručně jako `.lnk` soubory, protože XML přijímá pouze `.lnk` cesty.
---
## B. Průzkumník Windows nastavení
Tři změny oproti původní specifikaci:
| Nastavení | Hodnota |
|---|---|
| Otevřít Průzkumník pro | Tento počítač (místo Rychlý přístup) |
| Nedávné soubory / složky / Office.com | Vše vypnuto |
| Zobrazit úplnou cestu v záhlaví | Zapnuto |
**Registry (aplikovat do Default Profile hive):**
```registry
; Otevřít pro "Tento počítač" místo Rychlého přístupu
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- LaunchTo = 1 (DWORD) ; 1 = Tento počítač, 2 = Rychlý přístup
; Vypnout historii posledních souborů a složek
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
- ShowRecent = 0 (DWORD)
- ShowFrequent = 0 (DWORD)
; Zobrazit úplnou cestu v záhlaví
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
- FullPath = 1 (DWORD)
```
```powershell
# Blok pro vložení do sekce reg load/unload (Default Profile)
$hive = "HKU\DefaultUser"
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" `
-Name "LaunchTo" -Value 1 -Type DWord
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer" `
-Name "ShowRecent" -Value 0 -Type DWord
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer" `
-Name "ShowFrequent" -Value 0 -Type DWord
New-Item -Path "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" `
-Force | Out-Null
Set-ItemProperty "Registry::$hive\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" `
-Name "FullPath" -Value 1 -Type DWord
```
---
## C. Síťové zjišťování zapnout ping, přepnout na privátní síť
Nový krok: po přejmenování/připojení do domény zapnout zjišťování sítě a přepnout profil sítě na privátní (bez toho nefunguje ping na stanici).
```powershell
# Zapnout Network Discovery a File Sharing
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
# Přepnout aktuální síťový profil na Private (= "Ne, chci síť změnit na privátní")
# Funguje pro první aktivní síťové rozhraní
$adapter = Get-NetConnectionProfile | Select-Object -First 1
Set-NetConnectionProfile -InterfaceIndex $adapter.InterfaceIndex -NetworkCategory Private
```
> **Scope:** Toto nastavení se aplikuje na aktuální síťové připojení v době spuštění skriptu nelze předem uložit do Default Profile, protože se váže na konkrétní síťový adaptér/GUID. Skript musí být spuštěn po připojení k síti.
> **Závislost:** Pokud se stanice teprve připojuje do domény, spustit tento blok až po restartu a domain-join.
---
## D. Popis účtu adminx9
Nový krok: nastavit pole "Jméno a příjmení" u lokálního účtu `adminx9` na hodnotu `X9.cz s.r.o.`
Provádí se přes Správu počítače → Místní uživatelé a skupiny → Uživatelé → adminx9 → Vlastnosti → záložka Obecné.
**Automatizace:**
```powershell
# Nastavit Full Name pro lokální účet adminx9
$user = [ADSI]"WinNT://$env:COMPUTERNAME/adminx9,user"
$user.FullName = "X9.cz s.r.o."
$user.SetInfo()
```
> **Scope:** Platí pouze pro aktuální (admin) účet na tomto stroji není součástí Default Profile. Spustit před předáním stanice klientovi.
---
## Integrace do hlavního skriptu
Nové kroky přidat do architektury spuštění:
```
Deploy-Windows.ps1
├── ... (existující kroky)
├── NEW: Popis účtu adminx9 = "X9.cz s.r.o."
├── NEW: Průzkumník registry do Default Profile hive
├── NEW: Taskbar XML layout (admin nebo user varianta dle parametru)
├── 9. Přejmenování PC + restart
└── NEW: Po restartu zapnout síťové zjišťování + privátní profil
```
**Nový parametr skriptu:**
```powershell
[ValidateSet("admin","user")]
[string]$ProfileType = "user" # řídí TaskbarLayout XML i zarovnání panelu
```

347
docs/xetup-win-setup-spec.md Normal file
View file

@ -0,0 +1,347 @@
# Xetup Specifikace automatizovaného nastavení Windows 10/11
> **Účel:** Eliminovat ~3 hodiny ručního nastavování nových Windows stanic pro klienty X9.cz
> **Cíl:** Jeden PowerShell skript spustitelný z admina, výsledek uložen v Default Profile (aplikuje se všem budoucím uživatelům)
> **Repo:** `C:\x9\xetup`
> **Vstup:** Parametrizovaný spouštěč název PC, doména (volitelná), typ profilu (admin/user)
---
## 1. Struktura adresářů
```
C:\X9\
├── install\
│ ├── Backinfo\
│ ├── flash2\
│ ├── atera-agent\
│ ├── 7zip.exe
│ ├── AdobeReader.exe
│ └── OpenVPNConnect.exe
├── X9-ikona.ico
└── X9-logo.jpg
```
**Kroky:**
- [ ] Vytvořit `C:\X9` a `C:\X9\install`
- [ ] Stáhnout z Nextcloudu: Backinfo, Atera agent, Flash2, ikonu X9, logo X9
- [ ] Stáhnout z internetu: 7-zip, Adobe Reader, OpenVPN Connect
- [ ] Roztřídit soubory do správných adresářů dle výše
> **Automatizace:** `Invoke-WebRequest` pro stažení + `Copy-Item` pro přesun. Nextcloud vyžaduje autentizaci credentials parametrem nebo uloženým tokenem.
---
## 2. Přizpůsobení Pozadí a barvy (Default Profile)
Všechna nastavení ukládat do `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes` + Default Profile hive (`C:\Users\Default\NTUSER.DAT`).
| Nastavení | Hodnota |
|---|---|
| Typ pozadí | Plná barva |
| Barva pozadí | `#223B47` |
| Barevný režim | Vlastní |
| Režim Windows | Tmavý |
| Režim aplikací | Světlý |
| Barva motivu | Ruční `#223B47` |
| Barva v Start menu | Zapnuto |
| Barva v záhlavích oken | Zapnuto |
**Registry klíče (NTUSER.DAT / Default Profile):**
```
HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize
- AppsUseLightTheme = 1 (DWORD)
- SystemUsesLightTheme = 0 (DWORD)
- ColorPrevalence = 1 (DWORD)
HKCU\Control Panel\Desktop
- Wallpaper = "" (prázdný string = plná barva)
- WallpaperStyle = 0
HKCU\Control Panel\Colors
- Background = "34 59 71" (RGB hodnota #223B47)
```
> **Poznámka:** Barvu motivu (`AccentColor`) nastavit přes `HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent` hodnota `AccentColorMenu` = `0xFF3B2322` (ABGR formát).
---
## 3. Přizpůsobení Motivy (ikony na ploše)
- [ ] Zobrazit ikonu **Tento počítač** na ploše
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
- {20D04FE0-3AEA-1069-A2D8-08002B30309D} = 0 (DWORD) ; Tento počítač
```
> Aplikovat do Default Profile hive.
