x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions

Compare commits

base: x9:main
Branches Tags
x9:main
x9:latest
x9:v0.9
x9:v0.8
x9:v0.7
x9:v0.1.0
..
compare: x9:v0.7
Branches Tags
x9:main
x9:latest
x9:v0.9
x9:v0.8
x9:v0.7
x9:v0.1.0

No commits in common. "main" and "v0.7" have entirely different histories.
main ... v0.7

16 changed files with 79 additions and 385 deletions
Show stats Expand all files Collapse all files

3
.claude/memory/MEMORY.md
View file

@ -7,8 +7,7 @@
- [Communication preferences](feedback_preferences.md) - Czech, discussion first, interactive reviews, phased approach
## Project
- [Xetup v0.9 release and CI/ops findings](project_v0.9_release.md) - bloatware toggles, release-via-dispatch, Forgejo UI, pwsh (as of 2026-06-03)
- [Xetup project state](project_xetup_state.md) - Current high-level snapshot: what it is, architecture, scripts, infra, status (as of 2026-06-03)
- [Xetup project state](project_xetup_state.md) - Current state, architecture decisions, what's next (as of 2026-04-15)
- [Technical findings](project_technical_findings.md) - Deep code analysis, UCPD issue, Win11 compatibility, tools research
## Reference

62
.claude/memory/project_v0.9_release.md
View file

@ -1,62 +0,0 @@
---
name: Xetup v0.9 release and CI/ops findings as of 2026-06-03
description: What shipped in v0.9 (bloatware toggles), how releases really trigger, Forgejo UI customization, dev tooling
type: project
---
## v0.9 shipped (2026-06-03)
Tag `v0.9`, named non-prerelease, signed `xetup.exe` published. Also on rolling `latest`.
### Bloatware feature toggles (step 01)
The bloatware step now has three independent GUI checkboxes (in `runner.StepFeatures()`
under `bloatware`, defaults in `config.go` + `config.json`):
- `standardBloatware` (default on) - the bulk AppX/capability/feature list.
- `removeNewOutlook` (default on) - the new Outlook for Windows app
(`Microsoft.OutlookForWindows`). Classic Outlook from M365 is a Win32 app, never
touched - only the bundled UWP new Outlook is.
- `removeSnippingTool` (default OFF) - **Snipping Tool is now KEPT by default**.
Spans three list entries: `Microsoft.ScreenSketch` (the modern app), the legacy
capability `Microsoft.Windows.SnippingTool`, and the optional feature
`Microsoft-SnippingTool`. Kept like Calculator (common productivity tool).
Gating logic is `Test-RemovalAllowed` in `scripts/01-bloatware.ps1`: each item is
governed by its own flag, so toggles are independent (a single feature off does not
disable the whole step).
### Latent bug fixed
The Go `Config` struct had no `Bloatware` field, so the GUI's runtime-config
regeneration silently dropped `bloatware.keepPackages` - the script's keep-list merge
was effectively dead when run via xetup.exe. Added the field.
## CI / release mechanics (important)
- `release.yml` triggers on push to `main` ONLY for paths `**.go`, `scripts/**`,
`assets/**`, `embed.go`, `app.manifest`, `release.yml`. Docs-only / `web/**` pushes
do NOT trigger a build.
- **Version tags release via `workflow_dispatch` on the tag ref, NOT a plain tag push.**
A `vX.Y` tag usually points at a docs-only "release X.Y" commit, which the `paths`
filter blocks - so `git push <tag>` does nothing. Dispatch instead:
`POST /api/v1/repos/x9/xetup/actions/workflows/release.yml/dispatches {"ref":"vX.Y"}`.
This is how v0.8 and v0.9 were built. `github.ref = refs/tags/vX.Y` -> named release.
- Release notes come from the matching `## [X.Y]` section in `CHANGELOG.md`. Move the
`[Unreleased]` content into a dated `## [X.Y] - DATE` section before tagging.
## Forgejo UI customization
- Top-left Forgejo brand logo (`#navbar-logo`) is replaced with a back-link to
`xetup.x9.cz` via `templates/custom/header.tmpl` (CSS + small JS retargeting href).
- Forgejo custom path is `GITEA_CUSTOM=/data/gitea` inside the `xetup-forgejo`
container; templates live in the `xetup_forgejo-data` volume (NOT git by itself).
- Source is versioned in the repo at `deploy/forgejo/` (mirror + README). Deploy =
`docker cp` into the container + `docker restart xetup-forgejo` (templates load at
startup). Runner reconnects on its own.
## Dev tooling
- `pwsh` (PowerShell 7.6.2) is installed on the dev box (Debian 12) via the Microsoft
apt repo. Use it for PS syntax/parse checks:
`[System.Management.Automation.Language.Parser]::ParseFile(...)`. Note: Windows-only
cmdlets (Remove-AppxPackage, Get-WindowsCapability...) cannot run here.
## Still open
- v0.9 / `latest` are NOT smoke-tested on real Windows yet. Recommend VM test
(snapshot -> run -> revert) before a technician deploys to a client. Revert path:
`git revert <sha>` + push (CI rebuilds `latest`).

