From 86b32d859761dcf53f4c32eadde671ff67d50ad2 Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Fri, 17 Apr 2026 12:04:40 -0400
Subject: [PATCH] Add fixnetworkshare, winrm-setup-package, udc
 remote-execution suites

- NetworkDriveManager.ps1: S: drive repair utility
- winrm-setup-package: Invoke-RemoteTask helper + Setup-WinRM.bat + HTML guide
- remote-execution/udc: UDC_Update.ps1 and batch wrappers for updating
  DNC controllers on shop-floor PCs
- Invoke-RemoteMaintenance.ps1: substantial rework (~1650 lines)
- Schedule-Maintenance and complete-asset minor updates
- Bump edncfix gitlink to v1.6.0 (2748bfa)
- .gitignore: block inventory.csv/xlsx (CUI) and logs_*.txt (per-host logs)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitignore                                    |    7 +
 complete-asset/Update-PC-CompleteAsset.ps1    |   21 +-
 docs/Invoke-RemoteMaintenance.html            | 2535 +++++++++++------
 docs/Invoke-RemoteMaintenance.md              |  301 +-
 docs/SCRIPTS_REFERENCE.md                     |    2 +-
 docs/convert_to_docx.py                       |  308 ++
 edncfix                                       |    2 +-
 fixnetworkshare/NetworkDriveManager.ps1       | 1149 ++++++++
 minimal-asset/Update-PC-Minimal.ps1           |    6 +-
 .../DeployOpenTextProfiles-Examples.txt       |   29 +
 remote-execution/INSTRUCTIONS.txt             |  141 +-
 remote-execution/Invoke-RemoteMaintenance.ps1 | 1696 +++++++++--
 remote-execution/Resume-Download.bat          |   18 +
 remote-execution/Resume-Download.ps1          |  117 +
 remote-execution/Run-UpdateDNCMXHosts.bat     |   32 +
 remote-execution/Schedule-Maintenance.ps1     |   95 +-
 remote-execution/udc/UDC_Update.ps1           |  279 ++
 remote-execution/udc/udc_update.bat           |    8 +
 remote-execution/udc/udc_update_override.bat  |   11 +
 winrm-setup-package/Invoke-RemoteTask.ps1     |  535 ++++
 winrm-setup-package/README.md                 |  296 ++
 winrm-setup-package/Setup-WinRM.bat           |  269 ++
 winrm-setup-package/WinRM-Setup-Guide.html    |  424 +++
 winrm-setup-package/hosts.txt                 |   16 +
 24 files changed, 6945 insertions(+), 1352 deletions(-)
 create mode 100644 docs/convert_to_docx.py
 create mode 100644 fixnetworkshare/NetworkDriveManager.ps1
 create mode 100644 remote-execution/DeployOpenTextProfiles-Examples.txt
 create mode 100644 remote-execution/Resume-Download.bat
 create mode 100644 remote-execution/Resume-Download.ps1
 create mode 100644 remote-execution/Run-UpdateDNCMXHosts.bat
 create mode 100755 remote-execution/udc/UDC_Update.ps1
 create mode 100755 remote-execution/udc/udc_update.bat
 create mode 100644 remote-execution/udc/udc_update_override.bat
 create mode 100644 winrm-setup-package/Invoke-RemoteTask.ps1
 create mode 100644 winrm-setup-package/README.md
 create mode 100644 winrm-setup-package/Setup-WinRM.bat
 create mode 100644 winrm-setup-package/WinRM-Setup-Guide.html
 create mode 100644 winrm-setup-package/hosts.txt

diff --git a/.gitignore b/.gitignore
index c0bddfc..1266a13 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,13 @@ logs/
 # CSV data files (generated)
 applications.csv
 
+# Inventory data (contains CUI / employee SSO / MAC addresses)
+inventory.csv
+inventory.xlsx
+
+# Per-host log files written by remote-execution scripts
+logs_*.txt
+
 # Text files with hostnames/IPs (sensitive)
 computers.txt
 shopfloor-pcs.txt
diff --git a/complete-asset/Update-PC-CompleteAsset.ps1 b/complete-asset/Update-PC-CompleteAsset.ps1
index f0dec63..363536d 100644
--- a/complete-asset/Update-PC-CompleteAsset.ps1
+++ b/complete-asset/Update-PC-CompleteAsset.ps1
@@ -614,11 +614,19 @@ function Get-PCType {
         if ($domain -eq "logon.ds.ge.com") {
             Write-Host "    [OK] Shopfloor domain detected" -ForegroundColor Green
 
-            # Check for specific machine type applications
-            $installedApps = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
-                                              "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue |
-                             Where-Object { $_.DisplayName } |
-                             Select-Object -ExpandProperty DisplayName
+            # Check for specific machine type applications (include per-user installs)
+            $regPaths = @(
+                "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
+                "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*",
+                "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
+            )
+            $installedApps = foreach ($regPath in $regPaths) {
+                if (Test-Path $regPath) {
+                    Get-ItemProperty $regPath -ErrorAction SilentlyContinue |
+                        Where-Object { $_.DisplayName } |
+                        Select-Object -ExpandProperty DisplayName
+                }
+            }
 
             # ================================================================
             # PC Type Detection based on installed software
@@ -821,6 +829,9 @@ function Collect-SystemInfo {
         $installedApps = @()
         $installedApps += Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {$_.DisplayName}
         $installedApps += Get-ItemProperty HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {$_.DisplayName}
+        if (Test-Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*") {
+            $installedApps += Get-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Where-Object {$_.DisplayName}
+        }
         
         $filteredApps = $installedApps | Select-Object DisplayName, DisplayVersion | Sort-Object DisplayName -Unique
         