---
## 4. Hlavní panel (Taskbar)
| Nastavení | Hodnota |
|---|---|
| Vyhledávací pole | Skryto |
| Zobrazení úkolů (Task View) | Vypnuto |
| Widgety | Vypnuto |
| Zarovnání (uživatel) | Vlevo |
| Zarovnání (admin) | Na střed |
| Systémové ikony (overflow) | Vše viditelné |
**Registry (Win11):**
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Search
- SearchboxTaskbarMode = 0 (DWORD) ; skrýt hledání
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- ShowTaskViewButton = 0 (DWORD)
- TaskbarAl = 0 (DWORD) ; 0=vlevo, 1=střed
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People
- PeopleBand = 0 (DWORD)
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds
- EnableFeeds = 0 (DWORD) ; widgety
```
**Viditelnost systémových ikon (overflow area):**
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
- EnableAutoTray = 0 (DWORD) ; zobrazit vše, nevracet do přetečení
```
> **Problém:** Automatické zobrazení VŠECH budoucích ikon (nový SW po instalaci) nelze 100% garantovat přes registry `EnableAutoTray=0` je nejbližší řešení. Individuální ikony aplikací závisí na tom, co si každá aplikace sama zapíše.
---
## 5. Připnutí složky X9 na hlavní panel
- [ ] Složce `C:\X9` nastavit vlastní ikonu (`X9-ikona.ico`)
- [ ] Připnout na panel rychlého spuštění (Quick Access / Taskbar)
```powershell
# Nastavení vlastní ikony složky (desktop.ini)
$iniPath = "C:\X9\desktop.ini"
Set-Content $iniPath "[.ShellClassInfo]`nIconResource=C:\X9\X9-ikona.ico,0`n[ViewState]`nMode=`nVid=`nFolderType=Generic"
attrib +s +h $iniPath
attrib +s "C:\X9"
# Připnutí na taskbar vyžaduje Shell COM objekt nebo workaround přes VBScript
```
> **Upozornění:** Připnutí složky na taskbar je v moderním Win11 omezené Microsoft tuto možnost odstranil. Alternativa: připnout jako Quick Access v Průzkumníku nebo vytvořit shortcut na ploše.
---
## 6. Profil účtu avatar
- [ ] Nahrát `X9-logo.jpg` jako profilový obrázek admin účtu
```powershell
$accountPicPath = "$env:APPDATA\Microsoft\Windows\AccountPictures"
New-Item -ItemType Directory -Force -Path $accountPicPath
Copy-Item "C:\X9\X9-logo.jpg" "$accountPicPath\X9-logo.jpg"
# Nastavit jako výchozí profilový obrázek přes registry
```
> **Scope:** Toto platí jen pro aktuální (admin) účet, nikoliv Default Profile je to záměr.
---
## 7. Napájení
| Nastavení | Hodnota |
|---|---|
| Spánek při napájení ze sítě | Nikdy |
| Vypnutí obrazovky (síť) | 1 hodina |
| Vypnutí obrazovky (baterie) | 15 minut |
| Spánek na baterii | 1 hodina |
| Zavření víka | Neautomatizovat |
```powershell
powercfg /change standby-timeout-ac 0 # nikdy - síť
powercfg /change monitor-timeout-ac 60 # 60 min - síť
powercfg /change monitor-timeout-dc 15 # 15 min - baterie
powercfg /change standby-timeout-dc 60 # 60 min - baterie
```
---
## 8. Síť Proxy server
- [ ] Vypnout automatické zjišťování nastavení proxy
```registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- AutoDetect = 0 (DWORD)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- AutoDetect = 0 (DWORD)
```
---
## 9. Přejmenování počítače
```powershell
param([string]$NewName)
Rename-Computer -NewName $NewName -Force -Restart
```
> Restart je nutný. Připojení do domény probíhá zvlášť přes stejné rozhraní není součástí tohoto skriptu (volitelný parametr `-Domain`).
---
## 10. Odinstalace bloatware
Aktuálně řešeno přes **Flash2** integrovat volání Flash2 instalačky nebo zachovat jako samostatný krok.
Alternativně vlastní seznam přes winget/AppX:
```powershell
# Příklady AppX balíčků k odebrání (rozšířit dle potřeby)
$bloatware = @(
"Microsoft.BingWeather",
"Microsoft.GetHelp",
"Microsoft.Getstarted",
"Microsoft.MicrosoftSolitaireCollection",
"Microsoft.People",
"Microsoft.WindowsFeedbackHub",
"Microsoft.Xbox.TCUI",
"Microsoft.XboxApp",
"Microsoft.ZuneMusic",
"Microsoft.ZuneVideo"
)
foreach ($app in $bloatware) {
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -like $app | Remove-AppxProvisionedPackage -Online -ErrorAction SilentlyContinue
}
```
> `Remove-AppxProvisionedPackage` zajistí, že se bloatware neobjeví ani novým uživatelům (Default Profile).
---
## 11. Nastavení uživatelského profilu (Default Profile)
Klíčový mechanismus: **načíst `C:\Users\Default\NTUSER.DAT` jako dočasný hive**, aplikovat registry změny, odpojit hive.
```powershell
reg load "HKU\DefaultUser" "C:\Users\Default\NTUSER.DAT"
# ... zde všechny Set-ItemProperty operace s cestou HKU:\DefaultUser\...
reg unload "HKU\DefaultUser"
```
> Tímto způsobem se veškerá nastavení (barvy, taskbar, Edge, atd.) aplikují všem budoucím uživatelům při prvním přihlášení.
---
## 12. Instalace SW
| Aplikace | Zdroj | Metoda |
|---|---|---|
| 7-Zip | Internet / winget | `winget install 7zip.7zip` |
| Adobe Reader | Internet / winget | `winget install Adobe.Acrobat.Reader.64-bit` |
| OpenVPN Connect | Internet / winget | `winget install OpenVPNTechnologies.OpenVPNConnect` |
| Atera Agent | Nextcloud (`C:\X9\install`) | MSI silent install |
| Backinfo | Nextcloud (`C:\X9\install`) | PS skript |
```powershell
winget install --id 7zip.7zip --silent --accept-package-agreements --accept-source-agreements
winget install --id Adobe.Acrobat.Reader.64-bit --silent --accept-package-agreements --accept-source-agreements
winget install --id OpenVPNTechnologies.OpenVPNConnect --silent --accept-package-agreements --accept-source-agreements
```
---
## 13. Backinfo
```powershell
Copy-Item "C:\X9\install\Backinfo" "C:\Program Files\Backinfo" -Recurse
Set-ExecutionPolicy Unrestricted -Force
& "C:\Program Files\Backinfo\backinfo_W11.ps1"
Set-ExecutionPolicy Restricted -Force
```
> Backinfo zapíše do registru verzi W11 a nastaví autostart po přihlášení.
