Invoke-RemoteMaintenance.ps1 - GE Aerospace Knowledge Base

Quick Navigation

Overview
First-Time Setup
API Integration
Prerequisites
Quick Start
Parameters Reference
Available Tasks
Software Deployment Mechanism
How-To Guides
System Repair
Disk Optimization
Service Management
Time Sync
DNC Configuration
File Deployment
Registry Import
Software Deployment
Batch Operations
Targeting Strategies
Troubleshooting
Best Practices

Overview

This script provides a comprehensive remote maintenance toolkit for managing shopfloor PCs. It executes maintenance tasks via WinRM (Windows Remote Management) and can target PCs individually, by type, by business unit, or all at once.

Location: S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1

Key Features:

22 maintenance tasks available
General-purpose file deployment (CopyFile) and registry import (ImportReg) tasks
Registry imports run as logged-in user via scheduled task (HKCU support)
Optional post-copy commands via scheduled task (service/app restarts)
Multiple targeting options (by name, type, business unit, or all)
Concurrent execution with configurable throttling
Integration with ShopDB for PC discovery

First-Time Setup

Before running this script for the first time, you must allow PowerShell script execution and unblock the script file.

Step 1

Allow PowerShell Script Execution

Open PowerShell as Administrator and run:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

When prompted, type Y and press Enter. This allows locally-created scripts to run and requires downloaded scripts to be signed or unblocked.

Note: You only need to do this once per user account. RemoteSigned is the recommended policy — it allows local scripts while still protecting against untrusted downloads.

Step 2

Unblock the Script File

Files downloaded from a network share or the internet are marked as "blocked" by Windows. You must unblock the script before it can run.

Option A — File Explorer (GUI):

Navigate to S:\dt\shopfloor\scripts\remote-execution\
Right-click Invoke-RemoteMaintenance.ps1 and select Properties
At the bottom of the General tab, check the Unblock checkbox
Click Apply, then OK

Option B — PowerShell:

Unblock-File -Path "S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1"

Important: If you skip this step, you will get a security error when trying to run the script: "cannot be loaded because running scripts is disabled on this system" or "cannot be loaded. The file is not digitally signed."

API Integration

When using -All, -PcType, or -BusinessUnit targeting, the script retrieves PC lists from the ShopDB API:

GET /api.asp?action=getShopfloorPCs
GET /api.asp?action=getShopfloorPCs&pctypeid=2      # CMM PCs only
GET /api.asp?action=getShopfloorPCs&businessunitid=1 # Specific business unit

PC Type IDs

ID	Type	ID	Type
1	Standard	7	Keyence
2	Engineer	8	Genspect
3	Shopfloor	9	Heat Treat
4	Uncategorized	10	Inspection
5	CMM	11	Dashboard
6	Wax / Trace	12	Lobby Display

Reference: See ShopDB API Reference for complete API documentation.

Prerequisites

On Your Workstation

PowerShell 5.1 or higher
Network access to target PCs (TCP port 5985)
Admin credentials for target PCs

On Target PCs

WinRM enabled (Enable-PSRemoting -Force)
Firewall rules allowing WinRM traffic

Verify Connectivity

# Test WinRM connectivity
Test-WSMan -ComputerName "SHOPFLOOR-PC01"

# Test with credentials
$cred = Get-Credential
Test-WSMan -ComputerName "SHOPFLOOR-PC01" -Credential $cred

Quick Start

Step 1

Get Credentials

$cred = Get-Credential -Message "Enter domain admin credentials"

Step 2

Run a Simple Task

# Flush DNS on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "SHOPFLOOR-PC01" -Task FlushDNS -Credential $cred

Step 3

Check Results

The script outputs status for each PC:

[SHOPFLOOR-PC01] FlushDNS: SUCCESS
  DNS Resolver Cache flushed successfully

Parameters Reference

Targeting Parameters (Mutually Exclusive)

Parameter	Type	Description
-ComputerName	string[]	One or more computer names or IPs
-ComputerListFile	string	Path to text file with hostnames
-All	switch	Target all shopfloor PCs from ShopDB
-PcType	string	Target by PC type (see PC Types)
-BusinessUnit	string	Target by business unit (see Business Units)

