From 18ff5a96c31a405fa9ab422bd40666f9fc9749eb Mon Sep 17 00:00:00 2001
From: Ralf-Peter Wolff <info@rp-wolff.de>
Date: Mon, 4 May 2026 14:16:34 +0200
Subject: [PATCH] Fix: pass -RunAsAdmin to Scoop installer when running as
 Administrator (Server 2022)

---
 setup-windows.ps1 | 56 +++++++++++++++++++++++++++--------------------
 1 file changed, 32 insertions(+), 24 deletions(-)

diff --git a/setup-windows.ps1 b/setup-windows.ps1
index 18891a3..88500d6 100644
--- a/setup-windows.ps1
+++ b/setup-windows.ps1
@@ -44,37 +44,45 @@ if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
 # Hilfsfunktion: Scoop-Installer herunterladen und ausfuehren
 function Install-Scoop {
     $url = 'https://get.scoop.sh'
-    $tmp = "$env:TEMP\scoop-install.ps1"
 
-    # Versuch 1: Invoke-RestMethod
-    try {
-        Invoke-RestMethod -Uri $url | Invoke-Expression
-        return $true
-    } catch {}
+    # Scoop verweigert Installation als Admin ohne explizites Flag
+    # Loesung: Installer-Script laden und mit -RunAsAdmin aufrufen
+    $runAsAdmin = $isAdmin
 
-    # Versuch 2: WebClient
-    try {
-        (New-Object System.Net.WebClient).DownloadString($url) | Invoke-Expression
-        return $true
-    } catch {}
+    # Hilfsfunktion: Script-Inhalt herunterladen mit SSL-Bypass-Fallback
+    function Get-InstallerScript($url) {
+        try { return Invoke-RestMethod -Uri $url } catch {}
+        try { return (New-Object System.Net.WebClient).DownloadString($url) } catch {}
+        # SSL-Bypass (Server 2016 fehlende Zertifikatskette)
+        Write-Host "      SSL-Bypass aktiv (Server 2016/2022 Zertifikatskette)..."
+        $cb = [Net.ServicePointManager]::ServerCertificateValidationCallback
+        [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
+        try { return (New-Object System.Net.WebClient).DownloadString($url) }
+        catch {
+            Write-Host "FEHLER: Scoop-Download fehlgeschlagen: $_"
+            Write-Host "  - Windows Update ausfuehren (fehlende Root-Zertifikate)"
+            Write-Host "  - Proxy auf HTTPS-Durchlass pruefen"
+            return $null
+        } finally {
+            [Net.ServicePointManager]::ServerCertificateValidationCallback = $cb
+        }
+    }
+
+    $script = Get-InstallerScript $url
+    if (-not $script) { return $false }
 
-    # Versuch 3: WebClient mit SSL-Bypass (Windows Server 2016 fehlende Zertifikatskette)
-    Write-Host "      Versuche SSL-Bypass fuer Scoop-Download (Server 2016)..."
-    $prevCb = [Net.ServicePointManager]::ServerCertificateValidationCallback
-    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
     try {
-        (New-Object System.Net.WebClient).DownloadString($url) | Invoke-Expression
+        $sb = [scriptblock]::Create($script)
+        if ($runAsAdmin) {
+            # -RunAsAdmin ueberschreibt Scoop-Sperre fuer Administrator-Konten
+            & $sb -RunAsAdmin
+        } else {
+            & $sb
+        }
         return $true
     } catch {
-        Write-Host "FEHLER: Scoop-Download fehlgeschlagen: $_"
-        Write-Host ""
-        Write-Host "Moegliche Ursachen auf Windows Server 2016:"
-        Write-Host "  - Fehlende Root-Zertifikate (Windows Update ausfuehren)"
-        Write-Host "  - Proxy blockiert HTTPS"
-        Write-Host "  - get.scoop.sh nicht erreichbar"
+        Write-Host "FEHLER: Scoop-Installation fehlgeschlagen: $_"
         return $false
-    } finally {
-        [Net.ServicePointManager]::ServerCertificateValidationCallback = $prevCb
     }
 }