x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions
xetup/scripts/10-network.ps1
X9 Dev 94b7786aa8 fix: field fixes from fresh Win11 deployment (Dell Latitude / GLBNTB63) 
- 02/11 winget: add --source winget to every install; fresh Win11 ISOs
  ship an App Installer with a stale pinned cert, so the msstore source
  fails with 0x8a15005e and aborts the install. Forcing the winget source
  bypasses msstore entirely.
- 10 network: enable Network Discovery by -Group "@FirewallAPI.dll,-32752"
  (resource string) instead of -DisplayGroup "Network Discovery", which is
  localized and failed on Czech Windows.
- 04 profile: set keyboard layout CZ primary + US secondary via
  Set-WinUserLanguageList (current user) and Preload in the Default hive
  and HKU\.DEFAULT (welcome screen / system accounts). Always applied.
- 02 software: verify Atera via the AteraAgent service (Get-Service) with a
  path fallback incl. C:\ProgramData, since Atera no longer installs to a
  fixed location.
- 12 windows-update: format Install-WindowsUpdate output via $_.Result/$_.Title
  instead of logging the raw object (was spamming "System.__ComObject").

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-29 15:00:05 +02:00

109 lines
4.7 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Sets network profile to Private, enables ping, and enables Network Discovery.
.DESCRIPTION
Sets all connected network adapter profiles from Public to Private. Private
profile enables file sharing, network discovery, and other LAN features.
Enables ICMP echo (ping) via Windows Firewall for diagnostic purposes.
Enables the Network Discovery firewall rule group for the Private profile
so this PC is visible to other computers on the local network.
.ITEMS
nastavit-sitovy-profil-private: Sets all connected network profiles to Private via Set-NetConnectionProfile. Public profile blocks most LAN features. Private is required for file sharing, printer sharing, and network discovery. Applied to all currently connected adapters.
povolit-ping-icmp-firewall: Enables "File and Printer Sharing (Echo Request)" firewall rules for ICMPv4 and ICMPv6. ICMP echo is disabled by default on clean Windows. Required for network diagnostics, monitoring tools, and basic connectivity verification.
zapnout-network-discovery: Enables the Network Discovery firewall rule group (FPS-NB_Name-In-UDP, LLMNR, etc.) for Private and Domain profiles via Set-NetFirewallRule. Allows this PC to appear in Network Neighborhood and browse other machines.
#>
param(
[string]$ConfigPath,
[string]$LogFile
)
. "$PSScriptRoot\common.ps1"
$Config = Load-Config $ConfigPath
# -----------------------------------------------------------------------
# Set network profiles to Private
# -----------------------------------------------------------------------
Write-Log "Setting network profiles to Private" -Level INFO
try {
$profiles = Get-NetConnectionProfile -ErrorAction Stop
foreach ($profile in $profiles) {
if ($profile.NetworkCategory -ne "Private") {
Set-NetConnectionProfile -InterfaceIndex $profile.InterfaceIndex `
-NetworkCategory Private -ErrorAction SilentlyContinue
Write-Log " $($profile.Name): Public -> Private" -Level OK
} else {
Write-Log " $($profile.Name): already Private" -Level INFO
}
}
}
catch {
Write-Log " Failed to set network profiles: $_" -Level ERROR
}
# -----------------------------------------------------------------------
# Enable ICMP echo (ping) - ICMPv4 and ICMPv6
# -----------------------------------------------------------------------
Write-Log "Enabling ICMP echo (ping)" -Level INFO
$icmpRules = @(
"FPS-ICMP4-ERQ-In", # File and Printer Sharing (Echo Request - ICMPv4-In)
"FPS-ICMP6-ERQ-In", # File and Printer Sharing (Echo Request - ICMPv6-In)
"CoreNet-ICMP4-DU-In",
"CoreNet-ICMP6-DU-In"
)
foreach ($rule in $icmpRules) {
try {
$r = Get-NetFirewallRule -Name $rule -ErrorAction SilentlyContinue
if ($r) {
Enable-NetFirewallRule -Name $rule -ErrorAction SilentlyContinue
Write-Log " Enabled: $rule" -Level OK
}
}
catch {
Write-Log " Rule not found or error: $rule - $_" -Level WARN
}
}
# Also enable by display name for robustness across Windows versions
try {
Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like "*Echo*" } |
Enable-NetFirewallRule -ErrorAction SilentlyContinue
Write-Log " Enabled File and Printer Sharing Echo rules" -Level OK
}
catch {
Write-Log " Could not enable Echo rules via DisplayGroup: $_" -Level WARN
}
# -----------------------------------------------------------------------
# Enable Network Discovery firewall rules
# -----------------------------------------------------------------------
Write-Log "Enabling Network Discovery" -Level INFO
try {
# Enable all Network Discovery rules for Private profile.
# Match by -Group resource string ("@FirewallAPI.dll,-32752") rather than
# -DisplayGroup: the display name is localized (e.g. "Zjistovani site" on
# Czech Win11), so DisplayGroup matching fails on non-English installs.
Get-NetFirewallRule -Group "@FirewallAPI.dll,-32752" -ErrorAction Stop |
Where-Object { $_.Profile -match "Private|Any" } |
Enable-NetFirewallRule -ErrorAction SilentlyContinue
Write-Log " Network Discovery rules enabled (Private)" -Level OK
}
catch {
Write-Log " Failed to enable Network Discovery rules: $_" -Level ERROR
}
# Enable via netsh as fallback (covers older Windows builds)
$netshResult = & netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Log " Network Discovery enabled via netsh" -Level OK
} else {
Write-Log " netsh Network Discovery: $netshResult" -Level WARN
}
Write-Log "Step 10 complete" -Level OK
Reference in a new issue View git blame Copy permalink