Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00
commit 62c0c7bb06
102 changed files with 28017 additions and 0 deletions
--- a/winrm-https/winrm-ca-scripts/LOGGING-SUMMARY.txt
+++ b/winrm-https/winrm-ca-scripts/LOGGING-SUMMARY.txt
@@ -0,0 +1,206 @@
+================================================================================
+LOGGING SUMMARY - ALL SCRIPTS
+================================================================================
+
+All scripts now automatically generate log files in:
+S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
+
+Log files are created with naming format:
+HOSTNAME-TIMESTAMP-SCRIPTTYPE.txt
+
+================================================================================
+LOG FILES GENERATED
+================================================================================
+
+1. Deploy-PCCertificate.bat
+   Log File: HOSTNAME-YYYYMMDD-HHMMSS-CERT-DEPLOY.txt
+   Contains:
+   - Certificate import details
+   - WinRM HTTPS listener creation
+   - Firewall rule configuration
+   - Network profile changes
+   - Complete deployment status
+
+2. Test-RemotePC-Debug.bat
+   Log File: HOSTNAME-YYYYMMDD-HHMMSS-DEBUG.txt
+   Contains:
+   - WinRM service status
+   - WinRM listeners (HTTP/HTTPS)
+   - Port listening status (5985, 5986)
+   - Firewall rules (with subnet restrictions)
+   - Certificates in LocalMachine\My
+   - WinRM configuration
+   - Network information (hostname, FQDN, IPs)
+   - Network profile (Public/Private/Domain)
+   - Firewall profile status
+   - Self-connectivity test
+
+3. Fix-FirewallSubnet.bat
+   Log File: HOSTNAME-YYYYMMDD-HHMMSS-FIREWALL-FIX.txt
+   Contains:
+   - Current firewall rule configuration
+   - New subnet configuration
+   - Firewall rule update results
+
+4. Set-NetworkPrivate.bat
+   Log File: HOSTNAME-YYYYMMDD-HHMMSS-NETWORK-PROFILE.txt
+   Contains:
+   - Current network profile status
+   - Network profile changes (Public to Private)
+   - WinRM service restart
+   - Firewall rule updates
+
+================================================================================
+LOG FILE EXAMPLES
+================================================================================
+
+Deployment Log:
+S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF-20251017-102912-CERT-DEPLOY.txt
+
+Debug Log:
+S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF-20251017-143022-DEBUG.txt
+
+Firewall Fix Log:
+S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF-20251017-150000-FIREWALL-FIX.txt
+
+Network Profile Log:
+S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF-20251017-151500-NETWORK-PROFILE.txt
+
+================================================================================
+ACCESSING LOG FILES
+================================================================================
+
+From Network Share:
+  Navigate to: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
+  Sort by date to see latest logs
+
+From Command Line:
+  dir S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF*.txt /od
+
+From PowerShell:
+  Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF*.txt |
+      Sort-Object LastWriteTime -Descending |
+      Select-Object -First 5
+
+View Latest Log:
+  Get-Content (Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\G9KN7PZ3ESF*.txt |
+      Sort-Object LastWriteTime -Descending |
+      Select-Object -First 1).FullName
+
+================================================================================
+TROUBLESHOOTING WITH LOGS
+================================================================================
+
+Problem: Deployment Failed
+Action:
+  1. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-CERT-DEPLOY.txt
+  2. Look for [ERROR] messages
+  3. Review certificate import, listener creation, firewall steps
+
+Problem: Cannot Connect Remotely
+Action:
+  1. Run: Test-RemotePC-Debug.bat on the PC
+  2. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-DEBUG.txt
+  3. Review:
+     - Port 5986 listening?
+     - Firewall rule enabled?
+     - Remote Address restrictions?
+     - Network profile (Public vs Private)?
+     - Certificate present?
+
+Problem: Subnet Access Issues
+Action:
+  1. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-DEBUG.txt
+  2. Look for "TEST 4: Firewall Rules" section
+  3. Check "Remote Address" value
+  4. If wrong, run Fix-FirewallSubnet.bat
+  5. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-FIREWALL-FIX.txt
+
+Problem: Public Network Profile Blocking
+Action:
+  1. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-DEBUG.txt
+  2. Look for "TEST 8: Network Profile" section
+  3. If "Public", run Set-NetworkPrivate.bat
+  4. Check: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\HOSTNAME-*-NETWORK-PROFILE.txt
+
+================================================================================
+LOG RETENTION
+================================================================================
+
+Logs are stored indefinitely in S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
+
+To clean up old logs (after troubleshooting):
+
+  Delete logs older than 30 days:
+  forfiles /p "S:\DT\ADATA\SCRIPT\DEPLOY\LOGS" /m *.txt /d -30 /c "cmd /c del @path"
+
+  Or keep only last 100 logs per PC:
+  Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\*.txt |
+      Group-Object {$_.Name.Split('-')[0]} |
+      ForEach-Object {
+          $_.Group | Sort-Object LastWriteTime -Descending |
+          Select-Object -Skip 100 |
+          Remove-Item
+      }
+
+================================================================================
+LOG FILE PERMISSIONS
+================================================================================
+
+Required Permissions:
+  - Domain Computers: READ/WRITE access to S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
+  - This allows PCs to create and write log files
+
+Verify Permissions:
+  icacls S:\DT\ADATA\SCRIPT\DEPLOY\LOGS
+
+Grant Permissions (if needed):
+  icacls S:\DT\ADATA\SCRIPT\DEPLOY\LOGS /grant "Domain Computers:(OI)(CI)M" /T
+
+================================================================================
+MONITORING DEPLOYMENTS
+================================================================================
+
+Track All Deployments:
+  Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\*-CERT-DEPLOY.txt |
+      Select-Object Name, LastWriteTime |
+      Sort-Object LastWriteTime -Descending
+
+Check Success/Failure:
+  Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\*-CERT-DEPLOY.txt |
+      ForEach-Object {
+          $content = Get-Content $_.FullName -Raw
+          [PSCustomObject]@{
+              PC = $_.Name.Split('-')[0]
+              Time = $_.LastWriteTime
+              Status = if($content -match '\[SUCCESS\]'){'Success'}else{'Failed'}
+          }
+      } | Format-Table -AutoSize
+
+Recent Deployments (Last 24 Hours):
+  Get-ChildItem S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\*-CERT-DEPLOY.txt |
+      Where-Object {$_.LastWriteTime -gt (Get-Date).AddHours(-24)} |
+      Select-Object Name, LastWriteTime
+
+================================================================================
+SUMMARY
+================================================================================
+
+✓ All scripts log to: S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\
+✓ Unique log files per execution (timestamped)
+✓ Different log types for different operations:
+  - CERT-DEPLOY: Deployment logs
+  - DEBUG: Diagnostic logs
+  - FIREWALL-FIX: Firewall configuration logs
+  - NETWORK-PROFILE: Network profile change logs
+✓ Logs contain complete execution details
+✓ Easy to search and troubleshoot
+✓ Centralized logging for all 175 PCs
+
+Use logs to:
+  - Track deployment progress
+  - Troubleshoot connection issues
+  - Verify configurations
+  - Document changes
+
+================================================================================