Initial commit: Organized PowerShell scripts for ShopDB asset collection

Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

winrm-https/winrm-ca-scripts/START-HERE.txt

@@ -0,0 +1,153 @@
+================================================================================
+START HERE - WinRM HTTPS Certificate Authority Setup
+================================================================================
+
+Location: /tmp/winrm-ca-scripts/
+
+All files have been created and are ready to use!
+
+================================================================================
+COPY THESE FILES TO YOUR WINDOWS COMPUTER
+================================================================================
+
+Copy ALL files in /tmp/winrm-ca-scripts/ to:
+  C:\users\570005354\Downloads\winrm-ca-scripts\
+
+Files to copy:
+  1. Create-CA-Simple.ps1           - Creates Certificate Authority
+  2. Sign-BulkCertificates.ps1      - Signs 175 PC certificates
+  3. Test-RemotePC-Debug.ps1        - Debug script for remote PCs
+  4. Test-RemotePC-Debug.bat        - Batch wrapper for debug script
+  5. shopfloor-hostnames.txt        - List of 175 PC hostnames
+  6. README.txt                     - Full instructions
+  7. START-HERE.txt                 - This file
+
+================================================================================
+STEP-BY-STEP INSTRUCTIONS
+================================================================================
+
+STEP 1: Copy Files to Windows
+------------------------------
+From Linux terminal:
+
+  # If you have direct access to Windows filesystem:
+  cp -r /tmp/winrm-ca-scripts /mnt/c/users/570005354/Downloads/
+
+  # OR use WinSCP, scp, or any file transfer method
+
+
+STEP 2: Create Certificate Authority
+-------------------------------------
+On Windows, in PowerShell as Administrator:
+
+  cd C:\users\570005354\Downloads\winrm-ca-scripts
+  .\Create-CA-Simple.ps1
+
+Enter password when prompted: ShopfloorCA2025!
+
+This creates:
+  - Shopfloor-WinRM-CA-YYYYMMDD.pfx  (CA private key)
+  - Shopfloor-WinRM-CA-YYYYMMDD.cer  (CA public cert)
+
+
+STEP 3: Install CA on Your Computer
+------------------------------------
+Still in PowerShell as Administrator:
+
+  Import-Certificate -FilePath "Shopfloor-WinRM-CA-YYYYMMDD.cer" `
+      -CertStoreLocation Cert:\LocalMachine\Root
+
+Replace YYYYMMDD with the actual date from Step 2.
+
+
+STEP 4: Sign All 175 PC Certificates
+-------------------------------------
+Still in PowerShell as Administrator:
+
+  $caPass = ConvertTo-SecureString "ShopfloorCA2025!" -AsPlainText -Force
+  $certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
+
+  .\Sign-BulkCertificates.ps1 `
+      -HostnameFile "shopfloor-hostnames.txt" `
+      -CAPfxPath "Shopfloor-WinRM-CA-YYYYMMDD.pfx" `
+      -CAPassword $caPass `
+      -CertificatePassword $certPass
+
+This creates pc-certificates/batch-TIMESTAMP/ folder with 175 certificates.
+
+
+STEP 5: Test on ONE PC First
+-----------------------------
+Deploy to G9KN7PZ3ESF for testing:
+
+A. Copy certificate to PC:
+   Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-*.pfx" `
+       -Destination "\\G9KN7PZ3ESF\C$\Temp\"
+
+B. On G9KN7PZ3ESF, import certificate:
+   $certPass = ConvertTo-SecureString "PCCert2025!" -AsPlainText -Force
+   $cert = Import-PfxCertificate `
+       -FilePath "C:\Temp\G9KN7PZ3ESF-*.pfx" `
+       -CertStoreLocation Cert:\LocalMachine\My `
+       -Password $certPass
+
+C. Configure WinRM (if Setup-WinRM-HTTPS.ps1 is available):
+   .\Setup-WinRM-HTTPS.ps1 -CertificateThumbprint $cert.Thumbprint -Domain "logon.ds.ge.com"
+
+
+STEP 6: Test Connection
+------------------------
+From YOUR computer:
+
+  Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986
+
+  $cred = Get-Credential
+  Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
+      -Credential $cred -UseSSL -Port 5986
+
+SUCCESS! No -SessionOption needed!
+
+
+STEP 7: Deploy to Remaining PCs
+--------------------------------
+Repeat Step 5 for each of the remaining 174 PCs.
+
+Or create an automated deployment script (ask for help if needed).
+
+
+================================================================================
+TROUBLESHOOTING
+================================================================================
+
+If Remote PC Has Issues:
+  1. Copy Test-RemotePC-Debug.bat and Test-RemotePC-Debug.ps1 to the PC
+  2. Right-click Test-RemotePC-Debug.bat and "Run as Administrator"
+  3. Review the output to see what's wrong
+
+Common Issues:
+  - Port 5986 not listening → WinRM listener not configured
+  - Certificate not found → Certificate not imported
+  - Firewall blocking → Firewall rule missing
+
+================================================================================
+WHAT YOU GET
+================================================================================
+
+BEFORE (Wildcard with bypasses):
+  $sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
+  Enter-PSSession -ComputerName PC -Credential $cred -UseSSL -SessionOption $sessionOption
+  ⚠️ Certificate warnings, security bypasses
+
+AFTER (CA with proper certs):
+  Enter-PSSession -ComputerName PC -Credential $cred -UseSSL -Port 5986
+  ✅ Clean, secure, no warnings!
+
+================================================================================
+NEED HELP?
+================================================================================
+
+Read README.txt for full instructions.
+
+All scripts are ready to use - just copy to Windows and run!
+
+================================================================================