Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

winrm-https/winrm-ca-scripts/SINGLE-PC-TEST.txt

@@ -0,0 +1,353 @@
+================================================================================
+SINGLE PC TEST - QUICK START
+================================================================================
+
+Test the entire certificate deployment on ONE PC before deploying to all 175.
+
+Test PC: G9KN7PZ3ESF
+
+================================================================================
+STEP 1: CREATE CA (ONE TIME - 5 MINUTES)
+================================================================================
+
+On YOUR computer (H2PRFM94):
+
+  PS> cd C:\path\to\winrm-ca-scripts
+  PS> .\Create-CA-Simple.ps1
+
+  Enter password: ShopfloorCA2025!
+
+  Output:
+  ✓ Shopfloor-WinRM-CA-20251017.pfx
+  ✓ Shopfloor-WinRM-CA-20251017.cer
+
+
+================================================================================
+STEP 2: INSTALL CA ON YOUR COMPUTER (2 MINUTES)
+================================================================================
+
+Still on YOUR computer:
+
+  PS> Import-Certificate -FilePath "Shopfloor-WinRM-CA-20251017.cer" `
+          -CertStoreLocation Cert:\LocalMachine\Root
+
+  Result:
+  ✓ Your computer now trusts all certificates signed by this CA
+
+
+================================================================================
+STEP 3: SIGN CERTIFICATE FOR TEST PC (2 MINUTES)
+================================================================================
+
+Option A: Sign just ONE certificate
+────────────────────────────────────────────────────────────────
+
+  Create a test file with just one hostname:
+
+  PS> "G9KN7PZ3ESF" | Out-File "test-hostname.txt"
+
+  PS> .\Sign-BulkCertificates.ps1 -HostnameFile "test-hostname.txt"
+
+  Enter CA password: ShopfloorCA2025!
+  Enter PC cert password: PCCert2025!
+
+  Output:
+  ✓ pc-certificates\batch-TIMESTAMP\G9KN7PZ3ESF-logon.ds.ge.com-*.pfx
+
+
+Option B: Sign ALL 175, but only deploy one
+────────────────────────────────────────────────────────────────
+
+  PS> .\Sign-BulkCertificates.ps1
+
+  Enter CA password: ShopfloorCA2025!
+  Enter PC cert password: PCCert2025!
+
+  Output:
+  ✓ pc-certificates\batch-TIMESTAMP\  (175 certificates)
+
+  You'll only deploy one for testing
+
+
+================================================================================
+STEP 4: DEPLOY TO TEST PC (5 MINUTES)
+================================================================================
+
+Method 1: Network Share Deployment (Recommended)
+────────────────────────────────────────────────────────────────
+
+  A. Copy to network share:
+
+     PS> Copy-Item "pc-certificates\batch-*" `
+             -Destination "S:\dt\adata\script\deploy\pc-certificates\" `
+             -Recurse
+
+     PS> Copy-Item "Deploy-PCCertificate.ps1" `
+             -Destination "S:\dt\adata\script\deploy\"
+
+     PS> Copy-Item "Deploy-PCCertificate.bat" `
+             -Destination "S:\dt\adata\script\deploy\"
+
+  B. On the test PC (G9KN7PZ3ESF):
+
+     1. Navigate to: S:\dt\adata\script\deploy\
+     2. Right-click: Deploy-PCCertificate.bat
+     3. Select: "Run as Administrator"
+     4. Enter password: PCCert2025!
+     5. Wait for SUCCESS message
+
+  Result:
+  ✓ Certificate automatically found and imported
+  ✓ WinRM HTTPS configured
+  ✓ Firewall rule created
+  ✓ Log saved to: S:\dt\adata\script\deploy\LOGS\G9KN7PZ3ESF-*.txt
+
+
+Method 2: Manual Deployment (If network share not ready)
+────────────────────────────────────────────────────────────────
+
+  A. Copy certificate to PC:
+
+     PS> Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-*.pfx" `
+             -Destination "\\G9KN7PZ3ESF\C$\Temp\"
+
+     PS> Copy-Item "Setup-WinRM-HTTPS.ps1" `
+             -Destination "\\G9KN7PZ3ESF\C$\Temp\"
+
+  B. On the PC (G9KN7PZ3ESF), as Administrator:
+
+     PS> cd C:\Temp
+
+     # Import certificate
+     PS> $certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
+     PS> $cert = Import-PfxCertificate `
+             -FilePath "G9KN7PZ3ESF-*.pfx" `
+             -CertStoreLocation Cert:\LocalMachine\My `
+             -Password $certPass
+
+     # Configure WinRM
+     PS> .\Setup-WinRM-HTTPS.ps1 `
+             -CertificateThumbprint $cert.Thumbprint `
+             -Domain "logon.ds.ge.com"
+
+  Result:
+  ✓ Certificate imported
+  ✓ WinRM HTTPS listener created
+  ✓ Firewall configured
+
+
+================================================================================
+STEP 5: VERIFY ON THE PC (2 MINUTES)
+================================================================================
+
+On the test PC (G9KN7PZ3ESF):
+
+  # Check certificate
+  PS> Get-ChildItem Cert:\LocalMachine\My | Where-Object {
+      $_.Subject -like "*G9KN7PZ3ESF*"
+  } | Format-List Subject, Issuer, Thumbprint
+
+  Expected:
+    Subject     : CN=g9kn7pz3esf.logon.ds.ge.com
+    Issuer      : CN=Shopfloor WinRM CA
+    Thumbprint  : (long string)
+
+  # Check WinRM service
+  PS> Get-Service WinRM
+
+  Expected:
+    Status   Name               DisplayName
+    ------   ----               -----------
+    Running  WinRM              Windows Remote Management (WS-Manag...