---
## 14. MS Edge nastavení
Nastavit přes registry (platí pro všechny uživatele pokud aplikováno do Default Profile nebo HKLM).
| Nastavení | Hodnota |
|---|---|
| Ochrana sledování | Striktní (`2`) |
| Panel oblíbených | Vždy zobrazit |
| Výchozí vyhledávač | Google |
| Tlačítka panelu nástrojů | Historie, Aplikace, Stažené soubory, Výkon |
```registry
HKLM\SOFTWARE\Policies\Microsoft\Edge
- TrackingPrevention = 3 (DWORD) ; Striktní
- FavoritesBarEnabled = 1 (DWORD) ; Oblíbené vždy
- DefaultSearchProviderEnabled = 1
- DefaultSearchProviderName = "Google"
- DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}"
; Toolbar tlačítka individuální nastavení přes Edge policy nebo NTUSER.DAT
```
> **Poznámka:** Edge nastavení přes GPO/registry mají přednost před uživatelskými preferencemi. Pro Default Profile alternativně upravit `%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Preferences` šablonou méně spolehlivé.
---
## 15. Spouštěč parametry hlavního skriptu
```powershell
# Deploy-Windows.ps1
param(
[Parameter(Mandatory=$true)]
[string]$ComputerName,
[string]$Domain = "", # prázdné = pracovní skupina
[ValidateSet("admin","user")]
[string]$TaskbarAlign = "user", # admin=střed, user=vlevo
[string]$NextcloudUrl = "",
[string]$NextcloudUser = "",
[string]$NextcloudPass = ""
)
```
---
## Otevřené otázky / TODO
- [ ] Jak řešit stahování z Nextcloudu bez interaktivního přihlášení? (token vs. credentials parametr)
- [ ] Flash2 integrovat nebo volat jako subprocess?
- [ ] Atera Agent silent install parametry MSI?
- [ ] Přejmenování PC + připojení do domény jako jeden průchod nebo dva samostatné kroky?
- [ ] Testování: Win10 vs Win11 některé registry klíče se liší (hlavně Taskbar)
- [ ] Složka X9 na Taskbaru Win11 nepodporuje připnutí složky; nahradit shortcutem na ploše?
---
## Architektura spuštění (navržená)
```
irm https://xetup.x9.cz/setup.ps1 | iex
└── Stáhne Deploy-Windows.ps1 z repa
└── Vyzve na parametry (nebo převezme z CLI)
└── Spustí Deploy-Windows.ps1 -ExecutionPolicy Bypass
├── 1. Vytvoří adresáře
├── 2. Stáhne soubory (Nextcloud + web)
├── 3. Odinstaluje bloatware (AppX + Flash2)
├── 4. Nainstaluje SW (winget)
├── 5. Aplikuje registry do Default Profile (reg load/unload)
├── 6. Nastaví napájení
├── 7. Nastaví proxy
├── 8. Spustí Backinfo
├── 9. Přejmenuje PC
└── 10. Restart
```

834
review.html Normal file
View file

@ -0,0 +1,834 @@
<!DOCTYPE html>
<html lang="cs">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Xetup - Review v2</title>
<style>
:root {
--bg: #0f1117;
--card: #1a1d27;
--border: #2a2d3a;
--text: #e0e0e0;
--muted: #888;
--accent: #223B47;
--green: #2ea043;
--green-bg: rgba(46,160,67,.12);
--red: #da3633;
--red-bg: rgba(218,54,51,.12);
--yellow: #d29922;
--yellow-bg: rgba(210,153,34,.12);
--blue: #58a6ff;
--blue-bg: rgba(88,166,255,.12);
--purple: #a371f7;
--purple-bg: rgba(163,113,247,.12);
}
* { box-sizing: border-box; margin: 0; padding: 0; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: var(--bg);
color: var(--text);
padding: 2rem;
max-width: 960px;
margin: 0 auto;
line-height: 1.5;
}
h1 { font-size: 1.6rem; margin-bottom: .3rem; color: #fff; }
.subtitle { color: var(--muted); margin-bottom: 1.5rem; font-size: .9rem; }
.stats {
display: flex; gap: 1rem; margin-bottom: 2rem; flex-wrap: wrap;
}
.stat {
background: var(--card); border: 1px solid var(--border); border-radius: 8px;
padding: .6rem 1rem; font-size: .85rem; min-width: 100px; text-align: center;
}
.stat .num { font-size: 1.4rem; font-weight: 700; display: block; }
.stat.s-pending .num { color: var(--muted); }
.stat.s-approved .num { color: var(--green); }
.stat.s-rejected .num { color: var(--red); }
.stat.s-discuss .num { color: var(--yellow); }
.group { margin-bottom: 2rem; }
.group-header {
display: flex; align-items: center; gap: .6rem;
margin-bottom: .7rem; padding-bottom: .4rem; border-bottom: 1px solid var(--border);
}
.group-icon {
font-size: 1rem; width: 26px; height: 26px;
display: flex; align-items: center; justify-content: center;
border-radius: 6px; background: rgba(255,255,255,.05); font-weight: 700;
}
.group-title { font-size: 1.05rem; font-weight: 600; color: #fff; }
.group-count { color: var(--muted); font-size: .85rem; }
.step {
background: var(--card); border: 1px solid var(--border); border-radius: 10px;
margin-bottom: .6rem; overflow: hidden; transition: border-color .2s;
}
.step.status-approved { border-left: 3px solid var(--green); }
.step.status-rejected { border-left: 3px solid var(--red); }
.step.status-discuss { border-left: 3px solid var(--yellow); }
.step-header {
display: flex; align-items: center; padding: .7rem 1rem;
cursor: pointer; gap: .6rem; user-select: none;
}
.step-header:hover { background: rgba(255,255,255,.03); }
.step-title { font-weight: 600; flex: 1; font-size: .92rem; }
.step-source {
font-size: .65rem; padding: .12rem .4rem; border-radius: 3px; white-space: nowrap;
}
.source-impl { background: var(--blue-bg); color: var(--blue); }
.source-spec { background: var(--yellow-bg); color: var(--yellow); }
.source-new { background: var(--purple-bg); color: var(--purple); }
.source-both { background: var(--green-bg); color: var(--green); }
.source-problem { background: var(--red-bg); color: var(--red); }
.source-resolved { background: rgba(255,255,255,.06); color: var(--muted); }
.status-badge {
font-size: .65rem; padding: .1rem .35rem; border-radius: 3px; font-weight: 600; display: none;
}
.step.status-approved .status-badge { display: inline; background: var(--green-bg); color: var(--green); }
.step.status-rejected .status-badge { display: inline; background: var(--red-bg); color: var(--red); }
.step.status-discuss .status-badge { display: inline; background: var(--yellow-bg); color: var(--yellow); }
.chevron {
color: var(--muted); transition: transform .2s; font-size: .75rem;
}
.step.open .chevron { transform: rotate(90deg); }
.step-body {
display: none; padding: 0 1rem 1rem 1rem; font-size: .86rem;
}
.step.open .step-body { display: block; }
.step-body p { margin-bottom: .4rem; }
.detail-label {