diff --git a/docs/Invoke-RemoteMaintenance.html b/docs/Invoke-RemoteMaintenance.html
index 7182b19..7ae6c70 100644
--- a/docs/Invoke-RemoteMaintenance.html
+++ b/docs/Invoke-RemoteMaintenance.html
@@ -3,906 +3,1497 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Invoke-RemoteMaintenance.ps1</title>
+    <title>Invoke-RemoteMaintenance.ps1 - GE Aerospace Knowledge Base</title>
     <style>
         * {
+            margin: 0;
+            padding: 0;
             box-sizing: border-box;
         }
+
+        :root {
+            --ge-blue-dark: #003B5C;
+            --ge-blue-primary: #0075C9;
+            --ge-blue-light: #4A9BD9;
+            --ge-gray-dark: #2D3E50;
+            --ge-gray-medium: #6C757D;
+            --ge-gray-light: #E9ECEF;
+            --ge-white: #FFFFFF;
+            --success-green: #28A745;
+            --warning-yellow: #FFC107;
+            --danger-red: #DC3545;
+            --info-blue: #17A2B8;
+        }
+
         body {
-            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            font-family: 'Segoe UI', -apple-system, BlinkMacSystemFont, Roboto, 'Helvetica Neue', Arial, sans-serif;
             line-height: 1.6;
-            max-width: 900px;
+            color: var(--ge-gray-dark);
+            background: var(--ge-gray-light);
+            padding: 20px;
+        }
+
+        .container {
+            max-width: 1200px;
             margin: 0 auto;
-            padding: 20px 40px;
-            background-color: #ffffff;
-            color: #333;
+            background: var(--ge-white);
+            border-radius: 8px;
+            box-shadow: 0 4px 20px rgba(0, 59, 92, 0.1);
+            overflow: hidden;
         }
-        h1 {
-            color: #1a5276;
-            border-bottom: 3px solid #1a5276;
-            padding-bottom: 10px;
-            margin-top: 0;
+
+        /* Header Styles */
+        .header {
+            background: linear-gradient(135deg, var(--ge-blue-dark) 0%, var(--ge-blue-primary) 100%);
+            color: var(--ge-white);
+            padding: 40px 40px;
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
         }
-        h2 {
-            color: #2874a6;
-            border-bottom: 2px solid #d5dbdb;
-            padding-bottom: 8px;
-            margin-top: 40px;
+
+        .header-content {
+            flex: 1;
         }
-        h3 {
-            color: #2e86ab;
-            margin-top: 30px;
+
+        .header-logo {
+            margin-left: 30px;
         }
-        h4 {
-            color: #5d6d7e;
-            margin-top: 25px;
+
+        .header-logo svg {
+            height: 40px;
+            width: auto;
         }
-        a {
-            color: #2980b9;
-            text-decoration: none;
+
+        .kb-badge {
+            background: rgba(255, 255, 255, 0.2);
+            color: var(--ge-white);
+            padding: 4px 12px;
+            border-radius: 4px;
+            font-size: 0.85em;
+            font-weight: 600;
+            display: inline-block;
+            margin-bottom: 10px;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
         }
-        a:hover {
-            text-decoration: underline;
+
+        .header h1 {
+            font-size: 2em;
+            font-weight: 600;
+            margin-bottom: 8px;
+            line-height: 1.2;
         }
-        code {
-            font-family: 'Consolas', 'Monaco', 'Courier New', monospace;
-            background-color: #f4f4f4;
-            padding: 2px 6px;
-            border-radius: 3px;
-            font-size: 0.9em;
-            border: 1px solid #e1e1e1;
+
+        .header-subtitle {
+            font-size: 1.05em;
+            opacity: 0.95;
+            font-weight: 400;
         }
-        pre {
-            background-color: #2d2d2d;
-            color: #f8f8f2;
-            padding: 15px 20px;
-            border-radius: 6px;
-            overflow-x: auto;
-            font-family: 'Cascadia Mono', 'JetBrains Mono', 'Fira Code', 'Source Code Pro', 'DejaVu Sans Mono', 'Consolas', 'Monaco', 'Courier New', monospace;
-            font-size: 14px;
-            line-height: 1.4;
-            border: 1px solid #444;
-            margin: 15px 0;
-            -webkit-font-feature-settings: "liga" 0;
-            font-feature-settings: "liga" 0;
-            letter-spacing: 0;
+
+        /* Content Area */
+        .content {
+            padding: 40px;
         }
-        pre code {
-            background-color: transparent;
-            padding: 0;
-            border: none;
-            color: inherit;
-            font-size: inherit;
+
+        /* Overview Section */
+        .overview {
+            background: linear-gradient(to right, #E3F2FD 0%, #F5F9FC 100%);
+            border-left: 5px solid var(--ge-blue-primary);
+            padding: 25px;
+            margin-bottom: 35px;
+            border-radius: 4px;
         }
-        table {
-            border-collapse: collapse;
-            width: 100%;
-            margin: 15px 0;
-            font-size: 14px;
-        }
-        th, td {
-            border: 1px solid #ddd;
-            padding: 10px 12px;
-            text-align: left;
-        }
-        th {
-            background-color: #34495e;
-            color: white;
+
+        .overview h2 {
+            color: var(--ge-blue-dark);
+            font-size: 1.5em;
+            margin-bottom: 15px;
             font-weight: 600;
         }
-        tr:nth-child(even) {
-            background-color: #f9f9f9;
+
+        .overview p {
+            margin-bottom: 15px;
+            line-height: 1.7;
         }
-        tr:hover {
-            background-color: #f1f1f1;
+
+        .overview h4 {
+            color: var(--ge-blue-dark);
+            font-size: 1.1em;
+            margin: 20px 0 10px 0;
+            font-weight: 600;
         }
-        ul, ol {
-            padding-left: 25px;
+
+        .overview ul {
+            list-style-position: inside;
+            margin-left: 15px;
         }
+
+        .overview li {
+            margin-bottom: 8px;
+            line-height: 1.6;
+        }
+
+        /* Typography */
+        h2 {
+            color: var(--ge-blue-dark);
+            font-size: 1.8em;
+            font-weight: 600;
+            margin: 50px 0 25px 0;
+            padding-bottom: 12px;
+            border-bottom: 3px solid var(--ge-blue-primary);
+        }
+
+        h3 {
+            color: var(--ge-blue-primary);
+            font-size: 1.4em;
+            font-weight: 600;
+            margin: 35px 0 15px 0;
+            padding-left: 15px;
+            border-left: 4px solid var(--ge-blue-primary);
+        }
+
+        h4 {
+            color: var(--ge-gray-dark);
+            font-size: 1.15em;
+            font-weight: 600;
+            margin: 25px 0 12px 0;
+        }
+
+        p {
+            margin-bottom: 15px;
+            line-height: 1.7;
+        }
+
+        /* Lists */
+        ol, ul {
+            margin-left: 30px;
+            margin-bottom: 20px;
+        }
+
         li {
-            margin-bottom: 5px;
+            margin-bottom: 10px;
+            line-height: 1.6;
         }
-        blockquote {
-            border-left: 4px solid #3498db;
-            margin: 15px 0;
-            padding: 10px 20px;
-            background-color: #f8f9fa;
-            color: #555;
+
+        ul ul, ol ol {
+            margin-top: 10px;
+            margin-bottom: 10px;
         }
-        hr {
-            border: none;
-            border-top: 2px solid #eee;
-            margin: 30px 0;
-        }
-        .toc {
-            background-color: #f8f9fa;
-            border: 1px solid #e9ecef;
+
+        /* Step Boxes */
+        .step {
+            background: #F8F9FA;
+            padding: 25px;
+            margin: 25px 0;
             border-radius: 6px;
+            border-left: 5px solid var(--ge-blue-primary);
+        }
+
+        .step-number {
+            background: var(--ge-blue-primary);
+            color: var(--ge-white);
+            padding: 6px 16px;
+            border-radius: 20px;
+            font-weight: 600;
+            display: inline-block;
+            margin-bottom: 12px;
+            font-size: 0.95em;
+        }
+
+        /* Code Blocks */
+        .code-block {
+            position: relative;
+            background: #1E1E1E;
+            color: #D4D4D4;
             padding: 20px;
+            border-radius: 6px;
+            margin: 20px 0;
+            overflow-x: auto;
+            font-family: 'Consolas', 'Monaco', 'Courier New', monospace;
+            font-size: 0.9em;
+            line-height: 1.5;
+        }
+
+        .code-block pre {
+            margin: 0;
+            white-space: pre-wrap;
+            word-wrap: break-word;
+        }
+
+        .copy-button {
+            position: absolute;
+            top: 12px;
+            right: 12px;
+            background: var(--ge-blue-primary);
+            color: var(--ge-white);
+            border: none;
+            padding: 8px 16px;
+            border-radius: 4px;
+            cursor: pointer;
+            font-size: 0.85em;
+            font-weight: 600;
+            transition: all 0.3s ease;
+            z-index: 10;
+        }
+
+        .copy-button:hover {
+            background: var(--ge-blue-dark);
+            transform: translateY(-2px);
+            box-shadow: 0 4px 12px rgba(0, 117, 201, 0.3);
+        }
+
+        .copy-button:active {
+            transform: translateY(0);
+        }
+
+        .copy-button.copied {
+            background: var(--success-green);
+        }
+
+        /* Alert Boxes */
+        .alert {
+            padding: 18px 22px;
+            margin: 25px 0;
+            border-radius: 6px;
+            border-left: 5px solid;
+            line-height: 1.6;
+        }
+
+        .alert strong {
+            display: block;
+            margin-bottom: 8px;
+            font-size: 1.05em;
+            font-weight: 600;
+        }
+
+        .alert-info {
+            background: #E3F2FD;
+            border-color: var(--info-blue);
+            color: #014361;
+        }
+
+        .alert-warning {
+            background: #FFF8E1;
+            border-color: var(--warning-yellow);
+            color: #5D4037;
+        }
+
+        .alert-danger {
+            background: #FFEBEE;
+            border-color: var(--danger-red);
+            color: #B71C1C;
+        }
+
+        .alert-success {
+            background: #E8F5E9;
+            border-color: var(--success-green);
+            color: #1B5E20;
+        }
+
+        .alert ul {
+            margin-top: 12px;
+            margin-bottom: 0;
+        }
+
+        /* Navigation */
+        .nav {
+            position: sticky;
+            top: 20px;
+            background: var(--ge-white);
+            padding: 25px;
+            border-radius: 6px;
+            box-shadow: 0 2px 8px rgba(0, 0, 0, 0.08);
             margin-bottom: 30px;
+            border: 1px solid var(--ge-gray-light);
         }
-        .toc h2 {
-            margin-top: 0;
-            border-bottom: none;
-            font-size: 1.2em;
+
+        .nav h3 {
+            margin: 0 0 18px 0;
+            padding: 0 0 12px 0;
+            border: none;
+            border-bottom: 2px solid var(--ge-gray-light);
+            font-size: 1.1em;
+            color: var(--ge-blue-dark);
         }
-        .toc ul {
-            list-style-type: none;
-            padding-left: 0;
+
+        .nav ul {
+            list-style: none;
+            margin: 0;
         }
-        .toc li {
+
+        .nav li {
             margin-bottom: 8px;
         }
-        .toc a {
-            color: #2c3e50;
+
+        .nav a {
+            color: var(--ge-blue-primary);
+            text-decoration: none;
+            transition: all 0.2s ease;
+            display: block;
+            padding: 6px 12px;
+            border-radius: 4px;
+            font-size: 0.95em;
         }
-        .note {
-            background-color: #fff3cd;
-            border-left: 4px solid #ffc107;
-            padding: 10px 15px;
-            margin: 15px 0;
+
+        .nav a:hover {
+            background: var(--ge-gray-light);
+            color: var(--ge-blue-dark);
+            padding-left: 18px;
         }
-        .warning {
-            background-color: #f8d7da;
-            border-left: 4px solid #dc3545;
-            padding: 10px 15px;
-            margin: 15px 0;
+
+        .nav .nav-indent {
+            padding-left: 28px;
+            font-size: 0.9em;
         }
+
+        /* Troubleshooting Section */
+        .troubleshooting {
+            background: #FFF8E1;
+            padding: 25px;
+            border-radius: 6px;
+            margin: 25px 0;
+            border-left: 5px solid var(--warning-yellow);
+        }
+
+        .troubleshooting h4 {
+            color: #E65100;
+            margin-top: 0;
+            font-weight: 600;
+        }
+
+        /* Tables */
+        table {
+            width: 100%;
+            border-collapse: collapse;
+            margin: 25px 0;
+            box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
+            border-radius: 6px;
+            overflow: hidden;
+        }
+
+        table th {
+            background: var(--ge-blue-dark);
+            color: var(--ge-white);
+            padding: 16px;
+            text-align: left;
+            font-weight: 600;
+            font-size: 0.95em;
+        }
+
+        table td {
+            padding: 16px;
+            border-bottom: 1px solid var(--ge-gray-light);
+        }
+
+        table tr:last-child td {
+            border-bottom: none;
+        }
+
+        table tr:hover {
+            background: #F8F9FA;
+        }
+
+        /* Inline Code */
+        .command-inline {
+            background: var(--ge-gray-light);
+            padding: 3px 8px;
+            border-radius: 4px;
+            font-family: 'Consolas', 'Monaco', monospace;
+            font-size: 0.88em;
+            color: var(--ge-blue-dark);
+            font-weight: 500;
+        }
+
+        /* Highlight */
+        .highlight {
+            background: #FFF9C4;
+            padding: 2px 6px;
+            border-radius: 3px;
+            font-weight: 600;
+        }
+
+        /* Checkbox List */
+        .checkbox-list {
+            list-style: none;
+            margin-left: 0;
+        }
+
+        .checkbox-list li {
+            padding-left: 30px;
+            position: relative;
+        }
+
+        .checkbox-list li::before {
+            content: "\2610";
+            position: absolute;
+            left: 0;
+            color: var(--ge-blue-primary);
+            font-size: 1.3em;
+            font-weight: bold;
+        }
+
+        /* Section Divider */
+        .section-divider {
+            height: 3px;
+            background: linear-gradient(to right, var(--ge-blue-primary), transparent);
+            margin: 50px 0;
+            border: none;
+        }
+
+        /* Footer */
+        .footer {
+            background: var(--ge-gray-light);
+            padding: 30px 40px;
+            text-align: center;
+            color: var(--ge-gray-medium);
+            border-top: 3px solid var(--ge-blue-primary);
+        }
+
+        .footer-content {
+            max-width: 800px;
+            margin: 0 auto;
+        }
+
+        .footer p {
+            margin-bottom: 10px;
+        }
+
+        .footer strong {
+            color: var(--ge-blue-dark);
+        }
+
+        /* Print Styles */
         @media print {
             body {
-                max-width: 100%;
-                padding: 20px;
+                background: white;
+                padding: 0;
             }
-            pre {
-                white-space: pre-wrap;
-                word-wrap: break-word;
+            .container {
+                box-shadow: none;
             }
+            .copy-button {
+                display: none;
+            }
+            .nav {
+                display: none;
+            }
+            .header {
+                background: var(--ge-blue-dark);
+                -webkit-print-color-adjust: exact;
+                print-color-adjust: exact;
+            }
+        }
+
+        /* Responsive Design */
+        @media (max-width: 768px) {
+            body {
+                padding: 10px;
+            }
+
+            .header {
+                flex-direction: column;
+                text-align: center;
+                padding: 25px 20px;
+            }
+
+            .header-logo {
+                margin-left: 0;
+                margin-top: 20px;
+            }
+
+            .content {
+                padding: 25px 20px;
+            }
+
+            .header h1 {
+                font-size: 1.5em;
+            }
+
             h2 {
-                page-break-before: auto;
+                font-size: 1.5em;
             }
-            pre, table {
-                page-break-inside: avoid;
+
+            h3 {
+                font-size: 1.2em;
             }
         }
     </style>
 </head>
 <body>
-<h1 id="invoke-remotemaintenanceps1">Invoke-RemoteMaintenance.ps1</h1>
-<p>Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via WinRM.</p>
-<h2 id="table-of-contents">Table of Contents</h2>
-<ul>
-<li><a href="#overview">Overview</a></li>
-<li><a href="#api-integration">API Integration</a></li>
-<li><a href="#prerequisites">Prerequisites</a></li>
-<li><a href="#quick-start">Quick Start</a></li>
-<li><a href="#parameters-reference">Parameters Reference</a></li>
-<li><a href="#available-tasks">Available Tasks</a></li>
-<li><a href="#software-deployment-mechanism">Software Deployment Mechanism</a></li>
-<li><a href="#how-to-guides">How-To Guides</a></li>
-<li><a href="#how-to-repair-system-files">System Repair</a></li>
-<li><a href="#how-to-optimize-disks">Disk Optimization</a></li>
-<li><a href="#how-to-manage-services">Service Management</a></li>
-<li><a href="#how-to-fix-time-sync-issues">Time Synchronization</a></li>
-<li><a href="#how-to-update-dnc-configurations">DNC Configuration</a></li>
-<li><a href="#how-to-deploy-software">Software Deployment</a></li>
-<li><a href="#how-to-run-batch-operations">Batch Operations</a></li>
-<li><a href="#targeting-strategies">Targeting Strategies</a></li>
-<li><a href="#troubleshooting">Troubleshooting</a></li>
-<li><a href="#best-practices">Best Practices</a></li>
-</ul>
-<hr>
-<h2 id="overview">Overview</h2>
-<p>This script provides a comprehensive remote maintenance toolkit for managing shopfloor PCs. It executes maintenance tasks via WinRM (Windows Remote Management) and can target PCs individually, by type, by business unit, or all at once.</p>
-<p><strong>Location:</strong> <code>S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1</code></p>
-<p><strong>Key Features:</strong></p>
-<ul>
-<li>19 maintenance tasks available</li>
-<li>Multiple targeting options (by name, type, business unit, or all)</li>
-<li>Concurrent execution with configurable throttling</li>
-<li>Integration with ShopDB for PC discovery</li>
-</ul>
-<hr>
-<h2 id="api-integration">API Integration</h2>
-<p>When using <code>-All</code>, <code>-PcType</code>, or <code>-BusinessUnit</code> targeting, the script retrieves PC lists from the ShopDB API:</p>
-<pre><code>GET /api.asp?action=getShopfloorPCs
+    <div class="container">
+        <!-- HEADER SECTION -->
+        <div class="header">
+            <div class="header-content">
+                <span class="kb-badge">Knowledge Base Article</span>
+                <h1>Invoke-RemoteMaintenance.ps1</h1>
+                <p class="header-subtitle">Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via WinRM</p>
+            </div>
