# Step 0: Check if the script has already run
$markerFile = "C:\ProgramData\AutoLogonSetupComplete.txt"

if (Test-Path $markerFile) {
    Write-Output "Setup has already completed. Exiting script."
    exit 0
}

# Step 1: Create the local user account if it does not exist
$localUser = "localuser"
$plainPassword = "P@ssword123"
$localPassword = $plainPassword | ConvertTo-SecureString -AsPlainText -Force

if (-not (Get-LocalUser -Name $localUser -ErrorAction SilentlyContinue)) {
    New-LocalUser -Name $localUser -Password $localPassword -FullName "Local Autologon User" -PasswordNeverExpires -AccountNeverExpires
    Add-LocalGroupMember -Group "Administrators" -Member $localUser
    Start-Sleep -Seconds 2
    cmd.exe /c "net user $localUser /passwordchg:no"
    Write-Output "Local user '$localUser' created and configured."
} else {
    Write-Output "Local user '$localUser' already exists."
}

# Step 2: Set autologon values
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $regPath -Name "AutoAdminLogon" -Value "1" -Type String
Set-ItemProperty -Path $regPath -Name "DefaultUsername" -Value $localUser -Type String
Set-ItemProperty -Path $regPath -Name "DefaultPassword" -Value $plainPassword -Type String
Set-ItemProperty -Path $regPath -Name "DefaultDomainName" -Value "." -Type String
Write-Output "Autologon values set."

# Step 3: Create the cleanup script
$cleanupScriptPath = "$env:ProgramData\CleanupAutoLogon.ps1"
$cleanupScript = @'
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
$valuesToRemove = @("AutoAdminLogon","DefaultUsername","DefaultPassword","DefaultDomainName")
foreach ($value in $valuesToRemove) {
    if (Test-Path -Path $regPath) {
        if (Get-ItemProperty -Path $regPath -Name $value -ErrorAction SilentlyContinue) {
            Remove-ItemProperty -Path $regPath -Name $value -ErrorAction SilentlyContinue
        }
    }
}
'@
Set-Content -Path $cleanupScriptPath -Value $cleanupScript -Force -Encoding Unicode

# Step 4: Schedule cleanup in 30 minutes
$taskName = "AutoLogonCleanupTask"
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File `"$cleanupScriptPath`""
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(30)
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -Principal $principal

# Step 5: Marker + Restart
New-Item -Path $markerFile -ItemType File -Force | Out-Null
Write-Output "Restarting in 10 seconds..."
Start-Sleep -Seconds 10
Restart-Computer -Force