- Remove ValidateScript on InstallDrivers and break it out in a validation block so -Make and -Model can be specified anywhere in the command line

- Check for Prefixes.txt file and copy to the USB drive if it exists - Perform better validation for PPKG, Unattend, Autopilot json, and drivers - Comment out the Windows Security Platform update as the file has been removed from the MU Catalog.
2026-06-14 02:09:35 -06:00 · 2024-09-04 17:05:06 -07:00
parent 6c07ac8595
commit e62d481405
1 changed files with 103 additions and 36 deletions
@@ -210,16 +210,16 @@ param(
    [ValidateSet('Microsoft', 'Dell', 'HP', 'Lenovo')]
    [string]$Make,
    [string]$Model,
-    [Parameter(Mandatory = $false)]
+    # [Parameter(Mandatory = $false)]
-    [ValidateScript({
+    # [ValidateScript({
-        if ($Make) {
+    #     if ($Make) {
-            return $true
+    #         return $true
-        }
+    #     }
-        if ($_ -and (!(Test-Path -Path '.\Drivers') -or ((Get-ChildItem -Path '.\Drivers' -Recurse | Measure-Object -Property Length -Sum).Sum -lt 1MB))) {
+    #     if ($_ -and (!(Test-Path -Path '.\Drivers') -or ((Get-ChildItem -Path '.\Drivers' -Recurse | Measure-Object -Property Length -Sum).Sum -lt 1MB))) {
-            throw 'InstallDrivers is set to $true, but either the Drivers folder is missing or empty'
+    #         throw 'InstallDrivers is set to $true, but either the Drivers folder is missing or empty'
-        }
+    #     }
-        return $true
+    #     return $true
-    })]
+    # })]
    [bool]$InstallDrivers,
    [uint64]$Memory = 4GB,
    [uint64]$Disksize = 30GB,
@@ -3359,9 +3359,14 @@ Function New-DeploymentUSB {
                    if ($WindowsArch -eq 'x64') {
                        Copy-Item -Path "$FFUDevelopmentPath\unattend\unattend_x64.xml" -Destination "$DeployUnattendPath\Unattend.xml" -Force | Out-Null
                    }
-                    else {
+                    if ($WindowsArch -eq 'arm64') {
                        Copy-Item -Path "$FFUDevelopmentPath\unattend\unattend_arm64.xml" -Destination "$DeployUnattendPath\Unattend.xml" -Force | Out-Null
                    }
                    #Check for prefixes.txt file and copy it to the USB drive
                    if (Test-Path "$FFUDevelopmentPath\unattend\prefixes.txt") {
                        WriteLog "Copying prefixes.txt file to $DeployUnattendPath"
                        Copy-Item -Path "$FFUDevelopmentPath\unattend\prefixes.txt" -Destination "$DeployUnattendPath\prefixes.txt" -Force | Out-Null
                    }
                    WriteLog 'Copy completed'
                }  
                #Copy PPKG folder in the FFU folder to the USB drive. Can use copy-item as it's a small folder
@@ -3588,6 +3593,65 @@ Write-Host "To track progress, please open the log file $Logfile or use the -Ver
 WriteLog 'Begin Logging'
 #Validate drivers folder
 if ($InstallDrivers -or $CopyDrivers) {
    WriteLog 'Doing driver validation'
    if ($Make -and $Model){
        WriteLog "Make and Model are set to $Make and $Model, will attempt to download drivers"
    } else {
        if (!(Test-Path -Path $DriversFolder)) {
            WriteLog "-InstallDrivers or -CopyDrivers is set to `$true, but the $DriversFolder folder is missing"
            throw "-InstallDrivers or -CopyDrivers is set to `$true, but the $DriversFolder folder is missing"
        }
        if ((Get-ChildItem -Path $DriversFolder -Recurse | Measure-Object -Property Length -Sum).Sum -lt 1MB) {
            WriteLog "-InstallDrivers or -CopyDrivers is set to `$true, but the $DriversFolder folder is empty"
            throw "-InstallDrivers or -CopyDrivers is set to `$true, but the $DriversFolder folder is empty"
        }
    }   
 }
 #Validate PPKG folder
 if ($CopyPPKG) {
    WriteLog 'Doing PPKG validation'
    if (!(Test-Path -Path $PPKGFolder)) {
        WriteLog "-CopyPPKG is set to `$true, but the $PPKGFolder folder is missing"
        throw "-CopyPPKG is set to `$true, but the $PPKGFolder folder is missing"
    }
    #Check for at least one .PPKG file
    if (!(Get-ChildItem -Path $PPKGFolder -Filter *.ppkg)) {
        WriteLog "-CopyPPKG is set to `$true, but the $PPKGFolder folder is missing a .PPKG file"
        throw "-CopyPPKG is set to `$true, but the $PPKGFolder folder is missing a .PPKG file"
    }
 }
 #Validate Autopilot folder
 if ($CopyAutopilot) {
    WriteLog 'Doing Autopilot validation'
    if (!(Test-Path -Path $AutopilotFolder)) {
        WriteLog "-CopyAutopilot is set to `$true, but the $AutopilotFolder folder is missing"
        throw "-CopyAutopilot is set to `$true, but the $AutopilotFolder folder is missing"
    }
    #Check for .JSON file
    if (!(Get-ChildItem -Path $AutopilotFolder -Filter *.json)) {
        WriteLog "-CopyAutopilot is set to `$true, but the $AutopilotFolder folder is missing a .JSON file"
        throw "-CopyAutopilot is set to `$true, but the $AutopilotFolder folder is missing a .JSON file"
    }
 }
 #Validate Unattend folder
 if ($CopyUnattend) {
    WriteLog 'Doing Unattend validation'
    if (!(Test-Path -Path $UnattendFolder)) {
        WriteLog "-CopyUnattend is set to `$true, but the $UnattendFolder folder is missing"
        throw "-CopyUnattend is set to `$true, but the $UnattendFolder folder is missing"
    }
    #Check for .XML file
    if (!(Get-ChildItem -Path $UnattendFolder -Filter unattend_*.xml)) {
        WriteLog "-CopyUnattend is set to `$true, but the $UnattendFolder folder is missing a .XML file"
        throw "-CopyUnattend is set to `$true, but the $UnattendFolder folder is missing a .XML file"
    }
 }
 #Override $InstallApps value if using ESD to build FFU. This is due to a strange issue where building the FFU
 #from vhdx doesn't work (you get an older style OOBE screen and get stuck in an OOBE reboot loop when hitting next).
