Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
--- a/winrm-https/Configure-WinRM-Client.ps1
+++ b/winrm-https/Configure-WinRM-Client.ps1
@@ -0,0 +1,249 @@
+#Requires -RunAsAdministrator
+<#
+.SYNOPSIS
+    Configure WinRM client settings for remote connections
+
+.DESCRIPTION
+    This script configures the WinRM client on your management computer
+    to allow connections to shopfloor PCs via WinRM HTTPS.
+
+    Run this ONCE on your management computer as Administrator.
+
+.EXAMPLE
+    .\Configure-WinRM-Client.ps1
+
+.NOTES
+    Author: System Administrator
+    Date: 2025-10-17
+    Run as: Administrator
+#>
+
+Write-Host ""
+Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Cyan
+Write-Host "║          WinRM Client Configuration Script                 ║" -ForegroundColor Cyan
+Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Cyan
+Write-Host ""
+Write-Host "This script will configure WinRM client settings on this computer" -ForegroundColor White
+Write-Host "to allow remote connections to shopfloor PCs." -ForegroundColor White
+Write-Host ""
+
+# Check for admin privileges
+$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
+$isAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+
+if (-not $isAdmin) {
+    Write-Host "✗ ERROR: This script must be run as Administrator" -ForegroundColor Red
+    Write-Host ""
+    Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow
+    exit 1
+}
+
+Write-Host "✓ Running with Administrator privileges" -ForegroundColor Green
+Write-Host ""
+
+# Configuration
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 1: Enable WinRM Client Service" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+try {
+    # Start WinRM service
+    $winrmService = Get-Service WinRM
+    if ($winrmService.Status -ne 'Running') {
+        Write-Host "Starting WinRM service..." -ForegroundColor Gray
+        Start-Service WinRM
+        Write-Host "✓ WinRM service started" -ForegroundColor Green
+    } else {
+        Write-Host "✓ WinRM service is already running" -ForegroundColor Green
+    }
+
+    # Set to automatic startup
+    if ($winrmService.StartType -ne 'Automatic') {
+        Write-Host "Setting WinRM to automatic startup..." -ForegroundColor Gray
+        Set-Service WinRM -StartupType Automatic
+        Write-Host "✓ WinRM set to automatic startup" -ForegroundColor Green
+    } else {
+        Write-Host "✓ WinRM already set to automatic startup" -ForegroundColor Green
+    }
+
+} catch {
+    Write-Host "✗ Failed to configure WinRM service: $($_.Exception.Message)" -ForegroundColor Red
+    exit 1
+}
+
+Write-Host ""
+
+# Enable PowerShell Remoting
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 2: Enable PowerShell Remoting" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+try {
+    Write-Host "Enabling PowerShell Remoting..." -ForegroundColor Gray
+    Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null
+    Write-Host "✓ PowerShell Remoting enabled" -ForegroundColor Green
+} catch {
+    Write-Host "⚠ Warning: Could not enable PSRemoting: $($_.Exception.Message)" -ForegroundColor Yellow
+    Write-Host "  This may be normal if already configured" -ForegroundColor Gray
+}
+
+Write-Host ""
+
+# Configure TrustedHosts
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 3: Configure Trusted Hosts" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+$domain = "*.logon.ds.ge.com"
+
+try {
+    # Get current trusted hosts
+    $currentTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value
+
+    Write-Host "Current TrustedHosts: " -NoNewline -ForegroundColor Gray
+    if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) {
+        Write-Host "(empty)" -ForegroundColor Gray
+    } else {
+        Write-Host "$currentTrustedHosts" -ForegroundColor White
+    }
+
+    # Check if domain already in trusted hosts
+    if ($currentTrustedHosts -like "*$domain*") {
+        Write-Host "✓ $domain is already in TrustedHosts" -ForegroundColor Green
+    } else {
+        Write-Host ""
+        Write-Host "Adding $domain to TrustedHosts..." -ForegroundColor Gray
+
+        if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) {
+            # TrustedHosts is empty, set it
+            Set-Item WSMan:\localhost\Client\TrustedHosts -Value $domain -Force
+        } else {
+            # TrustedHosts has values, append to it
+            Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$currentTrustedHosts,$domain" -Force
+        }
+
+        Write-Host "✓ Added $domain to TrustedHosts" -ForegroundColor Green
+    }
+
+    # Show final value
+    $finalTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value
+    Write-Host ""
+    Write-Host "Final TrustedHosts: $finalTrustedHosts" -ForegroundColor White
+
+} catch {
+    Write-Host "✗ Failed to configure TrustedHosts: $($_.Exception.Message)" -ForegroundColor Red
