Fix: handle GPO ExecutionPolicy override gracefully, remove ErrorActionPreference Stop

setup-windows.ps1

@@ -1,7 +1,7 @@
-# TLS 1.2 erzwingen (notwendig auf Windows Server 2016 / älteren Systemen)
+# TLS 1.2 erzwingen (Windows Server 2016 / aeltere Systeme)
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 
-# Adminrechte prüfen und ggf. neu starten
+# Adminrechte pruefen und ggf. neu starten
 $isAdmin = ([Security.Principal.WindowsPrincipal] `
     [Security.Principal.WindowsIdentity]::GetCurrent() `
 ).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
@@ -13,19 +13,34 @@ if (-not $isAdmin) {
     exit
 }
 
-$ErrorActionPreference = 'Stop'
-
 Write-Host "============================================================"
 Write-Host " upterm Setup"
 Write-Host "============================================================"
 Write-Host ""
 
-# 1. Execution Policy
-Write-Host "[1/4] Setze PowerShell Execution Policy..."
-Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
-Write-Host "      OK"
+# 1. Execution Policy pruefen
+Write-Host "[1/4] Pruefe Execution Policy..."
+$policy = Get-ExecutionPolicy -Scope CurrentUser
+if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
+    Write-Host "      OK (aktuell: $policy)"
+} else {
+    try {
+        Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
+        Write-Host "      OK"
+    } catch {
+        # GPO ueberschreibt - wenn aktuelle Policy ausfuehrbar ist, weitermachen
+        $effective = Get-ExecutionPolicy
+        if ($effective -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
+            Write-Host "      GPO-Ueberschreibung - aktuelle Policy '$effective' ist ausreichend"
+        } else {
+            Write-Host "FEHLER: Execution Policy '$effective' blockiert Ausfuehrung."
+            Read-Host "Enter zum Beenden"
+            exit 1
+        }
+    }
+}
 
-# 2. Scoop prüfen / installieren
+# 2. Scoop pruefen / installieren
 Write-Host "[2/4] Pruefe Scoop..."
 $scoopShims = "$env:USERPROFILE\scoop\shims"
 $scoopInstalled = (Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd")
@@ -38,7 +53,7 @@ if (-not $scoopInstalled) {
     Write-Host "      Scoop bereits vorhanden."
 }
 
-# PATH dieser Session aktualisieren damit scoop sofort verfuegbar ist
+# PATH dieser Session aktualisieren
 if ($env:PATH -notlike "*$scoopShims*") {
     $env:PATH = "$env:PATH;$scoopShims"
 }
@@ -46,14 +61,17 @@ if ($env:PATH -notlike "*$scoopShims*") {
 # 3. 7zip mit lessmsi-Workaround
 Write-Host "[3/4] Installiere 7zip via lessmsi..."
 scoop config use_lessmsi true
+$7zipOk = $false
 try {
     scoop install 7zip 2>&1 | Out-Null
-} catch {
+    $7zipOk = $true
+} catch {}
+
+if (-not $7zipOk) {
     Write-Host "      7zip fehlgeschlagen - bereinige und versuche erneut..."
     scoop uninstall 7zip 2>$null
     scoop cache rm 7zip 2>$null
-    Remove-Item -Recurse -Force "$env:USERPROFILE\scoop\apps\7zip" `
-        -ErrorAction SilentlyContinue
+    Remove-Item -Recurse -Force "$env:USERPROFILE\scoopppszip" -ErrorAction SilentlyContinue
     scoop install 7zip
 }
 Write-Host "      OK"