param(
        [string]$EIDPath
        ,[string]$EIDSrvcPrinciple
    )

Configuration EmpowerID_SecureInstallConfig
{
    Import-DscResource -ModuleName cNtfsAccessControl
    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName Carbon

    $WinNet2AssemblyDir_Val = "C:\Windows\assembly"
    $WinNet35AssemblyDir_Val = "C:\Windows\Microsoft.NET\assembly"
    $nLogFilePath_Val = "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log"
    $fusionPubPolicyRegPath_Val = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default"

    File EidDir
    {
        Ensure = "Present"
        DestinationPath = $EIDPath
        Type = 'Directory'
    }

    File WinNet2AssemblyDir
    {
        Ensure = "Present"
        DestinationPath = $WinNet2AssemblyDir_Val
        Type = 'Directory'
    }

    File WinNet35AssemblyDir
    {
        Ensure = "Present"
        DestinationPath = $WinNet35AssemblyDir_Val
        Type = 'Directory'
    }

    File nLogFilePath
    {
        Ensure = "Present"
        DestinationPath = $nLogFilePath_Val
        Type = 'File'
    }

    Registry fusionPubPolicyRegPath
    {
        Ensure = "Present"
        Key = $fusionPubPolicyRegPath_Val
        ValueName = ""
    }

    cNtfsPermissionEntry PermissionSet1
    {
        Ensure = 'Present'
        Path = $EIDPath
        Principal = $EIDSrvcPrinciple
        AccessControlInformation = @(
            cNtfsAccessControlInformation
            {
                AccessControlType = 'Allow'
                FileSystemRights = 'Modify'
                Inheritance = 'ThisFolderSubfoldersAndFiles'
                NoPropagateInherit = $false
            }
        )
        DependsOn = '[File]EidDir'
    }

    cNtfsPermissionEntry PermissionSet2
    {
        Ensure = 'Present'
        Path = $WinNet2AssemblyDir_Val
        Principal = $EIDSrvcPrinciple
        AccessControlInformation = @(
            cNtfsAccessControlInformation
            {
                AccessControlType = 'Allow'
                FileSystemRights = 'Modify'
                Inheritance = 'ThisFolderSubfoldersAndFiles'
                NoPropagateInherit = $false
            }
        )
        DependsOn = '[File]WinNet2AssemblyDir'
    }

    cNtfsPermissionEntry PermissionSet3
    {
        Ensure = 'Present'
        Path = $WinNet35AssemblyDir_Val
        Principal = $EIDSrvcPrinciple
        AccessControlInformation = @(
            cNtfsAccessControlInformation
            {
                AccessControlType = 'Allow'
                FileSystemRights = 'Modify'
                Inheritance = 'ThisFolderSubfoldersAndFiles'
                NoPropagateInherit = $false
            }
        )
        DependsOn = '[File]WinNet35AssemblyDir'
    }

    cNtfsPermissionEntry PermissionSet4
    {
        Ensure = 'Present'
        Path = $nLogFilePath_Val
        Principal = $EIDSrvcPrinciple
        AccessControlInformation = @(
            cNtfsAccessControlInformation
            {
                AccessControlType = 'Allow'
                FileSystemRights = 'Modify'
                NoPropagateInherit = $false
            }
        )
        DependsOn = '[File]nLogFilePath'
    }

    Carbon_Permission PermissionSet5
    {
        Ensure = 'Present'
        Path = "HKLM:\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default"
        Identity = $EIDSrvcPrinciple
        ApplyTo = 'ContainerAndChildContainersAndChildLeaves'
        Permission = 'FullControl'
        DependsOn = '[Registry]fusionPubPolicyRegPath'
    }
}


<#
. .\SetLeastPrivsDSC.ps1 -EIDPath 'C:\Program Files\TheDotNetFactory' -EIDSrvcPrinciple 'eiddoc\eidsvcaccount' 

$outputDir = EmpowerID_SecureInstallConfig 
Start-DscConfiguration -Path $outputDir.Directory -Force -Verbose -Wait
#>
Browser not supported