+            <div class="header-logo">
+                <!-- GE Aerospace Logo -->
+                <svg width="138" height="32" viewBox="0 0 138 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+                    <mask id="mask0_1587_16237" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="0" y="0" width="138" height="32">
+                        <path d="M138 0H0V32H138V0Z" fill="white"/>
+                    </mask>
+                    <g mask="url(#mask0_1587_16237)">
+                        <path d="M52.7203 22.4828V9.51721H59.3399V10.944H54.3731V15.2042H59.0216V16.5948H54.3731V21.06H59.3399V22.4868H52.7203V22.4828ZM66.7717 17.1294L68.5021 10.9962L70.2325 17.1294H66.7717ZM65.2657 22.4828L66.3921 18.4999H70.6243L71.7507 22.4828H73.4811L69.5673 9.51721H67.4981L63.5843 22.4828H65.2576H65.2657ZM78.2234 14.4607C79.4069 14.4607 79.9742 15.0917 79.9742 16.4421V17.2017H76.4766V16.4421C76.4766 15.0877 77.0398 14.4607 78.2275 14.4607M74.8605 16.5546V19.3358C74.8605 21.5021 76.044 22.6677 78.1907 22.6677C80.3374 22.6677 81.4638 21.7232 81.5373 19.7217H79.9742C79.9171 20.9234 79.3743 21.4258 78.1867 21.4258C76.999 21.4258 76.4766 20.7787 76.4766 19.4243V18.4999H81.574V16.5185C81.574 14.3682 80.4068 13.2228 78.2275 13.2228C76.0481 13.2228 74.8605 14.3883 74.8605 16.5546ZM87.8957 14.9269V13.3353H87.7243C86.5775 13.3353 85.7858 13.8337 85.3368 14.7822V13.4117H83.8146V22.4868H85.4307V16.9847C85.4307 15.783 86.0143 14.8907 87.5162 14.8907C87.6672 14.8907 87.8182 14.9068 87.8916 14.9269M92.3319 21.4097C91.1484 21.4097 90.6015 20.7787 90.6015 19.4283V16.4622C90.6015 15.1118 91.1484 14.4808 92.3319 14.4808C93.5154 14.4808 94.0623 15.1118 94.0623 16.4622V19.4283C94.0623 20.7787 93.5154 21.4097 92.3319 21.4097ZM92.3319 22.6677C94.5153 22.6677 95.6825 21.5021 95.6825 19.3358V16.5546C95.6825 14.3883 94.5153 13.2228 92.3319 13.2228C90.1485 13.2228 88.9854 14.3883 88.9854 16.5546V19.3358C88.9854 21.5021 90.1526 22.6677 92.3319 22.6677ZM99.1964 15.5378C99.1964 14.8144 99.7025 14.4446 100.588 14.4446C101.641 14.4446 102.074 14.943 102.074 16.0362H103.616C103.616 14.111 102.714 13.2188 100.588 13.2188C98.6863 13.2188 97.6333 14.1432 97.6333 15.7589C97.6333 17.258 98.6128 17.7965 99.8535 18.3873L100.813 18.8495C101.792 19.3117 102.131 19.5328 102.131 20.2763C102.131 21.0721 101.568 21.4418 100.588 21.4418C99.4576 21.4418 98.9719 20.9234 98.9719 19.7739H97.4293C97.4293 21.7553 98.4087 22.6637 100.588 22.6637C102.563 22.6637 103.69 21.6991 103.69 20.0512C103.69 18.5521 102.71 18.0136 101.47 17.4228L100.511 16.9606C99.5311 16.4984 99.1923 16.2773 99.1923 15.5338M110.836 19.4243C110.836 20.7224 110.326 21.3132 109.199 21.3132C107.959 21.3132 107.375 20.4974 107.375 19.1469V16.6471C107.375 15.2967 107.959 14.4808 109.199 14.4808C110.326 14.4808 110.836 15.0756 110.836 16.3698V19.4283V19.4243ZM112.452 19.3881V16.4059C112.452 14.3321 111.379 13.2188 109.554 13.2188C108.501 13.2188 107.73 13.6609 107.277 14.5129V13.4037H105.755V25.8146H107.371V21.4418C107.82 22.1814 108.575 22.5712 109.554 22.5712C111.379 22.5712 112.452 21.4579 112.452 19.3841M117.341 21.3293C116.362 21.3293 115.876 20.8269 115.876 19.8302V19.5529C115.876 18.4959 116.533 18.0899 118.321 18.0899H119.17V19.4243C119.17 20.6662 118.529 21.3333 117.345 21.3333M116.99 22.5752C118.064 22.5752 118.851 22.1492 119.284 21.3333V22.4828H120.79V16.1286C120.79 14.1472 119.757 13.2188 117.59 13.2188C115.541 13.2188 114.525 14.107 114.488 15.9437H116.052C116.072 14.9631 116.598 14.4446 117.594 14.4446C118.668 14.4446 119.174 14.9832 119.174 16.1326V16.836H118.235C115.525 16.836 114.268 17.7242 114.268 19.6534V19.9307C114.268 21.5423 115.341 22.5793 116.994 22.5793M126.34 22.6717C128.54 22.6717 129.536 21.6549 129.536 19.376H127.977C127.977 20.839 127.487 21.4137 126.34 21.4137C125.193 21.4137 124.626 20.7827 124.626 19.4323V16.4662C124.626 15.1158 125.173 14.4848 126.34 14.4848C127.507 14.4848 127.956 14.9832 127.977 16.4099H129.536C129.515 14.1874 128.556 13.2228 126.34 13.2228C124.124 13.2228 123.01 14.3883 123.01 16.5546V19.3358C123.01 21.5021 124.177 22.6677 126.34 22.6677M134.653 14.4607C135.837 14.4607 136.404 15.0917 136.404 16.4421V17.2017H132.907V16.4421C132.907 15.0877 133.47 14.4607 134.658 14.4607M131.291 16.5546V19.3358C131.291 21.5021 132.474 22.6677 134.621 22.6677C136.767 22.6677 137.894 21.7232 137.967 19.7217H136.404C136.347 20.9234 135.804 21.4258 134.617 21.4258C133.429 21.4258 132.907 20.7787 132.907 19.4243V18.4999H138.004V16.5185C138.004 14.3682 136.837 13.2228 134.658 13.2228C132.478 13.2228 131.291 14.3883 131.291 16.5546ZM46.3088 22.6677C47.6433 22.6677 48.8473 22.3904 49.9573 21.8156V15.2042H45.9129V16.5948H48.3208V20.8912C47.7576 21.1324 47.023 21.2811 46.3292 21.2811C44.2968 21.2811 43.5255 20.3165 43.5255 17.8166V13.3514C43.5255 11.7036 44.4682 10.7229 46.0476 10.7229C47.627 10.7229 48.3412 11.4464 48.3779 13.0018H50.092C50.0349 10.5019 48.7575 9.33635 46.0476 9.33635C43.3377 9.33635 41.8726 10.7792 41.8726 13.4117V17.7443C41.8726 21.1726 43.2275 22.6717 46.3129 22.6717M19.8915 11.8362C19.8915 10.0196 21.1404 8.25119 21.826 8.5888C22.6014 8.97061 21.2424 10.6868 19.8915 11.8362ZM11.3823 12.4994C11.3823 11.0364 12.8475 8.25521 13.7453 8.54861C14.8023 8.89425 12.8679 11.6996 11.3823 12.4994ZM9.89679 22.9611C9.2234 22.9932 8.77447 22.5672 8.77447 21.8558C8.77447 19.9508 11.4558 18.1301 13.4841 17.1535C13.125 19.8141 12.2108 22.8525 9.90087 22.957M22.279 16.7516C20.7486 16.7516 19.5773 17.8608 19.5773 19.1912C19.5773 20.3004 20.2507 21.1846 21.1526 21.1846C21.4668 21.1846 21.7811 21.0078 21.7811 20.6099C21.7811 20.0352 21.0057 19.8945 21.0669 19.0304C21.1036 18.4637 21.6505 18.0819 22.1892 18.0819C23.2707 18.0819 23.7768 19.1148 23.7768 20.1758C23.7319 21.8156 22.5075 22.957 21.0669 22.957C19.1773 22.957 17.9611 21.1846 17.9611 19.2756C17.9611 16.4381 19.8507 15.3328 20.8424 15.0676C20.8547 15.0676 23.4299 15.5217 23.3483 14.4004C23.3156 13.9101 22.5688 13.7212 22.03 13.6971C21.4301 13.6729 20.8302 13.886 20.8302 13.886C20.5159 13.7292 20.2996 13.4238 20.165 13.0701C22.0096 11.6956 23.3156 10.3652 23.3156 8.85808C23.3156 8.0623 22.7769 7.35092 21.7403 7.35092C19.8956 7.35092 18.4998 9.65386 18.4998 11.7398C18.4998 12.0934 18.4998 12.4511 18.5896 12.7606C17.4183 13.6046 16.5491 14.1271 14.9737 15.0555C14.9737 14.8626 15.0145 14.3602 15.1492 13.7131C15.6879 13.1384 16.4307 12.2743 16.4307 11.6112C16.4307 11.3017 16.2511 11.0364 15.892 11.0364C14.9941 11.0364 14.3167 12.3667 14.1371 13.2952C13.7331 13.7815 12.9209 14.4044 12.2475 14.4044C11.7088 14.4044 11.5292 13.9141 11.4803 13.7413C13.1903 13.1625 15.3084 10.8596 15.3084 8.77769C15.3084 8.33559 15.1288 7.35895 13.778 7.35895C11.7537 7.35895 10.0437 10.3291 10.0437 12.632C9.32134 12.632 9.05607 11.8764 9.05607 11.3017C9.05607 10.727 9.28053 10.1482 9.28053 9.97136C9.28053 9.79452 9.19075 9.57347 8.92139 9.57347C8.248 9.57347 7.83989 10.4617 7.83989 11.4785C7.88478 12.8973 8.83161 13.7855 10.0886 13.8739C10.2682 14.7179 11.0354 15.5137 11.9782 15.5137C12.5659 15.5137 13.2841 15.3369 13.778 14.8947C13.7331 15.2042 13.6882 15.4695 13.6433 15.7388C11.6639 16.7596 10.2233 17.467 8.91731 18.6204C7.88478 19.5529 7.29709 20.7908 7.29709 21.7674C7.29709 23.0977 8.15005 24.3356 9.90903 24.3356C11.9782 24.3356 13.5535 22.6958 14.3208 20.4371C14.6799 19.372 14.8268 17.8247 14.9166 16.4059C16.9857 15.2565 17.9693 14.5853 19.0467 13.8337C19.1814 14.0548 19.3202 14.2316 19.4956 14.3642C18.5529 14.8505 16.3001 16.2251 16.3001 19.4604C16.3001 21.7674 17.8754 24.3356 20.9812 24.3356C23.5482 24.3356 25.3031 22.2537 25.3031 20.2602C25.3031 18.4436 24.2665 16.7596 22.2872 16.7596M30.025 20.5657C30.025 20.5657 29.9924 20.6019 29.9434 20.5818C29.9067 20.5697 29.8944 20.5496 29.8944 20.5255C29.8944 20.4974 30.4372 18.9219 30.4331 17.1133C30.429 15.164 29.621 13.9663 28.5884 13.9663C27.96 13.9663 27.5069 14.4084 27.5069 15.0756C27.5069 16.2733 28.9925 16.3617 28.9925 18.9781C28.9925 20.0432 28.768 21.06 28.4089 22.1693C26.7438 27.7076 21.4301 30.2798 16.2593 30.2798C13.8718 30.2798 12.1781 29.7975 11.6721 29.5765C11.6517 29.5684 11.6354 29.5283 11.6517 29.4881C11.6639 29.4559 11.6966 29.4358 11.717 29.4439C11.921 29.5242 13.378 29.9744 15.1778 29.9744C17.1571 29.9744 18.3284 29.1786 18.3284 28.202C18.3284 27.583 17.8346 27.0967 17.202 27.0967C15.9859 27.0967 15.8961 28.6039 13.2882 28.6039C12.1618 28.6039 11.1742 28.3828 10.0029 28.0291C4.41988 26.3451 1.76306 21.1605 1.76714 16.0161C1.76714 13.5122 2.48134 11.5187 2.49358 11.4986C2.50174 11.4866 2.53439 11.4705 2.5752 11.4866C2.61602 11.4986 2.62418 11.5348 2.62418 11.5428C2.55888 11.7518 2.08547 13.1786 2.08547 14.951C2.08547 16.9003 2.89353 18.0538 3.93015 18.0538C4.51783 18.0538 5.01165 17.6117 5.01165 16.9887C5.01165 15.791 3.52611 15.6584 3.52611 13.0862C3.52611 11.9769 3.75058 11.0043 4.10972 9.85079C5.80747 4.34464 11.0722 1.7684 16.2471 1.72821C18.6509 1.70811 20.7567 2.41949 20.8383 2.47978C20.8506 2.49184 20.8669 2.52399 20.8506 2.56016C20.8343 2.60035 20.8057 2.60839 20.7935 2.60437C20.769 2.60437 19.3977 2.03768 17.3286 2.03768C15.3941 2.03768 14.1779 2.83346 14.1779 3.85431C14.1779 4.42904 14.6268 4.91535 15.3043 4.91535C16.5205 4.91535 16.6103 3.4524 19.2181 3.4524C20.3445 3.4524 21.3322 3.67345 22.5035 4.02713C28.1314 5.71113 30.6902 10.94 30.7392 15.996C30.7637 18.5843 30.025 20.5456 30.0169 20.5576M16.2471 0.75157C7.69705 0.75157 0.763175 7.58001 0.763175 16C0.763175 24.42 7.69705 31.2444 16.2471 31.2444C24.7971 31.2444 31.7269 24.42 31.7269 16C31.7269 7.58001 24.7971 0.75157 16.2471 0.75157ZM16.2471 32C7.28893 32 0 24.8661 0 16C0 7.13389 7.28893 0 16.2471 0C25.2052 0 32.4941 7.18212 32.4941 16C32.4941 24.8179 25.2011 32 16.2471 32Z" fill="white"/>
+                    </g>
+                </svg>
+            </div>
+        </div>
+
+        <!-- MAIN CONTENT -->
+        <div class="content">
+
+            <!-- NAVIGATION -->
+            <div class="nav">
+                <h3>Quick Navigation</h3>
+                <ul>
+                    <li><a href="#overview">Overview</a></li>
+                    <li><a href="#first-time-setup">First-Time Setup</a></li>
+                    <li><a href="#api-integration">API Integration</a></li>
+                    <li><a href="#prerequisites">Prerequisites</a></li>
+                    <li><a href="#quick-start">Quick Start</a></li>
+                    <li><a href="#parameters">Parameters Reference</a></li>
+                    <li><a href="#available-tasks">Available Tasks</a></li>
+                    <li><a href="#deployment-mechanism">Software Deployment Mechanism</a></li>
+                    <li><a href="#how-to-guides">How-To Guides</a></li>
+                    <li><a href="#how-to-repair" class="nav-indent">System Repair</a></li>
+                    <li><a href="#how-to-optimize" class="nav-indent">Disk Optimization</a></li>
+                    <li><a href="#how-to-services" class="nav-indent">Service Management</a></li>
+                    <li><a href="#how-to-time" class="nav-indent">Time Sync</a></li>
+                    <li><a href="#how-to-dnc" class="nav-indent">DNC Configuration</a></li>
+                    <li><a href="#how-to-copyfile" class="nav-indent">File Deployment</a></li>
+                    <li><a href="#how-to-importreg" class="nav-indent">Registry Import</a></li>
+                    <li><a href="#how-to-software" class="nav-indent">Software Deployment</a></li>
+                    <li><a href="#how-to-batch" class="nav-indent">Batch Operations</a></li>
+                    <li><a href="#targeting">Targeting Strategies</a></li>
+                    <li><a href="#troubleshooting">Troubleshooting</a></li>
+                    <li><a href="#best-practices">Best Practices</a></li>
+                </ul>
+            </div>
+
+            <!-- OVERVIEW SECTION -->
+            <div id="overview" class="overview">
+                <h2>Overview</h2>
+                <p>This script provides a comprehensive remote maintenance toolkit for managing shopfloor PCs. It executes maintenance tasks via WinRM (Windows Remote Management) and can target PCs individually, by type, by business unit, or all at once.</p>
+                <p><strong>Location:</strong> <span class="command-inline">S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1</span></p>
+
+                <h4>Key Features:</h4>
+                <ul>
+                    <li>22 maintenance tasks available</li>
+                    <li>General-purpose file deployment (<span class="command-inline">CopyFile</span>) and registry import (<span class="command-inline">ImportReg</span>) tasks</li>
+                    <li>Registry imports run as logged-in user via scheduled task (HKCU support)</li>
+                    <li>Optional post-copy commands via scheduled task (service/app restarts)</li>
+                    <li>Multiple targeting options (by name, type, business unit, or all)</li>
+                    <li>Concurrent execution with configurable throttling</li>
+                    <li>Integration with ShopDB for PC discovery</li>
+                </ul>
+            </div>
+
+            <!-- FIRST-TIME SETUP -->
+            <h2 id="first-time-setup">First-Time Setup</h2>
+            <p>Before running this script for the first time, you must allow PowerShell script execution and unblock the script file.</p>
+
+            <div class="step">
+                <span class="step-number">Step 1</span>
+                <h4>Allow PowerShell Script Execution</h4>
+                <p>Open PowerShell <strong>as Administrator</strong> and run:</p>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre>Set-ExecutionPolicy RemoteSigned -Scope CurrentUser</pre>
+                </div>
+                <p>When prompted, type <span class="command-inline">Y</span> and press Enter. This allows locally-created scripts to run and requires downloaded scripts to be signed or unblocked.</p>
+                <div class="alert alert-info">
+                    <strong>Note:</strong>
+                    You only need to do this once per user account. <span class="command-inline">RemoteSigned</span> is the recommended policy &mdash; it allows local scripts while still protecting against untrusted downloads.
+                </div>
+            </div>
+
+            <div class="step">
+                <span class="step-number">Step 2</span>
+                <h4>Unblock the Script File</h4>
+                <p>Files downloaded from a network share or the internet are marked as "blocked" by Windows. You must unblock the script before it can run.</p>
+                <p><strong>Option A &mdash; File Explorer (GUI):</strong></p>
+                <ol>
+                    <li>Navigate to <span class="command-inline">S:\dt\shopfloor\scripts\remote-execution\</span></li>
+                    <li>Right-click <span class="command-inline">Invoke-RemoteMaintenance.ps1</span> and select <strong>Properties</strong></li>
+                    <li>At the bottom of the General tab, check the <span class="highlight">Unblock</span> checkbox</li>
+                    <li>Click <strong>Apply</strong>, then <strong>OK</strong></li>
+                </ol>
+                <p><strong>Option B &mdash; PowerShell:</strong></p>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre>Unblock-File -Path "S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1"</pre>
+                </div>
+                <div class="alert alert-warning">
+                    <strong>Important:</strong>
+                    If you skip this step, you will get a security error when trying to run the script: <em>"cannot be loaded because running scripts is disabled on this system"</em> or <em>"cannot be loaded. The file is not digitally signed."</em>
+                </div>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- API INTEGRATION -->
+            <h2 id="api-integration">API Integration</h2>
+            <p>When using <span class="command-inline">-All</span>, <span class="command-inline">-PcType</span>, or <span class="command-inline">-BusinessUnit</span> targeting, the script retrieves PC lists from the ShopDB API:</p>
+
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>GET /api.asp?action=getShopfloorPCs
 GET /api.asp?action=getShopfloorPCs&amp;pctypeid=2      # CMM PCs only
-GET /api.asp?action=getShopfloorPCs&amp;businessunitid=1 # Specific business unit</code></pre>
-<p><strong>PC Type IDs:</strong></p>
-<table>
-<thead><tr>
-<th>ID</th>
-<th>Type</th>
-<th>ID</th>
-<th>Type</th>
-</tr></thead>
-<tbody>
-<tr>
-<td>1</td>
-<td>Shopfloor</td>
-<td>7</td>
-<td>Heat Treat</td>
-</tr>
-<tr>
-<td>2</td>
-<td>CMM</td>
-<td>8</td>
-<td>Engineer</td>
-</tr>
-<tr>
-<td>3</td>
-<td>Wax Trace</td>
-<td>9</td>
-<td>Standard</td>
-</tr>
-<tr>
-<td>4</td>
-<td>Keyence</td>
-<td>10</td>
-<td>Inspection</td>
-</tr>
-<tr>
-<td>5</td>
-<td>EAS1000</td>
-<td>11</td>
-<td>Dashboard</td>
-</tr>
-<tr>
-<td>6</td>
-<td>Genspect</td>
-<td>12</td>
-<td>Lobby Display</td>
-</tr>
-</tbody></table>
-<p><strong>See:</strong> <a href="ShopDB-API.html">ShopDB API Reference</a> for complete API documentation.</p>
-<hr>
-<h2 id="prerequisites">Prerequisites</h2>
-<h3 id="on-your-workstation">On Your Workstation</h3>
-<ol>
-<li><strong>PowerShell 5.1 or higher</strong></li>
-<li><strong>Network access to target PCs</strong> (TCP port 5985)</li>
-<li><strong>Admin credentials</strong> for target PCs</li>
-</ol>
-<h3 id="on-target-pcs">On Target PCs</h3>
-<ol>
-<li><strong>WinRM enabled</strong> (<code>Enable-PSRemoting -Force</code>)</li>
-<li><strong>Firewall rules</strong> allowing WinRM traffic</li>
-</ol>
-<h3 id="verify-connectivity">Verify Connectivity</h3>
-<pre><code class="language-powershell"># Test WinRM connectivity
-Test-WSMan -ComputerName &quot;SHOPFLOOR-PC01&quot;
+GET /api.asp?action=getShopfloorPCs&amp;businessunitid=1 # Specific business unit</pre>
+            </div>
+
+            <h3>PC Type IDs</h3>
+            <table>
+                <thead>
+                    <tr><th>ID</th><th>Type</th><th>ID</th><th>Type</th></tr>
+                </thead>
+                <tbody>
+                    <tr><td>1</td><td>Standard</td><td>7</td><td>Keyence</td></tr>
+                    <tr><td>2</td><td>Engineer</td><td>8</td><td>Genspect</td></tr>
+                    <tr><td>3</td><td>Shopfloor</td><td>9</td><td>Heat Treat</td></tr>
+                    <tr><td>4</td><td>Uncategorized</td><td>10</td><td>Inspection</td></tr>
+                    <tr><td>5</td><td>CMM</td><td>11</td><td>Dashboard</td></tr>
+                    <tr><td>6</td><td>Wax / Trace</td><td>12</td><td>Lobby Display</td></tr>
+                </tbody>
+            </table>
+
+            <div class="alert alert-info">
+                <strong>Reference:</strong>
+                See <strong>ShopDB API Reference</strong> for complete API documentation.
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- PREREQUISITES -->
+            <h2 id="prerequisites">Prerequisites</h2>
+
+            <h3>On Your Workstation</h3>
+            <ol>
+                <li><strong>PowerShell 5.1 or higher</strong></li>
+                <li><strong>Network access to target PCs</strong> (TCP port 5985)</li>
+                <li><strong>Admin credentials</strong> for target PCs</li>
+            </ol>
+
+            <h3>On Target PCs</h3>
+            <ol>
+                <li><strong>WinRM enabled</strong> (<span class="command-inline">Enable-PSRemoting -Force</span>)</li>
+                <li><strong>Firewall rules</strong> allowing WinRM traffic</li>
+            </ol>
+
+            <h3>Verify Connectivity</h3>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Test WinRM connectivity
+Test-WSMan -ComputerName "SHOPFLOOR-PC01"
 
