ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Organized PowerShell scripts for ShopDB asset collection

Browse Source 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
cproudlock
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

426
PRODUCTION_URL_UPDATE.md Normal file
View File

@@ -0,0 +1,426 @@
# PowerShell Scripts - Production URL Configuration
**Date:** 2025-11-21
**Status:** ✅ Updated for Production
**Target Server:** https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp
---
## Changes Made
### Files Updated
1. **Update-PC-CompleteAsset-Silent.bat**
- Dashboard URL: https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp
2. **Update-PC-CompleteAsset.ps1**
- Default parameter: https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp
- Auto-discovery list (first priority)
- Fallback default URL
---
## Deployment Instructions
### Step 1: Copy Files to Client PCs
**Source Location (Linux Dev):**
```
/home/camp/projects/powershell/
```
**Target Location (Windows PCs):**
```
C:\Apps\PowerShell\
```
**Files to Deploy:**
```
Update-PC-CompleteAsset.ps1
Update-PC-CompleteAsset-Silent.bat
Get-ShopfloorConfig.ps1
Backup-GERegistry.ps1
applications.csv
```
### Step 2: Deployment Methods
#### Option A: Group Policy (Recommended)
**GPO Startup Script:**
```batch
@echo off
REM Copy PowerShell scripts from network share to local PC
xcopy /Y /E "\\fileserver\shares\IT\PowerShell\*.*" "C:\Apps\PowerShell\"
```
**GPO Path:**
```
Computer Configuration
→ Policies
→ Windows Settings
→ Scripts (Startup/Shutdown)
→ Startup
→ Add: deploy-powershell-scripts.bat
```
#### Option B: Manual Copy via Network Share
```batch
REM On each PC (or via remote execution)
xcopy /Y /E "\\tsgwp00525\IT\PowerShell\*.*" "C:\Apps\PowerShell\"
```
#### Option C: PowerShell Remoting (Bulk Deployment)
```powershell
# Run from admin workstation
$PCs = Get-Content "C:\PCList.txt"
foreach ($PC in $PCs) {
Write-Host "Deploying to $PC..."
# Create directory if doesn't exist
Invoke-Command -ComputerName $PC -ScriptBlock {
New-Item -Path "C:\Apps\PowerShell" -ItemType Directory -Force
}
# Copy files
Copy-Item -Path "\\source\PowerShell\*" -Destination "\\$PC\C$\Apps\PowerShell\" -Recurse -Force
Write-Host " [OK] Deployed to $PC" -ForegroundColor Green
}
```
### Step 3: Create Scheduled Task
**Task Configuration:**
```xml
Name: Update PC Asset Data
Description: Daily collection of PC hardware and software inventory
Trigger: Daily at 6:00 AM
Action: C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat
Run as: SYSTEM
Run with highest privileges: Yes
```
**GPO Scheduled Task:**
```
Computer Configuration
→ Preferences
→ Control Panel Settings
→ Scheduled Tasks
→ New → Scheduled Task (Windows 7+)
```
**Settings:**
- Name: `Update PC Asset Data`
- Program: `C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat`
- Trigger: Daily, 6:00 AM
- Random delay: 0-10 minutes (built into script)
- Run whether user logged on or not: Yes
- Run with highest privileges: Yes
### Step 4: Test on Sample PCs
**Test on 3 different PC types:**
1. **Standard PC (Office):**
```powershell
# Run manually
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1
```
**Expected:**
- Detects PC type: Standard
- Collects system info
- Sends to https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp
- Success message
2. **Shopfloor PC (LTSC):**
```powershell
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1
```
**Expected:**
- Detects PC type: Shopfloor
- Collects system info + network interfaces + DNC config
- Sends to production API
- Success message
3. **Engineer PC (Has C:\Apps + V: drive):**
```powershell
cd C:\Apps\PowerShell
.\Update-PC-CompleteAsset.ps1
```
**Expected:**
- Detects PC type: Engineer
- Collects system info
- Sends to production API
- Success message
### Step 5: Verify in Database
```sql
-- Check recent PC updates (last 24 hours)
SELECT
hostname,
machinetypeid,
serialnumber,
lastupdated
FROM machines
WHERE pctypeid IS NOT NULL
AND lastupdated >= DATE_SUB(NOW(), INTERVAL 24 HOUR)
ORDER BY lastupdated DESC;
```
### Step 6: Monitor Logs
**Check API logs on server:**
```
https://tsgwp00525.rd.ds.ge.com/shopdb/logs/api-2025-11-21.log
```
**Check PowerShell logs on network share:**
```
S:\dt\cameron\scan\logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log
```
**Fallback location (if network share unavailable):**
```
C:\Apps\PowerShell\Logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log
```
---
## URL Configuration Details
### Production URL
**Full URL:**
```
https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp
```
**Server:** tsgwp00525.rd.ds.ge.com
**Protocol:** HTTPS (secure)
**Path:** /shopdb/api.asp
**Port:** 443 (default HTTPS)
### Network Requirements
**Firewall Rules:**
- Allow outbound HTTPS (port 443) from all client PCs
- Destination: tsgwp00525.rd.ds.ge.com
- Protocol: TCP/443
**DNS Resolution:**
- tsgwp00525.rd.ds.ge.com must resolve from client PCs
- Test: `nslookup tsgwp00525.rd.ds.ge.com`
**Certificate:**
- Server must have valid SSL certificate
- Client PCs must trust certificate authority
- If using self-signed cert, may need to add to trusted root CAs