123
.claude/memory/project_xetup_state.md
View file

@ -1,72 +1,73 @@
---
name: Xetup project state as of 2026-06-03
description: Current state of the xetup Windows deployment project - what it is, architecture, status, what is shipped vs open
name: Xetup project state as of 2026-04-15
description: Current state of the xetup Windows deployment project - architecture decisions, what exists, what's planned
type: project
---
## What xetup is
Automated Windows 10/11 setup for X9.cz MSP clients - replaces hours of manual
prep on a new machine with a single signed binary the technician runs on-site as
Administrator. ~20 machines/month, various clients. `xetup.exe` is the SOLE entry
point (no CLI script entry point - do NOT create Deploy-Windows.ps1).
Automated Windows 10/11 setup for X9.cz MSP clients. Replaces ~3 hours of manual work with a single script/tool.
Detailed architecture, conventions and per-step notes live in `CLAUDE.md` and
`SPEC.md` - this file is the high-level current-state snapshot.
## Architecture (as built)
- **Go GUI launcher** (`xetup.exe`) - single binary, embeds `scripts/` + `assets/`
via `embed.go`. Extracts to temp, loads config, runs PS scripts sequentially,
handles reboot-resume cycles, sends an HTML email report (SMTP2Go) at the end.
- **GUI is Walk** (Windows-only, CGO required) - NOT a charmbracelet TUI (that was
an early-planning idea that did not ship). Cross-compiled with mingw:
`CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc GOOS=windows GOARCH=amd64`.
- Three GUI phases: config form -> live log -> summary with reboot countdown.
- **Steps with sub-features**: GUI checkboxes map to `config.features[step][feature]`
(missing key defaults to true). Step is enabled if >=1 of its features is checked.
- **Reboot-resume**: steps exit code 9 = "reboot required"; runner persists state,
sets autologon for `adminx9` + an `X9-Resume` scheduled task, reboots, resumes.
Steps 09 (pcIdentity on rename) and 12 (windowsUpdate) can trigger it.
## Current scripts (step order)
## Current repo structure (cleaned 2026-04-15)
```
00 admin-account (adminx9, no password, hidden, FullName "X9.cz s.r.o.")
08 activation (OA3 -> config key -> GVLK)
01 bloatware (AppX + Capabilities + Optional Features; feature-gated)
02 software (parallel winget + Adobe PDF default + Atera under SYSTEM)
03 system-registry (HKLM tweaks, Edge policies, OneDrive, powercfg)
04 default-profile (NTUSER.DAT + HKCU + personalization, merged into one hive load)
07 backinfo (BackInfo.exe + startup shortcut)
10 network (Private profile, ping, Network Discovery)
11 dell-update (Dell Command | Update, auto-skip on non-Dell)
09 pc-identity (rename PC + C:\X9 folder, exit 9 on rename)
12 windows-update (PSWindowsUpdate reboot cycle, exit 9)
xetup/
├── review.html ← interactive review page v2 (with colleague comments)
├── xetup-review.md ← exported review v1 results from colleague
├── xetup-win-setup-spec.md ← original spec from colleague
├── xetup-win-setup-novinky.md ← v2 additions from colleague (taskbar pins, explorer, network, admin desc)
├── W11.pdf ← reference PDF
└── windows-deployment-new/ ← the active codebase
├── Deploy-Windows.ps1 ← master script
├── CLAUDE.md / SPEC.md
├── config/config.json
├── assets/
│ ├── Backinfo/ ← BackInfo.exe + ini + ps1 (ready to use)
│ └── Logo/ ← X9 ico + jpeg (moved here 2026-04-15)
└── scripts/
├── 00-admin-account.ps1
├── 01-bloatware.ps1
├── 02-software.ps1
├── 03-system-registry.ps1
├── 04-default-profile.ps1
├── 05-personalization.ps1
├── 06-scheduled-tasks.ps1
├── 07-desktop-info.ps1 ← TO BE REPLACED by BackInfo
└── 08-activation.ps1
```
Note: old 05-personalization / 06-scheduled-tasks / 07-desktop-info no longer
exist (personalization merged into 04; DesktopInfo replaced by BackInfo).
## Infra / web (live)
- **Forgejo** at git.xetup.x9.cz (container `xetup-forgejo`, v9.0.3) - git + issues +
Actions CI. Runner: `xetup-runner`. Navbar logo customized to a xetup.x9.cz
back-link (see `deploy/forgejo/`).
- **Static site** at xetup.x9.cz (container `xetup-web`, nginx) - bind-mounts
`/opt/xetup/web` directly, so editing `web/**` is LIVE immediately (no deploy step).
Pages: landing, spec (from `web/data/descriptions.json`), changelog (renders
`CHANGELOG.md` via Forgejo raw API).
- **CI release** (`.forgejo/workflows/release.yml`): builds, signs (Azure Trusted
Signing), publishes `xetup.exe`. Push to `main` touching code/scripts -> rolling
`latest`. Version `vX.Y` releases are triggered by `workflow_dispatch` on the tag
ref (the `paths` filter blocks docs-only tag pushes). Signing SP is shared across
X9 projects - do NOT rotate.
## Key decisions made (2026-04-15 session)
1. **BackInfo wins over custom DesktopInfo** - colleague prefers it (INI config, auto-update, centered text). Our 07-desktop-info.ps1 will be deleted.
2. **OneDrive must NOT be removed** - current code aggressively deletes it, breaks M365. Must fix 03-system-registry.ps1 and 04-default-profile.ps1.
3. **RDP must NOT be removed** - was in SPEC but never implemented (good). Remove from SPEC entirely.
4. **Colleague's spec has priority** over our implementation when they overlap.
5. **adminx9 account: no password** (changed from config-driven password), FullName = "X9.cz s.r.o."
6. **Nextcloud not needed** - assets are in repo, only Atera MSI downloads from web.
7. **Flash2 not integrated** - it's the old version of this tool, just for inspiration.
8. **Atera Agent**: curl from `https://x9.servicedesk.atera.com/api/utils/agent-install/windows/?cid=31&aeid=50b72e7113e54a63ac76b96c54c7e337` then `msiexec /i setup.msi /qn`
## Status (2026-06-03)
- **Released: v0.9** - bloatware feature toggles (Outlook/Snipping/standard now
independently toggleable; Snipping kept by default), `keepPackages` runtime bug
fixed. See `project_v0.9_release.md` for detail.
- CI, signing, web, changelog page all working.
## Architecture direction (decided 2026-04-15)
- **Go TUI launcher** (xetup.exe) - single binary, embeds PS scripts + assets
- Charmbracelet stack: bubbletea, huh, lipgloss
- Self-update from web (version.json check)
- **Web platform** at xetup.x9.cz:
- Forgejo for git hosting + issues + CI
- Auto-generated documentation from spec.yaml
- Comments via Forgejo Issues API
- Landing page + download + changelog
- Deployment reporting dashboard (later)
- **spec.yaml** as single source of truth for both exe and docs
## Open / next
- v0.9 + `latest` NOT yet smoke-tested on real Windows - recommend VM test
(snapshot -> run -> revert) before client deployment.
- Complete winget SW list still TODO (config list may be incomplete).
- Hard rules (from CLAUDE.md): keep Calculator; do not remove OneDrive policy-block;
do not remove RDP/RDS; no diacritics anywhere; no `$ErrorActionPreference=Stop`.
## What needs to happen next
1. Create spec.yaml from all gathered specs + review
2. Initialize Go project structure
3. Fix PS scripts (OneDrive removal, admin password, BackInfo integration)
4. Set up repo (GitHub initially, Forgejo later)
5. First Go build with TUI form
6. CI pipeline (GitHub Actions)
7. Web landing page
## Technical findings from deep analysis
- UCPD kernel driver (since Feb 2024) blocks PDF default association via UserChoice - need to disable UCPD during deployment
- System tray "show all icons" broken in Win11 24H2 - EnableAutoTray=0 ignored
- Edge needs ~15 more policy keys than we currently set
- ConfigureStartPins has new applyOnce property in 24H2
- Current code quality is solid: 3-level registry fallback, proper hive handling with GC+finally

