<# .SYNOPSIS One-time elevated installer for the location-aware DNS suffix task. .DESCRIPTION Copies dns-location-suffix.ps1 to C:\ProgramData\Beletage and registers a SYSTEM scheduled task that runs it on every network-connect event and at logon. Re-runnable (idempotent) and device-independent (locates the payload via $PSScriptRoot), so the same script installs the automation on any machine where this repo is cloned. Run elevated: Start-Process powershell -Verb RunAs -ArgumentList '-NoProfile','-ExecutionPolicy','Bypass','-File','\install-dns-location-task.ps1' #> $ErrorActionPreference = 'Stop' $taskName = 'Beletage-DNS-Location-Suffix' $dst = 'C:\ProgramData\Beletage' $payload = Join-Path $dst 'dns-location-suffix.ps1' $log = Join-Path $dst 'install.log' New-Item -ItemType Directory -Force -Path $dst | Out-Null Start-Transcript -Path $log -Append | Out-Null try { # 1. Deploy the detection script next to where SYSTEM will run it. Copy-Item (Join-Path $PSScriptRoot 'dns-location-suffix.ps1') $payload -Force Write-Host "Copied payload -> $payload" # 2. Action: run the detection script hidden, policy-bypassed. $action = New-ScheduledTaskAction -Execute 'powershell.exe' ` -Argument "-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$payload`"" # 3a. Trigger: NetworkProfile "network connected" event (ID 10000). $evtTrigger = New-CimInstance -ClientOnly ` -CimClass (Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler) $evtTrigger.Enabled = $true $evtTrigger.Subscription = '*[System[(EventID=10000)]]' # 3b. Trigger: at any user logon (covers boot / resume). $logonTrigger = New-ScheduledTaskTrigger -AtLogOn # 4. Run as SYSTEM, highest privileges. $principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries ` -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 5) Register-ScheduledTask -TaskName $taskName -Force ` -Action $action -Trigger $evtTrigger, $logonTrigger -Principal $principal -Settings $settings | Out-Null Write-Host "Registered task: $taskName" # 5. Run once now to apply the correct order immediately. Start-ScheduledTask -TaskName $taskName Start-Sleep -Seconds 2 Write-Host "Triggered initial run. Current suffix order: [$((Get-DnsClientGlobalSetting).SuffixSearchList -join ', ')]" } catch { Write-Host "INSTALL FAILED: $($_.Exception.Message)" throw } finally { Stop-Transcript | Out-Null }