color: var(--muted); font-size: .75rem; text-transform: uppercase;
letter-spacing: .05em; margin-top: .7rem; margin-bottom: .25rem;
}
.step-body ul { margin-left: 1.2rem; margin-bottom: .4rem; }
.step-body li { margin-bottom: .2rem; }
.step-body code {
background: rgba(255,255,255,.08); padding: .08rem .3rem; border-radius: 3px;
font-size: .8rem; font-family: 'SF Mono', 'Fira Code', monospace;
}
.step-body pre {
background: rgba(0,0,0,.3); padding: .5rem .7rem; border-radius: 6px;
overflow-x: auto; font-size: .78rem; margin: .4rem 0;
font-family: 'SF Mono', 'Fira Code', monospace; line-height: 1.4;
}
.issue {
background: var(--red-bg); border: 1px solid rgba(218,54,51,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.issue strong { color: var(--red); }
.note {
background: var(--blue-bg); border: 1px solid rgba(88,166,255,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.note strong { color: var(--blue); }
.resolved {
background: rgba(255,255,255,.04); border: 1px solid var(--border);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.resolved strong { color: var(--green); }
.prev-comment {
background: var(--yellow-bg); border: 1px solid rgba(210,153,34,.3);
border-radius: 6px; padding: .45rem .65rem; margin: .4rem 0; font-size: .83rem;
}
.prev-comment strong { color: var(--yellow); }
.actions { display: flex; gap: .4rem; margin-top: .7rem; flex-wrap: wrap; }
.btn {
padding: .3rem .65rem; border: 1px solid var(--border); border-radius: 6px;
background: transparent; color: var(--text); cursor: pointer;
font-size: .78rem; transition: all .15s;
}
.btn:hover { background: rgba(255,255,255,.06); }
.btn-approve { border-color: var(--green); color: var(--green); }
.btn-approve:hover, .btn-approve.active { background: var(--green-bg); }
.btn-reject { border-color: var(--red); color: var(--red); }
.btn-reject:hover, .btn-reject.active { background: var(--red-bg); }
.btn-discuss { border-color: var(--yellow); color: var(--yellow); }
.btn-discuss:hover, .btn-discuss.active { background: var(--yellow-bg); }
.comment-area { margin-top: .5rem; display: none; }
.comment-area.visible { display: block; }
.comment-area textarea {
width: 100%; background: rgba(0,0,0,.3); border: 1px solid var(--border);
border-radius: 6px; color: var(--text); padding: .45rem; font-size: .83rem;
font-family: inherit; resize: vertical; min-height: 55px;
}
.comment-area textarea:focus { outline: none; border-color: var(--blue); }
.export-bar {
position: sticky; bottom: 0; background: var(--card);
border: 1px solid var(--border); border-radius: 10px;
padding: .7rem 1rem; margin-top: 1.5rem;
display: flex; align-items: center; gap: .8rem;
justify-content: space-between; flex-wrap: wrap; z-index: 10;
}
.btn-export {
padding: .45rem 1rem; background: var(--accent); color: #fff; border: none;
border-radius: 6px; cursor: pointer; font-size: .85rem; font-weight: 600;
}
.btn-export:hover { opacity: .85; }
.btn-minor {
padding: .35rem .7rem; background: transparent; border: 1px solid var(--border);
color: var(--muted); border-radius: 6px; cursor: pointer; font-size: .78rem;
}
.btn-minor:hover { color: var(--text); border-color: var(--text); }
@media (max-width: 600px) {
body { padding: 1rem; }
.stats { gap: .5rem; }
.stat { min-width: 70px; padding: .4rem .5rem; }
}
</style>
</head>
<body>
<h1>Xetup - Windows Deployment Review v2</h1>
<p class="subtitle">Vcetne novinek od kolegy + zapracovane komentare z review v1. Schval / zamitni / okomentuj.</p>
<div class="stats">
<div class="stat s-pending"><span class="num" id="cnt-pending">0</span>Ceka</div>
<div class="stat s-approved"><span class="num" id="cnt-approved">0</span>OK</div>
<div class="stat s-rejected"><span class="num" id="cnt-rejected">0</span>Ne</div>
<div class="stat s-discuss"><span class="num" id="cnt-discuss">0</span>Diskuse</div>
</div>
<div id="app"></div>
<div class="export-bar">
<div style="display:flex;gap:.5rem;flex-wrap:wrap">
<button class="btn-minor" onclick="toggleAll()">Rozbalit/sbalit vse</button>
<button class="btn-minor" onclick="expandDetails()">Otevrit detaily</button>
<button class="btn-minor" onclick="clearAll()">Reset vsech hlasu</button>
</div>
<div style="display:flex;gap:.5rem;flex-wrap:wrap">
<button class="btn-export" onclick="copyToClipboard()">Kopirovat Markdown</button>
<button class="btn-export" onclick="exportMarkdown()" style="background:#333;border:1px solid var(--border)">Stahnout .md</button>
</div>
</div>
<script>
const groups = [
{
id: "prep",
icon: "1",
title: "Priprava prostredi",
steps: [
{
id: "v2-dirs",
title: "Adresar C:\\X9 + ikona slozky",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Vytvoreni C:\\X9, kopirovani assets (BackInfo, Logo, ikona). Vlastni ikona slozky pres desktop.ini.",
detail: `<p class="detail-label">Struktura</p>
<pre>C:\\X9\\
+-- install\\ (staging pro Atera MSI atd.)
+-- X9-ikona.ico (ikona slozky)
+-- X9-logo.jpg (avatar uctu)</pre>
<p class="detail-label">Ikona slozky</p>
<pre>[.ShellClassInfo]
IconResource=C:\\X9\\X9-ikona.ico,0
attrib +s +h "C:\\X9\\desktop.ini"
attrib +s "C:\\X9"</pre>
<div class="resolved"><strong>Z review v1:</strong> Nextcloud neni potreba - Backinfo mame v assets/ repa, logo taky. Stahovat se bude jen Atera MSI (viz krok 3b).</div>
<div class="note"><strong>Pozn:</strong> Pripnuti slozky na taskbar Win11 nepodporuje. Shortcut na plose nebo Quick Access.</div>`
},
{
id: "v2-admin",
title: "Admin ucet (adminx9)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Vytvoreni skryteho admin uctu adminx9 BEZ HESLA. FullName = \"X9.cz s.r.o.\"",
detail: `<p class="detail-label">Co delame</p>
<ul>
<li>Vytvoreni <code>adminx9</code></li>
<li><strong>Bez hesla</strong> (zmena oproti v1, kde bylo heslo z config.json)</li>
<li>Pridani do Administrators</li>
<li>Heslo nevyprsi, uzivatel nesmi menit</li>
<li>Skryti z login screen (SpecialAccounts\\UserList = 0)</li>
</ul>
<div class="prev-comment"><strong>Review v1:</strong> "adminX9 bude bez hesla"</div>
<p class="detail-label">NOVINKA: Popis uctu</p>
<pre>\$user = [ADSI]"WinNT://\$env:COMPUTERNAME/adminx9,user"
\$user.FullName = "X9.cz s.r.o."
