================================================================================
WinRM HTTPS Deployment Package
================================================================================

This folder contains everything needed to deploy WinRM HTTPS to shopfloor PCs.

================================================================================
REQUIRED FILES
================================================================================

Before deploying, you MUST add the certificate file to this folder:

  [ ] wildcard-logon-ds-ge-com-20251017.pfx

Copy this file from the parent folder after you generate it.

================================================================================
QUICK START - NETWORK SHARE DEPLOYMENT
================================================================================

STEP 1: Setup Network Share
---------------------------
1. Copy this entire folder to a network share:
   Example: \\SERVER\Shares\WinRM-HTTPS

2. Ensure the certificate PFX file is included in the share

3. Set permissions: Read access for "Domain Computers" or "Everyone"


STEP 2: Deploy to PCs
---------------------------
On each shopfloor PC:

1. Open Windows Explorer
2. Navigate to: \\SERVER\Shares\WinRM-HTTPS
3. Right-click "Deploy-WinRM-HTTPS.bat"
4. Select "Run as Administrator"
5. Enter certificate password when prompted
6. Wait for "SUCCESS" message


STEP 3: Verify Deployment
---------------------------
From management server, test connection:

  Test-WSMan -ComputerName "HOSTNAME.logon.ds.ge.com" -UseSSL -Port 5986

================================================================================
FILES IN THIS PACKAGE
================================================================================

Deploy-WinRM-HTTPS.bat              - Main deployment batch file
Test-WinRM-HTTPS.bat                - Test/verify batch file
Setup-WinRM-HTTPS.ps1               - PowerShell setup script
Test-WinRM-HTTPS-Setup.ps1          - PowerShell test script
NETWORK_SHARE_DEPLOYMENT.md         - Detailed deployment guide
README-DEPLOYMENT.txt               - This file

REQUIRED (Add manually):
wildcard-logon-ds-ge-com-20251017.pfx - Certificate file (MUST BE ADDED!)

================================================================================
CERTIFICATE PASSWORD
================================================================================

Certificate Password: [Store securely - contact IT if needed]

Password: XqHuyaLZSyCYEcpsMz6h5

IMPORTANT: Keep this password secure! Anyone with the PFX file and password
can decrypt WinRM HTTPS traffic.

For production deployment, use password manager or encrypted credential file.
See NETWORK_SHARE_DEPLOYMENT.md for secure password handling.

================================================================================
DEPLOYMENT WORKFLOW
================================================================================

Recommended approach:

Phase 1: Test (1-3 PCs)
  - Deploy to test PCs manually
  - Verify WinRM HTTPS works
  - Test remote connection from management server

Phase 2: Pilot (10-20 PCs)
  - Deploy to small production batch
  - Monitor for issues
  - Refine process if needed

Phase 3: Full Deployment (All 175 PCs)
  - Deploy in batches of 20-30
  - Track completed PCs
  - Remediate failures

Phase 4: Verification
  - Test all PCs with Invoke-RemoteAssetCollection-HTTPS.ps1
  - Document results
  - Clean up network share

================================================================================
SUPPORT
================================================================================

For detailed instructions, see: NETWORK_SHARE_DEPLOYMENT.md

For troubleshooting, see parent folder:
  - TROUBLESHOOTING_CERTIFICATE_GENERATION.md
  - GETTING_STARTED.md
  - SECURE_CREDENTIAL_MANAGEMENT.md

Contact: IT Support

================================================================================
SECURITY NOTES
================================================================================

1. Certificate Protection
   - The PFX file contains private key
   - Protect with proper share permissions
   - Remove from share after deployment

2. Password Security
   - Do not hardcode password in batch files
   - Use encrypted files for automation
   - Store in password manager

3. Share Permissions
   - Read access: Domain Computers group
   - Full access: IT Admins only
   - Monitor access logs

4. Cleanup
   - Remove certificate from share after deployment
   - Keep backup in secure location
   - Document deployed systems

================================================================================