49
CHANGELOG.md
View file

@ -8,50 +8,7 @@ Builds are continuous: every push to `main` produces a signed `xetup.exe` publis
## [Unreleased]
### Changed
- **Photos now kept** (01): `Microsoft.Windows.Photos` is added to the always-keep list
(`KeepPackages`), so the default image viewer is no longer removed - like Calculator. It stays
in the removal list but the keep-guard skips it and logs `KEEP Microsoft.Windows.Photos`.
## [0.9] - 2026-06-03
### Added
- **Bloatware feature toggles** (01): the bloatware step now exposes three GUI checkboxes -
`standardBloatware` (default on, the bulk AppX/capability/feature list), `removeNewOutlook`
(default on, the new Outlook for Windows app `Microsoft.OutlookForWindows`) and
`removeSnippingTool` (default OFF). Each toggle is independent, so a technician can spare
Outlook or remove the Snipping Tool without affecting the rest.
### Changed
- **Snipping Tool now kept by default** (01): `Microsoft.ScreenSketch` (the modern Snipping Tool
app) plus the legacy capability and optional feature are no longer removed unless
`removeSnippingTool` is checked - it is a commonly used productivity tool, like Calculator.
Classic Outlook from M365 was never removed (it is a Win32 app, not an AppX package); only the
bundled new Outlook is, and that is now toggleable.
### Fixed
- **`bloatware.keepPackages` was dropped at runtime**: the Go `Config` struct had no `Bloatware`
field, so the GUI's runtime-config regeneration silently discarded `keepPackages`. Added the
field so the keep-list survives and is honored by `01-bloatware.ps1`.
## [0.8] - 2026-06-02
### Added
- **Web changelog page** (`/changelog/`) that renders `CHANGELOG.md` from the repo (Forgejo raw
API via the `/forgejo-api` proxy) - single source of truth. Linked from the site nav.
- **CI release automation**: the release workflow derives the release notes from `CHANGELOG.md`,
and a version tag (`vX.Y`) builds, signs and publishes a named (non-prerelease) release for
that version; `main`/dispatch keep the rolling `latest` prerelease.
### Fixed
- **BackInfo background color**: use the COLORREF value `4668194` for #223B47. BackInfo uses a
COLORREF (`0x00BBGGRR` / BGR), so the 0.7 value `2243399` (`0x223B47`) was read with red/blue
swapped and rendered olive-brown (#473B22). Reverts the 0.7 change.
- **BackInfo black border in some profiles** (04): BackInfo paints a centered bitmap; when it is
smaller than the screen, the surrounding desktop showed black in profiles whose
`Control Panel\Colors\Background` was not set. The solid desktop background color (#223B47) is
now written to HKU\.DEFAULT and to every existing user profile (loading each hive as needed),
in addition to the Default hive and current user, so the area around the bitmap blends in.
_Nothing yet._
## [0.7] - 2026-06-02
@ -90,8 +47,8 @@ Builds are continuous: every push to `main` produces a signed `xetup.exe` publis
to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and
title bars/borders) is written to the Default hive, the current user (HKCU) and `HKU\.DEFAULT` so
all profiles match. (`4d08d0c`)
- **BackInfo background color**: changed `BackgroundColor` to 2243399 (later found wrong - BackInfo
uses COLORREF/BGR; corrected in [Unreleased]). (`4d08d0c`)
- **BackInfo background color**: `BackgroundColor 4668194 -> 2243399`. BackInfo reads the value as
0xRRGGBB (RGB), not COLORREF/BGR, so #223B47 = 2243399; the BGR value swapped red/blue. (`4d08d0c`)
### CI / Infra
- deploy.json update step made non-fatal (cosmetic, runs after the release is published). (`8a7fc10`)

