x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 2 Packages Wiki Activity Actions
xetup/scripts/10-network.ps1
Filip Zubik 7e6095d1bd Fixes, Windows Update (step 12), auto-reboot, PS window hide 
- Write-Log creates C:\Windows\Setup\Scripts\ automatically (was failing on fresh install)
- Step 12: PSWindowsUpdate first pass + X9-WindowsUpdate scheduled task for post-reboot rounds
  (handles typical 2-3 reboot cycles on fresh Windows, task self-deletes when up to date)
- GUI summary: 60s countdown auto-reboot with "Restartovat ted" / "Zrusit restart" buttons
- runner: HideWindow=true prevents PS console from appearing over GUI
- runner: skipPSNoiseLine filters PS error metadata (CategoryInfo, FullyQualifiedErrorId etc.)
- web: fix curl command to include https:// prefix
2026-04-16 14:49:41 +02:00

112 lines
4.7 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Sets network profile to Private, enables ping, and enables Network Discovery.
.DESCRIPTION
Sets all connected network adapter profiles from Public to Private. Private
profile enables file sharing, network discovery, and other LAN features.
Enables ICMP echo (ping) via Windows Firewall for diagnostic purposes.
Enables the Network Discovery firewall rule group for the Private profile
so this PC is visible to other computers on the local network.
.ITEMS
nastavit-sitovy-profil-private: Sets all connected network profiles to Private via Set-NetConnectionProfile. Public profile blocks most LAN features. Private is required for file sharing, printer sharing, and network discovery. Applied to all currently connected adapters.
povolit-ping-icmp-firewall: Enables "File and Printer Sharing (Echo Request)" firewall rules for ICMPv4 and ICMPv6. ICMP echo is disabled by default on clean Windows. Required for network diagnostics, monitoring tools, and basic connectivity verification.
zapnout-network-discovery: Enables the Network Discovery firewall rule group (FPS-NB_Name-In-UDP, LLMNR, etc.) for Private and Domain profiles via Set-NetFirewallRule. Allows this PC to appear in Network Neighborhood and browse other machines.
#>
param(
[object]$Config,
[string]$LogFile
)
$ErrorActionPreference = "Continue"
function Write-Log {
param([string]$Message, [string]$Level = "INFO")
$line = "[$(Get-Date -Format 'HH:mm:ss')] [$Level] $Message"
$null = New-Item -ItemType Directory -Force -Path (Split-Path $LogFile -Parent) -ErrorAction SilentlyContinue
Add-Content -Path $LogFile -Value $line -Encoding UTF8
}
# -----------------------------------------------------------------------
# Set network profiles to Private
# -----------------------------------------------------------------------
Write-Log "Setting network profiles to Private" -Level INFO
try {
$profiles = Get-NetConnectionProfile -ErrorAction Stop
foreach ($profile in $profiles) {
if ($profile.NetworkCategory -ne "Private") {
Set-NetConnectionProfile -InterfaceIndex $profile.InterfaceIndex `
-NetworkCategory Private -ErrorAction SilentlyContinue
Write-Log " $($profile.Name): Public -> Private" -Level OK
} else {
Write-Log " $($profile.Name): already Private" -Level INFO
}
}
}
catch {
Write-Log " Failed to set network profiles: $_" -Level ERROR
}
# -----------------------------------------------------------------------
# Enable ICMP echo (ping) - ICMPv4 and ICMPv6
# -----------------------------------------------------------------------
Write-Log "Enabling ICMP echo (ping)" -Level INFO
$icmpRules = @(
"FPS-ICMP4-ERQ-In", # File and Printer Sharing (Echo Request - ICMPv4-In)
"FPS-ICMP6-ERQ-In", # File and Printer Sharing (Echo Request - ICMPv6-In)
"CoreNet-ICMP4-DU-In",
"CoreNet-ICMP6-DU-In"
)
foreach ($rule in $icmpRules) {
try {
$r = Get-NetFirewallRule -Name $rule -ErrorAction SilentlyContinue
if ($r) {
Enable-NetFirewallRule -Name $rule -ErrorAction SilentlyContinue
Write-Log " Enabled: $rule" -Level OK
}
}
catch {
Write-Log " Rule not found or error: $rule - $_" -Level WARN
}
}
# Also enable by display name for robustness across Windows versions
try {
Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -ErrorAction SilentlyContinue |
Where-Object { $_.DisplayName -like "*Echo*" } |
Enable-NetFirewallRule -ErrorAction SilentlyContinue
Write-Log " Enabled File and Printer Sharing Echo rules" -Level OK
}
catch {
Write-Log " Could not enable Echo rules via DisplayGroup: $_" -Level WARN
}
# -----------------------------------------------------------------------
# Enable Network Discovery firewall rules
# -----------------------------------------------------------------------
Write-Log "Enabling Network Discovery" -Level INFO
try {
# Enable all Network Discovery rules for Private profile
Get-NetFirewallRule -DisplayGroup "Network Discovery" -ErrorAction Stop |
Where-Object { $_.Profile -match "Private|Any" } |
Enable-NetFirewallRule -ErrorAction SilentlyContinue
Write-Log " Network Discovery rules enabled (Private)" -Level OK
}
catch {
Write-Log " Failed to enable Network Discovery rules: $_" -Level ERROR
}
# Enable via netsh as fallback (covers older Windows builds)
$netshResult = & netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Log " Network Discovery enabled via netsh" -Level OK
} else {
Write-Log " netsh Network Discovery: $netshResult" -Level WARN
}
Write-Log "Step 10 complete" -Level OK
Reference in a new issue View git blame Copy permalink