 # Test with credentials
 $cred = Get-Credential
-Test-WSMan -ComputerName &quot;SHOPFLOOR-PC01&quot; -Credential $cred</code></pre>
-<hr>
-<h2 id="quick-start">Quick Start</h2>
-<h3 id="step-1-get-credentials">Step 1: Get Credentials</h3>
-<pre><code class="language-powershell">$cred = Get-Credential -Message &quot;Enter domain admin credentials&quot;</code></pre>
-<h3 id="step-2-run-a-simple-task">Step 2: Run a Simple Task</h3>
-<pre><code class="language-powershell"># Flush DNS on a single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;SHOPFLOOR-PC01&quot; -Task FlushDNS -Credential $cred</code></pre>
-<h3 id="step-3-check-results">Step 3: Check Results</h3>
-<p>The script outputs status for each PC:</p>
-<pre><code>[SHOPFLOOR-PC01] FlushDNS: SUCCESS
-  DNS Resolver Cache flushed successfully</code></pre>
-<hr>
-<h2 id="parameters-reference">Parameters Reference</h2>
-<h3 id="targeting-parameters-mutually-exclusive">Targeting Parameters (Mutually Exclusive)</h3>
-<table>
-<thead><tr>
-<th>Parameter</th>
-<th>Type</th>
-<th>Description</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>-ComputerName</code></td>
-<td>string[]</td>
-<td>One or more computer names or IPs</td>
-</tr>
-<tr>
-<td><code>-ComputerListFile</code></td>
-<td>string</td>
-<td>Path to text file with hostnames</td>
-</tr>
-<tr>
-<td><code>-All</code></td>
-<td>switch</td>
-<td>Target all shopfloor PCs from ShopDB</td>
-</tr>
-<tr>
-<td><code>-PcType</code></td>
-<td>string</td>
-<td>Target by PC type (see PC Types)</td>
-</tr>
-<tr>
-<td><code>-BusinessUnit</code></td>
-<td>string</td>
-<td>Target by business unit (see Business Units)</td>
-</tr>
-</tbody></table>
-<h3 id="task-parameter-required">Task Parameter (Required)</h3>
-<table>
-<thead><tr>
-<th>Parameter</th>
-<th>Type</th>
-<th>Description</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>-Task</code></td>
-<td>string</td>
-<td>Maintenance task to execute</td>
-</tr>
-</tbody></table>
-<h3 id="optional-parameters">Optional Parameters</h3>
-<table>
-<thead><tr>
-<th>Parameter</th>
-<th>Type</th>
-<th>Default</th>
-<th>Description</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>-Credential</code></td>
-<td>PSCredential</td>
-<td>Prompt</td>
-<td>Remote authentication</td>
-</tr>
-<tr>
-<td><code>-ApiUrl</code></td>
-<td>string</td>
-<td>Production</td>
-<td>ShopDB API endpoint</td>
-</tr>
-<tr>
-<td><code>-ThrottleLimit</code></td>
-<td>int</td>
-<td>5</td>
-<td>Max concurrent sessions</td>
-</tr>
-<tr>
-<td><code>-DnsSuffix</code></td>
-<td>string</td>
-<td>logon.ds.ge.com</td>
-<td>DNS suffix for resolution</td>
-</tr>
-</tbody></table>
-<h3 id="pc-types">PC Types</h3>
-<pre><code>Standard, Engineer, Shopfloor, CMM, Wax / Trace, Keyence,
-Genspect, Heat Treat, Inspection, Dashboard, Lobby Display, Uncategorized</code></pre>
-<h3 id="business-units">Business Units</h3>
-<pre><code>TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT</code></pre>
-<hr>
-<h2 id="available-tasks">Available Tasks</h2>
-<h3 id="repair-tasks">Repair Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>DISM</code></td>
-<td>Repair Windows component store</td>
-<td>15-60 min</td>
-<td>Low</td>
-</tr>
-<tr>
-<td><code>SFC</code></td>
-<td>System File Checker scan</td>
-<td>10-30 min</td>
-<td>Low</td>
-</tr>
-</tbody></table>
-<h3 id="optimization-tasks">Optimization Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>OptimizeDisk</code></td>
-<td>TRIM (SSD) or Defrag (HDD)</td>
-<td>5-60 min</td>
-<td>Medium</td>
-</tr>
-<tr>
-<td><code>DiskCleanup</code></td>
-<td>Remove temp files, updates</td>
-<td>5-15 min</td>
-<td>Low</td>
-</tr>
-<tr>
-<td><code>ClearUpdateCache</code></td>
-<td>Clear Windows Update cache</td>
-<td>1-2 min</td>
-<td>Low</td>
-</tr>
-<tr>
-<td><code>ClearBrowserCache</code></td>
-<td>Clear Chrome/Edge cache</td>
-<td>1-2 min</td>
-<td>Low</td>
-</tr>
-</tbody></table>
-<h3 id="service-tasks">Service Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>RestartSpooler</code></td>
-<td>Restart Print Spooler</td>
-<td><1 min</td>
-<td>Low</td>
-</tr>
-<tr>
-<td><code>FlushDNS</code></td>
-<td>Clear DNS cache</td>
-<td><1 min</td>
-<td>None</td>
-</tr>
-<tr>
-<td><code>RestartWinRM</code></td>
-<td>Restart WinRM service</td>
-<td><1 min</td>
-<td>Temp disconnect</td>
-</tr>
-</tbody></table>
-<h3 id="timedate-tasks">Time/Date Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>SetTimezone</code></td>
-<td>Set to Eastern Time</td>
-<td><1 min</td>
-<td>None</td>
-</tr>
-<tr>
-<td><code>SyncTime</code></td>
-<td>Force time sync with DC</td>
-<td><1 min</td>
-<td>None</td>
-</tr>
-</tbody></table>
-<h3 id="dnc-tasks">DNC Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>UpdateEMxAuthToken</code></td>
-<td>Update eMx auth from share</td>
-<td>1-2 min</td>
-<td>None</td>
-</tr>
-<tr>
-<td><code>DeployUDCWebServerConfig</code></td>
-<td>Deploy UDC config</td>
-<td>1-2 min</td>
-<td>None</td>
-</tr>
-</tbody></table>
-<h3 id="system-tasks">System Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>Reboot</code></td>
-<td>Restart PC (30s delay)</td>
-<td>2-5 min</td>
-<td>High</td>
-</tr>
-</tbody></table>
-<h3 id="software-deployment-tasks">Software Deployment Tasks</h3>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Description</th>
-<th>Duration</th>
-<th>Impact</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>InstallDashboard</code></td>
-<td>Install GE Dashboard app</td>
-<td>2-5 min</td>
-<td>Medium</td>
-</tr>
-<tr>
-<td><code>InstallLobbyDisplay</code></td>
-<td>Install Lobby Display app</td>
-<td>2-5 min</td>
-<td>Medium</td>
-</tr>
-<tr>
-<td><code>UninstallDashboard</code></td>
-<td>Remove GE Dashboard</td>
-<td>1-2 min</td>
-<td>Low</td>
-</tr>
-<tr>
-<td><code>UninstallLobbyDisplay</code></td>
-<td>Remove Lobby Display</td>
-<td>1-2 min</td>
-<td>Low</td>
-</tr>
-</tbody></table>
-<hr>
-<h2 id="software-deployment-mechanism">Software Deployment Mechanism</h2>
-<h3 id="source-file-locations">Source File Locations</h3>
-<p>Deployment tasks require source files to be available before execution:</p>
-<table>
-<thead><tr>
-<th>Task</th>
-<th>Source File Path</th>
-</tr></thead>
-<tbody>
-<tr>
-<td><code>InstallDashboard</code></td>
-<td><code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe</code></td>
-</tr>
-<tr>
-<td><code>InstallLobbyDisplay</code></td>
-<td><code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe</code></td>
-</tr>
-<tr>
-<td><code>UpdateEMxAuthToken</code></td>
-<td><code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt</code></td>
-</tr>
-<tr>
-<td><code>DeployUDCWebServerConfig</code></td>
-<td><code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\UDC\udc_webserver_settings.json</code></td>
-</tr>
-</tbody></table>
-<h3 id="how-deployment-works">How Deployment Works</h3>
-<ol>
-<li><strong>Pre-flight Check:</strong> Script verifies source file exists</li>
-<li><strong>WinRM Session:</strong> Opens remote session to target PC</li>
-<li><strong>File Push:</strong> Copies source file to <code>C:\Windows\Temp\</code> on remote PC</li>
-<li><strong>Execution:</strong> Runs install/copy task using pushed file</li>
-<li><strong>Cleanup:</strong> Removes temp file from remote PC</li>
-</ol>
-<pre><code>+---------------------+     WinRM      +---------------------+
-|  Your Workstation   | ------------&gt;  |   Target PC         |
+Test-WSMan -ComputerName "SHOPFLOOR-PC01" -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- QUICK START -->
+            <h2 id="quick-start">Quick Start</h2>
+
+            <div class="step">
+                <span class="step-number">Step 1</span>
+                <h4>Get Credentials</h4>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre>$cred = Get-Credential -Message "Enter domain admin credentials"</pre>
+                </div>
+            </div>
+
+            <div class="step">
+                <span class="step-number">Step 2</span>
+                <h4>Run a Simple Task</h4>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre># Flush DNS on a single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "SHOPFLOOR-PC01" -Task FlushDNS -Credential $cred</pre>
+                </div>
+            </div>
+
+            <div class="step">
+                <span class="step-number">Step 3</span>
+                <h4>Check Results</h4>
+                <p>The script outputs status for each PC:</p>
+                <div class="code-block">
+                    <pre>[SHOPFLOOR-PC01] FlushDNS: SUCCESS
+  DNS Resolver Cache flushed successfully</pre>
+                </div>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- PARAMETERS REFERENCE -->
+            <h2 id="parameters">Parameters Reference</h2>
+
+            <h3>Targeting Parameters (Mutually Exclusive)</h3>
+            <table>
+                <thead>
+                    <tr><th>Parameter</th><th>Type</th><th>Description</th></tr>
+                </thead>
+                <tbody>
+                    <tr><td><span class="command-inline">-ComputerName</span></td><td>string[]</td><td>One or more computer names or IPs</td></tr>
+                    <tr><td><span class="command-inline">-ComputerListFile</span></td><td>string</td><td>Path to text file with hostnames</td></tr>
+                    <tr><td><span class="command-inline">-All</span></td><td>switch</td><td>Target all shopfloor PCs from ShopDB</td></tr>
+                    <tr><td><span class="command-inline">-PcType</span></td><td>string</td><td>Target by PC type (see PC Types)</td></tr>
+                    <tr><td><span class="command-inline">-BusinessUnit</span></td><td>string</td><td>Target by business unit (see Business Units)</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Task Parameter (Required)</h3>
+            <table>
+                <thead>
+                    <tr><th>Parameter</th><th>Type</th><th>Description</th></tr>
+                </thead>
+                <tbody>
+                    <tr><td><span class="command-inline">-Task</span></td><td>string</td><td>Maintenance task to execute</td></tr>
+                </tbody>
+            </table>
+
+            <h3>File Deployment Parameters (CopyFile / ImportReg)</h3>
+            <table>
+                <thead>
+                    <tr><th>Parameter</th><th>Type</th><th>Description</th></tr>
+                </thead>
+                <tbody>
+                    <tr><td><span class="command-inline">-SourcePath</span></td><td>string</td><td>Source file path (local or UNC). Required for CopyFile and ImportReg</td></tr>
+                    <tr><td><span class="command-inline">-DestinationPath</span></td><td>string</td><td>Destination file path on remote PCs. Required for CopyFile</td></tr>
+                    <tr><td><span class="command-inline">-RunCommand</span></td><td>string</td><td>Command to run after CopyFile. Runs as logged-in user by default (via scheduled task)</td></tr>
+                    <tr><td><span class="command-inline">-AsSystem</span></td><td>switch</td><td>Run ImportReg and -RunCommand in the WinRM session (SYSTEM context) instead of as logged-in user</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Optional Parameters</h3>
+            <table>
+                <thead>
+                    <tr><th>Parameter</th><th>Type</th><th>Default</th><th>Description</th></tr>
+                </thead>
+                <tbody>
+                    <tr><td><span class="command-inline">-Credential</span></td><td>PSCredential</td><td>Prompt</td><td>Remote authentication</td></tr>
+                    <tr><td><span class="command-inline">-ApiUrl</span></td><td>string</td><td>Production</td><td>ShopDB API endpoint</td></tr>
+                    <tr><td><span class="command-inline">-ThrottleLimit</span></td><td>int</td><td>5</td><td>Max concurrent sessions</td></tr>
+                    <tr><td><span class="command-inline">-DnsSuffix</span></td><td>string</td><td>logon.ds.ge.com</td><td>DNS suffix for FQDN resolution</td></tr>
+                    <tr><td><span class="command-inline">-LogFile</span></td><td>switch</td><td>Off</td><td>Enable transcript logging to <span class="command-inline">logs/</span> directory</td></tr>
+                </tbody>
+            </table>
+
+            <h3>PC Types</h3>
+            <div class="code-block">
+                <pre>Standard, Engineer, Shopfloor, CMM, Wax / Trace, Keyence,
+Genspect, Heat Treat, Inspection, Dashboard, Lobby Display, Uncategorized</pre>
+            </div>
+
+            <h3>Business Units</h3>
+            <div class="code-block">
+                <pre>TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- AVAILABLE TASKS -->
+            <h2 id="available-tasks">Available Tasks</h2>
+
+            <h3>Repair Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">DISM</span></td><td>Repair Windows component store</td><td>15-60 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">SFC</span></td><td>System File Checker scan</td><td>10-30 min</td><td>Low</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Optimization Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">OptimizeDisk</span></td><td>TRIM (SSD) or Defrag (HDD)</td><td>5-60 min</td><td>Medium</td></tr>
+                    <tr><td><span class="command-inline">DiskCleanup</span></td><td>Remove temp files, updates</td><td>5-15 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">ClearUpdateCache</span></td><td>Clear Windows Update cache</td><td>1-2 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">ClearBrowserCache</span></td><td>Clear Chrome/Edge cache</td><td>1-2 min</td><td>Low</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Service Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">RestartSpooler</span></td><td>Restart Print Spooler</td><td>&lt;1 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">FlushDNS</span></td><td>Clear DNS cache</td><td>&lt;1 min</td><td>None</td></tr>
+                    <tr><td><span class="command-inline">RestartWinRM</span></td><td>Restart WinRM service</td><td>&lt;1 min</td><td>Temp disconnect</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Time/Date Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">SetTimezone</span></td><td>Set to Eastern Time</td><td>&lt;1 min</td><td>None</td></tr>
+                    <tr><td><span class="command-inline">SyncTime</span></td><td>Force time sync with DC</td><td>&lt;1 min</td><td>None</td></tr>
+                </tbody>
+            </table>
+
+            <h3>DNC Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">UpdateDNCMXHosts</span></td><td>Update FtpHostPrimary/Secondary in DNC\MX registry</td><td>&lt;1 min</td><td>None</td></tr>
+                    <tr><td><span class="command-inline">AuditDNCConfig</span></td><td>Compare DNC registry vs UDC backup JSON, export CSV</td><td>1-5 min</td><td>None</td></tr>
+                    <tr><td><span class="command-inline">CheckDefectTracker</span></td><td>Check if Defect_Tracker.exe is running, export CSV</td><td>1-5 min</td><td>None</td></tr>
+                </tbody>
+            </table>
+
+            <h3>File Deployment Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">CopyFile</span></td><td>Copy file from <span class="command-inline">-SourcePath</span> to <span class="command-inline">-DestinationPath</span> on remote PCs</td><td>1-2 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">ImportReg</span></td><td>Copy <span class="command-inline">.reg</span> file and import via scheduled task as logged-in user</td><td>1-2 min</td><td>Low</td></tr>
+                </tbody>
+            </table>
+
+            <h3>System Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">GPUpdate</span></td><td>Force Group Policy refresh (<span class="command-inline">gpupdate /force</span>)</td><td>&lt;1 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">Reboot</span></td><td>Restart PC (30s delay)</td><td>2-5 min</td><td>High</td></tr>
+                </tbody>
+            </table>
+
+            <h3>Software Deployment Tasks</h3>
+            <table>
+                <thead><tr><th>Task</th><th>Description</th><th>Duration</th><th>Impact</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">InstallDashboard</span></td><td>Install GE Dashboard app</td><td>2-5 min</td><td>Medium</td></tr>
+                    <tr><td><span class="command-inline">InstallLobbyDisplay</span></td><td>Install Lobby Display app</td><td>2-5 min</td><td>Medium</td></tr>
+                    <tr><td><span class="command-inline">UninstallDashboard</span></td><td>Remove GE Dashboard</td><td>1-2 min</td><td>Low</td></tr>
+                    <tr><td><span class="command-inline">UninstallLobbyDisplay</span></td><td>Remove Lobby Display</td><td>1-2 min</td><td>Low</td></tr>
+                </tbody>
+            </table>
+
+            <hr class="section-divider">
+
+            <!-- SOFTWARE DEPLOYMENT MECHANISM -->
+            <h2 id="deployment-mechanism">Software Deployment Mechanism</h2>
+
+            <h3>Source File Locations</h3>
+            <p>Deployment tasks require source files to be available before execution:</p>
+            <table>
+                <thead><tr><th>Task</th><th>Source File Path</th></tr></thead>
+                <tbody>
+                    <tr><td><span class="command-inline">InstallDashboard</span></td><td><span class="command-inline">\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe</span></td></tr>
+                    <tr><td><span class="command-inline">InstallLobbyDisplay</span></td><td><span class="command-inline">\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe</span></td></tr>
+                    <tr><td><span class="command-inline">CopyFile</span></td><td>Any file &mdash; specified via <span class="command-inline">-SourcePath</span> parameter</td></tr>
+                    <tr><td><span class="command-inline">ImportReg</span></td><td>Any <span class="command-inline">.reg</span> file &mdash; specified via <span class="command-inline">-SourcePath</span> parameter</td></tr>
+                </tbody>
+            </table>
+
+            <h3>How Deployment Works</h3>
+            <ol>
+                <li><strong>Pre-flight Check:</strong> Script verifies source file exists</li>
+                <li><strong>WinRM Session:</strong> Opens remote session to target PC</li>
+                <li><strong>File Push:</strong> Copies source file to <span class="command-inline">C:\Windows\Temp\</span> on remote PC</li>
+                <li><strong>Execution:</strong> Runs install/copy/import task using pushed file</li>
+                <li><strong>Post-action:</strong> Optionally runs command as logged-in user via scheduled task</li>
+                <li><strong>Cleanup:</strong> Removes temp file from remote PC</li>
+            </ol>
+
+            <div class="code-block">
+                <pre>+---------------------+     WinRM      +---------------------+
+|  Your Workstation   | ------------>  |   Target PC         |
 |                     |                |                     |
 |  Source Files:      |   Push File    |  Temp Location:     |
-|  - Setup.exe        | ------------&gt;  |  C:\Windows\Temp    |
+|  - Setup.exe        | ------------>  |  C:\Windows\Temp    |
 |  - config.json      |                |                     |
-|  - eMxInfo.txt      |   Execute      |  Final Location:    |
-|    (network)        | ------------&gt;  |  C:\Program Files   |
-+---------------------+                +---------------------+</code></pre>
-<h3 id="directory-structure">Directory Structure</h3>
-<p>Ensure your script directory contains the required files:</p>
-<pre><code>S:\dt\shopfloor\scripts\remote-execution\
-├── Invoke-RemoteMaintenance.ps1
-├── GEAerospaceDashboardSetup.exe      # For InstallDashboard
-├── GEAerospaceLobbyDisplaySetup.exe   # For InstallLobbyDisplay
-└── udc_webserver_settings.json        # For DeployUDCWebServerConfig</code></pre>
-<h3 id="emx-auth-token-details">eMx Auth Token Details</h3>
-<p>The <code>UpdateEMxAuthToken</code> task:</p>
-<ol>
-<li><strong>Source:</strong> <code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt</code></li>
-<li><strong>Destinations:</strong> (both paths if they exist)</li>
-</ol>
-<ul>
-<li><code>C:\Program Files\GE Aircraft Engines\DNC\eMxInfo.txt</code></li>
-<li><code>C:\Program Files (x86)\GE Aircraft Engines\DNC\eMxInfo.txt</code></li>
-</ul>
-<ol>
-<li><strong>Backup:</strong> Creates <code>eMxInfo-old-YYYYMMDD-HHMMSS.txt</code> before overwriting</li>
-<li><strong>Post-action:</strong> Restarts DNC service (<code>LDnc.exe</code>)</li>
-</ol>
-<h3 id="udc-web-server-config-details">UDC Web Server Config Details</h3>
-<p>The <code>DeployUDCWebServerConfig</code> task:</p>
-<ol>
-<li><strong>Pre-check:</strong> Verifies UDC is installed (<code>C:\Program Files\UDC</code> exists)</li>
-<li><strong>Skip:</strong> PCs without UDC are skipped (not counted as failures)</li>
-<li><strong>Destination:</strong> <code>C:\ProgramData\UDC\udc_webserver_settings.json</code></li>
-<li><strong>Backup:</strong> Creates backup before overwriting</li>
-</ol>
-<h3 id="dashboardlobby-display-install-details">Dashboard/Lobby Display Install Details</h3>
-<p>Both kiosk app installers:</p>
-<ol>
-<li><strong>Installer type:</strong> Inno Setup (supports <code>/VERYSILENT</code>)</li>
-<li><strong>Execution:</strong> Silent install with no user prompts</li>
-<li><strong>Cleanup:</strong> Installer removed from temp after execution</li>
-</ol>
-<p><strong>Uninstall GUIDs:</strong></p>
-<ul>
-<li>Dashboard: <code>{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}</code></li>
-<li>Lobby Display: <code>{42FFB952-0B72-493F-8869-D957344CA305}</code></li>
-</ul>
-<h3 id="adding-new-deployable-applications">Adding New Deployable Applications</h3>
-<p>To add a new application for deployment, edit the script in two places:</p>
-<p><strong>Step 1: Add to <code>$KioskAppConfig</code> hashtable (~line 1388)</strong></p>
-<pre><code class="language-powershell">$KioskAppConfig = @{
+|  - settings.reg     |   Execute      |  Final Location:    |
+|    (any path/UNC)   | ------------>  |  -DestinationPath   |
+|                     |                |                     |
+|                     |  Sched. Task   |  Logged-in User:    |
+|                     | ------------>  |  - regedit /s       |
+|                     |                |  - RunCommand        |
++---------------------+                +---------------------+</pre>
+            </div>
+
+            <h3>CopyFile Details</h3>
+            <p>The <span class="command-inline">CopyFile</span> task:</p>
+            <ol>
+                <li><strong>Source:</strong> Any file specified via <span class="command-inline">-SourcePath</span> (local or UNC path)</li>
+                <li><strong>Destination:</strong> Specified via <span class="command-inline">-DestinationPath</span></li>
+                <li><strong>Backup:</strong> Existing file is backed up as <span class="command-inline">&lt;name&gt;-old-&lt;timestamp&gt;.&lt;ext&gt;</span></li>
+                <li><strong>Post-action:</strong> If <span class="command-inline">-RunCommand</span> is specified, runs as the logged-in user via a one-shot scheduled task (same pattern as Dashboard/Lobby kiosk relaunch)</li>
+            </ol>
+
+            <h3>ImportReg Details</h3>
+            <p>The <span class="command-inline">ImportReg</span> task:</p>
+            <ol>
+                <li><strong>Source:</strong> <span class="command-inline">.reg</span> file specified via <span class="command-inline">-SourcePath</span></li>
+                <li><strong>Import method:</strong> <span class="command-inline">regedit.exe /s</span> via one-shot scheduled task as logged-in user</li>
+                <li><strong>HKCU support:</strong> Runs as the logged-in user, so both HKLM and HKCU keys apply correctly</li>
+                <li><strong>Fallback:</strong> If no user is logged in, runs <span class="command-inline">regedit.exe /s</span> directly (HKLM only)</li>
+                <li><strong>Cleanup:</strong> Temp <span class="command-inline">.reg</span> file removed after import</li>
+            </ol>
+
+            <div class="alert alert-info">
+                <strong>HKCU vs HKLM:</strong>
+                By default, ImportReg runs as the logged-in user via scheduled task so HKCU keys apply to the correct user profile. Use <span class="command-inline">-AsSystem</span> for HKLM-only .reg files to skip the scheduled task overhead.
+            </div>
+
+            <h3>Dashboard/Lobby Display Install Details</h3>
+            <p>Both kiosk app installers:</p>
+            <ol>
+                <li><strong>Installer type:</strong> Inno Setup (supports <span class="command-inline">/VERYSILENT</span>)</li>
+                <li><strong>Pre-install:</strong> Kills running Edge kiosk via <span class="command-inline">PrepareToInstall</span> in Inno Setup</li>
+                <li><strong>Execution:</strong> Silent install with no user prompts (120-second timeout)</li>
+                <li><strong>Post-install:</strong> Creates a one-shot scheduled task to relaunch Edge in kiosk mode as the logged-in user, then auto-deletes the task</li>
+                <li><strong>Cleanup:</strong> Installer removed from temp after execution</li>
+                <li><strong>Connectivity:</strong> Offline PCs are skipped with a ping check before connecting</li>
+            </ol>
+
+            <p><strong>Uninstall GUIDs:</strong></p>
+            <ul>
+                <li>Dashboard: <span class="command-inline">{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}</span></li>
+                <li>Lobby Display: <span class="command-inline">{42FFB952-0B72-493F-8869-D957344CA305}</span></li>
+            </ul>
+
+            <h3>Adding New Deployable Applications</h3>
+
+            <div class="step">
+                <span class="step-number">Step 1</span>
+                <h4>Add to $KioskAppConfig hashtable</h4>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre>$KioskAppConfig = @{
     # Existing entries...
 
