# --- Logging Setup ---
$LogFile = "C:\ProgramData\FileWave\Logs\CreateLocalUser_FromEnv.log"
Start-Transcript -Path $LogFile -Append

# --- Read Environment Variables ---
$Username = $env:USERNAME
$Password = $env:PASSWORD
$FullName = $env:FULLNAME
$Group = "Administrators"  # You can change this as needed

# --- Validate Inputs ---
if (-not $Username -or -not $Password -or -not $FullName) {
    Write-Error "One or more required environment variables are missing: USERNAME, PASSWORD, FULLNAME"
    Stop-Transcript
    exit 1
}

try {
    # Check if user already exists
    if (Get-LocalUser -Name $Username -ErrorAction SilentlyContinue) {
        Write-Host "User '$Username' already exists. Skipping creation."
    } else {
        # Convert password to secure string
        $SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force

        # Create local user
        New-LocalUser -Name $Username -Password $SecurePassword -FullName $FullName -Description "Created via script using environment variables"
        Write-Host "User '$Username' created."

        # Add to group
        Add-LocalGroupMember -Group $Group -Member $Username
        Write-Host "User '$Username' added to '$Group' group."
    }

    # Confirm user
    $User = Get-LocalUser -Name $Username
    Write-Host "`nUser Info:"
    Write-Host "-------------"
    Write-Host "Name:        $($User.Name)"
    Write-Host "Full Name:   $($User.FullName)"
    Write-Host "Enabled:     $($User.Enabled)"
    Write-Host "Description: $($User.Description)"
}
catch {
    Write-Error "An error occurred while creating the user: $_"
}
finally {
    Stop-Transcript
}