**Network Share Access:**
- All client PCs must have read/write access to `S:\dt\cameron\scan\logs`
- Share permissions: DOMAIN\Domain Computers (Modify)
- NTFS permissions: DOMAIN\Domain Computers (Modify)
- If network share unavailable, script will fallback to local `C:\Apps\PowerShell\Logs\`
### URL Priority (Auto-Discovery)
If parameter not provided, script tries URLs in this order:
1. https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp (PRODUCTION)
2. http://192.168.122.151:8080/api.asp (DEV)
3. http://localhost:8080/api.asp (Local test)
4. (other fallbacks...)
---
## Rollback Instructions
If production deployment fails, revert to DEV URLs:
**Update-PC-CompleteAsset-Silent.bat:**
```batch
Line 27: echo Dashboard: http://192.168.122.151:8080/api.asp >> "%logfile%" 2>&1
Line 60: -DashboardURL "http://192.168.122.151:8080/api.asp"
```
**Update-PC-CompleteAsset.ps1:**
```powershell
Line 26: [string]$DashboardURL = "http://192.168.122.151:8080/api.asp",
Line 70: First candidate = "http://192.168.122.151:8080/api.asp"
Line 98: $defaultUrl = "http://192.168.122.151:8080/api.asp"
```
---
## Verification Checklist
Before production rollout:
- [ ] Verify network share exists: `S:\dt\cameron\scan\logs`
- [ ] Test network share write permissions from client PC
- [ ] Test script on Standard PC
- [ ] Test script on Shopfloor PC
- [ ] Test script on Engineer PC
- [ ] Verify logs written to `S:\dt\cameron\scan\logs`
- [ ] Verify data appears in database
- [ ] Check API logs on server
- [ ] Test scheduled task execution
- [ ] Confirm HTTPS certificate valid
- [ ] Verify firewall allows outbound HTTPS
- [ ] Test DNS resolution of tsgwp00525.rd.ds.ge.com
- [ ] Deploy to pilot group (5-10 PCs)
- [ ] Monitor for 1 week (check network share logs)
- [ ] Deploy to all PCs via GPO
---
## Troubleshooting
### Issue: Cannot reach dashboard
**Symptom:**
```
[FAIL] Cannot reach: The remote name could not be resolved
```
**Causes:**
1. DNS not resolving tsgwp00525.rd.ds.ge.com
2. Firewall blocking port 443
3. Server offline
**Fix:**
```powershell
# Test DNS
nslookup tsgwp00525.rd.ds.ge.com
# Test HTTPS connectivity
Test-NetConnection -ComputerName tsgwp00525.rd.ds.ge.com -Port 443
# Test API endpoint
Invoke-RestMethod -Uri "https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp?action=getDashboardData"
```
### Issue: SSL certificate error
**Symptom:**
```
The underlying connection was closed: Could not establish trust relationship
```
**Cause:** Self-signed or untrusted certificate
**Fix:**
```powershell
# Temporary bypass (testing only)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
# Permanent fix: Install certificate to Trusted Root
Import-Certificate -FilePath "server-cert.crt" -CertStoreLocation Cert:\LocalMachine\Root
```
### Issue: 401 Unauthorized
**Symptom:**
```
The remote server returned an error: (401) Unauthorized
```
**Cause:** Server requires authentication
**Fix:**
- Check IIS authentication settings
- Ensure Anonymous Authentication enabled for api.asp
- Or add credentials to script
### Issue: 500 Internal Server Error
**Symptom:**
```
The remote server returned an error: (500) Internal Server Error
```
**Cause:** API error on server side
**Fix:**
- Check server logs: `C:\inetpub\wwwroot\shopdb\logs\api-YYYY-MM-DD.log`
- Check IIS logs: `C:\inetpub\logs\LogFiles\`
- Verify database connectivity from server
- Check ASP error details (disable friendly errors)
### Issue: Network log directory not accessible
**Symptom:**
```
WARNING: Network log directory S:\dt\cameron\scan\logs not accessible, using local Logs directory
```
**Cause:** Network share not accessible or permissions issue
**Fix:**
```powershell
# Test network share access
Test-Path "S:\dt\cameron\scan\logs"
# Verify drive mapping
Get-PSDrive S
# Test write permissions
New-Item -Path "S:\dt\cameron\scan\logs\test.txt" -ItemType File -Value "test" -Force
Remove-Item "S:\dt\cameron\scan\logs\test.txt"
```
**Permission Requirements:**
- Share: `\\fileserver\share` mapped to S: drive
- Share Permissions: Domain Computers (Read/Write)
- NTFS Permissions: Domain Computers (Modify)
- Ensure folder exists: `S:\dt\cameron\scan\logs`
---
## Production Readiness Status
**Scripts Updated:** Both .bat and .ps1 files configured for production URL
**Documentation:** Complete deployment guide created
**Testing Plan:** 3-tier testing (Standard, Shopfloor, Engineer)
**Monitoring:** API logs and PowerShell logs configured
**Rollback Plan:** DEV URL reversion documented
**Ready for Deployment:** YES
**Recommended Timeline:**
1. Day 1-2: Test on 3 PCs (one of each type)
2. Day 3-7: Deploy to pilot group (10 PCs)
3. Day 8-14: Monitor pilot group
4. Day 15+: Full deployment via GPO to all PCs
---
## Contact
**For deployment issues:**
- Check this documentation
- Review PowerShell logs on client PC
- Review API logs on server
- Contact: IT Asset Management Team
**File Locations:**
- Dev: `/home/camp/projects/powershell/`
- Production Scripts: `C:\Apps\PowerShell\` (on PCs)
- Production Logs: `S:\dt\cameron\scan\logs\` (network share)
- Server: `https://tsgwp00525.rd.ds.ge.com/shopdb/`
---
**Document Version:** 1.0
**Last Updated:** 2025-11-21
**Status:** Production Ready