# Register-MapSfldShare.ps1 - Stage Map-SfldShare.ps1 + register a logon
# task that maps S: for any user in BUILTIN\Users (SupportUser, ShopFloor,
# any future end-user accounts).
#
# Why not the vendor's ConsumeCredentials.ps1: it calls
# New-StoredCredential -Persist LocalMachine (needs admin) before net use.
# ShopFloor is non-admin, so the cred-store fails and net use has no auth.
# Our Map-SfldShare.ps1 reads HKLM creds directly and passes them inline
# to net use /user: -- no Credential Manager needed, works as Limited.

$ErrorActionPreference = 'Continue'

$installRoot = 'C:\Program Files\GE\SfldShare'
$mapScript   = Join-Path $installRoot 'Map-SfldShare.ps1'
$logDir      = 'C:\Logs\SFLD'
$logFile     = Join-Path $logDir 'register-mapshare.log'
if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }

function Write-RegLog {
    param([string]$Message)
    $line = '[{0}] [INFO] {1}' -f (Get-Date -Format 'yyyy-MM-dd HH:mm:ss'), $Message
    Add-Content -Path $logFile -Value $line -ErrorAction SilentlyContinue
    Write-Host $line
}

Write-RegLog '=== Register-MapSfldShare start ==='

# Stage our Map-SfldShare.ps1 to a persistent location
if (-not (Test-Path $installRoot)) {
    New-Item -Path $installRoot -ItemType Directory -Force | Out-Null
}
$src = Join-Path $PSScriptRoot 'lib\Map-SfldShare.ps1'
if (Test-Path $src) {
    Copy-Item -Path $src -Destination $mapScript -Force
    Write-RegLog "Staged $src -> $mapScript"
} else {
    Write-RegLog "Map-SfldShare.ps1 not found at $src - cannot register"
    exit 1
}

try {
    $action = New-ScheduledTaskAction `
        -Execute 'powershell.exe' `
        -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$mapScript`""

    $trigger = New-ScheduledTaskTrigger -AtLogOn

    # BUILTIN\Users + Limited: any logged-in user triggers it; action
    # runs in that user's session so net use lands the drive in the
    # right place.
    $principal = New-ScheduledTaskPrincipal -GroupId 'S-1-5-32-545' -RunLevel Limited

    $settings = New-ScheduledTaskSettingsSet `
        -AllowStartIfOnBatteries `
        -DontStopIfGoingOnBatteries `
        -StartWhenAvailable `
        -ExecutionTimeLimit (New-TimeSpan -Minutes 5)

    Write-RegLog "Registering 'GE Shopfloor Map S: Drive' (logon trigger, BUILTIN\Users -> $vendorScript)"

    Register-ScheduledTask `
        -TaskName  'GE Shopfloor Map S: Drive' `
        -Action    $action `
        -Trigger   $trigger `
        -Principal $principal `
        -Settings  $settings `
        -Force `
        -Description 'Map SFLD share drives on any user logon using HKLM creds (parallel to the principal-restricted vendor task) so ShopFloor and other end-user accounts get S: mapped' `
        -ErrorAction Stop | Out-Null

    Write-RegLog 'Scheduled task registered'
} catch {
    Write-RegLog "FAILED to register task: $_"
    exit 1
}

Write-RegLog '=== Register-MapSfldShare end ==='
exit 0