# Activate windows
irm https://massgrave.dev/get | iex

#Download temp files
$tmpPath = Join-Path $env:LOCALAPPDATA "Temp"

$filesToDownload = @(
    @{
        Url = "https://education.lego.com/_/downloads/EV3_Classroom_Windows_1.5.3_Global.msi"
        FileName = "EV3_Classroom_Windows_1.5.3_Global.msi"
    },
    @{
        Url = "https://cdn.discordapp.com/attachments/704760633379389533/1161288505390026772/simulation.zip"
        FileName = "Simulation Domotique.zip"
    },
    @{
        Url = "https://cdn.discordapp.com/attachments/704760633379389533/1161288504765059172/RobotProg.zip"
        FileName = "RobotProg.zip"
    }
)

foreach ($fileInfo in $filesToDownload) {
    $filePath = Join-Path $tmpPath $fileInfo.FileName

    if (-not (Test-Path -Path $filePath -PathType Leaf)) {
        Invoke-WebRequest -Uri $fileInfo.Url -OutFile $filePath
    }
}

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

# Setup users
Set-LocalUser -Name "Eleve" -PasswordNeverExpires $true -UserMayChangePassword $false -Password ([securestring]::new())
$SecurePassword = ConvertTo-SecureString -String "IPRprof2398" -AsPlainText -Force
Set-LocalUser -Name "Prof" -PasswordNeverExpires $true -UserMayChangePassword $false -Password $SecurePassword
$SecurePassword = ConvertTo-SecureString -String "Lprsnm4ehk26-" -AsPlainText -Force
Set-LocalUser -Name "Admin" -PasswordNeverExpires $true -Password $SecurePassword


# Function to load a user's HKU registry hive
function UserReg {
    param (
        [string] $Username
    )

    # Get the list of user profiles on the computer
    $UserProfiles = Get-WmiObject Win32_UserProfile | Where-Object { $_.Special -eq $false }

    # Search for the user profile based on the username
    $UserProfile = $UserProfiles | Where-Object { $_.LocalPath.EndsWith("\$Username") }

    # Check if the user profile exists
    if ($UserProfile -ne $null) {
        # Construct the path to the user's NTUSER.DAT file (registry hive)
        $UserSID = $UserProfile.SID
        $HivePath = Join-Path -Path $UserProfile.LocalPath -ChildPath "NTUSER.DAT"

        # Return the user's SID and HKU registry key
        return $UserSID, "Registry::HKEY_USERS\$UserSID"
    } else {
        Write-Host "User profile for $Username not found."
        return $null, $null
    }
}

$TargetUsername = "Eleve"
$UserSID, $UserHKUPath = UserReg -Username $TargetUsername
# Add restriction
if ($UserSID -ne $null -and $UserHKUPath -ne $null) {
    # Restrict access to Settings
    $ControlPanelKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    $ControlPanelValueName = "NoControlPanel"
    if (Test-Path -Path $ControlPanelKeyPath) {
        $RegistryItem = Get-ItemProperty -Path $ControlPanelKeyPath
        if ($RegistryItem.PSObject.Properties.Name -contains $ControlPanelValueName) {
            Set-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1
        } else {
            New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
        }
    } else {
        New-Item -Path $ControlPanelKeyPath -Force
        New-ItemProperty -Path $ControlPanelKeyPath -Name $ControlPanelValueName -Value 1 -PropertyType DWord
    }

    # Disable access to regedit
    $REGKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\System"
    $REGValueName = "DisableRegistryTools"
    if (Test-Path -Path $REGKeyPath) {
        $RegistryItem = Get-ItemProperty -Path $REGKeyPath
        if ($RegistryItem.PSObject.Properties.Name -contains $REGValueName) {
            Set-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1
        } else {
            New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
        }
    } else {
        New-Item -Path $REGKeyPath -Force
        New-ItemProperty -Path $REGKeyPath -Name $REGValueName -Value 1 -PropertyType DWord
    }

    # Restrict access to Command Prompt
    $CMDKeyPath = "$UserHKUPath\Software\Policies\Microsoft\Windows\System"
    $CMDValueName = "DisableCMD"
    if (Test-Path -Path $CMDKeyPath) {
        $RegistryItem = Get-ItemProperty -Path $CMDKeyPath
        if ($RegistryItem.PSObject.Properties.Name -contains $CMDValueName) {
            Set-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1
        } else {
            New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
        }
    } else {
        New-Item -Path $CMDKeyPath -Force
        New-ItemProperty -Path $CMDKeyPath -Name $CMDValueName -Value 1 -PropertyType DWord
    }