1
CLAUDE.md
View file

@ -200,7 +200,6 @@ git push "http://x9:${TOKEN}@localhost:3100/x9/xetup.git" main
- Do not use `$ErrorActionPreference = "Stop"` - scripts must survive partial failure
- Do not remove Calculator (Microsoft.WindowsCalculator)
- Do not remove Photos (Microsoft.Windows.Photos)
- Do not use ARM VM for testing
- Do not write scripts depending on specific username
- Do not use hardcoded paths that do not exist on clean Windows

17
SPEC.md
View file

@ -63,15 +63,6 @@ Removes ~35 AppX packages (Cortana, Copilot, Teams, Xbox, Skype, News, etc.),
~14 Windows Capabilities (Fax, IE, WordPad, etc.), and Optional Features
(PowerShell 2.0, Recall). Calculator intentionally kept.
Three GUI feature toggles gate removal:
- `standardBloatware` (default on) - the bulk list above.
- `removeNewOutlook` (default on) - the new Outlook for Windows app
(`Microsoft.OutlookForWindows`). Classic Outlook from M365 is a Win32 app and
is never touched.
- `removeSnippingTool` (default OFF) - Snipping Tool across all three lists
(ScreenSketch app + legacy capability + legacy feature). Kept by default as a
common productivity tool, like Calculator.
---
## Step 02 - Software installation
@ -141,11 +132,7 @@ the current user (HKCU) and HKU\.DEFAULT (lock/welcome screen) so all profiles m
Copies BackInfo.exe + INI to C:\Program Files\Backinfo\. Detects OS, writes OSName to
registry. Creates startup shortcut for all users. BackInfo renders system info BMP as
desktop wallpaper on every logon. Background is solid #223B47 (BackInfo.ini
BackgroundColor = 4668194; BackInfo uses a COLORREF / 0x00BBGGRR / BGR value, so
#223B47 = 71*65536 + 59*256 + 34 = 4668194. The RGB value 2243399 rendered olive-brown).
Because BackInfo paints a centered bitmap, step 04 also sets the solid desktop background color
(#223B47) in the Default hive, the current user, HKU\.DEFAULT and every existing profile - otherwise
a sub-screen bitmap shows a black border around it.
BackgroundColor = 2243399; BackInfo reads the value as 0xRRGGBB / RGB, not COLORREF/BGR).
---
@ -193,7 +180,7 @@ properties (logging the raw objects printed "System.__ComObject").
"activation": { "productKey": "", "kmsServer": "" },
"software": { "install": [{ "name": "...", "wingetId": "..." }] },
"steps": { "adminAccount": true, ... },
"features": { "bloatware": { "standardBloatware": true, "removeNewOutlook": true, "removeSnippingTool": false }, "software": { "wingetInstalls": true, ... }, ... },
"features": { "software": { "wingetInstalls": true, "pdfDefault": true, "ateraAgent": true }, ... },
"bloatware": { "keepPackages": ["Microsoft.WindowsCalculator"] }
}
```

7
assets/Backinfo/BackInfo.ini
View file

@ -56,10 +56,9 @@
;;
[General]
; #223B47 as COLORREF (0x00BBGGRR): B=71 G=59 R=34 -> 71*65536 + 59*256 + 34 = 4668194.
; BackInfo uses COLORREF/BGR (per its own header doc above). The RGB value 2243399
; (0x223B47) was read as COLORREF, swapping R/B and rendering olive-brown (#473B22).
BackgroundColor = 4668194
; #223B47 read as 0xRRGGBB decimal: BackInfo uses RGB order here (NOT COLORREF/BGR),
; so 0x223B47 = 2243399. The previous BGR value (4668194) rendered with R/B swapped.
BackgroundColor = 2243399
; AutoBackground=0: do NOT read live desktop color - unreliable during deployment
; (live session may not yet reflect the registry background color change)
AutoBackground = 0

5
config/config.json
View file

@ -33,11 +33,6 @@
"windowsUpdate": true
},
"features": {
"bloatware": {
"standardBloatware": true,
"removeNewOutlook": true,
"removeSnippingTool": false
},
"software": {
"wingetInstalls": true,
"pdfDefault": true,

34
deploy/forgejo/README.md
View file

@ -1,34 +0,0 @@
# Forgejo customizations
Custom UI tweaks for the `xetup-forgejo` instance (git.xetup.x9.cz). These live
in the Forgejo data volume (`xetup_forgejo-data`), which is NOT under git, so the
source of truth is kept here and deployed into the container.
## Files
- `templates/custom/header.tmpl` - injected into `<head>` on every page. Replaces
the meaningless Forgejo brand logo (top-left navbar) with a back-link to
`xetup.x9.cz`. Pure CSS for the look; a small inline script retargets the
`#navbar-logo` href.
## Deploy
Custom templates are read at startup, so a restart is required after any change.
```bash
# Path inside the container: GITEA_CUSTOM=/data/gitea
docker exec xetup-forgejo sh -c 'mkdir -p /data/gitea/templates/custom'
docker cp deploy/forgejo/templates/custom/header.tmpl \
xetup-forgejo:/data/gitea/templates/custom/header.tmpl
docker exec xetup-forgejo sh -c 'chown -R git:git /data/gitea/templates'
docker restart xetup-forgejo
```
The runner (`xetup-runner`) reconnects on its own after the restart.
## Verify
```bash
curl -s http://localhost:3100/x9/xetup/releases | grep -q 'content: "xetup.x9.cz"' \