     # Add new application
-    &#x27;InstallNewApp&#x27; = @{
-        Action = &#x27;Install&#x27;
-        InstallerPath = &#x27;\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe&#x27;
-        InstallerName = &#x27;NewAppSetup.exe&#x27;
-        AppName = &#x27;New Application Name&#x27;
-        UninstallGuid = &#x27;{YOUR-GUID-HERE}&#x27;  # Find in registry after manual install
+    'InstallNewApp' = @{
+        Action = 'Install'
+        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
+        InstallerName = 'NewAppSetup.exe'
+        AppName = 'New Application Name'
+        UninstallGuid = '{YOUR-GUID-HERE}'  # Find in registry after manual install
+        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/your-page/'
     }
-    &#x27;UninstallNewApp&#x27; = @{
-        Action = &#x27;Uninstall&#x27;
-        InstallerName = &#x27;NewAppSetup.exe&#x27;
-        AppName = &#x27;New Application Name&#x27;
-        UninstallGuid = &#x27;{YOUR-GUID-HERE}&#x27;
+    'UninstallNewApp' = @{
+        Action = 'Uninstall'
+        InstallerName = 'NewAppSetup.exe'
+        AppName = 'New Application Name'
+        UninstallGuid = '{YOUR-GUID-HERE}'
     }
-}</code></pre>
-<p><strong>Step 2: Add task names to ValidateSet (~line 142)</strong></p>
-<pre><code class="language-powershell">[ValidateSet(
-    &#x27;DISM&#x27;, &#x27;SFC&#x27;, &#x27;OptimizeDisk&#x27;, &#x27;DiskCleanup&#x27;, &#x27;ClearUpdateCache&#x27;,
-    &#x27;RestartSpooler&#x27;, &#x27;FlushDNS&#x27;, &#x27;RestartWinRM&#x27;, &#x27;ClearBrowserCache&#x27;,
-    &#x27;SetTimezone&#x27;, &#x27;SyncTime&#x27;, &#x27;UpdateEMxAuthToken&#x27;, &#x27;DeployUDCWebServerConfig&#x27;, &#x27;Reboot&#x27;,
-    &#x27;InstallDashboard&#x27;, &#x27;InstallLobbyDisplay&#x27;, &#x27;UninstallDashboard&#x27;, &#x27;UninstallLobbyDisplay&#x27;,
-    &#x27;InstallNewApp&#x27;, &#x27;UninstallNewApp&#x27;  # Add new tasks here
+}</pre>
+                </div>
+            </div>
+
+            <div class="step">
+                <span class="step-number">Step 2</span>
+                <h4>Add task names to ValidateSet (~line 142)</h4>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre>[ValidateSet(
+    'DISM', 'SFC', 'OptimizeDisk', 'DiskCleanup', 'ClearUpdateCache',
+    'RestartSpooler', 'FlushDNS', 'RestartWinRM', 'ClearBrowserCache',
+    'SetTimezone', 'SyncTime', 'UpdateDNCMXHosts', 'AuditDNCConfig',
+    'CheckDefectTracker', 'GPUpdate', 'Reboot',
+    'CopyFile', 'ImportReg',
+    'InstallDashboard', 'InstallLobbyDisplay', 'UninstallDashboard', 'UninstallLobbyDisplay',
+    'InstallNewApp', 'UninstallNewApp'  # Add new tasks here
 )]
-[string]$Task</code></pre>
-<p><strong>Step 3: Place installer on network share</strong></p>
-<pre><code>\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe</code></pre>
-<p><strong>Finding the Uninstall GUID:</strong></p>
-<p>After manually installing the application on a test PC, find the GUID in registry:</p>
-<pre><code class="language-powershell"># Search for app in registry
-Get-ChildItem &quot;HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall&quot; |
-    Get-ItemProperty | Where-Object { $_.DisplayName -like &quot;*AppName*&quot; } |
-    Select-Object DisplayName, PSChildName, UninstallString</code></pre>
-<p>The <code>PSChildName</code> is typically the GUID (e.g., <code>{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}</code>).</p>
-<p><strong>Installer Requirements:</strong></p>
-<ul>
-<li>Must support silent installation flags</li>
-<li>Inno Setup: <code>/VERYSILENT /SUPPRESSMSGBOXES /NORESTART</code></li>
-<li>MSI: <code>/qn /norestart</code></li>
-<li>NSIS: <code>/S</code></li>
-</ul>
-<p>If your installer uses different flags, modify the <code>InstallKioskApp</code> scriptblock.</p>
-<hr>
-<h2 id="how-to-guides">How-To Guides</h2>
-<h3 id="how-to-repair-system-files">How to Repair System Files</h3>
-<p><strong>Scenario:</strong> A PC has corrupted system files causing crashes or errors.</p>
-<h4 id="option-1-dism-component-store-repair">Option 1: DISM (Component Store Repair)</h4>
-<pre><code class="language-powershell"># Run DISM repair on a single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task DISM -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ul>
-<li>Downloads missing/corrupted files from Windows Update</li>
-<li>Repairs the Windows component store</li>
-<li>Required before SFC if component store is damaged</li>
-</ul>
-<p><strong>Expected output:</strong></p>
-<pre><code>[PROBLEM-PC] DISM: SUCCESS
+[string]$Task</pre>
+                </div>
+            </div>
+
+            <div class="step">
+                <span class="step-number">Step 3</span>
+                <h4>Place installer on network share</h4>
+                <div class="code-block">
+                    <pre>\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe</pre>
+                </div>
+            </div>
+
+            <h4>Finding the Uninstall GUID</h4>
+            <p>After manually installing the application on a test PC, find the GUID in registry:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Search for app in registry
+Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" |
+    Get-ItemProperty | Where-Object { $_.DisplayName -like "*AppName*" } |
+    Select-Object DisplayName, PSChildName, UninstallString</pre>
+            </div>
+            <p>The <span class="command-inline">PSChildName</span> is typically the GUID (e.g., <span class="command-inline">{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}</span>).</p>
+
+            <div class="alert alert-info">
+                <strong>Installer Requirements:</strong>
+                <ul>
+                    <li>Must support silent installation flags</li>
+                    <li>Inno Setup: <span class="command-inline">/VERYSILENT /SUPPRESSMSGBOXES /NORESTART</span></li>
+                    <li>MSI: <span class="command-inline">/qn /norestart</span></li>
+                    <li>NSIS: <span class="command-inline">/S</span></li>
+                </ul>
+                If your installer uses different flags, modify the <span class="command-inline">InstallKioskApp</span> scriptblock.
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- HOW-TO GUIDES -->
+            <h2 id="how-to-guides">How-To Guides</h2>
+
+            <!-- System Repair -->
+            <h3 id="how-to-repair">How to Repair System Files</h3>
+            <p><strong>Scenario:</strong> A PC has corrupted system files causing crashes or errors.</p>
+
+            <h4>Option 1: DISM (Component Store Repair)</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Run DISM repair on a single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ul>
+                <li>Downloads missing/corrupted files from Windows Update</li>
+                <li>Repairs the Windows component store</li>
+                <li>Required before SFC if component store is damaged</li>
+            </ul>
+            <p><strong>Expected output:</strong></p>
+            <div class="code-block">
+                <pre>[PROBLEM-PC] DISM: SUCCESS
   Deployment Image Servicing and Management tool
-  The restore operation completed successfully.</code></pre>
-<h4 id="option-2-sfc-system-file-checker">Option 2: SFC (System File Checker)</h4>
-<pre><code class="language-powershell"># Run SFC after DISM
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task SFC -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ul>
-<li>Scans all protected system files</li>
-<li>Replaces corrupted files from component store</li>
-<li>Creates log at <code>C:\Windows\Logs\CBS\CBS.log</code></li>
-</ul>
-<p><strong>Best Practice - Full Repair Sequence:</strong></p>
-<pre><code class="language-powershell"># Step 1: Run DISM first
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task DISM -Credential $cred
+  The restore operation completed successfully.</pre>
+            </div>
+
+            <h4>Option 2: SFC (System File Checker)</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Run SFC after DISM
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ul>
+                <li>Scans all protected system files</li>
+                <li>Replaces corrupted files from component store</li>
+                <li>Creates log at <span class="command-inline">C:\Windows\Logs\CBS\CBS.log</span></li>
+            </ul>
+
+            <div class="alert alert-success">
+                <strong>Best Practice - Full Repair Sequence:</strong>
+            </div>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Step 1: Run DISM first
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred
 
