ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Organized PowerShell scripts for ShopDB asset collection

Browse Source 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
cproudlock
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

482
docs/SCRIPTS_REFERENCE.md Normal file
View File

@@ -0,0 +1,482 @@
# PowerShell Scripts Reference
Complete documentation for all scripts in this repository.
**Last Updated:** 2025-12-10
---
## Repository Structure
```
powershell-scripts/
├── asset-collection/ # Local PC data collection scripts
├── remote-execution/ # Remote WinRM execution scripts
├── setup-utilities/ # Configuration and testing
├── registry-backup/ # GE registry backup
├── winrm-https/ # WinRM HTTPS/certificate setup
└── docs/ # Documentation
```
---
## Table of Contents
1. [Asset Collection Scripts](#asset-collection-scripts) (`asset-collection/`)
2. [Remote Execution Scripts](#remote-execution-scripts) (`remote-execution/`)
3. [Setup & Utility Scripts](#setup--utility-scripts) (`setup-utilities/`)
4. [Registry Backup Scripts](#registry-backup-scripts) (`registry-backup/`)
5. [WinRM HTTPS Scripts](#winrm-https-scripts) (`winrm-https/`)
---
## Asset Collection Scripts
**Location:** `asset-collection/`
### Update-PC-CompleteAsset.ps1
**Purpose:** Primary script for comprehensive PC asset data collection and database storage.
**What It Does:**
1. Collects system information (hostname, serial number, manufacturer, model)
2. Determines PC type (Engineer/Shopfloor/Standard/Measuring)
3. Collects network interface configurations
4. For shopfloor PCs: Collects DNC/machine configurations from GE registry
5. Optionally retrieves Dell warranty information via proxy
6. Sends all data to ShopDB API for storage
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ProxyURL` | `http://10.48.130.158/vendor-api-proxy.php` | Warranty API proxy server |
| `-DashboardURL` | `https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp` | ShopDB API endpoint |
| `-SkipWarranty` | `$true` | Skip warranty lookups (enabled by default) |
| `-TestConnections` | `$false` | Test API connectivity without collecting data |
**Usage:**
```powershell
# Standard execution (run as administrator)
.\Update-PC-CompleteAsset.ps1
# Test connectivity only
.\Update-PC-CompleteAsset.ps1 -TestConnections
# With warranty lookup enabled
.\Update-PC-CompleteAsset.ps1 -SkipWarranty:$false
```
**Requires:** Administrator privileges for full data collection
---
### Get-ShopfloorConfig.ps1
**Purpose:** Library of functions for collecting shopfloor-specific configurations.
**What It Does:**
- Enumerates all network interfaces and their configurations
- Detects "machine networks" (192.168.x.x subnets)
- Collects serial port (COM) configurations
- Extracts DNC settings from GE Aircraft Engines registry
- Analyzes DualPath configurations for multi-machine setups
**Key Functions:**
| Function | Description |
|----------|-------------|
| `Get-NetworkInterfaceConfig` | Collects all network adapter information |
| `Get-SerialPortConfig` | Enumerates COM port configurations |
| `Get-DNCConfig` | Extracts DNC registry settings |
| `Get-GERegistryConfig` | Reads GE Aircraft Engines registry keys |
**Note:** This script is sourced (dot-sourced) by `Update-PC-CompleteAsset.ps1` and not run directly.
---
### Update-PC-Minimal.ps1
**Purpose:** Lightweight asset collection for locked-down PCs with restricted permissions.
**What It Does:**
1. Collects basic system info without requiring admin privileges
2. Uses only non-elevated WMI/CIM queries
3. Detects PC-DMIS software for measuring machine classification
4. Sends minimal data to ShopDB API
**When to Use:**
- PCs where users cannot run as administrator
- Measuring machines with restricted permissions
- Quick data collection without full registry access
**Usage:**
```powershell
.\Update-PC-Minimal.ps1
```
**Requires:** No elevated privileges (runs as standard user)
---
### Backup-GERegistry.ps1
**Purpose:** Backs up GE Aircraft Engines registry keys for disaster recovery and auditing.
**What It Does:**
1. Exports registry keys from both 32-bit and 64-bit locations
2. Creates backup files named with machine number and serial number
3. Saves to network share for centralized backup storage
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-BackupPath` | `S:\DT\cameron\scan\backup\reg` | Network path for backup files |