+
+  # Check listener
+  PS> winrm enumerate winrm/config/listener
+
+  Expected:
+    Listener
+        Address = *
+        Transport = HTTPS
+        Port = 5986
+        Hostname = g9kn7pz3esf.logon.ds.ge.com
+        ...
+
+  # Check port
+  PS> netstat -an | findstr :5986
+
+  Expected:
+    TCP    0.0.0.0:5986           0.0.0.0:0              LISTENING
+
+  ✓ All checks passed!
+
+
+================================================================================
+STEP 6: TEST CONNECTION FROM YOUR COMPUTER (3 MINUTES)
+================================================================================
+
+Back on YOUR computer (H2PRFM94):
+
+  A. Test basic connectivity
+  ─────────────────────────────────────────────────────────────
+
+  PS> Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986
+
+  Expected Output:
+    wsmid           : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
+    ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
+    ProductVendor   : Microsoft Corporation
+    ProductVersion  : OS: 0.0.0 SP: 0.0 Stack: 3.0
+
+  ✅ SUCCESS = WinRM is working with HTTPS!
+
+
+  B. Test interactive session
+  ─────────────────────────────────────────────────────────────
+
+  PS> $cred = Get-Credential
+  # Enter your domain credentials
+
+  PS> Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
+          -Credential $cred -UseSSL -Port 5986
+
+  Expected:
+    [g9kn7pz3esf.logon.ds.ge.com]: PS C:\>
+
+  ✅ SUCCESS = You're connected!
+
+  Try commands:
+    [g9kn7pz3esf.logon.ds.ge.com]: PS C:\> hostname
+    G9KN7PZ3ESF
+
+    [g9kn7pz3esf.logon.ds.ge.com]: PS C:\> Get-Service WinRM
+    Running  WinRM  Windows Remote Management
+
+    [g9kn7pz3esf.logon.ds.ge.com]: PS C:\> Exit-PSSession
+
+
+  C. Test remote command execution
+  ─────────────────────────────────────────────────────────────
+
+  PS> Invoke-Command -ComputerName g9kn7pz3esf.logon.ds.ge.com `
+          -Credential $cred -UseSSL -Port 5986 `
+          -ScriptBlock { Get-ComputerInfo | Select-Object CsName, WindowsVersion }
+
+  Expected:
+    CsName       WindowsVersion
+    ------       --------------
+    G9KN7PZ3ESF  2009
+
+  ✅ SUCCESS = Remote commands work!
+
+
+================================================================================
+KEY OBSERVATIONS
+================================================================================
+
+Notice what you DON'T need:
+
+  ❌ No -SessionOption parameter
+  ❌ No -SkipCNCheck
+  ❌ No -SkipCACheck
+  ❌ No -SkipRevocationCheck
+  ❌ No certificate bypass tricks
+
+This is CLEAN and SECURE because:
+
+  ✓ Your computer trusts the CA
+  ✓ PC certificate is signed by trusted CA
+  ✓ Certificate CN matches hostname
+  ✓ Full certificate chain validation works
+
+
+================================================================================
+TROUBLESHOOTING
+================================================================================
+
+If Test-WSMan fails:
+────────────────────────────────────────────────────────────────
+
+  1. Copy Test-RemotePC-Debug.bat to the PC
+  2. Run it as Administrator on the PC
+  3. Review output to identify the issue
+
+Common issues:
+  - Port 5986 not listening → Re-run Setup-WinRM-HTTPS.ps1
+  - Certificate not found → Re-import certificate
+  - Firewall blocking → Check firewall rule
+  - DNS not resolving → Use IP address for testing
+
+
+If connection works but certificate errors appear:
+────────────────────────────────────────────────────────────────
+
+  Check if CA is installed on YOUR computer:
+
+  PS> Get-ChildItem Cert:\LocalMachine\Root | Where-Object {
+      $_.Subject -like "*Shopfloor*"
+  }
+
+  If not found:
+  PS> Import-Certificate -FilePath "Shopfloor-WinRM-CA-*.cer" `
+          -CertStoreLocation Cert:\LocalMachine\Root
+
+
+================================================================================
+SUCCESS CRITERIA
+================================================================================
+
+The test is successful when:
+
+  ✓ Test-WSMan works without errors
+  ✓ Enter-PSSession connects without -SessionOption
+  ✓ No certificate warnings
+  ✓ Remote commands execute successfully
+  ✓ Connection is clean and secure
+
+
+================================================================================
+AFTER SUCCESSFUL TEST
+================================================================================
+
+Once ONE PC works perfectly:
+
+  1. Test 3-5 more PCs using same process
+  2. If all tests pass, proceed to full deployment
+  3. Deploy to remaining 170 PCs in batches
+  4. Use COMPLETE-WORKFLOW.txt for full deployment guide
+
+
+================================================================================
+TIME ESTIMATE
+================================================================================
+
+Total time to test ONE PC:
+
+  - Create CA: 5 minutes (one time)
+  - Install CA on your computer: 2 minutes (one time)
+  - Sign certificate for test PC: 2 minutes
+  - Deploy to PC: 5 minutes
+  - Verify configuration: 2 minutes
+  - Test connection: 3 minutes
+  ─────────────────────────────────
+  Total: ~20 minutes for first PC
+
+Subsequent PCs: ~4 minutes each (CA already created)
+
+
+================================================================================
+SUMMARY
+================================================================================
+
+Single PC Test Process:
+
+  1. Create CA (one time)
+  2. Install CA on your computer (one time)
+  3. Sign certificate for G9KN7PZ3ESF
+  4. Deploy certificate to G9KN7PZ3ESF
+  5. Test connection from your computer
+  6. Verify clean, secure connection
+
+If successful → Deploy to all 175 PCs
+If issues → Debug on test PC before continuing
+
+================================================================================