diff --git a/powershell/light-workstation-onboarding.ps1 b/powershell/light-workstation-onboarding.ps1
index e69de29..9b3d306 100644
--- a/powershell/light-workstation-onboarding.ps1
+++ b/powershell/light-workstation-onboarding.ps1
@@ -0,0 +1,204 @@
+#Start WinRM Service
+Start-Service WinRM -verbose
+
+#Enable System restore 
+Enable-ComputerRestore -Drive "C:\" -confirm:$false
+`
+
+#Enable SMB and ICMP on Windows Firewall
+Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
+Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
+Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
+Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
+Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True
+
+
+`
+New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue
+New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue
+New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue
+
+
+#Enable Unzip Function - updated below
+#Add-Type -AssemblyName System.IO.Compression.FileSystem -ErrorAction -SilentlyContinue
+#function unzip {
+#	param( [string]$ziparchive, [string]$extractpath )
+#	[System.IO.Compression.ZipFile]::ExtractToDirectory ( $ziparchive, $extractpath)
+#}
+
+
+# Define the paths for the zip file and extraction directory
+$sourceZip = "c:\support\software\O365_BP_x64.zip"
+$destinationDir = "c:\support\software\"
+
+# Ensure the destination directory exists
+if (-Not (Test-Path $destinationDir)) {
+    New-Item -ItemType Directory -Path $destinationDir
+}
+
+# Extract the zip file using Expand-Archive, which handles existing files better than unzip
+try {
+    Expand-Archive -Path $sourceZip -DestinationPath $destinationDir
+    Write-Output "Extraction completed successfully."
+} catch {
+    Write-Error "An error occurred during extraction: $_"
+    exit 1
+}
+
+# Continue with DISM operations if needed, ensuring to handle errors appropriately
+try {
+    # Example DISM command (uncomment and modify as necessary)
+    # DISM /Online /Cleanup-Image /RestoreHealth /Source:c:\support\software\O365_BP_x64.iso /LimitAccess
+} catch {
+    Write-Error "DISM operation failed: $_"
+    exit 1
+}
+
+
+
+#Disable Windows 10 Fast startup
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 
+#Set Power Plan to High Performance
+powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
+powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
+powercfg -change -standby-timeout-ac 0
+powercfg -change -hibernate-timeout-ac 0
+
+
+# Disable display and sleep mode timeouts
+Function DisableSleepTimeout {
+	Write-Output "Disabling sleep mode timeouts for AC..."
+	powercfg /X standby-timeout-ac 0
+	powercfg -change hibernate-timeout-ac 0
+}
+# Hide Taskbar People icon
+Function HideTaskbarPeopleIcon {
+	Write-Output "Hiding People icon..."
+	If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
+		New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
+	}
+	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
+}
+
+# Enable NumLock after startup
+Function EnableNumlock {
+	Write-Output "Enabling NumLock after startup..."
+	If (!(Test-Path "HKU:")) {
+		New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
+	}
+	Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
+	Add-Type -AssemblyName System.Windows.Forms
+	If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
+		$wsh = New-Object -ComObject WScript.Shell
+		$wsh.SendKeys('{NUMLOCK}')
+	}
+}
+
+
+
+##################
+# .Net Framework 3.5
+##################
+#oldversionEnable-WindowsOptionalFeature -Online -FeatureName "NetFx3"
+
+dism /online /cleanup-image /scanhealth
+dism /online /cleanup-image /restorehealth
+
+####################################################
+# Install Office 2016 - Office 365 Business Premium
+####################################################
+$office = $apps | where-object {$_.displayname -like "*Office 16 Click-to-Run*"}
+if($null -eq $office){
+	Invoke-RestMethod 'https://biztechsynergy.com.au/software/O365_BP_x64.zip' -Method 'GET' -OutFile "c:\support\software\O365_BP_x64.zip"
+	unzip "c:\support\software\O365_BP_x64.zip" "c:\support\software\office"
+	C:\support\software\office\setup.exe /configure 'C:\support\software\office\configuration.xml'
+}
+
+#####################
+# Install RMM Agent #
+#####################
+
+# author: https://github.com/bradhawkins85
+$innosetup = 'tacticalagent-v2.8.0-windows-amd64.exe'
+$api = '"https://api.biztechsynergy.xyz"'
+$clientid = '5'
+$siteid = '8'
+$agenttype = '"workstation"'
+$power = 1
+$rdp = 1
+$ping = 1
+$auth = '"38afc3fe72d5d8e20db10cb1ea9171bebf054bec23c3f11eee1e0f7e01b60ed2"'
+$downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe'
+$apilink = $downloadlink.split('/')
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+$serviceName = 'tacticalrmm'
+If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
+    write-host ('Tactical RMM Is Already Installed')
+} Else {
+    $OutPath = $env:TMP
+    $output = $innosetup
+
+    $installArgs = @('-m install --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")
+
+    if ($power) {
+        $installArgs += "--power"
+    }
+
+    if ($rdp) {
+        $installArgs += "--rdp"
+    }
+
+    if ($ping) {
+        $installArgs += "--ping"
+    }
+
+    Try
+    {
+        $DefenderStatus = Get-MpComputerStatus | select  AntivirusEnabled
+        if ($DefenderStatus -match "True") {
+            Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*'
+            Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
+            Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
+        }
+    }
+    Catch {
+        # pass
+    }
+    
+    $X = 0
+    do {
+      Write-Output "Waiting for network"
+      Start-Sleep -s 5
+      $X += 1      
+    } until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3)
+    
+    if ($connectresult.TcpTestSucceeded -eq $true){
+        Try
+        {  
+            Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
+            Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
+            write-host ('Extracting...')
+            Start-Sleep -s 5
+            Start-Process -FilePath "C:\Program Files\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
+            exit 0
+        }
+        Catch
+        {
+            $ErrorMessage = $_.Exception.Message
+            $FailedItem = $_.Exception.ItemName
+            Write-Error -Message "$ErrorMessage $FailedItem"
+            exit 1
+        }
+        Finally
+        {
+            Remove-Item -Path $OutPath\$output
+        }
+    } else {
+        Write-Output "Unable to connect to server"
+    }
+}
+
+
+#END
\ No newline at end of file