    # Add entries to DisallowRun for cmd.exe and powershell.exe
    $DisallowRunKeyPath = "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"
    if (Test-Path -Path $DisallowRunKeyPath) {
        Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
        $applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe")
        foreach ($valueName in $applications) {
            $valueExists = $DisallowRunKeyPath.PSObject.Properties.Name -contains $valueName
            if (!$valueExists) {
                New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String
            }
        }
    } else {
        New-Item -Path $DisallowRunKeyPath -Force
        Set-ItemProperty -Path "$UserHKUPath\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "DisallowRun" -Value 1
        $applications = @("cmd.exe", "powershell.exe", "powershell_ise.exe")
        foreach ($valueName in $applications) {
            New-ItemProperty -Path $DisallowRunKeyPath -Name $valueName -Value $valueName -PropertyType String
        }
    }
} else {
    Write-Host "Unable to get the user's HKU registry."
}

# Installing needed apps
choco upgrade all -y
choco install dotnet -y
choco install vcredist-all -y
choco install firefox -y
choco install 7zip -y
choco install onlyoffice -y
choco install googleearthpro -y
choco install adobereader -y
choco install sublimetext4 -y
choco install vlc -y
choco install audacity -y

choco install scratch -y
choco install mblock -y
Expand-Archive -Path (Join-Path $tmpPath "Simulation Domotique.zip") -DestinationPath $env:ProgramFiles -Force
$sourceFolderPath = Join-Path $env:ProgramFiles "simulation"
$destinationFolderPath = Join-Path $env:ProgramFiles "Simulation Domotique"
if (Test-Path -Path $sourceFolderPath -PathType Container) {
    if (Test-Path -Path $destinationFolderPath -PathType Container) {
        Remove-Item -Path $destinationFolderPath -Recurse -Force
    }
    Rename-Item -Path $sourceFolderPath -NewName "Simulation Domotique"
}
$targetExePath = "C:\Program Files\Simulation Domotique\simulation.exe"
$shortcutPath = (Join-Path $env:PUBLIC "Desktop\Simulation Domotique.lnk")
$shell = New-Object -ComObject WScript.Shell
$shortcut = $shell.CreateShortcut($shortcutPath)
$shortcut.TargetPath = $targetExePath
$shortcut.IconLocation = $targetExePath
$shortcut.WorkingDirectory = (Get-Item $targetExePath).DirectoryName
$shortcut.Save()
choco install arduino -y
choco install ganttproject -y
$msiFilePath = Join-Path -Path $tmpPath -ChildPath "EV3_Classroom_Windows_1.5.3_Global.msi"
Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"$msiFilePath`" /qn" -Wait
Expand-Archive -Path (Join-Path $tmpPath RobotProg.zip) -DestinationPath $env:ProgramFiles -Force
$targetExePath = "C:\Program Files\RobotProg\RobotProg.exe"
$shortcutPath = (Join-Path $env:PUBLIC "Desktop\RobotProg.lnk")
$shell = New-Object -ComObject WScript.Shell
$shortcut = $shell.CreateShortcut($shortcutPath)
$shortcut.TargetPath = $targetExePath
$shortcut.IconLocation = $targetExePath
$shortcut.WorkingDirectory = (Get-Item $targetExePath).DirectoryName
$shortcut.Save()

# URL shortcut
Disable-WindowsOptionalFeature -online -NoRestart -FeatureName internet-explorer-optional-amd64
$wshShell = New-Object -ComObject "WScript.Shell"
$urlShortcut = $wshShell.CreateShortcut((Join-Path $env:PUBLIC "Desktop\Office 365.url"))
$urlShortcut.TargetPath = "https://office.com/"
$urlShortcut.Save()
$urlShortcut = $wshShell.CreateShortcut((Join-Path $env:PUBLIC "Desktop\Ecole Direct.url"))
$urlShortcut.TargetPath = "https://ecoledirecte.com/"
$urlShortcut.Save()
$urlShortcut = $wshShell.CreateShortcut((Join-Path $env:PUBLIC "Desktop\PIX.url"))
$urlShortcut.TargetPath = "https://pix.fr/"
$urlShortcut.Save()
$urlShortcut = $wshShell.CreateShortcut((Join-Path $env:PUBLIC "Desktop\Framindmap.url"))
$urlShortcut.TargetPath = "https://framindmap.org/"
$urlShortcut.Save()

# Update Windows
Install-Module -Name PSWindowsUpdate -Force
Get-WindowsUpdate -ForceInstall
Install-WindowsUpdate -AcceptAll -AutoReboot