| `-Silent` | `$false` | Suppress console output |
**Backup Locations:**
- `HKLM:\Software\GE Aircraft Engines`
- `HKLM:\Software\WOW6432Node\GE Aircraft Engines`
**Output Filename Format:** `[machinenumber-]serialnumber-YYYY-MM-DD.reg`
**Usage:**
```powershell
# Interactive backup
.\Backup-GERegistry.ps1
# Silent backup (for scheduled tasks)
.\Backup-GERegistry.ps1 -Silent
```
---
## Remote Execution Scripts
### Invoke-RemoteAssetCollection.ps1
**Purpose:** Remotely executes asset collection on multiple PCs via WinRM (HTTP).
**What It Does:**
1. Establishes WinRM connections to target PCs
2. Executes `Update-PC-CompleteAsset.ps1` remotely
3. Collects and logs results from each PC
4. Supports parallel execution for efficiency
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerList` | - | Array of computer names/IPs |
| `-ComputerListFile` | - | Path to text file with computer list |
| `-Credential` | - | PSCredential for authentication |
| `-MaxConcurrent` | `5` | Maximum parallel sessions |
| `-TestConnections` | `$false` | Test connectivity only |
| `-ScriptPath` | `C:\Scripts\Update-PC-CompleteAsset.ps1` | Path to script on remote PCs |
**Prerequisites:**
- WinRM enabled on target PCs (`Enable-PSRemoting -Force`)
- Admin credentials for remote PCs
- Port 5985 (HTTP) open
**Usage:**
```powershell
# From file with prompted credentials
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"
# Specific computers with stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred
# Test connections only
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections
```
**Requires:** Administrator privileges, WinRM access to targets
---
### Invoke-RemoteAssetCollection-HTTPS.ps1
**Purpose:** Secure remote asset collection via WinRM over HTTPS (port 5986).
**What It Does:**
Same as `Invoke-RemoteAssetCollection.ps1` but uses:
- HTTPS/TLS encryption for secure communication
- Wildcard certificates for domain-wide deployment
- Automatic FQDN construction from hostnames
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-HostnameList` | - | Array of hostnames (without domain) |
| `-HostnameListFile` | - | Path to text file with hostnames |
| `-Domain` | - | Domain suffix (e.g., "logon.ds.ge.com") |
| `-Port` | `5986` | HTTPS port |
| `-SkipCertificateCheck` | `$false` | Skip SSL validation (not recommended) |
**Usage:**
```powershell
# With domain suffix
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com"
# From file
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com"
```
**Requires:** WinRM HTTPS configured on targets (see winrm-https folder)
---
### Update-ShopfloorPCs-Remote.ps1
**Purpose:** Query ShopDB for all shopfloor PCs and update them remotely.
**What It Does:**
1. Queries ShopDB API for list of all shopfloor PCs
2. Establishes WinRM connections to each PC
3. Collects system info remotely and POSTs to API
4. Logs success/failure for each PC
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerName` | - | Specific PC(s) to update |
| `-All` | `$false` | Update all shopfloor PCs from ShopDB |
| `-SetupTrustedHosts` | `$false` | Configure WinRM trusted hosts |
| `-Credential` | - | PSCredential for authentication |
| `-ApiUrl` | `https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp` | ShopDB API URL |
**Usage:**
```powershell
# Update all shopfloor PCs
.\Update-ShopfloorPCs-Remote.ps1 -All
# Update specific PCs
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002"
# Setup trusted hosts first
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
```
---
## Configuration & Setup Scripts
### Setup-WinRM.ps1
**Purpose:** Configures WinRM on the management server for remote asset collection.
**What It Does:**
1. Enables WinRM service
2. Configures trusted hosts for remote connections
3. Sets up HTTP listener on port 5985
4. Tests connectivity to specified computers
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-TrustedHosts` | `""` | Comma-separated list of trusted hosts (use "*" for all) |
| `-TestConnection` | `@()` | Array of computers to test after setup |
**Usage:**
```powershell
# Trust all hosts (less secure, simpler)
.\Setup-WinRM.ps1 -TrustedHosts "*"
# Trust specific IPs
.\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101"
# Setup and test
.\Setup-WinRM.ps1 -TrustedHosts "*" -TestConnection @("10.48.130.100")
```
**Requires:** Administrator privileges
---
### Install-AssetCollectionSchedule.ps1
**Purpose:** Creates a Windows scheduled task for automated asset collection.
**What It Does:**
1. Creates scheduled task running 4 times daily (6:00, 12:00, 18:00, 00:00)
2. Configures silent execution (no window popup)
3. Runs as SYSTEM account
4. Handles battery/network conditions appropriately
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ScriptPath` | `S:\DT\adata\script\Update-PC-CompleteAsset-Silent.bat` | Path to batch file |
| `-TaskName` | `"GE Asset Collection"` | Name for scheduled task |
**Usage:**
```powershell
# Install with defaults
.\Install-AssetCollectionSchedule.ps1
# Custom script path
.\Install-AssetCollectionSchedule.ps1 -ScriptPath "C:\Scripts\Update-PC-CompleteAsset-Silent.bat"
