Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
--- a/WINRM_REMOTE_COLLECTION.md
+++ b/WINRM_REMOTE_COLLECTION.md
@@ -0,0 +1,198 @@
+# WinRM Remote Asset Collection
+
+This system allows centralized asset data collection from multiple shopfloor PCs using PowerShell remoting (WinRM).
+
+## Overview
+
+The remote collection system consists of:
+
+1. **Invoke-RemoteAssetCollection.ps1** - Main script that orchestrates remote execution
+2. **Setup-WinRM.ps1** - Helper script to configure WinRM on management server
+3. **Run-RemoteCollection.bat** - Batch file for easy execution
+4. **shopfloor-pcs-example.txt** - Example computer list file
+
+## Prerequisites
+
+### Management Server (where you run the remote collection)
+- Windows with PowerShell 5.1 or later
+- Administrator privileges
+- Network connectivity to target computers
+- Update-PC-CompleteAsset.ps1 script
+
+### Target Computers (shopfloor PCs)
+- Windows with PowerShell 5.1 or later
+- WinRM enabled and configured
+- Update-PC-CompleteAsset.ps1 script installed locally
+- Administrator account for remote access
+
+## Setup Instructions
+
+### 1. Configure Management Server
+
+Run as Administrator:
+
+```powershell
+# Set up WinRM to trust all shopfloor computers
+.\Setup-WinRM.ps1 -TrustedHosts "*"
+
+# OR set up specific trusted hosts (more secure)
+.\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101,10.48.130.102"
+```
+
+### 2. Configure Target Computers
+
+On each shopfloor PC, run as Administrator:
+
+```powershell
+# Enable PowerShell remoting
+Enable-PSRemoting -Force
+
+# Configure firewall
+Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True
+
+# Optional: Run the setup script
+.\Setup-WinRM.ps1
+```
+
+### 3. Deploy Asset Collection Script
+
+Ensure `Update-PC-CompleteAsset.ps1` and `Get-ShopfloorConfig.ps1` are present on each target computer at:
+- `C:\Scripts\Update-PC-CompleteAsset.ps1` (default path)
+- `C:\Scripts\Get-ShopfloorConfig.ps1`
+
+Or specify a different path using the `-ScriptPath` parameter.
+
+### 4. Create Computer List
+
+Copy `shopfloor-pcs-example.txt` to `shopfloor-pcs.txt` and edit with your actual computer IP addresses:
+
+```
+# Production computers
+10.48.130.100
+10.48.130.101
+10.48.130.102
+
+# Quality control
+10.48.130.110
+10.48.130.111
+```
+
+## Usage Examples
+
+### Test Connections
+
+```powershell
+# Test specific computers
+.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101") -TestConnections
+
+# Test from file
+.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -TestConnections
+```
+
+### Collect Asset Data
+
+```powershell
+# Collect from specific computers
+.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101")
+
+# Collect from computer list file
+.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
+
+# Use stored credentials
+$cred = Get-Credential
+.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Credential $cred
+
+# Custom script path
+.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100") -ScriptPath "D:\Scripts\Update-PC-CompleteAsset.ps1"
+```
+
+### Batch File Execution
+
+Simply double-click `Run-RemoteCollection.bat` for easy execution with default settings.
+
+## Parameters
+
+### Invoke-RemoteAssetCollection.ps1 Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| ComputerList | Array of computer names/IPs | `@()` |
+| ComputerListFile | Path to text file with computer list | - |
+| Credential | PSCredential for remote authentication | (prompts) |
+| MaxConcurrent | Max concurrent remote sessions | `5` |
+| ProxyURL | Warranty proxy server URL | `http://10.48.130.158/vendor-api-proxy.php` |
+| DashboardURL | Dashboard API URL | `http://10.48.130.197/dashboard-v2/api.php` |
+| SkipWarranty | Skip warranty lookups | `$true` |
+| LogPath | Log file path | `.\logs\remote-collection.log` |
+| TestConnections | Test connections only | `$false` |
+| ScriptPath | Path to script on remote computers | `C:\Scripts\Update-PC-CompleteAsset.ps1` |
+
+## Troubleshooting
+
+### Common Issues
+
+1. **"Access is denied" errors**
+   - Ensure you're running as Administrator
+   - Check that credentials have admin rights on target computers
+   - Verify WinRM is enabled on target computers
+
+2. **"WinRM cannot complete the operation" errors**
+   - Check trusted hosts configuration: `Get-Item WSMan:\localhost\Client\TrustedHosts`
+   - Verify network connectivity to target computers
+   - Check Windows Firewall settings on target computers
+
+3. **"Script not found" errors**
+   - Ensure Update-PC-CompleteAsset.ps1 exists on target computers
+   - Check the script path specified in -ScriptPath parameter
+   - Verify the script has execute permissions
+
+4. **"Execution policy" errors**
+   - Set execution policy: `Set-ExecutionPolicy RemoteSigned -Force`
+   - Or use: `powershell.exe -ExecutionPolicy Bypass -File script.ps1`
+
+### Diagnostic Commands
+
+```powershell
+# Check WinRM configuration
+winrm get winrm/config
+
+# Test specific computer
+Test-WSMan -ComputerName "10.48.130.100"
+
+# Check trusted hosts
+Get-Item WSMan:\localhost\Client\TrustedHosts
+
+# Test PowerShell remoting
+Enter-PSSession -ComputerName "10.48.130.100" -Credential (Get-Credential)
+```
+
+## Security Considerations
+
+1. **Trusted Hosts**: Use specific IP addresses rather than "*" when possible
+2. **Credentials**: Store credentials securely, avoid hardcoding passwords
+3. **Network**: Ensure WinRM traffic is secured on your network
+4. **Firewall**: Configure Windows Firewall rules appropriately
+5. **Logging**: Monitor log files for security events
+
+## Log Files
+
+Logs are stored in `.\logs\remote-collection.log` and include:
+- Connection attempts and results
+- Script execution status for each computer
+- Error messages and troubleshooting information
+- Summary statistics
+
+## Performance
+
+- Default max concurrent sessions: 5
+- Adjust `-MaxConcurrent` based on network capacity and server resources
+- Monitor performance during large-scale collections
+- Consider running during off-peak hours for production environments
+
+## Integration
+
+This remote collection system integrates with:
+- Existing Update-PC-CompleteAsset.ps1 script
+- Dashboard API for data storage
+- Warranty proxy server for Dell warranty lookups
+- Database normalization system for machine assignments