SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(kiosk): re-fetch WESL after enable, robust launcher quoting, intent comments

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysadmin
2026-06-09 14:36:14 +01:00
parent ee2d6fd8f2
commit 2d8b651e34
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/installer/oem/Configure-Kiosk.ps1
View File

@@ -19,9 +19,12 @@ function Log($m){ "$(Get-Date -f s) $m" | Add-Content $log }
# Elevating launcher: Shell Launcher runs this as the shell; it relaunches the # Elevating launcher: Shell Launcher runs this as the shell; it relaunches the
# Welcome app elevated (silent via the baked UAC auto-approve). # Welcome app elevated (silent via the baked UAC auto-approve).
$launcher='C:\Windows\Setup\Scripts\Start-WelcomeShell.cmd' $launcher='C:\Windows\Setup\Scripts\Start-WelcomeShell.cmd'
$welcomeEscaped = $WelcomeExe.Replace("'","''")
@" @"
@echo off @echo off
powershell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process -FilePath '$WelcomeExe' -Verb RunAs" powershell -NoProfile -ExecutionPolicy Bypass -Command "Start-Process -LiteralPath '$welcomeEscaped' -Verb RunAs"
REM Shell Launcher tracks this CMD process; the Welcome app runs detached above.
REM Loop keeps the process alive so Shell Launcher doesn't restart it on idle.
:loop :loop
timeout /t 3600 >nul timeout /t 3600 >nul
goto loop goto loop
@@ -30,8 +33,10 @@ Log "wrote launcher $launcher"
# --- Shell Launcher v2 (WMI bridge) --- # --- Shell Launcher v2 (WMI bridge) ---
$cls='root\standardcimv2\embedded' $cls='root\standardcimv2\embedded'
$wesl=Get-CimInstance -Namespace $cls -ClassName WESL_UserSetting -ErrorAction Stop # Enable Shell Launcher FIRST, then fetch a fresh instance (the pre-enable
# snapshot's instance methods can silently no-op on some WESL builds).
Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetEnabled -Arguments @{Enabled=$true} | Out-Null Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetEnabled -Arguments @{Enabled=$true} | Out-Null
$wesl=Get-CimInstance -Namespace $cls -ClassName WESL_UserSetting -ErrorAction Stop
# Default shell stays Explorer for everyone else. # Default shell stays Explorer for everyone else.
Invoke-CimMethod -InputObject $wesl -MethodName SetDefaultShell -Arguments @{Shell='explorer.exe';DefaultAction=[uint32]0} | Out-Null Invoke-CimMethod -InputObject $wesl -MethodName SetDefaultShell -Arguments @{Shell='explorer.exe';DefaultAction=[uint32]0} | Out-Null
# sm-bootstrap => the elevating launcher; on exit, restart the shell (action 0). # sm-bootstrap => the elevating launcher; on exit, restart the shell (action 0).

3
windows/welcome/src/SilverOS.Welcome.Core/Apply/BootstrapService.cs
View File

@@ -3,6 +3,9 @@ public sealed class BootstrapService(IProcessRunner runner) : IBootstrapService
{ {
public async Task RevertKioskAsync(CancellationToken ct = default) public async Task RevertKioskAsync(CancellationToken ct = default)
{ {
// -EA SilentlyContinue throughout: Shell Launcher revert is best-effort.
// If WESL is unavailable the real user still gets Explorer (no custom shell
// for their SID). Intentional: don't fail teardown over a missing WMI class.
// Remove sm-bootstrap custom shell entry + disable Shell Launcher's per-user entry. // Remove sm-bootstrap custom shell entry + disable Shell Launcher's per-user entry.
await Ps( await Ps(
"$c='root\\\\standardcimv2\\\\embedded';" + "$c='root\\\\standardcimv2\\\\embedded';" +