# Define variables
$jsonPath = "C:\Windows\System32\IntegratedServicesRegionPolicySet.json"
$backupPath = "$jsonPath.bak"
$logPath = "$env:ProgramData\RegionPolicyPatch.log"
$targetRegion = (Get-Culture).TwoLetterISOLanguageName.ToUpper()
#$targetRegion = "NL"

# Helper to write to screen and log
$timestamp = Get-Date -Format u
Write-Output "[$timestamp] Starting patch for region: $targetRegion"
Add-Content -Path $logPath -Value "[$timestamp] Starting patch for region: $targetRegion"

# Check if file exists
if (-not (Test-Path $jsonPath)) {
    Write-Output "Policy file not found at $jsonPath"
    Add-Content -Path $logPath -Value "File not found: $jsonPath"
    exit 1
}

# Take ownership and grant rights
takeown /f $jsonPath | Out-Null
icacls $jsonPath /grant "SYSTEM:F" | Out-Null

# Backup file
Copy-Item -Path $jsonPath -Destination $backupPath -Force
Write-Output "Backup created: $backupPath"
Add-Content -Path $logPath -Value "Backup created: $backupPath"

# Parse JSON
try {
    $json = Get-Content -Path $jsonPath -Raw | ConvertFrom-Json
} catch {
    Write-Output "Failed to parse JSON file."
    Add-Content -Path $logPath -Value "Failed to parse JSON"
    exit 1
}

$found = $false
$modified = $false

# Traverse and patch
foreach ($entry in $json.PSObject.Properties.Value) {
    if ($entry.'$comment' -eq "Automatic app sign-in") {
        $found = $true
        if ($entry.conditions.region.disabled -contains $targetRegion) {
            Write-Output "'$targetRegion' found. Removing from disabled list."
            Add-Content -Path $logPath -Value "'$targetRegion' found. Removing from disabled list."
            $entry.conditions.region.disabled = $entry.conditions.region.disabled | Where-Object { $_ -ne $targetRegion }
            $modified = $true
        } else {
            Write-Output "'$targetRegion' was not in the disabled list."
            Add-Content -Path $logPath -Value "'$targetRegion' was not in the disabled list."
        }
    }
}

if (-not $found) {
    Write-Output "'Automatic app sign-in' section not found."
    Add-Content -Path $logPath -Value "'Automatic app sign-in' section not found."
    #exit 1
}

if ($modified) {
    $json | ConvertTo-Json -Depth 15 | Set-Content -Path $jsonPath -Encoding UTF8
    Write-Output "Region '$targetRegion' removed and file saved."
    Add-Content -Path $logPath -Value "Region '$targetRegion' removed and file saved."
} else {
    Write-Output "No changes were necessary."
    Add-Content -Path $logPath -Value "No changes were necessary."
}

# Restore TrustedInstaller ownership
$trustedInstaller = "NT SERVICE\TrustedInstaller"
$acl = Get-Acl -Path $jsonPath
$acl.SetOwner([System.Security.Principal.NTAccount]$trustedInstaller)
Set-Acl -Path $jsonPath -AclObject $acl
Write-Output "Ownership restored to TrustedInstaller."
Add-Content -Path $logPath -Value "Ownership restored to TrustedInstaller."

# Done
Write-Output "Patch completed successfully."
Add-Content -Path $logPath -Value "Patch completed successfully.`r`n"
#exit 0