Initial commit: Organized PowerShell scripts for ShopDB asset collection
Structure: - asset-collection/: Local PC data collection scripts - remote-execution/: WinRM remote execution scripts - setup-utilities/: Configuration and testing utilities - registry-backup/: GE registry backup scripts - winrm-https/: WinRM HTTPS certificate setup - docs/: Complete documentation Each folder includes a README with detailed documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
cproudlock
109
winrm-https/winrm-ca-scripts/Set-NetworkPrivate.ps1
Normal file
109
winrm-https/winrm-ca-scripts/Set-NetworkPrivate.ps1
Normal file
@@ -0,0 +1,109 @@
|
||||
#Requires -RunAsAdministrator
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Sets network profile to Private for WinRM HTTPS connectivity
|
||||
|
||||
.DESCRIPTION
|
||||
Changes the network connection profile from Public to Private.
|
||||
This allows firewall rules to work more reliably for WinRM HTTPS.
|
||||
Public profiles often have more restrictive firewall settings.
|
||||
|
||||
.EXAMPLE
|
||||
.\Set-NetworkPrivate.ps1
|
||||
|
||||
.NOTES
|
||||
Author: System Administrator
|
||||
Date: 2025-10-17
|
||||
|
||||
Run this script ON THE TARGET PC as Administrator
|
||||
#>
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor Cyan
|
||||
Write-Host " Set Network Profile to Private" -ForegroundColor Cyan
|
||||
Write-Host "========================================" -ForegroundColor Cyan
|
||||
Write-Host ""
|
||||
|
||||
$hostname = $env:COMPUTERNAME
|
||||
Write-Host "Computer: $hostname" -ForegroundColor White
|
||||
Write-Host ""
|
||||
|
||||
# Get current network profiles
|
||||
Write-Host "Current Network Profiles:" -ForegroundColor Yellow
|
||||
$profiles = Get-NetConnectionProfile
|
||||
$profiles | Format-Table Name, InterfaceAlias, NetworkCategory, IPv4Connectivity -AutoSize
|
||||
Write-Host ""
|
||||
|
||||
# Change all profiles to Private
|
||||
Write-Host "Changing network profiles to Private..." -ForegroundColor Yellow
|
||||
Write-Host ""
|
||||
|
||||
$changed = 0
|
||||
foreach ($profile in $profiles) {
|
||||
if ($profile.NetworkCategory -eq 'Public') {
|
||||
try {
|
||||
Write-Host " Changing '$($profile.Name)' from Public to Private..." -ForegroundColor Gray
|
||||
Set-NetConnectionProfile -InterfaceIndex $profile.InterfaceIndex -NetworkCategory Private
|
||||
Write-Host " [OK] Changed to Private" -ForegroundColor Green
|
||||
$changed++
|
||||
} catch {
|
||||
Write-Host " [ERROR] Failed: $($_.Exception.Message)" -ForegroundColor Red
|
||||
}
|
||||
} elseif ($profile.NetworkCategory -eq 'Private') {
|
||||
Write-Host " '$($profile.Name)' is already Private" -ForegroundColor Green
|
||||
} elseif ($profile.NetworkCategory -eq 'DomainAuthenticated') {
|
||||
Write-Host " '$($profile.Name)' is Domain (optimal)" -ForegroundColor Green
|
||||
}
|
||||
}
|
||||
Write-Host ""
|
||||
|
||||
# Show updated profiles
|
||||
Write-Host "Updated Network Profiles:" -ForegroundColor Yellow
|
||||
Get-NetConnectionProfile | Format-Table Name, InterfaceAlias, NetworkCategory, IPv4Connectivity -AutoSize
|
||||
Write-Host ""
|
||||
|
||||
# Update firewall rule to ensure it works with Private profile
|
||||
Write-Host "Updating WinRM HTTPS firewall rule for Private profile..." -ForegroundColor Yellow
|
||||
|
||||
$ruleName = "WinRM HTTPS-In"
|
||||
$rule = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
|
||||
|
||||
if ($rule) {
|
||||
try {
|
||||
Set-NetFirewallRule -DisplayName $ruleName -Profile Any -Enabled True
|
||||
Write-Host "[OK] Firewall rule updated for all profiles" -ForegroundColor Green
|
||||
} catch {
|
||||
Write-Host "[WARN] Could not update firewall rule: $($_.Exception.Message)" -ForegroundColor Yellow
|
||||
}
|
||||
} else {
|
||||
Write-Host "[WARN] WinRM HTTPS-In firewall rule not found" -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ""
|
||||
|
||||
# Restart WinRM service to apply changes
|
||||
Write-Host "Restarting WinRM service..." -ForegroundColor Yellow
|
||||
try {
|
||||
Restart-Service WinRM -Force
|
||||
Write-Host "[OK] WinRM service restarted" -ForegroundColor Green
|
||||
} catch {
|
||||
Write-Host "[WARN] Could not restart WinRM: $($_.Exception.Message)" -ForegroundColor Yellow
|
||||
}
|
||||
Write-Host ""
|
||||
|
||||
Write-Host "========================================" -ForegroundColor Green
|
||||
Write-Host " NETWORK PROFILE UPDATED" -ForegroundColor Green
|
||||
Write-Host "========================================" -ForegroundColor Green
|
||||
Write-Host ""
|
||||
|
||||
if ($changed -gt 0) {
|
||||
Write-Host "[OK] Changed $changed network profile(s) to Private" -ForegroundColor Green
|
||||
} else {
|
||||
Write-Host "[OK] All network profiles already configured" -ForegroundColor Green
|
||||
}
|
||||
Write-Host ""
|
||||
|
||||
Write-Host "Test connection from management computer:" -ForegroundColor Yellow
|
||||
Write-Host " Test-NetConnection $hostname.logon.ds.ge.com -Port 5986" -ForegroundColor White
|
||||
Write-Host ""
|
||||
Write-Host " Test-WSMan -ComputerName $hostname.logon.ds.ge.com -UseSSL -Port 5986" -ForegroundColor White
|
||||
Write-Host ""
|
||||
Reference in New Issue
Block a user