Task Parameter (Required)

Parameter	Type	Description
-Task	string	Maintenance task to execute

File Deployment Parameters (CopyFile / ImportReg)

Parameter	Type	Description
-SourcePath	string	Source file path (local or UNC). Required for CopyFile and ImportReg
-DestinationPath	string	Destination file path on remote PCs. Required for CopyFile
-RunCommand	string	Command to run after CopyFile. Runs as logged-in user by default (via scheduled task)
-AsSystem	switch	Run ImportReg and -RunCommand in the WinRM session (SYSTEM context) instead of as logged-in user

Optional Parameters

Parameter	Type	Default	Description
-Credential	PSCredential	Prompt	Remote authentication
-ApiUrl	string	Production	ShopDB API endpoint
-ThrottleLimit	int	5	Max concurrent sessions
-DnsSuffix	string	logon.ds.ge.com	DNS suffix for FQDN resolution
-LogFile	switch	Off	Enable transcript logging to logs/ directory

PC Types

Standard, Engineer, Shopfloor, CMM, Wax / Trace, Keyence,
Genspect, Heat Treat, Inspection, Dashboard, Lobby Display, Uncategorized

Business Units

TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT

Available Tasks

Repair Tasks

Task	Description	Duration	Impact
DISM	Repair Windows component store	15-60 min	Low
SFC	System File Checker scan	10-30 min	Low

Optimization Tasks

Task	Description	Duration	Impact
OptimizeDisk	TRIM (SSD) or Defrag (HDD)	5-60 min	Medium
DiskCleanup	Remove temp files, updates	5-15 min	Low
ClearUpdateCache	Clear Windows Update cache	1-2 min	Low
ClearBrowserCache	Clear Chrome/Edge cache	1-2 min	Low

Service Tasks

Task	Description	Duration	Impact
RestartSpooler	Restart Print Spooler	<1 min	Low
FlushDNS	Clear DNS cache	<1 min	None
RestartWinRM	Restart WinRM service	<1 min	Temp disconnect

Time/Date Tasks

Task	Description	Duration	Impact
SetTimezone	Set to Eastern Time	<1 min	None
SyncTime	Force time sync with DC	<1 min	None

DNC Tasks

Task	Description	Duration	Impact
UpdateDNCMXHosts	Update FtpHostPrimary/Secondary in DNC\MX registry	<1 min	None
AuditDNCConfig	Compare DNC registry vs UDC backup JSON, export CSV	1-5 min	None
CheckDefectTracker	Check if Defect_Tracker.exe is running, export CSV	1-5 min	None

File Deployment Tasks

Task	Description	Duration	Impact
CopyFile	Copy file from -SourcePath to -DestinationPath on remote PCs	1-2 min	Low
ImportReg	Copy .reg file and import via scheduled task as logged-in user	1-2 min	Low

System Tasks

Task	Description	Duration	Impact
GPUpdate	Force Group Policy refresh (gpupdate /force)	<1 min	Low
Reboot	Restart PC (30s delay)	2-5 min	High

Software Deployment Tasks

Task	Description	Duration	Impact
InstallDashboard	Install GE Dashboard app	2-5 min	Medium
InstallLobbyDisplay	Install Lobby Display app	2-5 min	Medium
UninstallDashboard	Remove GE Dashboard	1-2 min	Low
UninstallLobbyDisplay	Remove Lobby Display	1-2 min	Low

Software Deployment Mechanism

Source File Locations

Deployment tasks require source files to be available before execution:

Task	Source File Path
InstallDashboard	\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe
InstallLobbyDisplay	\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe
CopyFile	Any file — specified via -SourcePath parameter
ImportReg	Any .reg file — specified via -SourcePath parameter

How Deployment Works

Pre-flight Check: Script verifies source file exists
WinRM Session: Opens remote session to target PC
File Push: Copies source file to C:\Windows\Temp\ on remote PC
Execution: Runs install/copy/import task using pushed file
Post-action: Optionally runs command as logged-in user via scheduled task
Cleanup: Removes temp file from remote PC

