feat(welcome): bootstrap auto-login launches the Welcome app

Rename the unattend LocalAccount from silvermetal → sm-bootstrap (Administrators), add a one-time AutoLogon and a FirstLogonCommands entry that launches SilverOS.Welcome.App.exe on first boot. The Welcome app's ApplyService tears down AutoAdminLogon + removes sm-bootstrap on successful onboarding.
2026-06-09 03:36:46 +01:00
parent 346abc3676
commit efdaffa73f
1 changed files with 30 additions and 3 deletions
--- a/windows/installer/autounattend/autounattend.xml
+++ b/windows/installer/autounattend/autounattend.xml
@@ -84,14 +84,41 @@
      </OOBE>
      <UserAccounts>
        <LocalAccounts>
+          <!--
+            sm-bootstrap: ephemeral one-time admin account used ONLY for the
+            SilverOS Welcome onboarding wizard.  The Welcome app's ApplyService
+            tears this account down on success (removes AutoAdminLogon registry
+            keys, deletes the account, and creates the real end-user account
+            instead).  Never ship this password as-is for end-users; the
+            production pipeline MUST inject a per-device credential.
+          -->
          <LocalAccount wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
-            <Name>silvermetal</Name>
+            <Name>sm-bootstrap</Name>
            <Group>Administrators</Group>
-            <DisplayName>SilverMetal</DisplayName>
-            <Password><Value>open sesame</Value><PlainText>true</PlainText></Password>
+            <DisplayName>SilverOS Bootstrap</DisplayName>
+            <Password><Value>bootstrap-OneTime!</Value><PlainText>true</PlainText></Password>
          </LocalAccount>
        </LocalAccounts>
      </UserAccounts>
+      <!--
+        AutoLogon: logs in as sm-bootstrap exactly once so that FirstLogonCommands
+        can launch the Welcome wizard.  After the wizard completes successfully,
+        ApplyService removes the AutoAdminLogon registry values and deletes
+        sm-bootstrap, so the one-time session cannot be re-entered.
+      -->
+      <AutoLogon>
+        <Enabled>true</Enabled>
+        <LogonCount>1</LogonCount>
+        <Username>sm-bootstrap</Username>
+        <Password><Value>bootstrap-OneTime!</Value><PlainText>true</PlainText></Password>
+      </AutoLogon>
+      <FirstLogonCommands>
+        <SynchronousCommand wcm:action="add" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
+          <Order>1</Order>
+          <CommandLine>cmd /c "C:\Program Files\SilverOS\Welcome\SilverOS.Welcome.App.exe"</CommandLine>
+          <Description>SilverOS Welcome</Description>
+        </SynchronousCommand>
+      </FirstLogonCommands>
      <RegisteredOwner>SilverMetal</RegisteredOwner>
      <RegisteredOrganization>SilverLABS</RegisteredOrganization>
      <!--