claudetools/projects/msp-tools/guru-rmm/agent-legacy/Install-GuruRMM.ps1

#Requires -Version 2.0
#Requires -RunAsAdministrator
<#
.SYNOPSIS
    Installs GuruRMM Legacy Agent as a scheduled task

.DESCRIPTION
    - Copies agent to C:\Program Files\GuruRMM
    - Registers with server using site code
    - Creates scheduled task to run at startup

.PARAMETER SiteCode
    The site code (WORD-WORD-NUMBER format, e.g., DARK-GROVE-7839)

.PARAMETER ServerUrl
    The GuruRMM server URL (default: https://rmm-api.azcomputerguru.com)

.PARAMETER AllowInsecureTLS
    [SECURITY RISK] Disables SSL/TLS certificate validation. Required ONLY for
    systems with self-signed certificates or broken certificate chains.

    WARNING: This flag makes the connection vulnerable to man-in-the-middle
    attacks. Only use on isolated networks or when absolutely necessary.

.EXAMPLE
    # Secure installation (recommended)
    .\Install-GuruRMM.ps1 -SiteCode DARK-GROVE-7839

.EXAMPLE
    # Insecure installation (legacy systems with self-signed certs ONLY)
    .\Install-GuruRMM.ps1 -SiteCode DARK-GROVE-7839 -AllowInsecureTLS
#>

param(
    [Parameter()]
    [string]$SiteCode,

    [Parameter()]
    [string]$ServerUrl = "https://rmm-api.azcomputerguru.com",

    [Parameter()]
    [switch]$AllowInsecureTLS
)

$ErrorActionPreference = "Stop"

$InstallDir = "C:\Program Files\GuruRMM"
$ConfigDir = "C:\ProgramData\GuruRMM"
$TaskName = "GuruRMM Agent"
$AgentScript = "GuruRMM-Agent.ps1"

function Write-Status {
    param([string]$Message, [string]$Type = "INFO")
    switch ($Type) {
        "OK"    { Write-Host "[OK] $Message" -ForegroundColor Green }
        "ERROR" { Write-Host "[ERROR] $Message" -ForegroundColor Red }
        "WARN"  { Write-Host "[WARN] $Message" -ForegroundColor Yellow }
        default { Write-Host "[*] $Message" -ForegroundColor Cyan }
    }
}

# Header
Write-Host ""
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "  GuruRMM Legacy Agent Installer" -ForegroundColor Cyan
Write-Host "  For Windows Server 2008 R2 and older" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""

# Check if running as admin
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $isAdmin) {
    Write-Status "This script must be run as Administrator" "ERROR"
    exit 1
}

# Get site code if not provided
if (-not $SiteCode) {
    Write-Host "Enter site code (WORD-WORD-NUMBER format)" -ForegroundColor Yellow
    Write-Host "Example: DARK-GROVE-7839" -ForegroundColor Gray
    Write-Host ""
    $SiteCode = Read-Host "Site Code"
}

# Validate site code format
$SiteCode = $SiteCode.ToUpper().Trim()
if ($SiteCode -notmatch '^[A-Z]+-[A-Z]+-\d+$') {
    Write-Status "Invalid site code format. Expected: WORD-WORD-NUMBER" "ERROR"
    exit 1
}

Write-Status "Site Code: $SiteCode"
Write-Status "Server: $ServerUrl"
Write-Host ""

# Step 1: Create directories
Write-Status "Creating installation directories..."
try {
    if (-not (Test-Path $InstallDir)) {
        New-Item -ItemType Directory -Path $InstallDir -Force | Out-Null
    }
    if (-not (Test-Path $ConfigDir)) {
        New-Item -ItemType Directory -Path $ConfigDir -Force | Out-Null
    }
    Write-Status "Directories created" "OK"
} catch {
    Write-Status "Failed to create directories: $($_.Exception.Message)" "ERROR"
    exit 1
}

# Step 2: Copy agent script
Write-Status "Copying agent script..."
try {
    $sourceScript = Join-Path $PSScriptRoot $AgentScript
    if (-not (Test-Path $sourceScript)) {
        Write-Status "Agent script not found: $sourceScript" "ERROR"
        exit 1
    }

    $destScript = Join-Path $InstallDir $AgentScript
    Copy-Item $sourceScript $destScript -Force
    Write-Status "Agent script installed to $destScript" "OK"
} catch {
    Write-Status "Failed to copy agent: $($_.Exception.Message)" "ERROR"
    exit 1
}

# Step 3: Register agent
Write-Status "Registering with GuruRMM server..."
if ($AllowInsecureTLS) {
    Write-Status "[SECURITY WARNING] Installing with certificate validation DISABLED" "WARN"
    Write-Status "This makes the connection vulnerable to MITM attacks" "WARN"
}
try {
    $registerArgs = "-ExecutionPolicy Bypass -File `"$destScript`" -SiteCode `"$SiteCode`" -ServerUrl `"$ServerUrl`""
    if ($AllowInsecureTLS) {
        $registerArgs += " -AllowInsecureTLS"
    }
    $process = Start-Process powershell.exe -ArgumentList $registerArgs -Wait -PassThru -NoNewWindow

    if ($process.ExitCode -ne 0) {
        Write-Status "Registration may have failed. Check connectivity to $ServerUrl" "WARN"
    } else {
        Write-Status "Agent registered successfully" "OK"
    }
} catch {
    Write-Status "Registration error: $($_.Exception.Message)" "WARN"
}

# Step 4: Remove existing scheduled task if present
Write-Status "Configuring scheduled task..."
try {
    $existingTask = schtasks /query /tn $TaskName 2>$null
    if ($existingTask) {
        schtasks /delete /tn $TaskName /f | Out-Null
        Write-Status "Removed existing task" "OK"
    }
} catch {}

# Step 5: Create scheduled task
try {
    # Create the task to run at startup
    $taskCommand = "powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$destScript`""
    if ($AllowInsecureTLS) {
        $taskCommand += " -AllowInsecureTLS"
    }

    # Create task that runs at system startup
    schtasks /create /tn $TaskName /tr $taskCommand /sc onstart /ru SYSTEM /rl HIGHEST /f | Out-Null

    Write-Status "Scheduled task created: $TaskName" "OK"
    if ($AllowInsecureTLS) {
        Write-Status "Task configured with -AllowInsecureTLS flag" "WARN"
    }
} catch {
    Write-Status "Failed to create scheduled task: $($_.Exception.Message)" "ERROR"
    Write-Status "You may need to manually create the task" "WARN"
}

# Step 6: Start the agent now
Write-Status "Starting agent..."
try {
    schtasks /run /tn $TaskName | Out-Null
    Write-Status "Agent started" "OK"
} catch {
    Write-Status "Could not start agent automatically" "WARN"
}

# Done
Write-Host ""
Write-Host "========================================" -ForegroundColor Green
Write-Host "  Installation Complete!" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Green
Write-Host ""
Write-Host "Installation directory: $InstallDir" -ForegroundColor Gray
Write-Host "Configuration: $ConfigDir\agent.json" -ForegroundColor Gray
Write-Host "Logs: $ConfigDir\agent.log" -ForegroundColor Gray
Write-Host ""
Write-Host "The agent will start automatically on boot." -ForegroundColor Cyan
Write-Host ""
Write-Host "To check status:" -ForegroundColor Yellow
Write-Host "  schtasks /query /tn `"$TaskName`"" -ForegroundColor White
Write-Host ""
Write-Host "To view logs:" -ForegroundColor Yellow
Write-Host "  Get-Content $ConfigDir\agent.log -Tail 50" -ForegroundColor White
Write-Host ""