&& echo "header.tmpl injected" || echo "NOT injected"
```

33
deploy/forgejo/templates/custom/header.tmpl
View file

@ -1,33 +0,0 @@
<style>
/* The Forgejo brand in the top-left has no meaning for us; turn it into a
back-link to the main site (xetup.x9.cz). Pure CSS for the look, a tiny
script below retargets the href. */
#navbar-logo img { display: none !important; }
#navbar-logo {
display: inline-flex !important;
align-items: center;
gap: .35rem;
padding: .35rem .7rem !important;
border: 1px solid var(--color-secondary, #d4d7dc);
border-radius: 6px;
font-weight: 600;
line-height: 1;
white-space: nowrap;
}
#navbar-logo::before { content: "\2190"; font-size: 1.05em; }
#navbar-logo::after { content: "xetup.x9.cz"; }
#navbar-logo:hover {
background: var(--color-hover, rgba(0,0,0,.05));
border-color: var(--color-primary, #4078c0);
}
</style>
<script>
document.addEventListener('DOMContentLoaded', function () {
var logo = document.getElementById('navbar-logo');
if (logo) {
logo.setAttribute('href', 'https://xetup.x9.cz');
logo.setAttribute('aria-label', 'Zpet na xetup.x9.cz');
logo.setAttribute('title', 'Zpet na xetup.x9.cz');
}
});
</script>

15
internal/config/config.go
View file

@ -14,7 +14,6 @@ type Config struct {
Software Software `json:"software"`
Steps map[string]bool `json:"steps"`
Features Features `json:"features"`
Bloatware Bloatware `json:"bloatware"`
}
type Deployment struct {
@ -42,12 +41,6 @@ type Software struct {
Install []SoftwareItem `json:"install"`
}
// Bloatware holds bloatware-removal config. KeepPackages lists AppX package
// names that must never be removed, on top of the always-kept defaults.
type Bloatware struct {
KeepPackages []string `json:"keepPackages"`
}
// Features holds per-step, per-feature toggle flags.
// Keys: stepID -> featureID -> enabled.
// A missing key defaults to true (feature enabled).
@ -87,11 +80,6 @@ func DefaultConfig() Config {
"windowsUpdate": true,
},
Features: Features{
"bloatware": {
"standardBloatware": true,
"removeNewOutlook": true,
"removeSnippingTool": false,
},
"software": {
"wingetInstalls": true,
"pdfDefault": true,
@ -114,9 +102,6 @@ func DefaultConfig() Config {
"bios": true,
},
},
Bloatware: Bloatware{
KeepPackages: []string{"Microsoft.WindowsCalculator"},
},
}
}

5
internal/runner/runner.go
View file

@ -58,11 +58,6 @@ type Feature struct {
// have no sub-features and are controlled at the step level only.
func StepFeatures() map[string][]Feature {
return map[string][]Feature{
"bloatware": {
{ID: "standardBloatware", Label: "Standardni bloatware (AppX, capabilities, features)"},
{ID: "removeNewOutlook", Label: "Novy Outlook for Windows"},
{ID: "removeSnippingTool", Label: "Vystrizky / Snipping Tool"},
},
"software": {
{ID: "wingetInstalls", Label: "Instalace SW ze seznamu (winget)"},
{ID: "pdfDefault", Label: "Adobe Reader jako vychozi PDF"},

45
scripts/01-bloatware.ps1
View file

@ -5,15 +5,13 @@
.DESCRIPTION
Removes Microsoft-bundled apps and features not needed in a business MSP deployment.
Removal is done for all users (-AllUsers) and from the provisioning store so new
users do not get them either. Calculator and Photos are intentionally kept.
users do not get them either. Calculator is intentionally kept.
.ITEMS
appx-balicky-odstraneni-pro-vsechny-uziv: Uses Remove-AppxPackage -AllUsers and Remove-AppxProvisionedPackage. The provisioned removal prevents apps from reinstalling for new user profiles. Covers ~35 apps including Cortana, Copilot, Teams personal, Xbox, Skype, News, Weather, Maps.
zachovano-microsoft-windowscalculator: Calculator is explicitly excluded. Lightweight utility frequently used by technicians and end users. Removing it would require manual reinstall from Store.
zachovano-microsoft-windows-photos: Photos is explicitly excluded via KeepPackages. Default image viewer expected by end users; removing it leaves no built-in viewer and would require manual reinstall from Store.
windows-capabilities-fax-ie-openssh-wmp-: Removed via Remove-WindowsCapability: Fax & Scan, Internet Explorer mode, OpenSSH client, Windows Media Player (legacy), WordPad, Handwriting recognition, Steps Recorder, Math Input Panel, Quick Assist.
windows-optional-features-ps-2-0-mediapl: Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component.
feature-toggles: Three GUI feature flags gate removal. standardBloatware (default on) covers the bulk list. removeNewOutlook (default on) controls Microsoft.OutlookForWindows; classic Outlook from M365 is a Win32 app and is never touched. removeSnippingTool (default OFF) controls Snipping Tool across all three lists (ScreenSketch app + legacy capability + legacy feature) - kept by default as a common productivity tool, like Calculator.
#>
param(
[string]$ConfigPath,
@ -23,33 +21,6 @@ param(
. "$PSScriptRoot\common.ps1"
$Config = Load-Config $ConfigPath
