PS Scripts for setup and cleanup of crc system tray on windows

daemonCleanup.ps1

$tempDir = $args[0]
$startUpFolder = "$Env:USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"

function RemoveUserFromServiceLogon
{    
    # security template to modify SeServiceLogonRight
    $securityTemplate = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = {0}
"@

    # Dump user rights security policies to $tempDir\secdef.inf
    SecEdit.exe /export /cfg $tempDir\secdef.inf /areas USER_RIGHTS
    if ($LASTEXITCODE -ne 0)
    {
        exit 1
    }

    $userRights = Get-Content -Path $tempDir\secdef.inf
    $serviceLogonUserRight = ($userRights | select-string -Pattern "SeServiceLogonRight\s=\s.*")

    # get the sids from SeServiceLogonRight
    $sidsInServiceLogonRight = ($serviceLogonUserRight -split "=")[1].Trim()
    $sidsArray = $sidsInServiceLogonRight -split ","

    $newSids = $sidsArray | Where-Object {$_ -ne $env:USERNAME}
    $newSids = $newSids -Join ","

    # fill up the security template
    $templateContent = $securityTemplate -f "$newSids"

    # write and configure
    Set-Content -Path $tempDir\secdef_fin.inf $templateContent
    SecEdit.exe /configure /db $tempDir\tempdb.db /cfg $tempDir\secdef_fin.inf /areas USER_RIGHTS
}

function DeleteDaemonService()
{
    sc.exe stop "CodeReady Containers"
    sc.exe delete "CodeReady Containers"
}

function RemoveTrayFromStartUpFolder()
{
    Stop-Process -Name "tray-windows"
    Remove-Item "$startUpFolder\tray_windows.lnk"
}

# Start of actual cleanup process
RemoveUserFromServiceLogon
DeleteDaemonService
RemoveTrayFromStartUpFolder

daemonSetup.ps1

# Stop if errors occur
# we'll write to a temporary file at the end of the script to indicate success
$ErrorActionPreference = "Stop"

# Values needed later in the script
$password = $args[0]
$tempDir = $args[1]
$crcBinaryPath = $args[2]
$trayBinaryPath = $args[3]
$serviceName

# Get the current user's sid
$currentUserSid = (Get-LocalUser -Name "$env:USERNAME").Sid.Value
$startUpFolder = "$Env:USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"


function AddServiceLogonRightForCurrentUser()
{
    
    # security template to modify SeServiceLogonRight
    $securityTemplate = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = {0}
"@

    # Dump user rights security policies to $tempDir\secdef.inf
    SecEdit.exe /export /cfg $tempDir\secdef.inf /areas USER_RIGHTS
    if ($LASTEXITCODE -ne 0)
    {
        exit 1
    }

    $userRights = Get-Content -Path $tempDir\secdef.inf
    $serviceLogonUserRight = ($userRights | select-string -Pattern "SeServiceLogonRight\s=\s.*")

    # get the sids from SeServiceLogonRight
    $sidsInServiceLogonRight = ($serviceLogonUserRight -split "=")[1].Trim()
    $sidsArray = $sidsInServiceLogonRight -split ","

    if (!($sidsArray.Contains($env:USERNAME) -or $sidsArray.Contains("*"+$currentUserSid)))
    {
        Write-Output "User doesn't have logon as service right, adding sid of $env:Username"
        $sidsInServiceLogonRight += ",*$currentUserSid"

        # fill the template with new list of sids
        $templateContent = $securityTemplate -f "$sidsInServiceLogonRight"
    
        # write the template content to a file
        Set-Content -Path $tempDir\secdef_fin.inf $templateContent

        # Configure secpol with the new sids containing the current user's sid
        SecEdit.exe /configure /db $tempDir\tempdb.db /cfg $tempDir\secdef_fin.inf /areas USER_RIGHTS
        if ($LASTEXITCODE -ne 0)
        {
            exit
        }
    }
}

function CreateDaemonService()
{
    $secPass = ConvertTo-SecureString $password -AsPlainText -Force
    $creds = New-Object pscredential ("$env:USERDOMAIN\$env:USERNAME", $secPass)

    $params = @{
        Name = "CodeReady Containers"
        BinaryPathName = "$crcBinaryPath daemon"
        DisplayName = "CodeReady Containers"
        StartupType = "Automatic" 
        Description = "CodeReady Containers Daemon service for system tray."
        Credential = $creds
    }

    New-Service @params
}

function StartDaemonService()
{
    Start-Service "CodeReady Containers"
}

# Start of the actual setup procedure
# Add SeServiceLogonRight for current user
AddServiceLogonRightForCurrentUser

# delete if an existing service named "CodeReady Containers" exists
# Remove-Service cmdlet doesn't exist for some reason
sc.exe stop "CodeReady Containers"
if ($LASTEXITCODE -ne 0)
{
    Write-Output "Service stop failed!!"
}
sc.exe delete "CodeReady Containers"
if ($LASTEXITCODE -ne 0)
{
    Write-Output "Service delete failed!!"
}

# create the daemon service and start it
CreateDaemonService
StartDaemonService

# add tray binary to startup folder, but first
# try to kill if an existing tray is running
# remove if the tray already exists in start up folder
$ErrorActionPreference = "Continue"
Stop-Process -Name tray-windows
Write-Output "Could've killed, or couldn't, don't know really"
Remove-Item "$startUpFolder\tray_windows.lnk"

$ErrorActionPreference = "Stop"
New-Item -ItemType SymbolicLink -Path "$startUpFolder" -Name "tray_windows.lnk" -Value "$trayBinaryPath"

# start tray process
Start-Process -FilePath "$trayBinaryPath"

# touch success file, we check existence of this file from crc go code
New-Item -ItemType File -Path "$tempDir" -Name ".success"