Filip Zubik
c42943cfa8
Initial deployment suite for X9.cz MSP Windows 10/11 deployment: - PowerShell scripts 00-11: admin account, bloatware removal, software (winget+Atera), system registry tweaks, default profile, personalization, scheduled tasks, BackInfo desktop info, Windows activation, PC identity/rename, network, Dell Update - Web platform: xetup.x9.cz (nginx), spec/annotation page, /dl shortlink, GitHub mirror - Forgejo Actions CI: auto-build xetup.exe on push, publish to releases/latest - Go xetup.exe: embeds all scripts/assets, per-feature checkboxes, load/save config
57 lines
3 KiB
Markdown
57 lines
3 KiB
Markdown
---
|
|
name: Technical findings from deep code analysis and research (2026-04-15)
|
|
description: Detailed technical analysis results - Win11 compatibility issues, UCPD driver, code quality assessment, and modernization opportunities
|
|
type: project
|
|
---
|
|
|
|
## Code quality assessment (all scripts in windows-deployment-new/scripts/)
|
|
- Overall: solid, production-ready for Win10/11 22H2
|
|
- 3-level registry fallback in 03-system-registry.ps1: direct write → ACL fix (SeTakeOwnershipPrivilege) → SYSTEM scheduled task
|
|
- Proper hive handling: GC.Collect + WaitForPendingFinalizers + 500ms sleep before reg unload, always in finally block
|
|
- Error handling: $ErrorActionPreference = "Continue", try/catch everywhere, WARN level for non-critical failures
|
|
- Logging: every step to C:\Windows\Setup\Scripts\Deploy.log with color-coded console output
|
|
|
|
## Critical issues found
|
|
|
|
### 1. UCPD.sys (User Choice Protection Driver)
|
|
- Kernel-mode driver since Feb 2024, v4.3 as of early 2026
|
|
- Blocks direct registry writes to UserChoice for .pdf, .htm, .html etc.
|
|
- Our HKCR approach works as system-wide fallback but isn't clean
|
|
- Fix: disable UCPD service + scheduled task during deployment, set associations, re-enable
|
|
- Or use SetUserFTA tool (~$20, kolbi.cz)
|
|
|
|
### 2. System tray EnableAutoTray=0 broken on 24H2
|
|
- Win11 23H2/24H2 ignores this registry key
|
|
- Icon stream cache clearing is a workaround but not 100%
|
|
- No reliable registry-only solution exists for 24H2
|
|
|
|
### 3. OneDrive removal too aggressive
|
|
- 03-system-registry.ps1 lines 244-273: uninstalls + deletes OneDriveSetup.exe
|
|
- 04-default-profile.ps1 lines 240-261: removes RunOnce keys + Explorer namespace
|
|
- Must remove these blocks entirely
|
|
|
|
### 4. Edge policies incomplete
|
|
- Currently only: HideFirstRunExperience, CreateDesktopShortcutDefault
|
|
- Need to add: BrowserSignin=0, CopilotPageContext=0, NewTabPageContentEnabled=0, StandaloneHubsSidebarEnabled=0, ShowRecommendationsEnabled=0, DefaultBrowserSettingsCampaignEnabled=0, and ~10 more
|
|
|
|
### 5. ConfigureStartPins applyOnce
|
|
- New in 24H2 (KB5062660): {"pinnedList":[], "applyOnce": true}
|
|
- Applies layout once, then users can customize
|
|
- Better than our current approach (XML lock + UnlockStartLayout task)
|
|
|
|
## Win10/Win11 compatibility matrix
|
|
- All core registry keys work on both versions
|
|
- Win11-specific keys (TaskbarAl, ShowCopilotButton, TaskbarDa, TaskbarMn) harmlessly create empty keys on Win10
|
|
- Scripts handle version differences through graceful degradation
|
|
|
|
## Config.json issues
|
|
- desktopInfo settings (position, fontSize, color) are defined but ignored by 07-desktop-info.ps1
|
|
- deployment.locale is not used anywhere
|
|
- Software list has only 3 packages (TODO in SPEC)
|
|
|
|
## Tools landscape (researched 2026-04-15)
|
|
- Chris Titus WinUtil: PS-based, `irm christitus.com/win | iex`, has Win11 Creator tab
|
|
- Win11Debloat (Raphire): got GUI in Feb 2026, configurable via Apps.json
|
|
- Sophia Script: 150+ tweaks, most granular but slower
|
|
- Go binary advantages: bypasses execution policy, single file, no dependencies, cross-compile from macOS
|
|
- Charmbracelet stack (bubbletea/huh/lipgloss): best for TUI forms in Go
|