 # Step 2: Run SFC after DISM completes
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task SFC -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred
 
 # Step 3: Reboot to apply changes
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task Reboot -Credential $cred</code></pre>
-<hr>
-<h3 id="how-to-optimize-disks">How to Optimize Disks</h3>
-<p><strong>Scenario:</strong> PCs are running slow due to disk fragmentation or lack of TRIM.</p>
-<h4 id="single-pc-optimization">Single PC Optimization</h4>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;SLOW-PC&quot; -Task OptimizeDisk -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ul>
-<li>Detects drive type (SSD vs HDD)</li>
-<li>For SSDs: Runs TRIM to reclaim deleted blocks</li>
-<li>For HDDs: Runs defragmentation</li>
-</ul>
-<h4 id="optimize-all-cmm-pcs-after-hours">Optimize All CMM PCs (After Hours)</h4>
-<pre><code class="language-powershell"># CMM PCs often have large files - optimize overnight
-.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task OptimizeDisk -Credential $cred -ThrottleLimit 3</code></pre>
-<h4 id="full-cleanup-sequence">Full Cleanup Sequence</h4>
-<pre><code class="language-powershell"># Step 1: Clear update cache
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC01&quot; -Task ClearUpdateCache -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task Reboot -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Disk Optimization -->
+            <h3 id="how-to-optimize">How to Optimize Disks</h3>
+            <p><strong>Scenario:</strong> PCs are running slow due to disk fragmentation or lack of TRIM.</p>
+
+            <h4>Single PC Optimization</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -ComputerName "SLOW-PC" -Task OptimizeDisk -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ul>
+                <li>Detects drive type (SSD vs HDD)</li>
+                <li>For SSDs: Runs TRIM to reclaim deleted blocks</li>
+                <li>For HDDs: Runs defragmentation</li>
+            </ul>
+
+            <h4>Optimize All CMM PCs (After Hours)</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># CMM PCs often have large files - optimize overnight
+.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task OptimizeDisk -Credential $cred -ThrottleLimit 3</pre>
+            </div>
+
+            <h4>Full Cleanup Sequence</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Step 1: Clear update cache
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache -Credential $cred
 
 # Step 2: Run disk cleanup
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC01&quot; -Task DiskCleanup -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task DiskCleanup -Credential $cred
 
 # Step 3: Optimize disk
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC01&quot; -Task OptimizeDisk -Credential $cred</code></pre>
-<hr>
-<h3 id="how-to-fix-stuck-windows-updates">How to Fix Stuck Windows Updates</h3>
-<p><strong>Scenario:</strong> Windows Update is stuck or failing repeatedly.</p>
-<pre><code class="language-powershell"># Clear the Windows Update cache
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;UPDATE-STUCK-PC&quot; -Task ClearUpdateCache -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ol>
-<li>Stops Windows Update service</li>
-<li>Stops BITS service</li>
-<li>Clears <code>C:\Windows\SoftwareDistribution\Download</code></li>
-<li>Restarts services</li>
-</ol>
-<p><strong>After clearing, trigger new update check:</strong></p>
-<pre><code class="language-powershell"># On the target PC (optional follow-up)
-wuauclt /detectnow</code></pre>
-<hr>
-<h3 id="how-to-clear-browser-cache">How to Clear Browser Cache</h3>
-<p><strong>Scenario:</strong> CMM or inspection PCs have slow browser performance.</p>
-<pre><code class="language-powershell"># Single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;CMM-PC01&quot; -Task ClearBrowserCache -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task OptimizeDisk -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Stuck Windows Updates -->
+            <h3>How to Fix Stuck Windows Updates</h3>
+            <p><strong>Scenario:</strong> Windows Update is stuck or failing repeatedly.</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Clear the Windows Update cache
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "UPDATE-STUCK-PC" -Task ClearUpdateCache -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Stops Windows Update service</li>
+                <li>Stops BITS service</li>
+                <li>Clears <span class="command-inline">C:\Windows\SoftwareDistribution\Download</span></li>
+                <li>Restarts services</li>
+            </ol>
+
+            <hr class="section-divider">
+
+            <!-- Browser Cache -->
+            <h3>How to Clear Browser Cache</h3>
+            <p><strong>Scenario:</strong> CMM or inspection PCs have slow browser performance.</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "CMM-PC01" -Task ClearBrowserCache -Credential $cred
 
 # All CMM PCs
-.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task ClearBrowserCache -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ul>
-<li>Clears Chrome cache directories</li>
-<li>Clears Edge cache directories</li>
-<li>Does NOT clear saved passwords or bookmarks</li>
-</ul>
-<hr>
-<h3 id="how-to-manage-services">How to Manage Services</h3>
-<h4 id="fix-printing-issues">Fix Printing Issues</h4>
-<pre><code class="language-powershell"># Restart print spooler on a PC with stuck print jobs
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PRINT-PROBLEM-PC&quot; -Task RestartSpooler -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ol>
-<li>Stops Print Spooler service</li>
-<li>Clears print queue</li>
-<li>Restarts Print Spooler service</li>
-</ol>
-<h4 id="fix-dns-resolution-issues">Fix DNS Resolution Issues</h4>
-<pre><code class="language-powershell"># Flush DNS cache when a PC can&#x27;t resolve hostnames
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;DNS-ISSUE-PC&quot; -Task FlushDNS -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task ClearBrowserCache -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ul>
+                <li>Clears Chrome cache directories</li>
+                <li>Clears Edge cache directories</li>
+                <li>Does NOT clear saved passwords or bookmarks</li>
+            </ul>
+
+            <hr class="section-divider">
+
+            <!-- Service Management -->
+            <h3 id="how-to-services">How to Manage Services</h3>
+
+            <h4>Fix Printing Issues</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Restart print spooler on a PC with stuck print jobs
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PRINT-PROBLEM-PC" -Task RestartSpooler -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Stops Print Spooler service</li>
+                <li>Clears print queue</li>
+                <li>Restarts Print Spooler service</li>
+            </ol>
+
+            <h4>Fix DNS Resolution Issues</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Flush DNS cache when a PC can't resolve hostnames
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNS-ISSUE-PC" -Task FlushDNS -Credential $cred
 
 # Flush DNS on all PCs in a business unit
-.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task FlushDNS -Credential $cred</code></pre>
-<h4 id="fix-remote-management-issues">Fix Remote Management Issues</h4>
-<pre><code class="language-powershell"># Restart WinRM if subsequent remote commands fail
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;WINRM-ISSUE-PC&quot; -Task RestartWinRM -Credential $cred</code></pre>
-<p><strong>Note:</strong> Connection will briefly drop during restart.</p>
-<hr>
-<h3 id="how-to-fix-time-sync-issues">How to Fix Time Sync Issues</h3>
-<p><strong>Scenario:</strong> PC clock is wrong, causing certificate errors or login issues.</p>
-<h4 id="set-correct-timezone">Set Correct Timezone</h4>
-<pre><code class="language-powershell"># Single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;WRONG-TIME-PC&quot; -Task SetTimezone -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task FlushDNS -Credential $cred</pre>
+            </div>
+
+            <h4>Fix Remote Management Issues</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Restart WinRM if subsequent remote commands fail
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "WINRM-ISSUE-PC" -Task RestartWinRM -Credential $cred</pre>
+            </div>
+            <div class="alert alert-warning">
+                <strong>Note:</strong>
+                Connection will briefly drop during WinRM restart.
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Time Sync -->
+            <h3 id="how-to-time">How to Fix Time Sync Issues</h3>
+            <p><strong>Scenario:</strong> PC clock is wrong, causing certificate errors or login issues.</p>
+
+            <h4>Set Correct Timezone</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SetTimezone -Credential $cred
 
 # All shopfloor PCs
-.\Invoke-RemoteMaintenance.ps1 -All -Task SetTimezone -Credential $cred</code></pre>
-<p><strong>Sets timezone to:</strong> Eastern Standard Time</p>
-<h4 id="force-time-synchronization">Force Time Synchronization</h4>
-<pre><code class="language-powershell"># Sync time with domain controller
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;WRONG-TIME-PC&quot; -Task SyncTime -Credential $cred</code></pre>
-<p><strong>Full time fix sequence:</strong></p>
-<pre><code class="language-powershell"># Step 1: Set correct timezone
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC01&quot; -Task SetTimezone -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -All -Task SetTimezone -Credential $cred</pre>
+            </div>
+            <p><strong>Sets timezone to:</strong> <span class="highlight">Eastern Standard Time</span></p>
+
+            <h4>Force Time Synchronization</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Sync time with domain controller
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SyncTime -Credential $cred</pre>
+            </div>
+
+            <h4>Full Time Fix Sequence</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Step 1: Set correct timezone
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SetTimezone -Credential $cred
 
 # Step 2: Sync time
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC01&quot; -Task SyncTime -Credential $cred</code></pre>
-<hr>
-<h3 id="how-to-update-dnc-configurations">How to Update DNC Configurations</h3>
-<h4 id="update-emx-authentication-token">Update eMx Authentication Token</h4>
-<p><strong>Scenario:</strong> eMx authentication is failing on DNC PCs.</p>
-<pre><code class="language-powershell"># Single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;DNC-PC01&quot; -Task UpdateEMxAuthToken -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SyncTime -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- DNC Configuration -->
+            <h3 id="how-to-dnc">How to Update DNC Configurations</h3>
+
+            <h4>Update DNC MX Hosts</h4>
+            <p><strong>Scenario:</strong> FtpHostPrimary/FtpHostSecondary in DNC\MX registry needs updating (hostname migration).</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateDNCMXHosts -Credential $cred
 
 # All shopfloor PCs
-.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateEMxAuthToken -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ol>
-<li>Backs up existing <code>eMxInfo.txt</code> with timestamp</li>
-<li>Copies new token file from network share</li>
-<li>Verifies file was updated</li>
-</ol>
-<h4 id="deploy-udc-web-server-configuration">Deploy UDC Web Server Configuration</h4>
-<p><strong>Scenario:</strong> UDC web server settings need to be updated.</p>
-<pre><code class="language-powershell"># Deploy to PCs with UDC installed
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;UDC-PC01&quot;,&quot;UDC-PC02&quot; -Task DeployUDCWebServerConfig -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ol>
-<li>Checks if UDC is installed</li>
-<li>Backs up existing configuration</li>
-<li>Deploys new web server settings</li>
-<li>Does NOT restart UDC (requires manual restart)</li>
-</ol>
-<hr>
-<h3 id="how-to-deploy-software">How to Deploy Software</h3>
-<h4 id="install-ge-aerospace-dashboard">Install GE Aerospace Dashboard</h4>
-<p><strong>Scenario:</strong> Convert a PC to a Dashboard kiosk.</p>
-<pre><code class="language-powershell"># Single PC installation
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;NEWKIOSK-01&quot; -Task InstallDashboard -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateDNCMXHosts -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Checks both 32-bit (WOW6432Node) and 64-bit registry paths</li>
+                <li>Only updates values matching the old hostname &mdash; skips unexpected values</li>
+                <li>Safe to run on all PCs: no-ops if DNC\MX key doesn't exist</li>
+            </ol>
+
+            <h4>Audit DNC Config vs UDC Backup</h4>
+            <p><strong>Scenario:</strong> Verify DNC registry settings match UDC backup JSON files.</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -All -Task AuditDNCConfig -Credential $cred -LogFile</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Reads DNC registry values (General, eFocas, Hssb, PPDCS keys)</li>
+                <li>Compares against UDC backup JSON files on the network share</li>
+                <li>Reports MATCH/MISMATCH/MISSING for each field</li>
+                <li>Exports CSV report to <span class="command-inline">logs/</span></li>
+            </ol>
+
+            <h4>Check Defect Tracker Status</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CheckDefectTracker -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Checks if <span class="command-inline">Defect_Tracker.exe</span> is running on each PC</li>
+                <li>Reports machine number + running status</li>
+                <li>Exports CSV report to <span class="command-inline">logs/</span></li>
+            </ol>
+
+            <hr class="section-divider">
+
+            <!-- File Deployment -->
+            <h3 id="how-to-copyfile">How to Deploy Files</h3>
+            <p><strong>Scenario:</strong> Push any file to remote PCs with automatic backup of existing files.</p>
+
+            <h4>Basic File Copy</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Copy a config file to a specific destination
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task CopyFile `
+    -SourcePath "\\server\share\config.json" `
+    -DestinationPath "C:\ProgramData\App\config.json" `
+    -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Copies source file to <span class="command-inline">C:\Windows\Temp\</span> on remote PC via WinRM</li>
+                <li>Creates backup of existing file (if any) with timestamp</li>
+                <li>Moves temp file to final destination</li>
+                <li>Verifies deployment</li>
+            </ol>
+
+            <h4>File Copy with Post-Copy Command</h4>
+            <p><strong>Scenario:</strong> Deploy a file and restart a service/app in the logged-in user's session.</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Deploy eMxInfo.txt and kill DNC so it picks up the new file
+.\Invoke-RemoteMaintenance.ps1 -All -Task CopyFile `
+    -SourcePath "\\server\share\eMxInfo.txt" `
+    -DestinationPath "C:\Program Files (x86)\DNC\Server Files\eMxInfo.txt" `
+    -RunCommand "taskkill /IM DNCMain.exe /F" `
+    -Credential $cred
+
+# Deploy UDC config (no restart needed)
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CopyFile `
+    -SourcePath "\\server\share\udc_webserver_settings.json" `
+    -DestinationPath "C:\ProgramData\UDC\udc_webserver_settings.json" `
+    -Credential $cred</pre>
+            </div>
+
+            <div class="alert alert-info">
+                <strong>About -RunCommand:</strong>
+                The <span class="command-inline">-RunCommand</span> runs via a one-shot scheduled task as the logged-in user, so it works for user-session processes (same pattern as Dashboard/Lobby Display kiosk relaunch). Use <span class="command-inline">-AsSystem</span> if the command should run as SYSTEM instead.
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Registry Import -->
+            <h3 id="how-to-importreg">How to Import Registry Files</h3>
+            <p><strong>Scenario:</strong> Apply registry settings from a <span class="command-inline">.reg</span> file to remote PCs.</p>
+
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Import a .reg file on all shopfloor PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task ImportReg `
+    -SourcePath "\\server\share\intranet-zone.reg" `
+    -Credential $cred
+
+# Import on specific PCs
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ImportReg `
+    -SourcePath "C:\Scripts\my-settings.reg" `
+    -Credential $cred</pre>
+            </div>
+
+            <p><strong>What it does (default &mdash; as logged-in user):</strong></p>
+            <ol>
+                <li>Copies <span class="command-inline">.reg</span> file to <span class="command-inline">C:\Windows\Temp\</span> on remote PC via WinRM</li>
+                <li>Creates a one-shot scheduled task as the logged-in user</li>
+                <li>Runs <span class="command-inline">regedit.exe /s</span> to silently import the registry file</li>
+                <li>Cleans up temp file and scheduled task</li>
+            </ol>
+
+            <div class="alert alert-info">
+                <strong>HKCU Support:</strong>
+                Because the import runs as the logged-in user (via scheduled task), both <span class="command-inline">HKLM</span> and <span class="command-inline">HKCU</span> keys in the <span class="command-inline">.reg</span> file are applied correctly. If no user is logged in, it falls back to direct import (HKLM only).
+            </div>
+
+            <h4>HKLM-Only / System Context</h4>
+            <p>Use <span class="command-inline">-AsSystem</span> when the <span class="command-inline">.reg</span> file only contains <span class="command-inline">HKLM</span> keys and you want to skip the scheduled task overhead:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Import HKLM-only registry settings directly as SYSTEM
+.\Invoke-RemoteMaintenance.ps1 -All -Task ImportReg `
+    -SourcePath "\\server\share\machine-policy.reg" `
+    -AsSystem -Credential $cred</pre>
+            </div>
+
+            <div class="alert alert-warning">
+                <strong>Warning:</strong>
+                Running with <span class="command-inline">-AsSystem</span> means <span class="command-inline">HKCU</span> keys in the .reg file will NOT apply to any user profile. Only use this for HKLM-only registry files.
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Software Deployment -->
+            <h3 id="how-to-software">How to Deploy Software</h3>
+
+            <h4>Install GE Aerospace Dashboard</h4>
+            <p><strong>Scenario:</strong> Convert a PC to a Dashboard kiosk.</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Single PC installation
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "NEWKIOSK-01" -Task InstallDashboard -Credential $cred
 
