Add install.ps1

install.ps1

@@ -0,0 +1,91 @@
+
+
+  # ControlD MDM Agent — Windows Installer
+  # Usage: powershell -ExecutionPolicy Bypass -File install.ps1 -ControlDToken <TOKEN> -DashboardURL <URL> -EmployeeName <NAME>
+  param(
+      [Parameter(Mandatory=$true)][string]$ControlDToken,
+      [Parameter(Mandatory=$true)][string]$DashboardURL,
+      [Parameter(Mandatory=$true)][string]$EmployeeName
+  )
+
+  $ErrorActionPreference = "Stop"
+  $CtrldDir = "C:\ProgramData\ControlD"
+  $CtrldBin = "$CtrldDir\ctrld.exe"
+  $CtrldConfig = "$CtrldDir\ctrld.toml"
+  $DeviceID = [guid]::NewGuid().ToString()
+  $Hostname = $env:COMPUTERNAME
+
+  Write-Host "[*] Installing ControlD MDM agent for $EmployeeName on $Hostname..."
+
+  # 1. Download ctrld binary
+  Write-Host "[*] Downloading ctrld..."
+  New-Item -ItemType Directory -Force -Path $CtrldDir | Out-Null
+  $arch = if ([Environment]::Is64BitOperatingSystem) { "amd64" } else { "386" }
+  $url = "https://github.com/Control-D-Inc/ctrld/releases/latest/download/ctrld-windows-$arch.exe"
+  Invoke-WebRequest -Uri $url -OutFile $CtrldBin -UseBasicParsing
+
+  # 2. Write config
+  Write-Host "[*] Writing ctrld.toml..."
+  @"
+  [upstream.0]
+    endpoint = "https://dns.controld.com/$ControlDToken"
+    type = "doh"
+    timeout = 5000
+
+  [listener.0]
+    ip = "127.0.0.1"
+    port = 53
+  "@ | Set-Content -Path $CtrldConfig -Encoding UTF8
+
+  # 3. Install as Windows Service
+  Write-Host "[*] Installing Windows service..."
+  & $CtrldBin service install --config $CtrldConfig 2>$null
+  & $CtrldBin service start 2>$null
+  if ($LASTEXITCODE -ne 0) {
+      sc.exe create "ControlDAgent" binPath= "`"$CtrldBin`" run --config `"$CtrldConfig`"" start= auto | Out-Null
+      sc.exe start "ControlDAgent" | Out-Null
+  }
+
+  # 4. Set DNS on all adapters to 127.0.0.1
+  Write-Host "[*] Setting system DNS..."
+  Get-NetAdapter | Where-Object { $_.Status -eq 'Up' } | ForEach-Object {
+      Set-DnsClientServerAddress -InterfaceIndex $_.ifIndex -ServerAddresses "127.0.0.1"
+  }
+
+  # 5. Register with MDM backend
+  Write-Host "[*] Registering device with MDM backend..."
+  try {
+      $body = @{
+          device_id   = $DeviceID
+          hostname    = $Hostname
+          employee    = $EmployeeName
+          os          = "windows"
+          resolver_id = $ControlDToken
+      } | ConvertTo-Json
+      Invoke-RestMethod -Uri "$DashboardURL/api/register" -Method POST -Body $body -ContentType "application/json"
+  } catch {
+      Write-Host "[!] Warning: Could not reach MDM backend. Device will register on next heartbeat."
+  }
+
+  # 6. Set up heartbeat scheduled task (every 5 min)
+  Write-Host "[*] Setting up heartbeat..."
+  $heartbeatScript = @"
+  try {
+      `$ip = (Invoke-RestMethod -Uri 'https://ifconfig.me' -UseBasicParsing -TimeoutSec 5)
+  } catch { `$ip = 'unknown' }
+  `$body = @{ device_id = '$DeviceID'; ip = `$ip } | ConvertTo-Json
+  Invoke-RestMethod -Uri '$DashboardURL/api/heartbeat' -Method POST -Body `$body -ContentType 'application/json' -TimeoutSec 10
+  "@
+  $heartbeatPath = "$CtrldDir\heartbeat.ps1"
+  $heartbeatScript | Set-Content -Path $heartbeatPath -Encoding UTF8
+
+  $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File `"$heartbeatPath`""
+  $trigger = New-ScheduledTaskTrigger -RepetitionInterval (New-TimeSpan -Minutes 5) -Once -At (Get-Date)
+  $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
+  Register-ScheduledTask -TaskName "ControlDHeartbeat" -Action $action -Trigger $trigger -Principal $principal -Force | Out-Null
+
+  Write-Host "[+] Installation complete!"
+  Write-Host "    Device ID: $DeviceID"
+  Write-Host "    Config:    $CtrldConfig"
+  Write-Host "    DNS:       127.0.0.1 -> ControlD (DoH)"
+