+    Write-Host ""
+    Write-Host "You can manually set it with:" -ForegroundColor Yellow
+    Write-Host "  Set-Item WSMan:\localhost\Client\TrustedHosts -Value '$domain' -Force" -ForegroundColor White
+}
+
+Write-Host ""
+
+# Configure network profile (if needed)
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 4: Check Network Profile" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+try {
+    $profile = Get-NetConnectionProfile | Where-Object {$_.IPv4Connectivity -eq 'Internet' -or $_.IPv4Connectivity -eq 'LocalNetwork'}
+
+    if ($profile) {
+        Write-Host "Active Network Profile:" -ForegroundColor White
+        Write-Host "  Name:     $($profile.Name)" -ForegroundColor Gray
+        Write-Host "  Category: $($profile.NetworkCategory)" -ForegroundColor Gray
+
+        if ($profile.NetworkCategory -eq 'Public') {
+            Write-Host ""
+            Write-Host "⚠ Network is set to Public profile" -ForegroundColor Yellow
+            Write-Host ""
+            Write-Host "For WinRM to work across subnets, you may need to:" -ForegroundColor Yellow
+            Write-Host "  1. Change network to Private/DomainAuthenticated, OR" -ForegroundColor Gray
+            Write-Host "  2. Configure firewall rules for WinRM on Public profile" -ForegroundColor Gray
+            Write-Host ""
+
+            $change = Read-Host "Would you like to change network to Private? (y/n)"
+            if ($change -eq 'y' -or $change -eq 'Y') {
+                Set-NetConnectionProfile -Name $profile.Name -NetworkCategory Private
+                Write-Host "✓ Network profile changed to Private" -ForegroundColor Green
+            }
+        } else {
+            Write-Host "✓ Network profile is $($profile.NetworkCategory) (OK)" -ForegroundColor Green
+        }
+    }
+} catch {
+    Write-Host "⚠ Could not check network profile: $($_.Exception.Message)" -ForegroundColor Yellow
+}
+
+Write-Host ""
+
+# Configure firewall (optional)
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 5: Check Firewall Rules" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+try {
+    # Check for WinRM firewall rules
+    $winrmRules = Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*WinRM*" -and $_.Enabled -eq $true}
+
+    if ($winrmRules) {
+        Write-Host "✓ Found $($winrmRules.Count) active WinRM firewall rule(s)" -ForegroundColor Green
+        foreach ($rule in $winrmRules) {
+            Write-Host "  - $($rule.DisplayName)" -ForegroundColor Gray
+        }
+    } else {
+        Write-Host "⚠ No WinRM firewall rules found (may be created by Enable-PSRemoting)" -ForegroundColor Yellow
+    }
+} catch {
+    Write-Host "⚠ Could not check firewall rules: $($_.Exception.Message)" -ForegroundColor Yellow
+}
+
+Write-Host ""
+
+# Test configuration
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host "STEP 6: Verify Configuration" -ForegroundColor Yellow
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray
+Write-Host ""
+
+Write-Host "WinRM Client Configuration:" -ForegroundColor White
+try {
+    $config = winrm get winrm/config/client
+    Write-Host $config -ForegroundColor Gray
+} catch {
+    Write-Host "Could not retrieve WinRM client config" -ForegroundColor Yellow
+}
+
+Write-Host ""
+
+# Success summary
+Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Green
+Write-Host "║              CONFIGURATION COMPLETE                         ║" -ForegroundColor Green
+Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Green
+Write-Host ""
+Write-Host "Your WinRM client is now configured to connect to shopfloor PCs." -ForegroundColor Green
+Write-Host ""
+
+# Next steps
+Write-Host "Next Steps:" -ForegroundColor Yellow
+Write-Host ""
+Write-Host "1. Test connection to a shopfloor PC:" -ForegroundColor White
+Write-Host ""
+Write-Host "   Option A - Skip certificate validation (for self-signed certs):" -ForegroundColor Gray
+Write-Host "   `$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck" -ForegroundColor White
+Write-Host "   Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White
+Write-Host ""
+Write-Host "   Option B - Install certificate (recommended for production):" -ForegroundColor Gray
+Write-Host "   Import-Certificate -FilePath 'C:\path\to\cert.cer' -CertStoreLocation Cert:\LocalMachine\Root" -ForegroundColor White
+Write-Host ""
+Write-Host "2. Use the test script:" -ForegroundColor White
+Write-Host "   .\Test-ShopfloorPC.ps1 -ComputerName g9kn7pz3esf -SkipCertificateCheck" -ForegroundColor White
+Write-Host ""
+Write-Host "3. Create interactive session:" -ForegroundColor White
+Write-Host "   `$cred = Get-Credential" -ForegroundColor White
+Write-Host "   Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com -Credential `$cred -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White
+Write-Host ""