####################################
# Base System Changes and UI Tweaks
####################################

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -force
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -confirm:$false
$PSRepository = get-PSRepository
if ($PSRepository.installationpolicy -ne 'Trusted') {
    Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
}

$32apps = Get-WmiObject -class win32_product
$32bit = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
$64bit = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
$apps = $32bit + $64bit

#Disable Windows 10 Fast startup
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 
#Set Power Plan to High Performance
powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
powercfg -change -standby-timeout-ac 0
powercfg -change -hibernate-timeout-ac 0

#Enable Unzip Function
Add-Type -AssemblyName System.IO.Compression.FileSystem
function unzip {
	param( [string]$ziparchive, [string]$extractpath )
	[System.IO.Compression.ZipFile]::ExtractToDirectory( $ziparchive, $extractpath )
}

#Create ProgramData\BTS Directories
New-Item -ItemType directory -Path C:\ProgramData\BTS -ErrorAction SilentlyContinue
New-Item -ItemType directory -Path C:\ProgramData\BTS\software -ErrorAction SilentlyContinue
New-Item -ItemType directory -Path C:\ProgramData\BTS\software\AnyDesk -ErrorAction SilentlyContinue

#Install BizTech Synergy RMM Agent
# author: https://github.com/bradhawkins85
$innosetup = 'tacticalagent-v2.8.0-windows-amd64.exe'
$api = '"https://api.biztechsynergy.xyz"'
$clientid = '3'
$siteid = '5'
$agenttype = '"workstation"'
$power = 0
$rdp = 1
$ping = 1
$auth = '"e8653cfe1d9750985926f13fdd79aca7bb79327c1fc5cca9fa06a533f762c7be"'
$downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe'
$apilink = $downloadlink.split('/')

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$serviceName = 'tacticalrmm'
If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
    write-host ('Tactical RMM Is Already Installed')
} Else {
    $OutPath = $env:TMP
    $output = $innosetup

    $installArgs = @('-m install --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")

    if ($power) {
        $installArgs += "--power"
    }

    if ($rdp) {
        $installArgs += "--rdp"
    }

    if ($ping) {
        $installArgs += "--ping"
    }

    Try
    {
        $DefenderStatus = Get-MpComputerStatus | select  AntivirusEnabled
        if ($DefenderStatus -match "True") {
            Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalAgent\*'
            Add-MpPreference -ExclusionPath 'C:\ProgramData\Mesh Agent\*'
            Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
        }
    }
    Catch {
        # pass
    }
    
    $X = 0
    do {
      Write-Output "Waiting for network"
      Start-Sleep -s 5
      $X += 1      
    } until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3)
    
    if ($connectresult.TcpTestSucceeded -eq $true){
        Try
        {  
            Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
            Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
            write-host ('Extracting...')
            Start-Sleep -s 5
            Start-Process -FilePath "C:\ProgramData\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
            exit 0
        }
        Catch
        {
            $ErrorMessage = $_.Exception.Message
            $FailedItem = $_.Exception.ItemName
            Write-Error -Message "$ErrorMessage $FailedItem"
            exit 1
        }
        Finally
        {
            Remove-Item -Path $OutPath\$output
        }
    } else {
        Write-Output "Unable to connect to server"
    }
}

#Start WinRM Service
Start-Service WinRM -verbose

#Enable System restore 
Enable-ComputerRestore -Drive "C:\" -confirm:$false

#Check and Create admin account
$user = get-localuser | Where-Object { $_.name -eq "biztech.admin" }
$pass = 'r1ug7FaG0fD2' | ConvertTo-SecureString -AsPlainText -Force
if ($user.enabled -eq $true) {
	set-localuser -name $user -password $pass
	Add-LocalGroupMember -group 'administrators' -Member $user -ErrorAction SilentlyContinue
	Write-host 'Password has been successfully set'
} elseif ($user.enabled -eq $false) {
	Enable-LocalUser -name 'biztech.admin'
	Set-LocalUser -name 'biztech.admin' -password $pass
	Write-host 'Administrator Account has been successfully Enabled'
}


#Enable SMB and ICMP on Windows Firewall
Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True