```
**Requires:** Administrator privileges
---
## Utility Scripts
### Test-API-Connection.ps1
**Purpose:** Tests connectivity and functionality of the ShopDB API.
**What It Does:**
1. Tests basic API connectivity
2. Tests INSERT operation (creates test PC record)
3. Tests UPDATE operation (modifies test record)
4. Tests DELETE operation (cleans up test record)
5. Reports success/failure for each operation
**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-DashboardURL` | `http://192.168.122.151:8080/api.asp` | API endpoint to test |
**Usage:**
```powershell
# Test development API
.\Test-API-Connection.ps1
# Test production API
.\Test-API-Connection.ps1 -DashboardURL "https://production-server/shopdb/api.asp"
```
---
### Get-InstalledApps.ps1
**Purpose:** Collects list of installed applications from a PC.
**What It Does:**
- Queries registry for installed programs
- Returns application names and versions
- Used for software inventory in ShopDB
**Usage:**
```powershell
.\Get-InstalledApps.ps1
```
---
## Batch File Launchers
### Update-PC-CompleteAsset.bat
Standard launcher - opens PowerShell window with output visible.
### Update-PC-CompleteAsset-Silent.bat
Silent launcher - runs hidden, suitable for scheduled tasks.
### Update-PC-Minimal.bat
Launcher for minimal collection script.
### Run-RemoteCollection.bat
Launcher for remote collection script.
### Get-InstalledApps.bat
Launcher for application inventory script.
### Run-GetInstalledApps.bat
Alternative launcher for application inventory.
---
## WinRM HTTPS Scripts
Located in `winrm-https/` folder. These scripts configure secure WinRM over HTTPS.
### Key Scripts:
| Script | Purpose |
|--------|---------|
| `Setup-WinRM-HTTPS.ps1` | Configure WinRM HTTPS on target PCs |
| `Create-CertificateAuthority.ps1` | Create internal CA for certificates |
| `Sign-PCCertificate.ps1` | Sign individual PC certificates |
| `Sign-BulkPCCertificates.ps1` | Sign certificates for multiple PCs |
| `Configure-WinRM-Client.ps1` | Configure client for HTTPS connections |
| `Test-WinRM-HTTPS-Setup.ps1` | Verify HTTPS configuration |
| `Test-ShopfloorPC.ps1` | Test connectivity to shopfloor PC |
### Documentation:
| Document | Description |
|----------|-------------|
| `README.md` | Overview and quick start |
| `CA-APPROACH-GUIDE.md` | Certificate Authority setup guide |
| `GETTING_STARTED.md` | Step-by-step initial setup |
| `NETWORK_SHARE_DEPLOYMENT.md` | Deploying via network share |
| `SECURE_CREDENTIAL_MANAGEMENT.md` | Credential security best practices |
| `TROUBLESHOOTING_CERTIFICATE_GENERATION.md` | Certificate troubleshooting |
---
## Architecture Overview
```
┌─────────────────────────────────────────────────────────────────┐
│ Management Server │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ Invoke-RemoteAssetCollection.ps1 │ │
│ │ Invoke-RemoteAssetCollection-HTTPS.ps1 │ │
│ │ Update-ShopfloorPCs-Remote.ps1 │ │
│ └──────────────────────┬───────────────────────────────────┘ │
└─────────────────────────┼───────────────────────────────────────┘
│ WinRM (5985/5986)
┌─────────────────────────────────────────────────────────────────┐
│ Shopfloor PCs │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ Update-PC-CompleteAsset.ps1 │ │
│ │ Get-ShopfloorConfig.ps1 │ │
│ │ Backup-GERegistry.ps1 │ │
│ └──────────────────────┬───────────────────────────────────┘ │
└─────────────────────────┼───────────────────────────────────────┘
│ HTTPS
┌─────────────────────────────────────────────────────────────────┐
│ ShopDB API Server │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ api.asp (IIS) → MySQL Database │ │
│ └──────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
---
## Quick Reference
### Run asset collection on local PC:
```batch
Update-PC-CompleteAsset.bat
```
### Run silent collection (for scheduled tasks):
```batch
Update-PC-CompleteAsset-Silent.bat
```
### Collect from all shopfloor PCs remotely:
```powershell
.\Update-ShopfloorPCs-Remote.ps1 -All
```
### Test API connectivity:
```powershell
.\Test-API-Connection.ps1
```
### Setup scheduled collection:
```powershell
.\Install-AssetCollectionSchedule.ps1
```
---
**Repository:** http://localhost:3000/cproudlock/powershell-scripts