 # Multiple PCs from a list
-$kiosks = @(&quot;KIOSK-01&quot;, &quot;KIOSK-02&quot;, &quot;KIOSK-03&quot;)
-.\Invoke-RemoteMaintenance.ps1 -ComputerName $kiosks -Task InstallDashboard -Credential $cred</code></pre>
-<p><strong>What it does:</strong></p>
-<ol>
-<li>Copies installer from network share</li>
-<li>Runs silent installation</li>
-<li>Configures auto-start</li>
-<li>Cleans up installer</li>
-</ol>
-<p><strong>After installation:</strong></p>
-<ul>
-<li>Run data collection to update PC type</li>
-<li>Reboot PC to complete setup</li>
-</ul>
-<pre><code class="language-powershell"># Complete Dashboard deployment sequence
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;KIOSK-01&quot; -Task InstallDashboard -Credential $cred
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;KIOSK-01&quot; -Task Reboot -Credential $cred
+$kiosks = @("KIOSK-01", "KIOSK-02", "KIOSK-03")
+.\Invoke-RemoteMaintenance.ps1 -ComputerName $kiosks -Task InstallDashboard -Credential $cred</pre>
+            </div>
+            <p><strong>What it does:</strong></p>
+            <ol>
+                <li>Pings target PC (skips if offline)</li>
+                <li>Copies installer from network share to <span class="command-inline">C:\Windows\Temp\</span></li>
+                <li>Kills running Edge kiosk</li>
+                <li>Runs silent installation (120-second timeout)</li>
+                <li>Relaunches Edge kiosk via scheduled task as the logged-in user</li>
+                <li>Cleans up installer and scheduled task</li>
+            </ol>
 
-# After reboot, update ShopDB
-.\Update-ShopfloorPCs-Remote.ps1 -ComputerName &quot;KIOSK-01&quot; -Credential $cred</code></pre>
-<h4 id="install-lobby-display">Install Lobby Display</h4>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;LOBBY-01&quot; -Task InstallLobbyDisplay -Credential $cred</code></pre>
-<h4 id="uninstall-dashboard-or-lobby-display">Uninstall Dashboard or Lobby Display</h4>
-<pre><code class="language-powershell"># Remove Dashboard
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;OLD-KIOSK&quot; -Task UninstallDashboard -Credential $cred
+            <div class="alert alert-success">
+                <strong>No reboot required</strong>
+                Edge relaunches automatically in the logged-in user's session.
+            </div>
+
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Deploy to all Dashboard kiosks
+.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task InstallDashboard -Credential $cred
+
+# Deploy to all Lobby Display kiosks
+.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task InstallLobbyDisplay -Credential $cred</pre>
+            </div>
+
+            <h4>Uninstall Dashboard or Lobby Display</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Remove Dashboard
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-KIOSK" -Task UninstallDashboard -Credential $cred
 
 # Remove Lobby Display
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;OLD-LOBBY&quot; -Task UninstallLobbyDisplay -Credential $cred</code></pre>
-<hr>
-<h3 id="how-to-reboot-pcs">How to Reboot PCs</h3>
-<h4 id="single-pc-reboot">Single PC Reboot</h4>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PC-TO-REBOOT&quot; -Task Reboot -Credential $cred</code></pre>
-<p><strong>Note:</strong> Reboot has a 30-second delay to allow graceful shutdown.</p>
-<h4 id="reboot-all-dashboard-pcs">Reboot All Dashboard PCs</h4>
-<pre><code class="language-powershell"># Reboot all Dashboard PCs (e.g., for software update)
-.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred</code></pre>
-<h4 id="reboot-all-lobby-display-pcs">Reboot All Lobby Display PCs</h4>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -PcType &quot;Lobby Display&quot; -Task Reboot -Credential $cred</code></pre>
-<h4 id="reboot-pcs-by-business-unit">Reboot PCs by Business Unit</h4>
-<pre><code class="language-powershell"># Reboot all HPT PCs during maintenance window
-.\Invoke-RemoteMaintenance.ps1 -BusinessUnit HPT -Task Reboot -Credential $cred</code></pre>
-<hr>
-<h3 id="how-to-run-batch-operations">How to Run Batch Operations</h3>
-<h4 id="using-a-computer-list-file">Using a Computer List File</h4>
-<p>Create a text file with one hostname per line:</p>
-<pre><code class="language-text"># shopfloor-pcs.txt
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-LOBBY" -Task UninstallLobbyDisplay -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Reboot -->
+            <h3>How to Reboot PCs</h3>
+
+            <h4>Single PC Reboot</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC-TO-REBOOT" -Task Reboot -Credential $cred</pre>
+            </div>
+            <div class="alert alert-warning">
+                <strong>Note:</strong>
+                Reboot has a 30-second delay to allow graceful shutdown.
+            </div>
+
+            <h4>Reboot by PC Type</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Reboot all Dashboard PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred
+
+# Reboot all Lobby Display PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task Reboot -Credential $cred</pre>
+            </div>
+
+            <h4>Reboot by Business Unit</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Reboot all HPT PCs during maintenance window
+.\Invoke-RemoteMaintenance.ps1 -BusinessUnit HPT -Task Reboot -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- Batch Operations -->
+            <h3 id="how-to-batch">How to Run Batch Operations</h3>
+
+            <h4>Using a Computer List File</h4>
+            <p>Create a text file with one hostname per line:</p>
+            <div class="code-block">
+                <pre># shopfloor-pcs.txt
 PC001
 PC002
 PC003
 PC004
-PC005</code></pre>
-<p>Run tasks against the list:</p>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerListFile &quot;.\shopfloor-pcs.txt&quot; -Task FlushDNS -Credential $cred</code></pre>
-<h4 id="running-multiple-tasks-in-sequence">Running Multiple Tasks in Sequence</h4>
-<pre><code class="language-powershell"># Maintenance routine for a PC
-$pc = &quot;SHOPFLOOR-PC01&quot;
+PC005</pre>
+            </div>
+
+            <p>Run tasks against the list:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task FlushDNS -Credential $cred</pre>
+            </div>
+
+            <h4>Running Multiple Tasks in Sequence</h4>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Maintenance routine for a PC
+$pc = "SHOPFLOOR-PC01"
 
 # Step 1: Clear caches
 .\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearUpdateCache -Credential $cred
@@ -920,105 +1511,231 @@ $pc = &quot;SHOPFLOOR-PC01&quot;
 .\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SyncTime -Credential $cred
 
 # Step 5: Reboot
-.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task Reboot -Credential $cred</code></pre>
-<hr>
-<h2 id="targeting-strategies">Targeting Strategies</h2>
-<h3 id="by-individual-pcs">By Individual PCs</h3>
-<p><strong>Best for:</strong> Specific troubleshooting, targeted fixes</p>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;PROBLEM-PC&quot; -Task DISM -Credential $cred</code></pre>
-<h3 id="by-pc-type">By PC Type</h3>
-<p><strong>Best for:</strong> Type-specific maintenance, software updates</p>
-<pre><code class="language-powershell"># All CMM PCs
+.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task Reboot -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- TARGETING STRATEGIES -->
+            <h2 id="targeting">Targeting Strategies</h2>
+
+            <h3>By Individual PCs</h3>
+            <p><strong>Best for:</strong> Specific troubleshooting, targeted fixes</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred</pre>
+            </div>
+
+            <h3>By PC Type</h3>
+            <p><strong>Best for:</strong> Type-specific maintenance, software updates</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># All CMM PCs
 .\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task DiskCleanup -Credential $cred
 
 # All Dashboard kiosks
-.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred</code></pre>
-<h3 id="by-business-unit">By Business Unit</h3>
-<p><strong>Best for:</strong> Department-specific maintenance windows</p>
-<pre><code class="language-powershell"># All Blisk area PCs
-.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task SyncTime -Credential $cred</code></pre>
-<h3 id="all-shopfloor-pcs">All Shopfloor PCs</h3>
-<p><strong>Best for:</strong> Global maintenance, security updates</p>
-<pre><code class="language-powershell"># Flush DNS everywhere
-.\Invoke-RemoteMaintenance.ps1 -All -Task FlushDNS -Credential $cred -ThrottleLimit 10</code></pre>
-<h3 id="using-a-list-file">Using a List File</h3>
-<p><strong>Best for:</strong> Custom groups, staged rollouts</p>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -ComputerListFile &quot;.\phase1-pcs.txt&quot; -Task DISM -Credential $cred</code></pre>
-<hr>
-<h2 id="troubleshooting">Troubleshooting</h2>
-<h3 id="task-times-out">Task Times Out</h3>
-<p><strong>Cause:</strong> Task takes longer than session timeout.</p>
-<p><strong>Solution:</strong> DISM and SFC can take a long time. Check if task completed on target:</p>
-<pre><code class="language-powershell"># Check DISM log
-Invoke-Command -ComputerName &quot;PC01&quot; -Credential $cred -ScriptBlock {
-    Get-Content &quot;C:\Windows\Logs\DISM\dism.log&quot; -Tail 50
-}</code></pre>
-<h3 id="access-denied-on-some-pcs">"Access Denied" on Some PCs</h3>
-<p><strong>Cause:</strong> Credentials don't have admin rights on that PC.</p>
-<p><strong>Solutions:</strong></p>
-<ol>
-<li>Use different credentials</li>
-<li>Add account to local Administrators group on target</li>
-<li>Check if UAC is blocking remote admin</li>
-</ol>
-<h3 id="software-installation-fails">Software Installation Fails</h3>
-<p><strong>Cause:</strong> Network share not accessible or installer missing.</p>
-<p><strong>Solutions:</strong></p>
-<ol>
-<li>Verify network share path is accessible</li>
-<li>Check installer exists at expected location</li>
-<li>Verify credentials can access the share</li>
-</ol>
-<h3 id="reboot-doesnt-happen">Reboot Doesn't Happen</h3>
-<p><strong>Cause:</strong> User cancelled shutdown or application blocked it.</p>
-<p><strong>Solutions:</strong></p>
-<pre><code class="language-powershell"># Force immediate reboot (no 30-second delay)
-Invoke-Command -ComputerName &quot;PC01&quot; -Credential $cred -ScriptBlock {
+.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred</pre>
+            </div>
+
+            <h3>By Business Unit</h3>
+            <p><strong>Best for:</strong> Department-specific maintenance windows</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># All Blisk area PCs
+.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task SyncTime -Credential $cred</pre>
+            </div>
+
+            <h3>All Shopfloor PCs</h3>
+            <p><strong>Best for:</strong> Global maintenance, security updates</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Flush DNS everywhere
+.\Invoke-RemoteMaintenance.ps1 -All -Task FlushDNS -Credential $cred -ThrottleLimit 10</pre>
+            </div>
+
+            <h3>Using a List File</h3>
+            <p><strong>Best for:</strong> Custom groups, staged rollouts</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre>.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\phase1-pcs.txt" -Task DISM -Credential $cred</pre>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- TROUBLESHOOTING -->
+            <h2 id="troubleshooting">Troubleshooting</h2>
+
+            <div class="troubleshooting">
+                <h4>Issue: Task Times Out</h4>
+                <p><strong>Cause:</strong> Task takes longer than session timeout.</p>
+                <p><strong>Resolution:</strong> DISM and SFC can take a long time. Check if task completed on target:</p>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre># Check DISM log
+Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
+    Get-Content "C:\Windows\Logs\DISM\dism.log" -Tail 50
+}</pre>
+                </div>
+            </div>
+
+            <div class="troubleshooting">
+                <h4>Issue: "Access Denied" on Some PCs</h4>
+                <p><strong>Cause:</strong> Credentials don't have admin rights on that PC.</p>
+                <p><strong>Resolution:</strong></p>
+                <ul>
+                    <li>Use different credentials</li>
+                    <li>Add account to local Administrators group on target</li>
+                    <li>Check if UAC is blocking remote admin</li>
+                </ul>
+            </div>
+
+            <div class="troubleshooting">
+                <h4>Issue: Software Installation Fails</h4>
+                <p><strong>Cause:</strong> Network share not accessible or installer missing.</p>
+                <p><strong>Resolution:</strong></p>
+                <ul>
+                    <li>Verify network share path is accessible</li>
+                    <li>Check installer exists at expected location</li>
+                    <li>Verify credentials can access the share</li>
+                </ul>
+            </div>
+
+            <div class="troubleshooting">
+                <h4>Issue: Reboot Doesn't Happen</h4>
+                <p><strong>Cause:</strong> User cancelled shutdown or application blocked it.</p>
+                <p><strong>Resolution:</strong></p>
+                <div class="code-block">
+                    <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                    <pre># Force immediate reboot (no 30-second delay)
+Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
     Restart-Computer -Force
-}</code></pre>
-<hr>
-<h2 id="best-practices">Best Practices</h2>
-<h3 id="1-start-small">1. Start Small</h3>
-<p>Test on one PC before running against groups:</p>
-<pre><code class="language-powershell"># Test on single PC first
-.\Invoke-RemoteMaintenance.ps1 -ComputerName &quot;TEST-PC&quot; -Task DISM -Credential $cred</code></pre>
-<h3 id="2-use-appropriate-throttle-limits">2. Use Appropriate Throttle Limits</h3>
-<table>
-<thead><tr>
-<th>Scenario</th>
-<th>Recommended ThrottleLimit</th>
-</tr></thead>
-<tbody>
-<tr>
-<td>Fast network, light tasks</td>
-<td>10-25</td>
-</tr>
-<tr>
-<td>Normal operations</td>
-<td>5 (default)</td>
-</tr>
-<tr>
-<td>Heavy tasks (DISM, Defrag)</td>
-<td>2-3</td>
-</tr>
-<tr>
-<td>Slow network</td>
-<td>2-3</td>
-</tr>
-</tbody></table>
-<h3 id="3-schedule-disruptive-tasks">3. Schedule Disruptive Tasks</h3>
-<p>Run reboots and heavy tasks during maintenance windows:</p>
-<ul>
-<li>DISM/SFC: After hours</li>
-<li>Disk optimization: After hours</li>
-<li>Reboots: During shift changes or maintenance windows</li>
-</ul>
-<h3 id="4-verify-before-rebooting">4. Verify Before Rebooting</h3>
-<p>Always confirm which PCs will be affected:</p>
-<pre><code class="language-powershell"># Check PC type before reboot
-.\Update-ShopfloorPCs-Remote.ps1 -PcType Dashboard -WhatIf</code></pre>
-<h3 id="5-keep-logs">5. Keep Logs</h3>
-<p>Redirect output for audit trail:</p>
-<pre><code class="language-powershell">.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred | Tee-Object -FilePath &quot;maintenance-log-$(Get-Date -Format &#x27;yyyyMMdd&#x27;).txt&quot;</code></pre>
+}</pre>
+                </div>
+            </div>
+
+            <div class="troubleshooting">
+                <h4>Issue: ImportReg HKCU Keys Not Applied</h4>
+                <p><strong>Cause:</strong> No user is logged in on the target PC, or <span class="command-inline">-AsSystem</span> was used.</p>
+                <p><strong>Resolution:</strong></p>
+                <ul>
+                    <li>Ensure a user is logged in on the target PC</li>
+                    <li>Remove <span class="command-inline">-AsSystem</span> flag if the .reg file contains HKCU keys</li>
+                    <li>Check the script output for "No logged-in user found" messages</li>
+                </ul>
+            </div>
+
+            <hr class="section-divider">
+
+            <!-- BEST PRACTICES -->
+            <h2 id="best-practices">Best Practices</h2>
+
+            <h3>1. Start Small</h3>
+            <p>Test on one PC before running against groups:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Test on single PC first
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "TEST-PC" -Task DISM -Credential $cred</pre>
+            </div>
+
+            <h3>2. Use Appropriate Throttle Limits</h3>
+            <table>
+                <thead><tr><th>Scenario</th><th>Recommended ThrottleLimit</th></tr></thead>
+                <tbody>
+                    <tr><td>Fast network, light tasks</td><td>10-25</td></tr>
+                    <tr><td>Normal operations</td><td>5 (default)</td></tr>
+                    <tr><td>Heavy tasks (DISM, Defrag)</td><td>2-3</td></tr>
+                    <tr><td>Slow network</td><td>2-3</td></tr>
+                </tbody>
+            </table>
+
+            <h3>3. Schedule Disruptive Tasks</h3>
+            <p>Run reboots and heavy tasks during maintenance windows:</p>
+            <ul>
+                <li>DISM/SFC: After hours</li>
+                <li>Disk optimization: After hours</li>
+                <li>Reboots: During shift changes or maintenance windows</li>
+            </ul>
+
+            <h3>4. Verify Before Rebooting</h3>
+            <p>Always confirm which PCs will be affected:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Check PC type before reboot
+.\Update-ShopfloorPCs-Remote.ps1 -PcType Dashboard -WhatIf</pre>
+            </div>
+
+            <h3>5. Keep Logs</h3>
+            <p>Use the <span class="command-inline">-LogFile</span> flag or redirect output for audit trail:</p>
+            <div class="code-block">
+                <button class="copy-button" onclick="copyCode(this)">Copy</button>
+                <pre># Built-in logging
+.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred -LogFile
+
+# Or redirect output manually
+.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred | Tee-Object -FilePath "maintenance-log-$(Get-Date -Format 'yyyyMMdd').txt"</pre>
+            </div>
+
+            <!-- SUCCESS MESSAGE -->
+            <div class="alert alert-success">
+                <strong>Reference Complete</strong>
+                This document covers all 22 maintenance tasks available in Invoke-RemoteMaintenance.ps1. For questions or updates, contact the GE Aerospace DT Team.
+            </div>
+
+        </div>
+
+        <!-- FOOTER -->
+        <div class="footer">
+            <div class="footer-content">
+                <p><strong>For questions or support, contact GE Aerospace DT Team</strong></p>
+                <p style="font-size: 0.9em;">Document Classification: Internal Use Only</p>
+            </div>
+        </div>
+    </div>
+
+    <!-- JAVASCRIPT -->
+    <script>
+        // Copy code functionality
+        function copyCode(button) {
+            const codeBlock = button.parentElement;
+            const code = codeBlock.querySelector('pre').textContent;
+
+            navigator.clipboard.writeText(code).then(() => {
+                const originalText = button.textContent;
+                button.textContent = 'Copied!';
+                button.classList.add('copied');
+
+                setTimeout(() => {
+                    button.textContent = originalText;
+                    button.classList.remove('copied');
+                }, 2000);
+            }).catch(err => {
+                console.error('Failed to copy text: ', err);
+                button.textContent = 'Failed';
+                setTimeout(() => {
+                    button.textContent = 'Copy';
+                }, 2000);
+            });
+        }
+
+        // Smooth scrolling for navigation links
+        document.querySelectorAll('.nav a').forEach(anchor => {
+            anchor.addEventListener('click', function (e) {
+                e.preventDefault();
+                const target = document.querySelector(this.getAttribute('href'));
+                if (target) {
+                    target.scrollIntoView({
+                        behavior: 'smooth',
+                        block: 'start'
+                    });
+                }
+            });
+        });
+
+        // Update page title from h1
+        const mainTitle = document.querySelector('.header h1');
+        if (mainTitle) {
+            document.title = mainTitle.textContent + ' - GE Aerospace Knowledge Base';
+        }
+    </script>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/docs/Invoke-RemoteMaintenance.md b/docs/Invoke-RemoteMaintenance.md
index 8c7bd00..32184bb 100644
--- a/docs/Invoke-RemoteMaintenance.md
+++ b/docs/Invoke-RemoteMaintenance.md
@@ -5,6 +5,7 @@ Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via
 ## Table of Contents
 
