x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions
xetup/SPEC.md
X9 Dev 2f0e176e82
All checks were successful
release / build-and-release (push) Successful in 24s
Details
docs: rewrite CLAUDE.md and SPEC.md to reflect current state 
Both files were significantly outdated - referencing deleted scripts
(Deploy-Windows.ps1, 05-personalization, 06-scheduled-tasks,
07-desktop-info), wrong step ordering, completed TODOs listed as
planned, and missing new features (email report, pre-flight checks,
parallel winget, common.ps1).

Rewritten from scratch based on actual current code state.
No historical cruft, no "planned changes" that are already done.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 12:36:12 +02:00

5.8 KiB
Raw Blame History

MSP Windows Deployment - Specification

Purpose: Automated preparation of new Windows 10/11 computers for X9.cz clients

Overview

xetup.exe replaces ~3 hours of manual computer setup. GUI launcher embeds PowerShell scripts, runs them sequentially, handles reboot cycles, sends email report when done. Settings are applied to Default Profile (NTUSER.DAT) so every new user inherits them.

Prerequisites

  • Windows 10 or Windows 11 (x64)
  • Run as Administrator
  • Internet connection (for winget installs, Atera agent, Windows Update)
  • Post-OOBE (fully installed Windows with at least one user account)

Step execution order

# Step Script Notes
00 Admin account 00-admin-account.ps1 adminx9, no password, hidden
08 Windows activation 08-activation.ps1 OA3 → config key → GVLK fallback
01 Bloatware removal 01-bloatware.ps1 AppX + Capabilities + Features
02 Software install 02-software.ps1 Parallel winget + Atera + PDF default
03 System registry 03-system-registry.ps1 HKLM tweaks, Edge, powercfg, WPAD
04 Profile + personalization 04-default-profile.ps1 NTUSER.DAT + HKCU + theme
07 BackInfo 07-backinfo.ps1 System info wallpaper overlay
10 Network 10-network.ps1 Private profile, ping, discovery
11 Dell Update 11-dell-update.ps1 Auto-skip on non-Dell HW
09 PC identity 09-pc-identity.ps1 Rename + C:\X9 (reboot on rename)
12 Windows Update 12-windows-update.ps1 Multi-round reboot cycle

Step 00 - Admin account

Creates local admin account adminx9:

  • No password (empty) - account is hidden, only accessible to technicians
  • FullName = "X9.cz s.r.o." (via ADSI)
  • Added to Administrators group
  • Hidden from login screen (SpecialAccounts\UserList = 0)
  • Password never expires

Step 08 - Windows activation

Priority: OA3 embedded key (BIOS/UEFI) → config.json productKey → GVLK by edition. Optional KMS server via config.json. Skips if already activated (LicenseStatus = 1).

Step 01 - Bloatware removal

Removes ~35 AppX packages (Cortana, Copilot, Teams, Xbox, Skype, News, etc.), ~14 Windows Capabilities (Fax, IE, WordPad, etc.), and Optional Features (PowerShell 2.0, Recall). Calculator intentionally kept.

Step 02 - Software installation

Parallel winget installs (Start-Job):

Software Winget ID
7-Zip 7zip.7zip
Adobe Acrobat Reader 64-bit Adobe.Acrobat.Reader.64-bit
OpenVPN Connect OpenVPNTechnologies.OpenVPNConnect

After Acrobat: UCPD driver stopped, .pdf → AcroExch.Document.DC set via HKCR, UCPD restarted.

Atera RMM agent: downloaded from x9.servicedesk.atera.com, installed via msiexec /qn with -Wait.

Step 03 - System registry (HKLM)

Always applied: password max age unlimited, timezone (Central Europe Standard Time).

Feature-toggled sections:

  • systemTweaks: BypassNRO, disable Teams auto-install, Widgets, GameDVR, Recall, Copilot search
  • edgePolicies: mandatory (first-run, telemetry) + recommended (UI defaults user can change)
  • oneDriveUninstall: removes consumer OneDrive (no policy block - M365 can reinstall)
  • powercfg: standby-ac=0, monitor-ac=60, standby-dc=30, monitor-dc=15
  • proxyDisable: WPAD auto-detect off

Step 04 - Default Profile + Personalization

Single hive load of C:\Users\Default\NTUSER.DAT. All changes applied to both Default hive and current HKCU. Feature-toggled sections:

  • taskbarTweaks: left alignment, hide Search/Copilot/TaskView/Widgets/Chat, show all tray icons, taskbar layout XML per ProfileType (default/admin/user), NumLock on
  • startMenuTweaks: empty pins, disable Bing search, disable Copilot, disable GameDVR
  • explorerTweaks: show extensions, LaunchTo=ThisPC, hide Recent/Frequent, full path

Personalization (always): dark shell / light apps, accent #223B47, transparency off, solid wallpaper #223B47 (BackInfo overwrites on logon).

Step 07 - BackInfo

Copies BackInfo.exe + INI to C:\Program Files\Backinfo. Detects OS, writes OSName to registry. Creates startup shortcut for all users. BackInfo renders system info BMP as desktop wallpaper on every logon.

Step 10 - Network

Sets all connected adapters to Private profile. Enables ICMP echo (ping) and Network Discovery firewall rules.

Step 11 - Dell Command | Update

Detects Dell hardware via Win32_ComputerSystem.Manufacturer. On non-Dell: skips silently. On Dell: installs DCU Universal via winget, runs dcu-cli.exe /applyUpdates with -reboot=disable. Feature-toggled: drivers/firmware and BIOS separately. Exit 9 when BIOS/firmware updates are staged (finalize on next restart).

Step 09 - PC identity

Creates C:\X9\ directory (Logs, Scripts, Assets) with custom folder icon. Sets computer description. Renames computer if config.json pcName is set and differs from current. Exit 9 only when rename actually happened (restart required).

Step 12 - Windows Update

Installs PSWindowsUpdate module, runs one update pass. Exit 9 when updates were installed (reboot needed for next round). Exit 0 when fully up to date. xetup state machine handles the reboot cycle automatically.

Config structure

{
  "deployment": { "pcName": "", "pcDescription": "", "timezone": "...", "profileType": "default" },
  "adminAccount": { "username": "adminx9" },
  "activation": { "productKey": "", "kmsServer": "" },
  "software": { "install": [{ "name": "...", "wingetId": "..." }] },
  "steps": { "adminAccount": true, ... },
  "features": { "software": { "wingetInstalls": true, "pdfDefault": true, "ateraAgent": true }, ... },
  "bloatware": { "keepPackages": ["Microsoft.WindowsCalculator"] }
}

Email report

Sent via SMTP2Go at end of deployment. HTML with per-step status table, timestamps, OK/ERROR/SKIPPED counts. Subject: "xetup report HOSTNAME". From: xetup@x9.cz, To: net@x9.cz.