From cc6369e3b3b01515be334b914a57ee9dc192cf37 Mon Sep 17 00:00:00 2001 From: sysadmin Date: Tue, 9 Jun 2026 16:40:09 +0100 Subject: [PATCH] fix(kiosk): WESL DefaultAction is sint32, not uint32 (config failed -> fail-open, no kiosk) 2nd VM e2e: Shell Launcher config still failed with 'Type mismatch for parameter DefaultAction'. WESL_UserSetting.SetCustomShell/SetDefaultShell take sint32 (Int32) DefaultAction, but we passed [uint32]0. The fail-open rollback worked (no brick, booted to Explorer) but the kiosk never engaged. Pass [int32]0. Co-Authored-By: Claude Opus 4.8 --- windows/installer/oem/Configure-Kiosk.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/installer/oem/Configure-Kiosk.ps1 b/windows/installer/oem/Configure-Kiosk.ps1 index 97eff87..13ad7ca 100644 --- a/windows/installer/oem/Configure-Kiosk.ps1 +++ b/windows/installer/oem/Configure-Kiosk.ps1 @@ -45,10 +45,10 @@ $sid=(New-Object System.Security.Principal.NTAccount($BootstrapUser)).Translate( try { Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetEnabled -Arguments @{Enabled=$true} | Out-Null # Default shell = Explorer for everyone else (incl. OOBE) — critical so non-kiosk logons don't break. - Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetDefaultShell -Arguments @{Shell='explorer.exe';DefaultAction=[uint32]0} | Out-Null + Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetDefaultShell -Arguments @{Shell='explorer.exe';DefaultAction=[int32]0} | Out-Null # sm-bootstrap => the elevating launcher; on exit, restart the shell (action 0). Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName SetCustomShell -Arguments @{ - Sid=$sid; Shell="cmd.exe /c `"$launcher`""; DefaultAction=[uint32]0 } | Out-Null + Sid=$sid; Shell="cmd.exe /c `"$launcher`""; DefaultAction=[int32]0 } | Out-Null $set=Invoke-CimMethod -Namespace $cls -ClassName WESL_UserSetting -MethodName GetCustomShell -Arguments @{Sid=$sid} -ErrorAction SilentlyContinue if (-not $set -or [string]::IsNullOrEmpty($set.Shell)) { throw "custom shell did not take for $BootstrapUser" } Log "shell launcher configured for sm-bootstrap (shell=$($set.Shell))"