gitadmin/claude-launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claude-launcher/scripts/install-dns-location-task.ps1
T
gitadmin 5b2e2aa417 Add location-aware DNS suffix auto-switch for LBOOK 
LBOOK is domain-joined to intern.beletage.ro, so the AD suffix was searched first for every single-label name. Off the office LAN, home names like home-ws were tried as home-ws.intern.beletage.ro, routed by NRPT to the AD DNS over VPN, stalling ~11s on timeout before falling back to .lan — slow RDP to home hosts.

scripts/dns-location-suffix.ps1 sets the global suffix search order from the physical NIC subnet (Sophos TAP excluded): intern-first on the office LAN (10.10.10.x / 10.10.40.x), lan-first everywhere else. install-dns-location-task.ps1 registers it as a SYSTEM scheduled task triggered on network-connect (NetworkProfile 10000) and logon; verify-dns-location-task.ps1 reads it back (the task is not queryable unelevated). Also adds .claude/settings.json allowlisting read-only network diagnostics.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 22:19:16 +03:00

65 lines
2.8 KiB
PowerShell
Raw Permalink Blame History

<#
.SYNOPSIS
One-time elevated installer for the location-aware DNS suffix task.
.DESCRIPTION
Copies dns-location-suffix.ps1 to C:\ProgramData\Beletage and registers a SYSTEM
scheduled task that runs it on every network-connect event and at logon. Re-runnable
(idempotent) and device-independent (locates the payload via $PSScriptRoot), so the
same script installs the automation on any machine where this repo is cloned.
Run elevated:
Start-Process powershell -Verb RunAs -ArgumentList '-NoProfile','-ExecutionPolicy','Bypass','-File','<path>\install-dns-location-task.ps1'
#>
$ErrorActionPreference = 'Stop'
$taskName = 'Beletage-DNS-Location-Suffix'
$dst = 'C:\ProgramData\Beletage'
$payload = Join-Path $dst 'dns-location-suffix.ps1'
$log = Join-Path $dst 'install.log'
New-Item -ItemType Directory -Force -Path $dst | Out-Null
Start-Transcript -Path $log -Append | Out-Null
try {
# 1. Deploy the detection script next to where SYSTEM will run it.
Copy-Item (Join-Path $PSScriptRoot 'dns-location-suffix.ps1') $payload -Force
Write-Host "Copied payload -> $payload"
# 2. Action: run the detection script hidden, policy-bypassed.
$action = New-ScheduledTaskAction -Execute 'powershell.exe' `
-Argument "-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$payload`""
# 3a. Trigger: NetworkProfile "network connected" event (ID 10000).
$evtTrigger = New-CimInstance -ClientOnly `
-CimClass (Get-CimClass -ClassName MSFT_TaskEventTrigger -Namespace Root/Microsoft/Windows/TaskScheduler)
$evtTrigger.Enabled = $true
$evtTrigger.Subscription = '<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[(EventID=10000)]]</Select></Query></QueryList>'
# 3b. Trigger: at any user logon (covers boot / resume).
$logonTrigger = New-ScheduledTaskTrigger -AtLogOn
# 4. Run as SYSTEM, highest privileges.
$principal = New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries `
-StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 5)
Register-ScheduledTask -TaskName $taskName -Force `
-Action $action -Trigger $evtTrigger, $logonTrigger -Principal $principal -Settings $settings | Out-Null
Write-Host "Registered task: $taskName"
# 5. Run once now to apply the correct order immediately.
Start-ScheduledTask -TaskName $taskName
Start-Sleep -Seconds 2
Write-Host "Triggered initial run. Current suffix order: [$((Get-DnsClientGlobalSetting).SuffixSearchList -join ', ')]"
}
catch {
Write-Host "INSTALL FAILED: $($_.Exception.Message)"
throw
}
finally {
Stop-Transcript | Out-Null
}
Reference in New Issue View Git Blame Copy Permalink