# -----------------------------------------------------------------------
# Feature flags (see CLAUDE.md features system)
# standardBloatware - removes the bulk AppX/capability/feature list
# removeNewOutlook - new Outlook for Windows (Microsoft.OutlookForWindows)
# removeSnippingTool - Snipping Tool, spans all three lists; default OFF
# Outlook and Snipping items are gated by their own flag, independent of the
# standard flag, so each GUI checkbox does exactly what it says.
# -----------------------------------------------------------------------
$DoStandard = Get-Feature $Config "bloatware" "standardBloatware" $true
$DoOutlook = Get-Feature $Config "bloatware" "removeNewOutlook" $true
$DoSnipping = Get-Feature $Config "bloatware" "removeSnippingTool" $false
# Snipping Tool appears as an AppX package (ScreenSketch, the modern app),
# a legacy capability, and a legacy optional feature.
$SnippingItems = @(
"Microsoft.ScreenSketch"
"Microsoft.Windows.SnippingTool"
"Microsoft-SnippingTool"
)
function Test-RemovalAllowed {
param([string]$Name)
if ($Name -eq "Microsoft.OutlookForWindows") { return $DoOutlook }
if ($SnippingItems -contains $Name) { return $DoSnipping }
return $DoStandard
}
# -----------------------------------------------------------------------
# 1a - AppX packages
# -----------------------------------------------------------------------
@ -105,7 +76,7 @@ $AppxToRemove = @(
)
# Packages to always keep
$KeepPackages = @("Microsoft.WindowsCalculator", "Microsoft.Windows.Photos")
$KeepPackages = @("Microsoft.WindowsCalculator")
if ($Config -and $Config.bloatware -and $Config.bloatware.keepPackages) {
$KeepPackages += $Config.bloatware.keepPackages
}
@ -118,10 +89,6 @@ foreach ($pkg in $AppxToRemove) {
Write-Log " KEEP $pkg" -Level INFO
continue
}
if (-not (Test-RemovalAllowed $pkg)) {
Write-Log " KEEP (feature off): $pkg" -Level INFO
continue
}
# Installed packages (current user + all users)
$installed = Get-AppxPackage -Name $pkg -AllUsers -ErrorAction SilentlyContinue
@ -178,10 +145,6 @@ Write-Log "1b - Removing Windows Capabilities" -Level STEP
$installedCaps = Get-WindowsCapability -Online -ErrorAction SilentlyContinue
foreach ($cap in $CapabilitiesToRemove) {
if (-not (Test-RemovalAllowed $cap)) {
Write-Log " KEEP (feature off): $cap" -Level INFO
continue
}
# Match by prefix (e.g. Hello.Face matches Hello.Face.20134.0.0.0)
$matches = $installedCaps | Where-Object {
$_.Name -like "$cap*" -and $_.State -eq "Installed"
@ -214,10 +177,6 @@ $FeaturesToDisable = @(
Write-Log "1c - Disabling Windows Optional Features" -Level STEP
foreach ($feat in $FeaturesToDisable) {
if (-not (Test-RemovalAllowed $feat)) {
Write-Log " KEEP (feature off): $feat" -Level INFO
continue
}
$feature = Get-WindowsOptionalFeature -Online -FeatureName $feat -ErrorAction SilentlyContinue
if ($feature -and $feature.State -eq "Enabled") {
try {

48
scripts/04-default-profile.ps1
View file

@ -387,8 +387,7 @@ $pinList
@{ Key="Software\Microsoft\Windows\DWM"; Name="ColorPrevalence"; Val=1; Type="DWord" },
@{ Key="Software\Microsoft\Windows\CurrentVersion\Explorer\Accent"; Name="AccentColorMenu"; Val=$AccentColorABGR; Type="DWord" },
@{ Key="Software\Microsoft\Windows\CurrentVersion\Explorer\Accent"; Name="StartColorMenu"; Val=$AccentColorABGR; Type="DWord" },
@{ Key="Software\Microsoft\Windows\CurrentVersion\Explorer\Accent"; Name="AccentPalette"; Val=$AccentPalette; Type="Binary" },
@{ Key="Control Panel\Colors"; Name="Background"; Val="34 59 71"; Type="String" }
@{ Key="Software\Microsoft\Windows\CurrentVersion\Explorer\Accent"; Name="AccentPalette"; Val=$AccentPalette; Type="Binary" }
)
foreach ($c in $defaultColors) {
$cp = "Registry::HKU\.DEFAULT\$($c.Key)"
@ -402,51 +401,6 @@ $pinList
}
Write-Log " Theme/accent mirrored to HKU\.DEFAULT" -Level OK
# -------------------------------------------------------------------
# Desktop background color in EVERY existing user profile
# -------------------------------------------------------------------
# BackInfo paints a centered bitmap; if it is smaller than the screen, the
# area around it shows HKCU\Control Panel\Colors\Background. New users get
# #223B47 from the Default hive and the current user from HKCU above, but
# pre-existing profiles would show the default black border. Set the color
# in each real user profile (loading its hive if it is not already mounted).
Write-Log "Applying desktop background color to existing user profiles" -Level STEP
$profileList = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
foreach ($pl in (Get-ChildItem $profileList -ErrorAction SilentlyContinue)) {
$sid = Split-Path $pl.Name -Leaf
if ($sid -notmatch '^S-1-5-21-') { continue } # real interactive users only
$img = (Get-ItemProperty $pl.PSPath -Name ProfileImagePath -ErrorAction SilentlyContinue).ProfileImagePath