+---------------------+     WinRM      +---------------------+
|  Your Workstation   | ------------>  |   Target PC         |
|                     |                |                     |
|  Source Files:      |   Push File    |  Temp Location:     |
|  - Setup.exe        | ------------>  |  C:\Windows\Temp    |
|  - config.json      |                |                     |
|  - settings.reg     |   Execute      |  Final Location:    |
|    (any path/UNC)   | ------------>  |  -DestinationPath   |
|                     |                |                     |
|                     |  Sched. Task   |  Logged-in User:    |
|                     | ------------>  |  - regedit /s       |
|                     |                |  - RunCommand        |
+---------------------+                +---------------------+

CopyFile Details

The CopyFile task:

Source: Any file specified via -SourcePath (local or UNC path)
Destination: Specified via -DestinationPath
Backup: Existing file is backed up as <name>-old-<timestamp>.<ext>
Post-action: If -RunCommand is specified, runs as the logged-in user via a one-shot scheduled task (same pattern as Dashboard/Lobby kiosk relaunch)

ImportReg Details

The ImportReg task:

Source: .reg file specified via -SourcePath
Import method: regedit.exe /s via one-shot scheduled task as logged-in user
HKCU support: Runs as the logged-in user, so both HKLM and HKCU keys apply correctly
Fallback: If no user is logged in, runs regedit.exe /s directly (HKLM only)
Cleanup: Temp .reg file removed after import

HKCU vs HKLM: By default, ImportReg runs as the logged-in user via scheduled task so HKCU keys apply to the correct user profile. Use -AsSystem for HKLM-only .reg files to skip the scheduled task overhead.

Dashboard/Lobby Display Install Details

Both kiosk app installers:

Installer type: Inno Setup (supports /VERYSILENT)
Pre-install: Kills running Edge kiosk via PrepareToInstall in Inno Setup
Execution: Silent install with no user prompts (120-second timeout)
Post-install: Creates a one-shot scheduled task to relaunch Edge in kiosk mode as the logged-in user, then auto-deletes the task
Cleanup: Installer removed from temp after execution
Connectivity: Offline PCs are skipped with a ping check before connecting

Uninstall GUIDs:

Dashboard: {9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}
Lobby Display: {42FFB952-0B72-493F-8869-D957344CA305}

Adding New Deployable Applications

Step 1

Add to $KioskAppConfig hashtable

$KioskAppConfig = @{
    # Existing entries...

    # Add new application
    'InstallNewApp' = @{
        Action = 'Install'
        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'  # Find in registry after manual install
        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/your-page/'
    }
    'UninstallNewApp' = @{
        Action = 'Uninstall'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'
    }
}

Step 2

Add task names to ValidateSet (~line 142)

[ValidateSet(
    'DISM', 'SFC', 'OptimizeDisk', 'DiskCleanup', 'ClearUpdateCache',
    'RestartSpooler', 'FlushDNS', 'RestartWinRM', 'ClearBrowserCache',
    'SetTimezone', 'SyncTime', 'UpdateDNCMXHosts', 'AuditDNCConfig',
    'CheckDefectTracker', 'GPUpdate', 'Reboot',
    'CopyFile', 'ImportReg',
    'InstallDashboard', 'InstallLobbyDisplay', 'UninstallDashboard', 'UninstallLobbyDisplay',
    'InstallNewApp', 'UninstallNewApp'  # Add new tasks here
)]
[string]$Task

Step 3

Place installer on network share

\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe

Finding the Uninstall GUID

After manually installing the application on a test PC, find the GUID in registry:

# Search for app in registry
Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" |
    Get-ItemProperty | Where-Object { $_.DisplayName -like "*AppName*" } |
    Select-Object DisplayName, PSChildName, UninstallString

The PSChildName is typically the GUID (e.g., {9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}).

Installer Requirements:

Must support silent installation flags
Inno Setup: /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
MSI: /qn /norestart
NSIS: /S

If your installer uses different flags, modify the InstallKioskApp scriptblock.

How-To Guides

How to Repair System Files

Scenario: A PC has corrupted system files causing crashes or errors.

Option 1: DISM (Component Store Repair)

# Run DISM repair on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

What it does:

Downloads missing/corrupted files from Windows Update
Repairs the Windows component store
Required before SFC if component store is damaged

Expected output:

[PROBLEM-PC] DISM: SUCCESS
  Deployment Image Servicing and Management tool
  The restore operation completed successfully.

