# run-enrollment.ps1
# Installs GCCH enrollment provisioning package via Install-ProvisioningPackage
# Called by FirstLogonCommands as SupportUser (admin) after imaging

$ErrorActionPreference = 'Continue'
$logFile = "C:\Logs\enrollment.log"
New-Item -ItemType Directory -Path "C:\Logs" -Force -ErrorAction SilentlyContinue | Out-Null

function Log {
    param([string]$Message)
    $ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $line = "$ts  $Message"
    Write-Host $line
    Add-Content -Path $logFile -Value $line
}

Log "=== GE Aerospace GCCH Enrollment ==="

# --- Find the .ppkg ---
$ppkgFile = Get-ChildItem "C:\Enrollment\*.ppkg" -ErrorAction SilentlyContinue | Select-Object -First 1
if (-not $ppkgFile) {
    Log "ERROR: No .ppkg found in C:\Enrollment\"
    exit 1
}
Log "Package: $($ppkgFile.Name)"

# --- Set computer name to E<serial> ---
$serial = (Get-CimInstance Win32_BIOS).SerialNumber
$newName = "E$serial"
Log "Setting computer name to $newName"
Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue

# --- Install provisioning package ---
Log "Installing provisioning package..."
try {
    Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall
    Log "Provisioning package installed successfully."
} catch {
    Log "ERROR: Install-ProvisioningPackage failed: $_"
    Log "Attempting fallback with Add-ProvisioningPackage..."
    try {
        Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall
        Log "Provisioning package added successfully (fallback)."
    } catch {
        Log "ERROR: Fallback also failed: $_"
        exit 1
    }
}

# --- Set OOBE complete ---
Log "Setting OOBE as complete..."
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v OOBEComplete /t REG_DWORD /d 1 /f | Out-Null
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE" /v SetupDisplayedEula /t REG_DWORD /d 1 /f | Out-Null

# --- Stage the imaging chain for next boot ---
# The PPKG schedules a reboot (PendingFileRenameOperations for Zscaler
# rename, PPKG self-cleanup, etc). Instead of canceling it and cramming
# Run-ShopfloorSetup into this same session, we let the reboot happen
# and register a RunOnce entry that fires Stage-Dispatcher.ps1 on the
# next autologon. The dispatcher reads setup-stage.txt and chains
# through: shopfloor-setup -> sync-intune -> configure-pc.
$stageFile = 'C:\Enrollment\setup-stage.txt'
$dispatcherPath = 'C:\Enrollment\Stage-Dispatcher.ps1'
$runOnceKey = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'

Log "Writing stage file: shopfloor-setup"
Set-Content -LiteralPath $stageFile -Value 'shopfloor-setup' -Force

if (Test-Path -LiteralPath $dispatcherPath) {
    Log "Registering RunOnce for Stage-Dispatcher.ps1"
    Set-ItemProperty -Path $runOnceKey -Name 'ShopfloorSetup' `
        -Value "powershell.exe -NoProfile -ExecutionPolicy Bypass -File `"$dispatcherPath`"" `
        -Type String -Force
} else {
    Log "WARNING: Stage-Dispatcher.ps1 not found at $dispatcherPath - RunOnce not set"
}

Log "=== Enrollment complete. PPKG reboot will fire and Stage-Dispatcher picks up on next logon. ==="