if (-not $img) { continue }
$hiveKeyPath = "Registry::HKU\$sid"
$tempLoaded = $false
if (-not (Test-Path $hiveKeyPath)) {
$ntuser = Join-Path $img "NTUSER.DAT"
if (-not (Test-Path $ntuser)) { continue }
& reg load "HKU\$sid" $ntuser 2>&1 | Out-Null
if ($LASTEXITCODE -ne 0) {
Write-Log " Could not load hive for $sid (in use?) - skipped" -Level WARN
continue
}
$tempLoaded = $true
}
try {
$colorsKey = "$hiveKeyPath\Control Panel\Colors"
if (-not (Test-Path $colorsKey)) { New-Item -Path $colorsKey -Force -ErrorAction Stop | Out-Null }
Set-ItemProperty -Path $colorsKey -Name "Background" -Value "34 59 71" -Type String -Force -ErrorAction Stop
Write-Log " Background color set for $sid ($(Split-Path $img -Leaf))" -Level OK
}
catch {
Write-Log " Failed background color for $sid - $_" -Level WARN
}
finally {
if ($tempLoaded) {
[GC]::Collect(); [GC]::WaitForPendingFinalizers(); Start-Sleep -Milliseconds 300
& reg unload "HKU\$sid" 2>&1 | Out-Null
}
}
}
# ===================================================================
# KEYBOARD LAYOUTS - Czech primary, US secondary
# ===================================================================

8
web/data/descriptions.json
View file

@ -13,14 +13,12 @@
},
"01-bloatware": {
"synopsis": "Removes pre-installed bloatware: AppX packages, Capabilities, and Optional Features.",
"description": "Removes Microsoft-bundled apps and features not needed in a business MSP deployment.\nRemoval is done for all users (-AllUsers) and from the provisioning store so new\nusers do not get them either. Calculator and Photos are intentionally kept.",
"description": "Removes Microsoft-bundled apps and features not needed in a business MSP deployment.\nRemoval is done for all users (-AllUsers) and from the provisioning store so new\nusers do not get them either. Calculator is intentionally kept.",
"items": {
"appx-balicky-odstraneni-pro-vsechny-uziv": "Uses Remove-AppxPackage -AllUsers and Remove-AppxProvisionedPackage. The provisioned removal prevents apps from reinstalling for new user profiles. Covers ~35 apps including Cortana, Copilot, Teams personal, Xbox, Skype, News, Weather, Maps.",
"zachovano-microsoft-windowscalculator": "Calculator is explicitly excluded. Lightweight utility frequently used by technicians and end users. Removing it would require manual reinstall from Store.",
"zachovano-microsoft-windows-photos": "Photos is explicitly excluded via KeepPackages. Default image viewer expected by end users; removing it leaves no built-in viewer and would require manual reinstall from Store.",
"windows-capabilities-fax-ie-openssh-wmp-": "Removed via Remove-WindowsCapability: Fax & Scan, Internet Explorer mode, OpenSSH client, Windows Media Player (legacy), WordPad, Handwriting recognition, Steps Recorder, Math Input Panel, Quick Assist.",
"windows-optional-features-ps-2-0-mediapl": "Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component.",
"feature-toggles": "Three GUI feature flags gate removal. standardBloatware (default on) covers the bulk list. removeNewOutlook (default on) controls Microsoft.OutlookForWindows; classic Outlook from M365 is a Win32 app and is never touched. removeSnippingTool (default OFF) controls Snipping Tool across all three lists (ScreenSketch app + legacy capability + legacy feature) - kept by default as a common productivity tool, like Calculator."
"windows-optional-features-ps-2-0-mediapl": "Disabled via Disable-WindowsOptionalFeature: PowerShell 2.0 (security risk - allows unsigned script execution bypass on older hosts), MediaPlayback, Windows Recall (AI screenshot surveillance), Snipping Tool optional component."
}
},
"02-software": {
@ -85,7 +83,7 @@
"registry-osname-hklm-software-backinfo": "Detects Windows build number and edition, writes OSName string to HKLM\\SOFTWARE\\BackInfo\\OSName (and WOW6432Node). BackInfo.ini references %OSName% to display the correct OS on the wallpaper.",
"startup-shortcut-backinfo-exe": "Creates a shortcut at C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\BackInfo.lnk pointing to C:\\Program Files\\Backinfo\\BackInfo.exe. Ensures BackInfo starts for every user on logon.",
"07-desktop-info-ps1-smazat-nahrazeno": "07-desktop-info.ps1 is superseded by this script. BackInfo.exe is the preferred approach - stable on Win10 and Win11, configurable via INI, already present in assets.",
"backinfo-pozadi-223b47": "BackInfo.ini sets a solid #223B47 background via BackgroundColor = 4668194. BackInfo uses a Windows COLORREF (0x00BBGGRR, i.e. BGR), so #223B47 = B*65536 + G*256 + R = 71*65536 + 59*256 + 34 = 4668194. The RGB value 2243399 (0x223B47) was read as a COLORREF, swapping red/blue, and rendered olive-brown (#473B22). BackInfo paints a centered bitmap, so the solid desktop background color (#223B47) is set in the Default hive, current user, HKU\\.DEFAULT and every existing profile - otherwise the area around a sub-screen bitmap shows a black border."