Option 2: SFC (System File Checker)

# Run SFC after DISM
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

What it does:

Scans all protected system files
Replaces corrupted files from component store
Creates log at C:\Windows\Logs\CBS\CBS.log

Best Practice - Full Repair Sequence:

# Step 1: Run DISM first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

# Step 2: Run SFC after DISM completes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

# Step 3: Reboot to apply changes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task Reboot -Credential $cred

How to Optimize Disks

Scenario: PCs are running slow due to disk fragmentation or lack of TRIM.

Single PC Optimization

.\Invoke-RemoteMaintenance.ps1 -ComputerName "SLOW-PC" -Task OptimizeDisk -Credential $cred

What it does:

Detects drive type (SSD vs HDD)
For SSDs: Runs TRIM to reclaim deleted blocks
For HDDs: Runs defragmentation

Optimize All CMM PCs (After Hours)

# CMM PCs often have large files - optimize overnight
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task OptimizeDisk -Credential $cred -ThrottleLimit 3

Full Cleanup Sequence

# Step 1: Clear update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache -Credential $cred

# Step 2: Run disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task DiskCleanup -Credential $cred

# Step 3: Optimize disk
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task OptimizeDisk -Credential $cred

How to Fix Stuck Windows Updates

Scenario: Windows Update is stuck or failing repeatedly.

# Clear the Windows Update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "UPDATE-STUCK-PC" -Task ClearUpdateCache -Credential $cred

What it does:

Stops Windows Update service
Stops BITS service
Clears C:\Windows\SoftwareDistribution\Download
Restarts services

How to Clear Browser Cache

Scenario: CMM or inspection PCs have slow browser performance.

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "CMM-PC01" -Task ClearBrowserCache -Credential $cred

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task ClearBrowserCache -Credential $cred

What it does:

Clears Chrome cache directories
Clears Edge cache directories
Does NOT clear saved passwords or bookmarks

How to Manage Services

Fix Printing Issues

# Restart print spooler on a PC with stuck print jobs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PRINT-PROBLEM-PC" -Task RestartSpooler -Credential $cred

What it does:

Stops Print Spooler service
Clears print queue
Restarts Print Spooler service

Fix DNS Resolution Issues

# Flush DNS cache when a PC can't resolve hostnames
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNS-ISSUE-PC" -Task FlushDNS -Credential $cred

# Flush DNS on all PCs in a business unit
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task FlushDNS -Credential $cred

Fix Remote Management Issues

# Restart WinRM if subsequent remote commands fail
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WINRM-ISSUE-PC" -Task RestartWinRM -Credential $cred

Note: Connection will briefly drop during WinRM restart.

How to Fix Time Sync Issues

Scenario: PC clock is wrong, causing certificate errors or login issues.

Set Correct Timezone

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SetTimezone -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task SetTimezone -Credential $cred

Sets timezone to: Eastern Standard Time

Force Time Synchronization

# Sync time with domain controller
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SyncTime -Credential $cred

Full Time Fix Sequence

# Step 1: Set correct timezone
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SetTimezone -Credential $cred

# Step 2: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SyncTime -Credential $cred

How to Update DNC Configurations

Update DNC MX Hosts

Scenario: FtpHostPrimary/FtpHostSecondary in DNC\MX registry needs updating (hostname migration).

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateDNCMXHosts -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateDNCMXHosts -Credential $cred

What it does:

Checks both 32-bit (WOW6432Node) and 64-bit registry paths
Only updates values matching the old hostname — skips unexpected values
Safe to run on all PCs: no-ops if DNC\MX key doesn't exist

Audit DNC Config vs UDC Backup

Scenario: Verify DNC registry settings match UDC backup JSON files.

.\Invoke-RemoteMaintenance.ps1 -All -Task AuditDNCConfig -Credential $cred -LogFile

What it does:

Reads DNC registry values (General, eFocas, Hssb, PPDCS keys)
Compares against UDC backup JSON files on the network share
Reports MATCH/MISMATCH/MISSING for each field
Exports CSV report to logs/

Check Defect Tracker Status

.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CheckDefectTracker -Credential $cred

What it does:

Checks if Defect_Tracker.exe is running on each PC
Reports machine number + running status
Exports CSV report to logs/

How to Deploy Files

Scenario: Push any file to remote PCs with automatic backup of existing files.