 #This behavior doesn't happen with WIM files.
@@ -3740,17 +3804,20 @@ if ($InstallApps) {
            Set-Content -Path "$AppsPath\InstallAppsandSysprep.cmd" -Value $UpdatedcmdContent
            WriteLog "Update complete"
-            #Get Windows Security platform update
+            ###### 9/4/2024 - Windows Security Platform update is no longer available from Update Catalog. Will change to using
-            $Name = "Windows Security platform definition updates"
+            ###### https://support.microsoft.com/en-us/topic/windows-security-update-a6ac7d2e-b1bf-44c0-a028-41720a242da3
-            WriteLog "Searching for $Name from Microsoft Update Catalog and saving to $DefenderPath"
+            
-            $KBFilePath = Save-KB -Name $Name -Path $DefenderPath
+            # #Get Windows Security platform update
-            WriteLog "Latest Security Platform Update saved to $DefenderPath\$KBFilePath"
+            # $Name = "Windows Security platform definition updates"
-            #Modify InstallAppsandSysprep.cmd to add in $KBFilePath on the line after REM Install Windows Security Platform Update
+            # WriteLog "Searching for $Name from Microsoft Update Catalog and saving to $DefenderPath"
-            WriteLog "Updating $AppsPath\InstallAppsandSysprep.cmd to include Windows Security Platform Update"
+            # $KBFilePath = Save-KB -Name $Name -Path $DefenderPath
-            $CmdContent = Get-Content -Path "$AppsPath\InstallAppsandSysprep.cmd"
+            # WriteLog "Latest Security Platform Update saved to $DefenderPath\$KBFilePath"
-            $UpdatedcmdContent = $CmdContent -replace '^(REM Install Windows Security Platform Update)', ("REM Install Windows Security Platform Update`r`nd:\Defender\$KBFilePath")
+            # #Modify InstallAppsandSysprep.cmd to add in $KBFilePath on the line after REM Install Windows Security Platform Update
-            Set-Content -Path "$AppsPath\InstallAppsandSysprep.cmd" -Value $UpdatedcmdContent
+            # WriteLog "Updating $AppsPath\InstallAppsandSysprep.cmd to include Windows Security Platform Update"
-            WriteLog "Update complete"
+            # $CmdContent = Get-Content -Path "$AppsPath\InstallAppsandSysprep.cmd"
            # $UpdatedcmdContent = $CmdContent -replace '^(REM Install Windows Security Platform Update)', ("REM Install Windows Security Platform Update`r`nd:\Defender\$KBFilePath")
            # Set-Content -Path "$AppsPath\InstallAppsandSysprep.cmd" -Value $UpdatedcmdContent
            # WriteLog "Update complete"
            #Download latest Defender Definitions
            WriteLog "Downloading latest Defender Definitions"
@@ -3934,19 +4001,19 @@ try {
        $KBFilePath = Save-KB -Name $Name -Path $KBPath
        WriteLog "Latest .NET saved to $KBPath\$KBFilePath"
    }
-    #Update Latest Security Platform Update
+    # #Update Latest Security Platform Update
-    if ($UpdateSecurityPlatform) {
+    # if ($UpdateSecurityPlatform) {
-        WriteLog "`$UpdateSecurityPlatform is set to true, checking for latest Security Platform Update"
+    #     WriteLog "`$UpdateSecurityPlatform is set to true, checking for latest Security Platform Update"
-        $Name = "Windows Security platform definition updates"
+    #     $Name = "Windows Security platform definition updates"
-        #Check if $KBPath exists, if not, create it
+    #     #Check if $KBPath exists, if not, create it
-        If (-not (Test-Path -Path $KBPath)) {
+    #     If (-not (Test-Path -Path $KBPath)) {
-            WriteLog "Creating $KBPath"
+    #         WriteLog "Creating $KBPath"
-            New-Item -Path $KBPath -ItemType Directory -Force | Out-Null
+    #         New-Item -Path $KBPath -ItemType Directory -Force | Out-Null
-        }
+    #     }
-        WriteLog "Searching for $Name from Microsoft Update Catalog and saving to $KBPath"
+    #     WriteLog "Searching for $Name from Microsoft Update Catalog and saving to $KBPath"
-        $KBFilePath = Save-KB -Name $Name -Path $KBPath
+    #     $KBFilePath = Save-KB -Name $Name -Path $KBPath
-        WriteLog "Latest Security Platform Update saved to $KBPath\$KBFilePath"
+    #     WriteLog "Latest Security Platform Update saved to $KBPath\$KBFilePath"
-    }
+    # }
    #Add Windows packages