"backinfo-pozadi-223b47": "BackInfo.ini sets a solid #223B47 background via BackgroundColor = 2243399. BackInfo reads this value as 0xRRGGBB (RGB order), not a Windows COLORREF (BGR), so 0x223B47 = 2243399; the earlier BGR value 4668194 rendered with red and blue swapped."
}
},
"07-desktop-info": {

9
web/spec/index.html
View file

@ -578,12 +578,8 @@
<table class="items">
<tr class="flag-done"><td>AppX balicky &ndash; odstraneni pro vsechny uzivatele a provisioned</td><td>Remove-AppxPackage -AllUsers + Remove-AppxProvisionedPackage</td></tr>
<tr class="flag-done"><td>Zachovano: Microsoft.WindowsCalculator</td><td>Zamerny vyjimek</td></tr>
<tr class="flag-done"><td>Zachovano: Microsoft.Windows.Photos</td><td>Zamerny vyjimek (vychozi prohlizec obrazku)</td></tr>
<tr class="flag-done"><td>Windows Capabilities (Fax, IE, OpenSSH, WMP, WordPad, …)</td><td>Remove-WindowsCapability</td></tr>
<tr class="flag-done"><td>Windows Optional Features (PS 2.0, MediaPlayback, Recall, …)</td><td>Disable-WindowsOptionalFeature</td></tr>
<tr class="flag-done"><td>GUI prepinace: standardBloatware, removeNewOutlook, removeSnippingTool</td><td>Kazdy krok lze v GUI samostatne zaskrtnout/odskrtnout</td></tr>
<tr class="flag-done"><td>Novy Outlook for Windows (Microsoft.OutlookForWindows)</td><td>Default odebran; klasicky Outlook z M365 (Win32) se nedotyka</td></tr>
<tr class="flag-done"><td>Zachovano ve vychozim stavu: Vystrizky / Snipping Tool</td><td>ScreenSketch + legacy capability/feature; default OFF (jako Kalkulacka)</td></tr>
</table>
</div>
<div class="step-footer">
@ -609,7 +605,7 @@
<tr class="flag-done"><td>UCPD.sys (kernel driver, od Feb 2024) blokuje UserChoice</td><td>Stop-Service ucpd + 2s sleep + overeni zastaveni pred HKCR zapisem. Na Win11 24H2 je UCPD chranena sluzba a stop selze &ndash; logovano jako WARN (ne ERROR); HKCR zapis (system-wide) projde i tak.</td></tr>
<tr class="flag-done"><td>Winget parallel joby: timeout 600s + kill zavislych</td><td>Wait-Job -Timeout 600; po vyprseni Kill + Remove zavislych jobu</td></tr>
<tr class="flag-done"><td>Winget cesta explicitne predavana do parallel jobu</td><td>Opraveno &ndash; Start-Job nezdedi PATH; winget.exe fullpath preda jako argument. Exit 3010 (success+reboot) nyni vyhodnocen jako OK.</td></tr>
<tr class="flag-done"><td>Winget: <code>--source winget</code> u kazde instalace</td><td>Field fix &ndash; fresh Win11 ISO ma App Installer se starym pinned certem, msstore source pada na <code>0x8a15005e</code> a instalaci prerusi. <code>--source winget</code> msstore obejde. Plati i pro krok 11 (Dell).</td></tr>
<tr class="flag-done"><td>Winget: <code>--source winget</code> u kazde instalace</td><td>Field fix &ndash; fresh Win11 ISO ma App Installer se starym pinned certem, msstore source padá na <code>0x8a15005e</code> a instalaci prerusi. <code>--source winget</code> msstore obejde. Plati i pro krok 11 (Dell).</td></tr>
<tr class="flag-done"><td>Atera: detekce pres sluzbu <code>Get-Service AteraAgent</code></td><td>Field fix &ndash; agent se obcas instaluje do <code>C:\ProgramData\</code>; existence sluzby je spolehlivejsi nez kontrola souboru. Fallback na cesty vc. ProgramData.</td></tr>
</table>
<div class="note">
@ -712,8 +708,7 @@
<tr class="flag-done"><td>Spustit <code>backinfo_W11.ps1</code> (detekce OS, registry, Startup)</td><td>Logika inlinovana v 07-backinfo.ps1</td></tr>
<tr class="flag-done"><td>BackInfo.exe v assets/Backinfo/ k dispozici</td><td>Hotovo</td></tr>
<tr class="flag-done"><td>BackInfo auto-start pri kazdem logonu via Startup shortcut</td><td>Shortcut do ProgramData\StartUp vytvori 07-backinfo.ps1</td></tr>
<tr class="flag-done"><td>Pozadi #223B47 (<code>BackgroundColor = 4668194</code>)</td><td>BackInfo bere hodnotu jako COLORREF (<code>0x00BBGGRR</code>, BGR): B=71 G=59 R=34 = 4668194. Hodnota 2243399 (RGB) se cetla jako COLORREF, prohodila R/B a renderovala olivove hnedou (#473B22).</td></tr>
<tr class="flag-done"><td>Desktopova barva pozadi #223B47 ve vsech profilech</td><td>BackInfo dela vystredenou bitmapu; kdyz je mensi nez obrazovka, okolo prosvita <code>Control Panel\Colors\Background</code>. Nastavuje se v Default hive, aktualnim HKCU, <code>HKU\.DEFAULT</code> i v kazdem existujicim profilu &ndash; jinak byl okraj cerny.</td></tr>
<tr class="flag-done"><td>Pozadi #223B47 (<code>BackgroundColor = 2243399</code>)</td><td>BackInfo bere hodnotu jako 0xRRGGBB (RGB), ne COLORREF/BGR &ndash; tj. <code>0x223B47 = 2243399</code>. Drivejsi BGR hodnota (4668194) renderovala prohozene R/B.</td></tr>
</table>
<div class="note">
<strong>BackInfo.ini konfiguruje:</strong> hostname (velky, centrovan), uzivatelske jmeno,