Basic File Copy

# Copy a config file to a specific destination
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task CopyFile `
    -SourcePath "\\server\share\config.json" `
    -DestinationPath "C:\ProgramData\App\config.json" `
    -Credential $cred

What it does:

Copies source file to C:\Windows\Temp\ on remote PC via WinRM
Creates backup of existing file (if any) with timestamp
Moves temp file to final destination
Verifies deployment

File Copy with Post-Copy Command

Scenario: Deploy a file and restart a service/app in the logged-in user's session.

# Deploy eMxInfo.txt and kill DNC so it picks up the new file
.\Invoke-RemoteMaintenance.ps1 -All -Task CopyFile `
    -SourcePath "\\server\share\eMxInfo.txt" `
    -DestinationPath "C:\Program Files (x86)\DNC\Server Files\eMxInfo.txt" `
    -RunCommand "taskkill /IM DNCMain.exe /F" `
    -Credential $cred

# Deploy UDC config (no restart needed)
.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CopyFile `
    -SourcePath "\\server\share\udc_webserver_settings.json" `
    -DestinationPath "C:\ProgramData\UDC\udc_webserver_settings.json" `
    -Credential $cred

About -RunCommand: The -RunCommand runs via a one-shot scheduled task as the logged-in user, so it works for user-session processes (same pattern as Dashboard/Lobby Display kiosk relaunch). Use -AsSystem if the command should run as SYSTEM instead.

How to Import Registry Files

Scenario: Apply registry settings from a .reg file to remote PCs.

# Import a .reg file on all shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task ImportReg `
    -SourcePath "\\server\share\intranet-zone.reg" `
    -Credential $cred

# Import on specific PCs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ImportReg `
    -SourcePath "C:\Scripts\my-settings.reg" `
    -Credential $cred

What it does (default — as logged-in user):

Copies .reg file to C:\Windows\Temp\ on remote PC via WinRM
Creates a one-shot scheduled task as the logged-in user
Runs regedit.exe /s to silently import the registry file
Cleans up temp file and scheduled task

HKCU Support: Because the import runs as the logged-in user (via scheduled task), both HKLM and HKCU keys in the .reg file are applied correctly. If no user is logged in, it falls back to direct import (HKLM only).

HKLM-Only / System Context

Use -AsSystem when the .reg file only contains HKLM keys and you want to skip the scheduled task overhead:

# Import HKLM-only registry settings directly as SYSTEM
.\Invoke-RemoteMaintenance.ps1 -All -Task ImportReg `
    -SourcePath "\\server\share\machine-policy.reg" `
    -AsSystem -Credential $cred

Warning: Running with -AsSystem means HKCU keys in the .reg file will NOT apply to any user profile. Only use this for HKLM-only registry files.

How to Deploy Software

Install GE Aerospace Dashboard

Scenario: Convert a PC to a Dashboard kiosk.

# Single PC installation
.\Invoke-RemoteMaintenance.ps1 -ComputerName "NEWKIOSK-01" -Task InstallDashboard -Credential $cred

# Multiple PCs from a list
$kiosks = @("KIOSK-01", "KIOSK-02", "KIOSK-03")
.\Invoke-RemoteMaintenance.ps1 -ComputerName $kiosks -Task InstallDashboard -Credential $cred

What it does:

Pings target PC (skips if offline)
Copies installer from network share to C:\Windows\Temp\
Kills running Edge kiosk
Runs silent installation (120-second timeout)
Relaunches Edge kiosk via scheduled task as the logged-in user
Cleans up installer and scheduled task

No reboot required Edge relaunches automatically in the logged-in user's session.

# Deploy to all Dashboard kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task InstallDashboard -Credential $cred

# Deploy to all Lobby Display kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task InstallLobbyDisplay -Credential $cred

Uninstall Dashboard or Lobby Display

# Remove Dashboard
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-KIOSK" -Task UninstallDashboard -Credential $cred

# Remove Lobby Display
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-LOBBY" -Task UninstallLobbyDisplay -Credential $cred

How to Reboot PCs

Single PC Reboot

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC-TO-REBOOT" -Task Reboot -Credential $cred

Note: Reboot has a 30-second delay to allow graceful shutdown.