# # Set WinUserLanguageList as a variable
# $lang = Get-WinUserLanguageList 
# # Clear the WinUserLanguageList
# $lang.Clear()
# # Add language to the language list
# $lang.add("en-AU")
# # Remove whatever input method is present
# $lang[0].InputMethodTips.Clear()
# # Add this keyboard as keyboard language
# $lang[0].InputMethodTips.Add('0C09:00000409')
# # Set this language list as default
# Set-WinUserLanguageList $lang -Force
# # Make region settings independent of OS language
# Set-WinCultureFromLanguageListOptOut -OptOut $True
# # Set Windows Dispaly Language
# Set-WinUILanguageOverride -Language en-AU
# # Set region to this Country
# Set-Culture en-AU
# # Set the location to this location
# Set-WinHomeLocation -GeoId 12
# # Set non-unicode legacy software to use this language as default
# Set-WinSystemLocale -SystemLocale en-AU
# # Set the TimeZone
# Set-TimeZone -name 'AUS Eastern Standard Time'
# #Brisbane Standard Time
# # E. Australia Standard Time
# #Darwin Standard Time
# # AUS Central Standard Time
# #Adelaide Standard Time
# # Cen. Australia Standard Time

#Fix Network Print
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Print" -name "RpcAuthnLevelPrivacyEnabled" -value 00000000 -type dword

# Default preset
$tweaks = @(
	### Require administrator privileges ###
	"RequireAdmin",
	"EnableRemoteDesktop",
	"DisableSleepTimeout",
	"HideTaskbarPeopleIcon",
	"EnableNumlock"
)

# Relaunch the script with administrator privileges
Function RequireAdmin {
	If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
		Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs
		Exit
	}
}
# Enable Remote Desktop w/o Network Level Authentication
Function EnableRemoteDesktop {
	Write-Output "Enabling Remote Desktop w/o Network Level Authentication..."
	Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
	Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
	Enable-NetFirewallRule -Name "RemoteDesktop*"
}
# Disable display and sleep mode timeouts
Function DisableSleepTimeout {
	Write-Output "Disabling sleep mode timeouts for AC..."
	powercfg /X standby-timeout-ac 0
	powercfg -change hibernate-timeout-ac 0
}
# Hide Taskbar People icon
Function HideTaskbarPeopleIcon {
	Write-Output "Hiding People icon..."
	If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
		New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
	}
	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
}

# Enable NumLock after startup
Function EnableNumlock {
	Write-Output "Enabling NumLock after startup..."
	If (!(Test-Path "HKU:")) {
		New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
	}
	Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
	Add-Type -AssemblyName System.Windows.Forms
	If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
		$wsh = New-Object -ComObject WScript.Shell
		$wsh.SendKeys('{NUMLOCK}')
	}
}
# Normalize path to preset file
$preset = ""
$PSCommandArgs = $args
If ($args -And $args[0].ToLower() -eq "-preset") {
	$preset = Resolve-Path $($args | Select-Object -Skip 1)
	$PSCommandArgs = "-preset `"$preset`""
}
# Load function names from command line arguments or a preset file
If ($args) {
	$tweaks = $args
	If ($preset) {
		$tweaks = Get-Content $preset -ErrorAction Stop | ForEach { $_.Trim() } | Where { $_ -ne "" -and $_[0] -ne "#" }
	}
}

# Call the desired tweak functions
$tweaks | ForEach { Invoke-Expression $_ }

##################
# .Net Framework 3.5
##################
Enable-WindowsOptionalFeature -Online -FeatureName "NetFx3"


##################
# Google Chrome
##################
$Chrome = $apps | where-object {$_.displayname -like "*chrome*"}
if($null -eq $Chrome){
$Path = 'C:\ProgramData\BTS\software'
$Installer = "chrome_installer.exe" 
Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer
Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait
}

##################
# Install VLC
##################
$vlc = $apps | where-object {$_.displayname -like "*VLC*"}
if($null -eq $vlc){
write-host 'Installing VLC' -ForegroundColor yellow
Invoke-RestMethod 'https://mirror.aarnet.edu.au/pub/videolan/vlc/3.0.21/win64/vlc-3.0.21-win64.exe' -Method 'GET' -OutFile "c:\ProgramData\BTS\software\vlc-3.0.21-win64.exe" 
start-process -WorkingDirectory "C:\ProgramData\BTS\Software" -FilePath '.\vlc-3.0.21-win64.exe' -argumentlist '/L=1033 /S'
}

##################
# Install 7-zip
##################
Invoke-WebRequest -Uri "https://www.7-zip.org/a/7z2301-x64.exe" -OutFile 'C:\ProgramData\BTS\7z2301-x64.exe'
Start-Process -WorkingDirectory 'C:\ProgramData\BTS' -FilePath '.\7z2301-x64.exe' -ArgumentList '/S'


####################################################
# New Teams
####################################################
Invoke-WebRequest -uri "https://biztechsynergy.com.au/software/teamsbootstrapper.exe" -outfile "C:\ProgramData\BTS\software\teamsbootstrapper.exe"
start-process -workingdirectory "C:\ProgramData\BTS\software" -filepath ".\teamsbootstrapper.exe" -ArgumentList "-p"



$msgBoxInput = [System.Windows.MessageBox]::Show("Tnstallation complete.")