\$user.SetInfo()</pre>
<p>Nastavi pole "Jmeno a prijmeni" na <code>X9.cz s.r.o.</code> - viditelne ve Sprave pocitace.</p>
<p class="detail-label">Skript</p>
<p><code>scripts/00-admin-account.ps1</code> (upravit: odstranit heslo, pridat FullName)</p>`
},
{
id: "v2-activation",
title: "Aktivace Windows",
source: "impl", sourceLabel: "Nase implementace",
summary: "Aktivace Windows pomoci klice z configu nebo GVLK (KMS). Spec kolegy toto nezminuje.",
detail: `<p class="detail-label">Co delame</p>
<ul>
<li>Kontrola stavu aktivace</li>
<li>Pouziti klice z <code>config.json</code> nebo GVLK fallback</li>
<li>Volitelne nastaveni KMS serveru</li>
<li><code>slmgr.vbs /ipk</code> + <code>/ato</code></li>
</ul>
<div class="note"><strong>Pozn:</strong> Spec kolegy aktivaci vubec neresi. Ponechat? Nebo vyradit a resit rucne?</div>
<p class="detail-label">Skript</p>
<p><code>scripts/08-activation.ps1</code></p>`
}
]
},
{
id: "debloat",
icon: "2",
title: "Odstranovani bloatware",
steps: [
{
id: "v2-appx",
title: "AppX balicky (UWP aplikace)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Odebirame ~65 preinstalovanych aplikaci. Kalkulacka zustava.",
detail: `<p class="detail-label">Hlavni balicky</p>
<pre>BingSearch, Camera, Clipchamp, Alarms, Copilot, Cortana,
DevHome, Family, FeedbackHub, GetHelp, Getstarted, Mail,
Maps, BingNews, OfficeHub, OneNote, Outlook, Paint, People,
Photos, PowerAutomate, QuickAssist, Skype, ScreenSketch,
Solitaire, StickyNotes, Teams, Todos, SoundRecorder, Wallet,
BingWeather, Terminal, Xbox (6x), GamingApp, YourPhone,
ZuneMusic, ZuneVideo, LinkedIn</pre>
<p class="detail-label">Zachovavame</p>
<ul><li><code>Microsoft.WindowsCalculator</code></li></ul>
<div class="resolved"><strong>Z review v1:</strong> "Flash2 je v podstate tento setup, minula verze - hlavne pro inspiraci a zahrnuti." = Flash2 neintegrujeme, nas seznam je kompletnejsi.</div>
<p class="detail-label">Skript</p>
<p><code>scripts/01-bloatware.ps1</code></p>`
},
{
id: "v2-caps",
title: "Windows Capabilities",
source: "impl", sourceLabel: "Implementovano",
summary: "Odebirame: Fax, IE, WordPad, PowerShell ISE, Steps Recorder, WMP, Handwriting...",
detail: `<pre>Print.Fax.Scan, Language.Handwriting, Browser.InternetExplorer,
MathRecognizer, OneCoreUAP.OneSync, OpenSSH.Client,
Microsoft.Windows.MSPaint, PowerShell.ISE,
QuickAssist, SnippingTool, StepsRecorder,
Hello.Face.*, WindowsMediaPlayer, WordPad</pre>`
},
{
id: "v2-features",
title: "Optional Features",
source: "impl", sourceLabel: "Implementovano",
summary: "Vypnuti: MediaPlayback, PowerShell 2.0, Recall (AI), SnippingTool. RDP se NEODEBIRA.",
detail: `<pre>MediaPlayback, MicrosoftWindowsPowerShellV2Root,
Recall (Windows AI), Microsoft-SnippingTool</pre>
<div class="resolved"><strong>Vyreseno:</strong> RDP klient (<code>Microsoft-RemoteDesktopConnection</code>) se NEODEBIRA. Puvodne byl ve SPEC, kolega potvrdil ze musi zustat.</div>`
},
{
id: "v2-onedrive",
title: "OneDrive - oprava",
source: "problem", sourceLabel: "OPRAVIT",
summary: "Nas skript agresivne maze OneDrive. Nutno opravit - nechat OneDrive instalovatelny.",
detail: `<p class="detail-label">Co aktualne spatne delame</p>
<ul>
<li><code>OneDriveSetup.exe /uninstall</code> + mazani exe</li>
<li>Mazani Start menu shortcutu</li>
<li>Mazani RunOnce klicu a Explorer namespace z Default Profile</li>
</ul>
<div class="prev-comment"><strong>Review v1:</strong> "nevim jestli v posledni verzi uz to bylo opravene, ale v prvni verzi se onedrive zabijel nejakym regeditem nebo scheduled taskem"</div>
<p class="detail-label">Stav v kodu</p>
<p>V aktualnim <code>03-system-registry.ps1</code> (radky 244-273) + <code>04-default-profile.ps1</code> (radky 240-261) je OneDrive stale agresivne mazany.</p>
<p class="detail-label">Reseni</p>
<p>Odstranit cely OneDrive blok z obou skriptu. OneDrive musi zustat instalovatelny pro M365.</p>`
},
{
id: "v2-rdp",
title: "RDP/RDS - overeni",
source: "problem", sourceLabel: "OVERIT",
summary: "RDP se v kodu neodebira (neni v seznamu). Overit, ze zadny registry tweak neblokuje RDS.",
detail: `<div class="prev-comment"><strong>Review v1:</strong> "nevim jestli v posledni verzi uz to bylo opravene, ale v prvni verzi se rdp problematizovalo nejakym regeditem nebo scheduled taskem"</div>
<p class="detail-label">Stav</p>
<p>V aktualnim kodu <code>01-bloatware.ps1</code> RDP NENI v seznamu k odebirani. Ale je mozne, ze nektery registry tweak v <code>03-system-registry.ps1</code> neprimo ovlivnuje RDS.</p>
<p class="detail-label">TODO</p>
<p>Prozkoumat vsechny HKLM zmeny a overit, ze zadna neblokuje Remote Desktop Services. Otestovat na VM.</p>`
}
]
},
{
id: "software",
icon: "3",
title: "Instalace software",
steps: [
{
id: "v2-winget",
title: "Winget balicky (7-Zip, Adobe, OpenVPN)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Silent instalace 7-Zip, Adobe Acrobat Reader, OpenVPN Connect pres winget.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem .4rem"><code>7zip.7zip</code></td><td>7-Zip</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem .4rem"><code>Adobe.Acrobat.Reader.64-bit</code></td><td>Adobe Reader</td></tr>
<tr><td style="padding:.25rem .4rem"><code>OpenVPNTechnologies.OpenVPNConnect</code></td><td>OpenVPN Connect</td></tr>
</table>
<p class="detail-label">Adobe jako vychozi PDF</p>
<ul>
<li>Po instalaci: <code>.pdf -&gt; AcroRd32</code> pres HKCR</li>
<li>Scheduled task <code>PDF-DefaultApp</code> obnovi asociaci pri kazdem prihlaseni</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/02-software.ps1</code></p>`
},
{
id: "v2-atera",
title: "Atera Agent",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Stahnout MSI z Atera API a provest silent install. MFA problem k reseni.",
detail: `<div class="prev-comment"><strong>Review v1 - kolega dodal presny postup:</strong></div>
<pre>curl -L -o setup.msi "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337"
msiexec /i setup.msi /qn</pre>
<p class="detail-label">PowerShell ekvivalent</p>
