<# Installs the Rubix.Remote client as a Windows service (LocalSystem). The service runs at boot/before logon and provides TWO things: * Desktop control: brokers a capture+control worker into the active session (session id S). * Backstage: a SYSTEM-context shell with no desktop, on session id "S-bs". The portable exe (no install) provides desktop control of the user's own session only and never starts a backstage session. Run from an elevated PowerShell: .\install-service.ps1 -Relay wss://relay.example.com:8443 -Session my-session -Token my-token .\install-service.ps1 -Uninstall #> param( [string]$Relay = "wss://localhost:8443", [string]$Session = "demo-session", [string]$Token = "dev-relay-token", [string]$ExePath = "$PSScriptRoot\bin\Release\net8.0-windows\win-x64\publish\RubixRemoteClient.exe", [switch]$Uninstall ) $svc = "RubixRemoteClient" if ($Uninstall) { sc.exe stop $svc | Out-Null sc.exe delete $svc Write-Host "Removed service $svc" return } if (-not (Test-Path $ExePath)) { Write-Error "Client exe not found at $ExePath. Publish first:`n dotnet publish -c Release -r win-x64 --self-contained -p:PublishSingleFile=true" return } # Service must run as LocalSystem so it can call WTSQueryUserToken / # CreateProcessAsUser to reach the interactive session. $bin = "`"$ExePath`" --service --relay $Relay --session $Session --token $Token" sc.exe create $svc binPath= $bin start= auto obj= "LocalSystem" DisplayName= "Rubix.Remote Client" sc.exe description $svc "Rubix.Remote supported-client service: screen share and input for remote support" # Allow software-generated Ctrl+Alt+Del (SendSAS) so the technician can send the # Secure Attention Sequence. 3 = services + ease-of-access apps (the in-session # worker uses the latter path). Remove this key to disable the feature. New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' ` -Name 'SoftwareSASGeneration' -PropertyType DWord -Value 3 -Force | Out-Null sc.exe start $svc Write-Host "Installed and started $svc"