From 9f0f8b69d007a662b64418c57bc63f80f9d0b230 Mon Sep 17 00:00:00 2001 From: Ralf-Peter Wolff Date: Mon, 4 May 2026 12:11:38 +0200 Subject: [PATCH] Fix: handle GPO ExecutionPolicy override gracefully, remove ErrorActionPreference Stop --- setup-windows.ps1 | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/setup-windows.ps1 b/setup-windows.ps1 index 2883b53..eed50ec 100644 --- a/setup-windows.ps1 +++ b/setup-windows.ps1 @@ -1,7 +1,7 @@ -# TLS 1.2 erzwingen (notwendig auf Windows Server 2016 / älteren Systemen) +# TLS 1.2 erzwingen (Windows Server 2016 / aeltere Systeme) [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -# Adminrechte prüfen und ggf. neu starten +# Adminrechte pruefen und ggf. neu starten $isAdmin = ([Security.Principal.WindowsPrincipal] ` [Security.Principal.WindowsIdentity]::GetCurrent() ` ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) @@ -13,19 +13,34 @@ if (-not $isAdmin) { exit } -$ErrorActionPreference = 'Stop' - Write-Host "============================================================" Write-Host " upterm Setup" Write-Host "============================================================" Write-Host "" -# 1. Execution Policy -Write-Host "[1/4] Setze PowerShell Execution Policy..." -Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force -Write-Host " OK" +# 1. Execution Policy pruefen +Write-Host "[1/4] Pruefe Execution Policy..." +$policy = Get-ExecutionPolicy -Scope CurrentUser +if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) { + Write-Host " OK (aktuell: $policy)" +} else { + try { + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force + Write-Host " OK" + } catch { + # GPO ueberschreibt - wenn aktuelle Policy ausfuehrbar ist, weitermachen + $effective = Get-ExecutionPolicy + if ($effective -in @('Bypass', 'Unrestricted', 'RemoteSigned')) { + Write-Host " GPO-Ueberschreibung - aktuelle Policy '$effective' ist ausreichend" + } else { + Write-Host "FEHLER: Execution Policy '$effective' blockiert Ausfuehrung." + Read-Host "Enter zum Beenden" + exit 1 + } + } +} -# 2. Scoop prüfen / installieren +# 2. Scoop pruefen / installieren Write-Host "[2/4] Pruefe Scoop..." $scoopShims = "$env:USERPROFILE\scoop\shims" $scoopInstalled = (Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd") @@ -38,7 +53,7 @@ if (-not $scoopInstalled) { Write-Host " Scoop bereits vorhanden." } -# PATH dieser Session aktualisieren damit scoop sofort verfuegbar ist +# PATH dieser Session aktualisieren if ($env:PATH -notlike "*$scoopShims*") { $env:PATH = "$env:PATH;$scoopShims" } @@ -46,14 +61,17 @@ if ($env:PATH -notlike "*$scoopShims*") { # 3. 7zip mit lessmsi-Workaround Write-Host "[3/4] Installiere 7zip via lessmsi..." scoop config use_lessmsi true +$7zipOk = $false try { scoop install 7zip 2>&1 | Out-Null -} catch { + $7zipOk = $true +} catch {} + +if (-not $7zipOk) { Write-Host " 7zip fehlgeschlagen - bereinige und versuche erneut..." scoop uninstall 7zip 2>$null scoop cache rm 7zip 2>$null - Remove-Item -Recurse -Force "$env:USERPROFILE\scoop\apps\7zip" ` - -ErrorAction SilentlyContinue + Remove-Item -Recurse -Force "$env:USERPROFILE\scoopppszip" -ErrorAction SilentlyContinue scoop install 7zip } Write-Host " OK"