<pre>\$ateraUrl = "https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&amp;aeid=50b72e7113e54a63ac76b96c54c7e337"
\$ateraMsi = "C:\\X9\\install\\atera-setup.msi"
Invoke-WebRequest -Uri \$ateraUrl -OutFile \$ateraMsi
Start-Process msiexec -ArgumentList "/i \$ateraMsi /qn" -Wait</pre>
<div class="note"><strong>Otevrena otazka:</strong> Kolega rika "nejlip najit parametr, u ktereho ATERA nebude chtit MFA kod z mailu". Overit, jestli URL s aeid parametrem to obchazi.</div>`
},
{
id: "v2-backinfo",
title: "BackInfo (info na plose)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "BackInfo.exe - hostname, user, OS, HW, sit uprostred plochy. Mame v assets/, jen zkopirovat a spustit.",
detail: `<p class="detail-label">Instalace</p>
<ol>
<li>Zkopirovat <code>assets/Backinfo/</code> do <code>C:\\Program Files\\Backinfo\\</code></li>
<li>Spustit <code>backinfo_W11.ps1</code>:
<ul>
<li>Detekuje Win10/Win11 + edici</li>
<li>Zapise <code>HKLM:\\SOFTWARE\\BackInfo\\OSName</code></li>
<li>Vytvori shortcut do Startup (<code>StartUp\\BackInfo.lnk</code>)</li>
</ul>
</li>
<li>BackInfo.exe se pak spousti automaticky po kazdem prihlaseni</li>
</ol>
<p class="detail-label">INI</p>
<pre>AutoBackground=1, ForceDesktopCenter=1
Line1: CompName (42pt, bold, white, center)
Line2: UserName (20pt, gray, center)
Line3: OS z registru (20pt, bold, gray)
Line4: HW SysInfo (20pt, gray)
Line5: Network NetInfo (20pt, gray)</pre>
<div class="resolved"><strong>Vyreseno:</strong> BackInfo uz je v <code>assets/Backinfo/</code>. Nahrazuje nas custom 07-desktop-info.ps1 (smazat).</div>`
}
]
},
{
id: "appearance",
icon: "4",
title: "Vzhled a personalizace",
steps: [
{
id: "v2-theme",
title: "Barvy a motiv",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Tmavy system, svetle aplikace, accent #223B47, plna barva pozadi.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Rezim Windows</td><td><strong>Tmavy</strong></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Rezim aplikaci</td><td><strong>Svetly</strong></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent barva</td><td><strong>#223B47</strong> <span style="display:inline-block;width:13px;height:13px;background:#223B47;border-radius:3px;vertical-align:middle;border:1px solid #555"></span></td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent v Start/taskbar</td><td>Ano</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Accent v zahlavi oken</td><td>Ano</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Pruhlednost</td><td>Vypnuta</td></tr>
<tr><td style="padding:.25rem">Pozadi</td><td><strong>Plna barva #223B47</strong> (BackInfo prepise BMP)</td></tr>
</table>
<p class="detail-label">Skript</p>
<p><code>scripts/05-personalization.ps1</code></p>`
},
{
id: "v2-desktop",
title: "Ikona Tento pocitac na plose",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Zobrazit ikonu Tento pocitac na plose (Default Profile + HKCU).",
detail: `<pre>HKCU\\...\\HideDesktopIcons\\NewStartPanel
{20D04FE0-3AEA-1069-A2D8-08002B30309D} = 0</pre>`
},
{
id: "v2-avatar",
title: "Avatar uctu (X9 logo)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "X9-logo.jpg jako profilovy obrazek admin uctu. Logo mame v assets/Logo/.",
detail: `<pre>\$accountPicPath = "\$env:APPDATA\\Microsoft\\Windows\\AccountPictures"
Copy-Item "C:\\X9\\X9-logo.jpg" "\$accountPicPath\\X9-logo.jpg"</pre>
<div class="resolved"><strong>Vyreseno:</strong> Logo (ico + jpeg) presunuto do <code>assets/Logo/</code>. Plati jen pro admin ucet.</div>`
}
]
},
{
id: "taskbar",
icon: "5",
title: "Hlavni panel a Start menu",
steps: [
{
id: "v2-tb-layout",
title: "Taskbar - zarovnani, skryti prvku",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Skryti Search, Task View, Widgets, Chat, Copilot. Zarovnani dle parametru -ProfileType.",
detail: `<p class="detail-label">Skryte prvky</p>
<ul>
<li>Search box (SearchboxTaskbarMode=0)</li>
<li>Task View (ShowTaskViewButton=0)</li>
<li>Widgets (TaskbarDa=0)</li>
<li>Chat/Teams (TaskbarMn=0)</li>
<li>Copilot (ShowCopilotButton=0)</li>
</ul>
<p class="detail-label">Zarovnani</p>
<ul>
<li><code>-ProfileType user</code> = vlevo (TaskbarAl=0)</li>
<li><code>-ProfileType admin</code> = na stred (TaskbarAl=1)</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/04-default-profile.ps1</code></p>`
},
{
id: "v2-tb-pins",
title: "NOVINKA: Taskbar pinnovane aplikace (admin vs user)",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Ruzne sady pripnutych aplikaci podle -ProfileType. Admin: Settings, ComputerMgmt, Services, PS, Explorer, Edge. User: Explorer, Edge.",
detail: `<p class="detail-label">Admin profil - pripnout</p>
<ul>
<li>Nastaveni (<code>ms-settings:</code>)</li>
<li>Sprava pocitace (<code>compmgmt.msc</code>)</li>
<li>Sluzby (<code>services.msc</code>)</li>
<li>PowerShell</li>
<li>Pruzkumnik Windows</li>
<li>MS Edge</li>
</ul>
<p class="detail-label">User profil - pripnout</p>
<ul>
<li>Pruzkumnik Windows</li>
<li>MS Edge</li>
</ul>
<p class="detail-label">Implementace</p>
<p>XML layout policy (<code>LayoutXMLPath</code>). Pro <code>compmgmt.msc</code> a <code>services.msc</code> nutno vytvorit .lnk soubory, XML prijima jen .lnk cesty.</p>
<pre>&lt;CustomTaskbarLayoutCollection PinListPlacement="Replace"&gt;
&lt;taskbar:TaskbarPinList&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\PowerShell.lnk"/&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\File Explorer.lnk"/&gt;
&lt;taskbar:DesktopApp DesktopApplicationLinkPath="...\\Microsoft Edge.lnk"/&gt;
&lt;/taskbar:TaskbarPinList&gt;
&lt;/CustomTaskbarLayoutCollection&gt;</pre>
<div class="note"><strong>Pozn:</strong> <code>LayoutXMLPath</code> policy je dostupna ve Win11 22H2+. Nutno overit verzi pred nasazenim.</div>`
},
{
id: "v2-tray",
title: "System tray - zobrazit vsechny ikony",
source: "both", sourceLabel: "Implementovano",
summary: "EnableAutoTray=0 + mazani icon cache + scheduled task ShowAllTrayIcons.",
detail: `<ul>
<li><code>EnableAutoTray = 0</code> (Win10)</li>
<li>Mazani TrayNotify icon streams (Win11 workaround)</li>
<li>Scheduled task <code>ShowAllTrayIcons</code> pri kazdem prihlaseni</li>
