80a542252d
- config-editor.hta: lightweight WYSIWYG HTA editor for config.json - Step on/off toggles with info tooltips - Editable software list (winget packages) - Settings: timezone, admin account, desktopInfo, PDF default - Run.cmd: USB launcher with UAC auto-elevation and deployment menu - flash/: minimal USB-ready subset (Deploy, scripts, config, GUI, launcher) - config.json: add steps section for per-step enable/disable - Deploy-Windows.ps1: read steps from config, CLI switches override - 03-system-registry.ps1: add SearchOnTaskbarMode HKLM policy (Win11 search fix) - 04-default-profile.ps1: fix systray - clear TrayNotify cache + proper Explorer restart - 06-scheduled-tasks.ps1: fix Register-Task trigger array, ShowAllTrayIcons Win11 fix, PDF-DefaultApp runs as SYSTEM via HKCR (bypasses UserChoice Hash validation) - 02-software.ps1: remove unreliable UserChoice ProgId write without Hash Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
94 lines
3.4 KiB
PowerShell
94 lines
3.4 KiB
PowerShell
param(
|
|
[object]$Config,
|
|
[string]$LogFile
|
|
)
|
|
|
|
$ErrorActionPreference = "Continue"
|
|
|
|
function Write-Log {
|
|
param([string]$Message, [string]$Level = "INFO")
|
|
$line = "[$(Get-Date -Format 'HH:mm:ss')] [$Level] $Message"
|
|
Add-Content -Path $LogFile -Value $line -Encoding UTF8
|
|
}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Read account config
|
|
# -----------------------------------------------------------------------
|
|
$accountName = "adminx9"
|
|
$accountPass = "AdminX9.AdminX9"
|
|
$accountDesc = "X9 MSP admin account"
|
|
|
|
if ($Config -and $Config.adminAccount) {
|
|
if ($Config.adminAccount.username) { $accountName = $Config.adminAccount.username }
|
|
if ($Config.adminAccount.password) { $accountPass = $Config.adminAccount.password }
|
|
if ($Config.adminAccount.description) { $accountDesc = $Config.adminAccount.description }
|
|
}
|
|
|
|
Write-Log "Creating admin account: $accountName" -Level INFO
|
|
|
|
$securePass = ConvertTo-SecureString $accountPass -AsPlainText -Force
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Create or update account
|
|
# -----------------------------------------------------------------------
|
|
$existing = Get-LocalUser -Name $accountName -ErrorAction SilentlyContinue
|
|
|
|
if ($existing) {
|
|
Write-Log " Account already exists - updating password" -Level INFO
|
|
try {
|
|
Set-LocalUser -Name $accountName -Password $securePass -PasswordNeverExpires $true
|
|
Enable-LocalUser -Name $accountName
|
|
Write-Log " Account updated: $accountName" -Level OK
|
|
}
|
|
catch {
|
|
Write-Log " Failed to update account: $_" -Level ERROR
|
|
}
|
|
} else {
|
|
try {
|
|
New-LocalUser -Name $accountName `
|
|
-Password $securePass `
|
|
-Description $accountDesc `
|
|
-PasswordNeverExpires `
|
|
-UserMayNotChangePassword `
|
|
-ErrorAction Stop | Out-Null
|
|
Write-Log " Account created: $accountName" -Level OK
|
|
}
|
|
catch {
|
|
Write-Log " Failed to create account: $_" -Level ERROR
|
|
}
|
|
}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Add to Administrators group
|
|
# -----------------------------------------------------------------------
|
|
try {
|
|
$adminsGroup = (Get-LocalGroup | Where-Object { $_.SID -eq "S-1-5-32-544" }).Name
|
|
$members = Get-LocalGroupMember -Group $adminsGroup -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.Name -like "*$accountName" }
|
|
if (-not $members) {
|
|
Add-LocalGroupMember -Group $adminsGroup -Member $accountName -ErrorAction Stop
|
|
Write-Log " Added to $adminsGroup" -Level OK
|
|
} else {
|
|
Write-Log " Already in $adminsGroup" -Level INFO
|
|
}
|
|
}
|
|
catch {
|
|
Write-Log " Failed to add to Administrators: $_" -Level ERROR
|
|
}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Hide account from login screen
|
|
# -----------------------------------------------------------------------
|
|
try {
|
|
$specialPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList"
|
|
if (-not (Test-Path $specialPath)) {
|
|
New-Item -Path $specialPath -Force | Out-Null
|
|
}
|
|
Set-ItemProperty -Path $specialPath -Name $accountName -Value 0 -Type DWord -Force
|
|
Write-Log " Account hidden from login screen" -Level OK
|
|
}
|
|
catch {
|
|
Write-Log " Failed to hide account from login screen: $_" -Level ERROR
|
|
}
|
|
|
|
Write-Log "Step 0a - Admin account complete" -Level OK
|