Reboot by PC Type

# Reboot all Dashboard PCs
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

# Reboot all Lobby Display PCs
.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task Reboot -Credential $cred

Reboot by Business Unit

# Reboot all HPT PCs during maintenance window
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit HPT -Task Reboot -Credential $cred

How to Run Batch Operations

Using a Computer List File

Create a text file with one hostname per line:

# shopfloor-pcs.txt
PC001
PC002
PC003
PC004
PC005

Run tasks against the list:

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task FlushDNS -Credential $cred

Running Multiple Tasks in Sequence

# Maintenance routine for a PC
$pc = "SHOPFLOOR-PC01"

# Step 1: Clear caches
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearUpdateCache -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearBrowserCache -Credential $cred

# Step 2: Disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DiskCleanup -Credential $cred

# Step 3: Repair
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DISM -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SFC -Credential $cred

# Step 4: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SetTimezone -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SyncTime -Credential $cred

# Step 5: Reboot
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task Reboot -Credential $cred

Targeting Strategies

By Individual PCs

Best for: Specific troubleshooting, targeted fixes

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

By PC Type

Best for: Type-specific maintenance, software updates

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task DiskCleanup -Credential $cred

# All Dashboard kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

By Business Unit

Best for: Department-specific maintenance windows

# All Blisk area PCs
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task SyncTime -Credential $cred

All Shopfloor PCs

Best for: Global maintenance, security updates

# Flush DNS everywhere
.\Invoke-RemoteMaintenance.ps1 -All -Task FlushDNS -Credential $cred -ThrottleLimit 10

Using a List File

Best for: Custom groups, staged rollouts

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\phase1-pcs.txt" -Task DISM -Credential $cred

Troubleshooting

Issue: Task Times Out

Cause: Task takes longer than session timeout.

Resolution: DISM and SFC can take a long time. Check if task completed on target:

# Check DISM log
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Get-Content "C:\Windows\Logs\DISM\dism.log" -Tail 50
}

Issue: "Access Denied" on Some PCs

Cause: Credentials don't have admin rights on that PC.

Resolution:

Use different credentials
Add account to local Administrators group on target
Check if UAC is blocking remote admin

Issue: Software Installation Fails

Cause: Network share not accessible or installer missing.

Resolution:

Verify network share path is accessible
Check installer exists at expected location
Verify credentials can access the share

Issue: Reboot Doesn't Happen

Cause: User cancelled shutdown or application blocked it.

Resolution:

# Force immediate reboot (no 30-second delay)
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Restart-Computer -Force
}

Issue: ImportReg HKCU Keys Not Applied

Cause: No user is logged in on the target PC, or -AsSystem was used.

Resolution:

Ensure a user is logged in on the target PC
Remove -AsSystem flag if the .reg file contains HKCU keys
Check the script output for "No logged-in user found" messages

Best Practices

1. Start Small

Test on one PC before running against groups:

# Test on single PC first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "TEST-PC" -Task DISM -Credential $cred

2. Use Appropriate Throttle Limits

Scenario	Recommended ThrottleLimit
Fast network, light tasks	10-25
Normal operations	5 (default)
Heavy tasks (DISM, Defrag)	2-3
Slow network	2-3

3. Schedule Disruptive Tasks

Run reboots and heavy tasks during maintenance windows:

DISM/SFC: After hours
Disk optimization: After hours
Reboots: During shift changes or maintenance windows

4. Verify Before Rebooting

Always confirm which PCs will be affected:

# Check PC type before reboot
.\Update-ShopfloorPCs-Remote.ps1 -PcType Dashboard -WhatIf

5. Keep Logs

Use the -LogFile flag or redirect output for audit trail:

# Built-in logging
.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred -LogFile

# Or redirect output manually
.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred | Tee-Object -FilePath "maintenance-log-$(Get-Date -Format 'yyyyMMdd').txt"

Reference Complete This document covers all 22 maintenance tasks available in Invoke-RemoteMaintenance.ps1. For questions or updates, contact the GE Aerospace DT Team.