</ul>`
},
{
id: "v2-start",
title: "Start menu - prazdne piny, bez Bing",
source: "impl", sourceLabel: "Implementovano",
summary: "Prazdny LayoutModification.xml, prazdne Start pins, vypnuty Bing suggestions.",
detail: `<ul>
<li><code>ConfigureStartPins = {"pinnedList":[]}</code></li>
<li><code>DisableSearchBoxSuggestions = 1</code></li>
<li>Scheduled task <code>UnlockStartLayout</code> po 5 min odemkne pro uzivatele</li>
</ul>`
}
]
},
{
id: "explorer",
icon: "6",
title: "Pruzkumnik Windows",
steps: [
{
id: "v2-explorer-base",
title: "Zakladni nastaveni (implementovano)",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "Otevirat do Tento pocitac, zobrazit pripony souboru.",
detail: `<pre>LaunchTo = 1 (Tento pocitac misto Rychly pristup)
HideFileExt = 0 (zobrazit pripony)</pre>
<p class="detail-label">Skript</p>
<p><code>scripts/04-default-profile.ps1</code></p>`
},
{
id: "v2-explorer-new",
title: "NOVINKA: Dalsi nastaveni Pruzkumniku",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Vypnout nedavne soubory/slozky, zobrazit uplnou cestu v zahlavi.",
detail: `<p class="detail-label">Nova nastaveni</p>
<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Nedavne soubory</td><td><strong>Vypnuto</strong> (ShowRecent=0)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Caste slozky</td><td><strong>Vypnuto</strong> (ShowFrequent=0)</td></tr>
<tr><td style="padding:.25rem">Uplna cesta v zahlavi</td><td><strong>Zapnuto</strong> (FullPath=1)</td></tr>
</table>
<p class="detail-label">Registry</p>
<pre>HKCU\\...\\Explorer
ShowRecent = 0 (DWORD)
ShowFrequent = 0 (DWORD)
HKCU\\...\\Explorer\\CabinetState
FullPath = 1 (DWORD)</pre>
<p>Aplikovat do Default Profile hive + HKCU.</p>`
}
]
},
{
id: "system",
icon: "7",
title: "Systemova nastaveni",
steps: [
{
id: "v2-registry",
title: "HKLM registry tweaky",
source: "both", sourceLabel: "Implementovano + Spec",
summary: "BypassNRO, vypnuti Teams/Widgets/Copilot/GameDVR/Recall, hesla bez expirace, casova zona.",
detail: `<ul>
<li>Bypass NRO (OOBE sit)</li>
<li>Vypnuti auto-instalace Teams</li>
<li>Vypnuti Cloud Optimized Content</li>
<li>Vypnuti Widgets</li>
<li>Edge: HideFirstRunExperience, zadny desktop shortcut</li>
<li>Hesla bez expirace</li>
<li>Casova zona: Central Europe Standard Time</li>
<li>Vypnuti GameDVR + Recall</li>
<li>Skryti Search (HKLM policy)</li>
<li>Skryti Recommended v Start menu</li>
<li>Vypnuti auto-instalace Outlooku</li>
</ul>
<p class="detail-label">Skript</p>
<p><code>scripts/03-system-registry.ps1</code></p>`
},
{
id: "v2-defprofile",
title: "Default Profile (NTUSER.DAT)",
source: "both", sourceLabel: "Implementovano",
summary: "Nastaveni pro budouci uzivatele: Explorer, Num Lock, GameDVR, Copilot...",
detail: `<pre>reg load "HKU\\DefaultProfile" "C:\\Users\\Default\\NTUSER.DAT"
... zmeny ...
reg unload "HKU\\DefaultProfile"</pre>
<ul>
<li>Explorer: pripony, Tento pocitac, ShowRecent/Frequent off, FullPath</li>
<li>Num Lock zapnut</li>
<li>Copilot vypnut</li>
<li>GameDVR vypnut</li>
<li>Start menu: prazdne piny, bez Bing</li>
</ul>`
},
{
id: "v2-power",
title: "Napajeni (powercfg)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Spanek nikdy na siti, obrazovka 60min/15min, spanek baterie 60min.",
detail: `<pre>powercfg /change standby-timeout-ac 0 # spanek sit: nikdy
powercfg /change monitor-timeout-ac 60 # obrazovka sit: 60 min
powercfg /change monitor-timeout-dc 15 # obrazovka bat: 15 min
powercfg /change standby-timeout-dc 60 # spanek bat: 60 min</pre>
<div class="note"><strong>Pozn:</strong> Zavreni vika - nechat vychozi.</div>`
},
{
id: "v2-tasks",
title: "Scheduled tasks",
source: "both", sourceLabel: "Implementovano",
summary: "ShowAllTrayIcons, PDF-DefaultApp, UnlockStartLayout.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem"><strong>ShowAllTrayIcons</strong></td><td>Logon: systray ikony</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem"><strong>PDF-DefaultApp</strong></td><td>Logon: .pdf -&gt; Adobe (SYSTEM)</td></tr>
<tr><td style="padding:.25rem"><strong>UnlockStartLayout</strong></td><td>5 min po startu, pak se smaze</td></tr>
</table>
<p class="detail-label">Skripty</p>
<p><code>C:\\Windows\\Setup\\Scripts\\</code></p>`
}
]
},
{
id: "network",
icon: "8",
title: "Sit a Edge",
steps: [
{
id: "v2-proxy",
title: "Proxy - vypnout auto-detect",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Vypnuti automatickeho zjistovani proxy serveru.",
detail: `<pre>HKCU\\...\\Internet Settings\\AutoDetect = 0
HKLM\\...\\Internet Settings\\AutoDetect = 0</pre>
<p>Aplikovat do Default Profile i HKCU.</p>`
},
{
id: "v2-edge",
title: "MS Edge - rozsirene nastaveni",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Striktni tracking protection, Google vyhledavac, panel oblibenych.",
detail: `<table style="width:100%;font-size:.83rem;border-collapse:collapse;">
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Tracking</td><td><strong>Striktni</strong> (TrackingPrevention=3)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Oblibene</td><td><strong>Vzdy videt</strong> (FavoritesBarEnabled=1)</td></tr>
<tr style="border-bottom:1px solid var(--border)"><td style="padding:.25rem">Vyhledavac</td><td><strong>Google</strong></td></tr>
<tr><td style="padding:.25rem">Toolbar</td><td>Historie, Aplikace, Stazene, Vykon</td></tr>
</table>
<pre>HKLM\\SOFTWARE\\Policies\\Microsoft\\Edge
TrackingPrevention = 3
FavoritesBarEnabled = 1
DefaultSearchProviderEnabled = 1
DefaultSearchProviderName = "Google"
DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}"</pre>`
},
{
id: "v2-network",
title: "NOVINKA: Sitove zjistovani + privatni sit",
source: "new", sourceLabel: "NOVINKA v2",
summary: "Zapnout Network Discovery, File Sharing, prepnout sit na Private (aby fungoval ping).",
detail: `<pre># Zapnout Network Discovery a File Sharing
netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
# Prepnout sitovy profil na Private
\$adapter = Get-NetConnectionProfile | Select-Object -First 1
