================================================================================
QUICK TEST GUIDE - WinRM HTTPS Deployment
================================================================================

DEPLOYMENT PACKAGE STATUS: READY FOR TESTING

Certificate Password: XqHuyaLZSyCYEcpsMz6h5

================================================================================
WHAT'S INCLUDED
================================================================================

DEPLOYMENT SCRIPTS (Ready to Use):
  ✓ Deploy-WinRM-HTTPS.bat              - Secure version (prompts for password)
  ✓ Deploy-WinRM-HTTPS-AutoPassword.bat - Testing version (auto-password)
  ✓ Setup-WinRM-HTTPS.ps1                - Main PowerShell setup script
  ✓ Test-WinRM-HTTPS.bat                 - Test connectivity
  ✓ Test-WinRM-HTTPS-Setup.ps1           - PowerShell test script

UTILITIES:
  ✓ View-DeploymentLogs.ps1              - View and analyze deployment logs

DOCUMENTATION:
  ✓ 0-START-HERE.txt                     - Quick start guide
  ✓ README-DEPLOYMENT.txt                - Detailed deployment instructions
  ✓ README-AUTO-PASSWORD.txt             - Auto-password version guide
  ✓ NETWORK_SHARE_DEPLOYMENT.md          - Network deployment guide
  ✓ LOGGING-README.txt                   - Logging system documentation
  ✓ CHECKLIST.txt                        - Deployment tracking checklist

REQUIRED (Must Add):
  ⚠ wildcard-logon-ds-ge-com-20251017.pfx - CERTIFICATE FILE (MUST COPY!)

================================================================================
BEFORE YOU START
================================================================================

1. ADD CERTIFICATE TO THIS FOLDER
   Copy: wildcard-logon-ds-ge-com-20251017.pfx
   To:   deployment-package folder

   Without the certificate, deployment will fail!

2. COPY TO NETWORK SHARE
   Copy entire deployment-package folder to network share
   Example: \\SERVER\Shares\WinRM-HTTPS

   Set permissions: "Domain Computers" - Read access

================================================================================
QUICK TEST (3 STEPS)
================================================================================

STEP 1: Prepare Test PC
  - Choose a test PC (e.g., G9KN7PZ3ESF)
  - Log in with admin account
  - Navigate to network share: \\SERVER\Shares\WinRM-HTTPS

STEP 2: Run Auto-Password Deployment (For Testing)
  - Right-click: Deploy-WinRM-HTTPS-AutoPassword.bat
  - Select: "Run as Administrator"
  - No password prompt - runs automatically!
  - Wait for SUCCESS message

STEP 3: Check Results
  - Look for SUCCESS message on screen
  - Check log file: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-YYYYMMDD-HHMMSS.txt
  - Verify HTTPS listener created

================================================================================
TESTING COMMANDS
================================================================================

From Management Server (After Deployment):

# Test WinRM HTTPS Connection
Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -Port 5986 -UseSSL

# Create Remote Session
$cred = Get-Credential
New-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
  -Credential $cred -UseSSL -Port 5986

# Or Interactive Session
Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
  -Credential $cred -UseSSL -Port 5986

================================================================================
CHECKING DEPLOYMENT LOGS
================================================================================

View Latest Logs:
  .\View-DeploymentLogs.ps1 -Latest 10

View Logs for Specific PC:
  .\View-DeploymentLogs.ps1 -Hostname "G9KN7PZ3ESF"

View Failed Deployments:
  .\View-DeploymentLogs.ps1 -Failed

Generate Summary Report:
  .\View-DeploymentLogs.ps1
  (Select option 6)

================================================================================
WHAT THE SCRIPT DOES
================================================================================

When you run Deploy-WinRM-HTTPS-AutoPassword.bat:

1. ✓ Checks for Administrator privileges
2. ✓ Verifies Setup-WinRM-HTTPS.ps1 exists
3. ✓ Verifies wildcard-*.pfx certificate exists
4. ✓ Creates log directory if needed
5. ✓ Imports certificate to Local Machine store
6. ✓ Creates WinRM HTTPS listener on port 5986
7. ✓ Configures firewall rule for port 5986
8. ✓ Enables WinRM service
9. ✓ Logs all activity to S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\

