Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

winrm-https/winrm-ca-scripts/README.txt

@@ -0,0 +1,175 @@
+================================================================================
+WinRM HTTPS Certificate Authority Scripts
+================================================================================
+
+Files Included:
+---------------
+
+1. Create-CA-Simple.ps1
+   - Creates a Certificate Authority
+   - Run this FIRST on your management computer
+   - Generates CA certificate files
+
+2. Sign-BulkCertificates.ps1
+   - Signs certificates for all 175 PCs
+   - Run this AFTER creating the CA
+   - Requires: CA PFX file and shopfloor-hostnames.txt
+
+3. Test-RemotePC-Debug.ps1
+   - Debug script to run ON THE REMOTE PC
+   - Checks WinRM configuration, certificates, firewall, etc.
+
+4. Test-RemotePC-Debug.bat
+   - Batch file to run the debug script
+   - Right-click "Run as Administrator"
+
+================================================================================
+QUICK START
+================================================================================
+
+STEP 1: Create Certificate Authority
+-------------------------------------
+On YOUR computer (H2PRFM94), as Administrator:
+
+  PS> cd C:\users\570005354\Downloads\winrm-ca-scripts
+  PS> .\Create-CA-Simple.ps1
+
+  Enter password: ShopfloorCA2025!
+  Confirm password: ShopfloorCA2025!
+
+Files created:
+  - Shopfloor-WinRM-CA-YYYYMMDD.pfx  (CA private key - KEEP SECURE!)
+  - Shopfloor-WinRM-CA-YYYYMMDD.cer  (CA public certificate)
+  - CA-INFO-YYYYMMDD.txt             (Information)
+
+
+STEP 2: Install CA on Your Computer
+------------------------------------
+On YOUR computer (H2PRFM94), as Administrator:
+
+  PS> Import-Certificate -FilePath "Shopfloor-WinRM-CA-YYYYMMDD.cer" `
+          -CertStoreLocation Cert:\LocalMachine\Root
+
+This makes your computer trust all certificates signed by this CA!
+
+
+STEP 3: Sign PC Certificates
+-----------------------------
+On YOUR computer (H2PRFM94), as Administrator:
+
+  PS> $caPass = ConvertTo-SecureString "ShopfloorCA2025!" -AsPlainText -Force
+  PS> $certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
+  PS> .\Sign-BulkCertificates.ps1 `
+          -HostnameFile "C:\path\to\shopfloor-hostnames.txt" `
+          -CAPfxPath "Shopfloor-WinRM-CA-YYYYMMDD.pfx" `
+          -CAPassword $caPass `
+          -CertificatePassword $certPass
+
+Creates:
+  - pc-certificates/batch-TIMESTAMP/  (folder with 175 PFX files)
+
+
+STEP 4: Debug Remote PC (If Issues)
+------------------------------------
+Copy Test-RemotePC-Debug.bat and Test-RemotePC-Debug.ps1 to the remote PC.
+
+On the remote PC, right-click Test-RemotePC-Debug.bat and "Run as Administrator"
+
+This will show:
+  - WinRM service status
+  - Listeners configured
+  - Ports listening
+  - Firewall rules
+  - Certificates installed
+  - Network information
+
+Use this output to troubleshoot issues!
+
+
+STEP 5: Deploy to One PC (Test)
+--------------------------------
+For PC: G9KN7PZ3ESF
+
+A. Copy certificate to PC:
+   PS> Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-logon.ds.ge.com-*.pfx" `
+           -Destination "\\G9KN7PZ3ESF\C$\Temp\"
+
+B. On the PC (G9KN7PZ3ESF), import certificate:
+   PS> $certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
+   PS> $cert = Import-PfxCertificate `
+           -FilePath "C:\Temp\G9KN7PZ3ESF-logon.ds.ge.com-*.pfx" `
+           -CertStoreLocation Cert:\LocalMachine\My `
+           -Password $certPass
+
+C. Configure WinRM:
+   PS> .\Setup-WinRM-HTTPS.ps1 `
+           -CertificateThumbprint $cert.Thumbprint `
+           -Domain "logon.ds.ge.com"
+
+
+STEP 6: Test Connection
+------------------------
+From YOUR computer (H2PRFM94):
+
+  PS> Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986
+
+  PS> $cred = Get-Credential
+  PS> Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
+          -Credential $cred -UseSSL -Port 5986
+
+No -SessionOption needed! Clean and secure!
+
+
+================================================================================
+TROUBLESHOOTING
+================================================================================
+
+Problem: Cannot create CA
+Solution: Make sure running as Administrator
+
+Problem: Sign-BulkCertificates.ps1 fails
+Solution: Check that CA PFX file exists and password is correct
+
+Problem: Cannot connect to remote PC
+Solution:
+  1. Run Test-RemotePC-Debug.bat on the remote PC
+  2. Check that port 5986 is listening
+  3. Check that HTTPS listener exists
+  4. Check that certificate is imported
+  5. Check that firewall rule exists
+
+Problem: Certificate not trusted
+Solution: Make sure CA certificate is installed on YOUR computer:
+  Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Subject -like "*Shopfloor*"}
+
+================================================================================
+PASSWORDS USED
+================================================================================
+
+CA Password: ShopfloorCA2025!
+  - Protects CA private key (PFX file)
+  - Keep secure!
+
+PC Certificate Password: PCCert2025!
+  - Same password for all 175 PC certificates
+  - Used when importing certificates on PCs
+
+================================================================================
+SECURITY NOTES
+================================================================================
+
+1. CA Private Key (PFX file):
+   - KEEP SECURE! Can sign certificates for any PC
+   - Store in password manager or secure vault
+   - Never share via email or chat
+
+2. CA Public Certificate (CER file):
+   - Safe to distribute to all management computers
+   - Install in Trusted Root Certification Authorities
+
+3. PC Certificates:
+   - Each PC gets its own unique certificate
+   - All use same password for simplicity
+   - Only deploy to the specific PC (not others)
+
+================================================================================