Set-NetConnectionProfile -InterfaceIndex \$adapter.InterfaceIndex -NetworkCategory Private</pre>
<div class="note"><strong>Dulezite:</strong> Vaze se na aktualni sitovy adapter - nelze ulozit do Default Profile. Spustit az po pripojeni k siti. Pokud domain-join, az po restartu.</div>`
}
]
},
{
id: "finish",
icon: "9",
title: "Finalizace",
steps: [
{
id: "v2-rename",
title: "Prejmenování PC",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Rename-Computer na nazev z parametru -ComputerName. Posledni krok pred restartem.",
detail: `<pre>Rename-Computer -NewName $ComputerName -Force -Restart</pre>
<ul>
<li>Restart je nutny</li>
<li>Pripojeni do domeny = volitelne, nezavisle</li>
</ul>`
},
{
id: "v2-bootstrap",
title: "Bootstrap spoustec (irm | iex)",
source: "spec", sourceLabel: "Spec kolegy",
summary: "Jednoradkovy spoustec: irm https://xetup.x9.cz/setup.ps1 | iex",
detail: `<pre>irm https://xetup.x9.cz/setup.ps1 | iex</pre>
<p class="detail-label">Parametry</p>
<pre>-ComputerName (povinny)
-Domain (volitelny)
-ProfileType "admin"|"user" (default "user")
ridi: taskbar zarovnani + pinnovane apps</pre>
<div class="note"><strong>Novy parametr -ProfileType</strong> (z novinek v2): nahrazuje puvodni -TaskbarAlign. Ridi zarovnani taskbaru I sadu pinnovanych aplikaci.</div>`
}
]
}
];
// --- Rendering ---
const STORAGE_PREFIX = 'xr2-';
function render() {
const app = document.getElementById('app');
app.innerHTML = '';
groups.forEach(g => {
const div = document.createElement('div');
div.className = 'group';
div.innerHTML = `
<div class="group-header">
<div class="group-icon">${g.icon}</div>
<span class="group-title">${g.title}</span>
<span class="group-count">(${g.steps.length})</span>
</div>`;
g.steps.forEach(s => {
const saved = load(s.id);
const sc = saved.status ? `status-${saved.status}` : '';
const badge = {approved:'OK',rejected:'NE',discuss:'?'}[saved.status]||'';
const el = document.createElement('div');
el.className = `step ${sc}`;
el.dataset.id = s.id;
el.innerHTML = `
<div class="step-header" onclick="toggle(this)">
<span class="step-title">${s.title}</span>
<span class="status-badge">${badge}</span>
<span class="step-source source-${s.source}">${s.sourceLabel}</span>
<span class="chevron">&#9654;</span>
</div>
<div class="step-body">
<p>${s.summary}</p>
<details style="margin-top:.5rem">
<summary style="cursor:pointer;color:var(--blue);font-size:.83rem;user-select:none">Zobrazit detaily</summary>
<div style="margin-top:.4rem">${s.detail}</div>
</details>
<div class="actions">
<button class="btn btn-approve ${saved.status==='approved'?'active':''}" onclick="setStatus('${s.id}','approved',this)">Schvalit</button>
<button class="btn btn-reject ${saved.status==='rejected'?'active':''}" onclick="setStatus('${s.id}','rejected',this)">Zamitnout</button>
<button class="btn btn-discuss ${saved.status==='discuss'?'active':''}" onclick="setStatus('${s.id}','discuss',this)">K diskusi</button>
</div>
<div class="comment-area ${saved.comment?'visible':''}">
<textarea placeholder="Poznamka / komentar..." oninput="saveComment('${s.id}',this.value)">${saved.comment||''}</textarea>
</div>
</div>`;
div.appendChild(el);
});
app.appendChild(div);
});
updateCounts();
}
function toggle(h){h.closest('.step').classList.toggle('open')}
let allOpen=false;
function toggleAll(){allOpen=!allOpen;document.querySelectorAll('.step').forEach(s=>s.classList.toggle('open',allOpen))}
function expandDetails(){document.querySelectorAll('.step-body details').forEach(d=>d.open=true);document.querySelectorAll('.step').forEach(s=>s.classList.add('open'));allOpen=true}
function setStatus(id,status,btn){
const st=load(id);
st.status=st.status===status?'':status;
save(id,st);
const step=btn.closest('.step');
step.className=`step ${st.status?'status-'+st.status:''} open`;
step.querySelector('.status-badge').textContent={approved:'OK',rejected:'NE',discuss:'?'}[st.status]||'';
step.querySelectorAll('.actions .btn').forEach(b=>b.classList.remove('active'));
if(st.status)btn.classList.add('active');
const ca=step.querySelector('.comment-area');
if(st.status==='discuss'||st.status==='rejected'){ca.classList.add('visible');ca.querySelector('textarea').focus()}
updateCounts();
}
function saveComment(id,v){const s=load(id);s.comment=v;save(id,s)}
function load(id){try{return JSON.parse(localStorage.getItem(STORAGE_PREFIX+id))||{}}catch{return{}}}
function save(id,s){localStorage.setItem(STORAGE_PREFIX+id,JSON.stringify(s))}
function allSteps(){return groups.flatMap(g=>g.steps)}
function updateCounts(){
let c={pending:0,approved:0,rejected:0,discuss:0};
allSteps().forEach(s=>{const st=load(s.id).status;if(st&&c[st]!==undefined)c[st]++;else c.pending++});
document.getElementById('cnt-pending').textContent=c.pending;
document.getElementById('cnt-approved').textContent=c.approved;
document.getElementById('cnt-rejected').textContent=c.rejected;
document.getElementById('cnt-discuss').textContent=c.discuss;
}
function clearAll(){if(!confirm('Opravdu smazat vsechny hlasy a komentare?'))return;allSteps().forEach(s=>localStorage.removeItem(STORAGE_PREFIX+s.id));render()}
function genMd(){
let md=`# Xetup - Review v2 vysledek\n\nDatum: ${new Date().toLocaleDateString('cs-CZ')}\n\n`;
const ic={approved:'[OK]',rejected:'[X]',discuss:'[?]',pending:'[ ]'};
const lb={approved:'SCHVALENO',rejected:'ZAMITNUTO',discuss:'K DISKUSI',pending:'CEKA'};
groups.forEach(g=>{
md+=`## ${g.icon}. ${g.title}\n\n`;
g.steps.forEach(s=>{
const st=load(s.id);const status=st.status||'pending';
md+=`${ic[status]} **${s.title}** (${lb[status]})\n`;
md+=`${s.summary}\n`;
if(st.comment)md+=`> ${st.comment}\n`;
md+=`\n`;
});
});
return md;
}
function exportMarkdown(){const b=new Blob([genMd()],{type:'text/markdown'});const a=document.createElement('a');a.href=URL.createObjectURL(b);a.download='xetup-review-v2.md';a.click()}
function copyToClipboard(){navigator.clipboard.writeText(genMd()).then(()=>{const b=event.target;const o=b.textContent;b.textContent='Skopirovano!';setTimeout(()=>b.textContent=o,1500)})}
render();
</script>
</body>
</html>