================================================================================
EXPECTED RESULTS
================================================================================

Success Indicators:
  ✓ Console shows: [SUCCESS] WinRM HTTPS Setup Complete
  ✓ Log file created in S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
  ✓ Certificate imported (check Cert:\LocalMachine\My)
  ✓ HTTPS listener active on port 5986
  ✓ Firewall rule "WinRM HTTPS-In" created
  ✓ Test-WSMan works from management server

Verify on Target PC:
  # Check WinRM listeners
  winrm enumerate winrm/config/listener

  # Check certificate
  Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*logon.ds.ge.com*"}

  # Check firewall rule
  Get-NetFirewallRule -DisplayName "WinRM HTTPS-In"

================================================================================
TROUBLESHOOTING
================================================================================

If Deployment Fails:

1. Check Administrator Privileges
   - Must right-click and "Run as Administrator"

2. Check Certificate File
   - Must be in same folder as batch file
   - Filename: wildcard-logon-ds-ge-com-20251017.pfx
   - Password: XqHuyaLZSyCYEcpsMz6h5

3. Check Log File
   - Location: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*.txt
   - Look for [ERROR] messages
   - Check for certificate import errors
   - Check for listener creation errors

4. Check Network Connectivity
   - Can the PC reach S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\ ?
   - Can the PC resolve DNS for *.logon.ds.ge.com ?

5. Check Existing Configuration
   - Remove old HTTPS listeners:
     winrm delete winrm/config/Listener?Address=*+Transport=HTTPS

================================================================================
RECENT FIXES APPLIED
================================================================================

✓ Fixed: WinRM listener creation command (now uses cmd.exe /c)
✓ Fixed: LogFile parameter added to Setup-WinRM-HTTPS.ps1
✓ Added: Auto-password version for testing convenience
✓ Added: Comprehensive logging to network share
✓ Added: Execution policy bypass in batch files

================================================================================
PRODUCTION DEPLOYMENT (After Testing)
================================================================================

Once testing is successful on 3-5 PCs:

1. DELETE Auto-Password Version
   - Remove Deploy-WinRM-HTTPS-AutoPassword.bat from network share
   - Security risk if left accessible!

2. Use Secure Version for Production
   - Deploy-WinRM-HTTPS.bat (prompts for password)
   - More secure for 175 PC rollout

3. Track Progress
   - Use CHECKLIST.txt to track deployments
   - Review logs regularly
   - Generate summary reports with View-DeploymentLogs.ps1

4. Batch Deployment
   - Deploy in groups of 10-20 PCs
   - Verify each batch before continuing
   - Monitor log files for issues

================================================================================
TARGET SYSTEMS
================================================================================

Total Shopfloor PCs: 175
Domain: logon.ds.ge.com
WinRM Port: 5986 (HTTPS)
Certificate: *.logon.ds.ge.com wildcard

Hostnames list: ../shopfloor-hostnames.txt

================================================================================
SUPPORT
================================================================================

For issues or questions:
  - Read NETWORK_SHARE_DEPLOYMENT.md
  - Read LOGGING-README.txt
  - Check troubleshooting section in parent folder
  - Review deployment logs

================================================================================
NEXT STEPS
================================================================================

[ ] 1. Copy wildcard-logon-ds-ge-com-20251017.pfx to this folder
[ ] 2. Copy deployment-package to network share
[ ] 3. Set "Domain Computers" read permissions on share
[ ] 4. Test on 1 PC with Deploy-WinRM-HTTPS-AutoPassword.bat
[ ] 5. Verify log file created successfully
[ ] 6. Test remote connection from management server
[ ] 7. If successful, test on 3-5 more PCs
[ ] 8. Switch to secure version for production rollout
[ ] 9. Deploy to remaining 170 PCs in batches
[ ] 10. Track progress and verify all deployments

================================================================================
READY TO BEGIN TESTING!
================================================================================
