Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
--- a/winrm-https/README.md
+++ b/winrm-https/README.md
@@ -0,0 +1,162 @@
+# WinRM HTTPS Configuration
+
+This folder contains scripts and documentation for setting up secure WinRM over HTTPS using a wildcard certificate for the `*.logon.ds.ge.com` domain.
+
+## 📁 Files
+
+### Setup Scripts
+
+| File | Description |
+|------|-------------|
+| **Generate-WildcardCert.ps1** | Generates a self-signed wildcard certificate for `*.logon.ds.ge.com` |
+| **Setup-WinRM-HTTPS.ps1** | Configures WinRM HTTPS on a target computer |
+| **Test-WinRM-HTTPS-Setup.ps1** | Automated test workflow for single-device setup |
+
+### Collection Scripts
+
+| File | Description |
+|------|-------------|
+| **Invoke-RemoteAssetCollection-HTTPS.ps1** | Executes remote asset collection via WinRM HTTPS |
+
+### Data Files
+
+| File | Description |
+|------|-------------|
+| **shopfloor-hostnames.txt** | Live list of 175 shopfloor PC hostnames from database |
+| **shopfloor-hostnames-example.txt** | Example hostname list format |
+
+### Documentation
+
+| File | Description |
+|------|-------------|
+| **WINRM_HTTPS_DEPLOYMENT_GUIDE.md** | Complete deployment guide with troubleshooting |
+
+## 🚀 Quick Start
+
+### 1. Generate Certificate (Testing)
+
+```powershell
+# Run as Administrator
+cd C:\path\to\winrm-https
+
+# Generate self-signed wildcard certificate
+.\Generate-WildcardCert.ps1
+```
+
+### 2. Test on Single Device
+
+```powershell
+# Automated test (recommended)
+.\Test-WinRM-HTTPS-Setup.ps1
+
+# Or manual setup
+$certPass = ConvertTo-SecureString "YourPassword" -AsPlainText -Force
+.\Setup-WinRM-HTTPS.ps1 -CertificatePath ".\wildcard-*.pfx" `
+    -CertificatePassword $certPass -Domain "logon.ds.ge.com"
+```
+
+### 3. Deploy to Shopfloor PCs
+
+```powershell
+# Test connections first
+.\Invoke-RemoteAssetCollection-HTTPS.ps1 `
+    -HostnameListFile ".\shopfloor-hostnames.txt" `
+    -Domain "logon.ds.ge.com" `
+    -TestConnections
+
+# Run collection
+.\Invoke-RemoteAssetCollection-HTTPS.ps1 `
+    -HostnameListFile ".\shopfloor-hostnames.txt" `
+    -Domain "logon.ds.ge.com"
+```
+
+## 📋 Prerequisites
+
+- Windows PowerShell 5.1 or later
+- Administrator privileges
+- Network connectivity
+- Wildcard certificate for `*.logon.ds.ge.com` (PFX format with private key)
+
+## 🔐 Security Notes
+
+- **Self-signed certificates** are for TESTING only
+- For production, obtain a certificate from a trusted Certificate Authority
+- Protect the PFX file password
+- Use `-SkipCertificateCheck` only for testing
+
+## 📊 Shopfloor PCs
+
+- **Total PCs**: 175
+- **Source**: Database query filtered by `pctypeid = 3` (Shopfloor type)
+- **FQDN Format**: `{hostname}.logon.ds.ge.com`
+- **Example**: `G1JJVH63ESF.logon.ds.ge.com`
+
+## 🔧 Workflow
+
+1. **Generate/Obtain Certificate**
+   - Use `Generate-WildcardCert.ps1` for testing
+   - Or obtain from CA for production
+
+2. **Setup Target PCs**
+   - Copy certificate PFX to each PC
+   - Run `Setup-WinRM-HTTPS.ps1`
+   - Verify with `Test-WSMan`
+
+3. **Configure Management Server**
+   - Install root CA certificate (if self-signed)
+   - Prepare hostname list
+   - Test connections
+
+4. **Run Collection**
+   - Use `Invoke-RemoteAssetCollection-HTTPS.ps1`
+   - Monitor logs
+   - Review results
+
+## 📖 Documentation
+
+See [WINRM_HTTPS_DEPLOYMENT_GUIDE.md](./WINRM_HTTPS_DEPLOYMENT_GUIDE.md) for:
+- Detailed deployment procedures
+- Troubleshooting guide
+- Security best practices
+- Certificate management
+- Production deployment steps
+
+## 🐛 Troubleshooting
+
+### Common Issues
+
+**Certificate not found**
+```powershell
+# Verify certificate is installed
+Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*logon.ds.ge.com*"}
+```
+
+**Connection fails**
+```powershell
+# Test DNS resolution
+Resolve-DnsName "hostname.logon.ds.ge.com"
+
+# Test port connectivity
+Test-NetConnection -ComputerName "hostname.logon.ds.ge.com" -Port 5986
+
+# Test WinRM
+Test-WSMan -ComputerName "hostname.logon.ds.ge.com" -UseSSL -Port 5986
+```
+
+**Firewall blocking**
+```powershell
+# Check firewall rule
+Get-NetFirewallRule -DisplayName "WinRM HTTPS-In"
+
+# Create if missing
+New-NetFirewallRule -DisplayName "WinRM HTTPS-In" `
+    -Name "WinRM HTTPS-In" -Profile Any -LocalPort 5986 `
+    -Protocol TCP -Direction Inbound -Action Allow
+```
+
+## 📞 Support
+
+For detailed help:
+1. Check [WINRM_HTTPS_DEPLOYMENT_GUIDE.md](./WINRM_HTTPS_DEPLOYMENT_GUIDE.md)
+2. Review PowerShell script help: `Get-Help .\Setup-WinRM-HTTPS.ps1 -Full`
+3. Check logs in `.\logs\` directory