 - [Overview](#overview)
+- [First-Time Setup](#first-time-setup)
 - [API Integration](#api-integration)
 - [Prerequisites](#prerequisites)
 - [Quick Start](#quick-start)
@@ -17,6 +18,8 @@ Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via
   - [Service Management](#how-to-manage-services)
   - [Time Synchronization](#how-to-fix-time-sync-issues)
   - [DNC Configuration](#how-to-update-dnc-configurations)
+  - [File Deployment](#how-to-deploy-files)
+  - [Registry Import](#how-to-import-registry-files)
   - [Software Deployment](#how-to-deploy-software)
   - [Batch Operations](#how-to-run-batch-operations)
 - [Targeting Strategies](#targeting-strategies)
@@ -32,13 +35,53 @@ This script provides a comprehensive remote maintenance toolkit for managing sho
 **Location:** `S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1`
 
 **Key Features:**
-- 19 maintenance tasks available
+- 22 maintenance tasks available
+- General-purpose file deployment (`CopyFile`) and registry import (`ImportReg`) tasks
+- Registry imports run as logged-in user via scheduled task (HKCU support)
+- Optional post-copy commands via scheduled task (service/app restarts)
 - Multiple targeting options (by name, type, business unit, or all)
 - Concurrent execution with configurable throttling
 - Integration with ShopDB for PC discovery
 
 ---
 
+## First-Time Setup
+
+Before running this script for the first time, you must allow PowerShell script execution and unblock the script file.
+
+### Step 1: Allow PowerShell Script Execution
+
+Open PowerShell **as Administrator** and run:
+
+```powershell
+Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
+```
+
+When prompted, type `Y` and press Enter. This allows locally-created scripts to run and requires downloaded scripts to be signed or unblocked.
+
+> **Note:** You only need to do this once per user account. `RemoteSigned` is the recommended policy — it allows local scripts while still protecting against untrusted downloads.
+
+### Step 2: Unblock the Script File
+
+Files downloaded from a network share or the internet are marked as "blocked" by Windows. You must unblock the script before it can run.
+
+**Option A — File Explorer (GUI):**
+
+1. Navigate to `S:\dt\shopfloor\scripts\remote-execution\`
+2. Right-click `Invoke-RemoteMaintenance.ps1` and select **Properties**
+3. At the bottom of the General tab, check the **Unblock** checkbox
+4. Click **Apply**, then **OK**
+
+**Option B — PowerShell:**
+
+```powershell
+Unblock-File -Path "S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1"
+```
+
+> **Important:** If you skip this step, you will get a security error when trying to run the script: *"cannot be loaded because running scripts is disabled on this system"* or *"cannot be loaded. The file is not digitally signed."*
+
+---
+
 ## API Integration
 
 When using `-All`, `-PcType`, or `-BusinessUnit` targeting, the script retrieves PC lists from the ShopDB API:
@@ -53,12 +96,12 @@ GET /api.asp?action=getShopfloorPCs&businessunitid=1 # Specific business unit
 
 | ID | Type | ID | Type |
 |----|------|----|------|
-| 1 | Shopfloor | 7 | Heat Treat |
-| 2 | CMM | 8 | Engineer |
-| 3 | Wax Trace | 9 | Standard |
-| 4 | Keyence | 10 | Inspection |
-| 5 | EAS1000 | 11 | Dashboard |
-| 6 | Genspect | 12 | Lobby Display |
+| 1 | Standard | 7 | Keyence |
+| 2 | Engineer | 8 | Genspect |
+| 3 | Shopfloor | 9 | Heat Treat |
+| 4 | Uncategorized | 10 | Inspection |
+| 5 | CMM | 11 | Dashboard |
+| 6 | Wax / Trace | 12 | Lobby Display |
 
 **See:** [ShopDB API Reference](ShopDB-API.html) for complete API documentation.
 
@@ -133,6 +176,15 @@ The script outputs status for each PC:
 |-----------|------|-------------|
 | `-Task` | string | Maintenance task to execute |
 
+### File Deployment Parameters (CopyFile / ImportReg)
+
+| Parameter | Type | Description |
+|-----------|------|-------------|
+| `-SourcePath` | string | Source file path (local or UNC). Required for CopyFile and ImportReg |
+| `-DestinationPath` | string | Destination file path on remote PCs. Required for CopyFile |
+| `-RunCommand` | string | Command to run after CopyFile. Runs as logged-in user by default (via scheduled task) |
+| `-AsSystem` | switch | Run ImportReg and -RunCommand in the WinRM session (SYSTEM context) instead of as logged-in user |
+
 ### Optional Parameters
 
 | Parameter | Type | Default | Description |
@@ -140,7 +192,8 @@ The script outputs status for each PC:
 | `-Credential` | PSCredential | Prompt | Remote authentication |
 | `-ApiUrl` | string | Production | ShopDB API endpoint |
 | `-ThrottleLimit` | int | 5 | Max concurrent sessions |
-| `-DnsSuffix` | string | logon.ds.ge.com | DNS suffix for resolution |
+| `-DnsSuffix` | string | logon.ds.ge.com | DNS suffix for FQDN resolution |
+| `-LogFile` | switch | Off | Enable transcript logging to `logs/` directory |
 
 ### PC Types
 
@@ -194,13 +247,22 @@ TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT
 
 | Task | Description | Duration | Impact |
 |------|-------------|----------|--------|
-| `UpdateEMxAuthToken` | Update eMx auth from share | 1-2 min | None |
-| `DeployUDCWebServerConfig` | Deploy UDC config | 1-2 min | None |
+| `UpdateDNCMXHosts` | Update FtpHostPrimary/Secondary in DNC\MX registry | <1 min | None |
+| `AuditDNCConfig` | Compare DNC registry vs UDC backup JSON, export CSV | 1-5 min | None |
+| `CheckDefectTracker` | Check if Defect_Tracker.exe is running, export CSV | 1-5 min | None |
+
+### File Deployment Tasks
+
+| Task | Description | Duration | Impact |
+|------|-------------|----------|--------|
+| `CopyFile` | Copy file from `-SourcePath` to `-DestinationPath` on remote PCs | 1-2 min | Low |
+| `ImportReg` | Copy `.reg` file and import via scheduled task as logged-in user | 1-2 min | Low |
 
 ### System Tasks
 
 | Task | Description | Duration | Impact |
 |------|-------------|----------|--------|
+| `GPUpdate` | Force Group Policy refresh (`gpupdate /force`) | <1 min | Low |
 | `Reboot` | Restart PC (30s delay) | 2-5 min | High |
 
 ### Software Deployment Tasks
@@ -222,18 +284,19 @@ Deployment tasks require source files to be available before execution:
 
 | Task | Source File Path |
 |------|------------------|
-| `InstallDashboard` | `\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe` |
-| `InstallLobbyDisplay` | `\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe` |
-| `UpdateEMxAuthToken` | `\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt` |
-| `DeployUDCWebServerConfig` | `\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\UDC\udc_webserver_settings.json` |
+| `InstallDashboard` | `\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe` |
+| `InstallLobbyDisplay` | `\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe` |
+| `CopyFile` | Any file - specified via `-SourcePath` parameter |
+| `ImportReg` | Any `.reg` file - specified via `-SourcePath` parameter |
 
 ### How Deployment Works
 
 1. **Pre-flight Check:** Script verifies source file exists
 2. **WinRM Session:** Opens remote session to target PC
 3. **File Push:** Copies source file to `C:\Windows\Temp\` on remote PC
-4. **Execution:** Runs install/copy task using pushed file
-5. **Cleanup:** Removes temp file from remote PC
+4. **Execution:** Runs install/copy/import task using pushed file
+5. **Post-action:** Optionally runs command as logged-in user via scheduled task
+6. **Cleanup:** Removes temp file from remote PC
 
 ```
 +---------------------+     WinRM      +---------------------+
@@ -242,50 +305,44 @@ Deployment tasks require source files to be available before execution:
 |  Source Files:      |   Push File    |  Temp Location:     |
 |  - Setup.exe        | ------------>  |  C:\Windows\Temp    |
 |  - config.json      |                |                     |
-|  - eMxInfo.txt      |   Execute      |  Final Location:    |
-|    (network)        | ------------>  |  C:\Program Files   |
+|  - settings.reg     |   Execute      |  Final Location:    |
+|    (any path/UNC)   | ------------>  |  -DestinationPath   |
+|                     |                |                     |
+|                     |  Sched. Task   |  Logged-in User:    |
+|                     | ------------>  |  - regedit /s       |
+|                     |                |  - RunCommand        |
 +---------------------+                +---------------------+
 ```
 
-### Directory Structure
+### CopyFile Details
 
-Ensure your script directory contains the required files:
+The `CopyFile` task:
 
-```
-S:\dt\shopfloor\scripts\remote-execution\
-├── Invoke-RemoteMaintenance.ps1
-├── GEAerospaceDashboardSetup.exe      # For InstallDashboard
-├── GEAerospaceLobbyDisplaySetup.exe   # For InstallLobbyDisplay
-└── udc_webserver_settings.json        # For DeployUDCWebServerConfig
-```
+1. **Source:** Any file specified via `-SourcePath` (local or UNC path)
+2. **Destination:** Specified via `-DestinationPath`
+3. **Backup:** Existing file is backed up as `<name>-old-<timestamp>.<ext>`
+4. **Post-action:** If `-RunCommand` is specified, runs as the logged-in user via a one-shot scheduled task (same pattern as Dashboard/Lobby kiosk relaunch)
 
-### eMx Auth Token Details
+### ImportReg Details
 
-The `UpdateEMxAuthToken` task:
+The `ImportReg` task:
 
-1. **Source:** `\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt`
-2. **Destinations:** (both paths if they exist)
-   - `C:\Program Files\GE Aircraft Engines\DNC\eMxInfo.txt`
-   - `C:\Program Files (x86)\GE Aircraft Engines\DNC\eMxInfo.txt`
-3. **Backup:** Creates `eMxInfo-old-YYYYMMDD-HHMMSS.txt` before overwriting
-4. **Post-action:** Restarts DNC service (`LDnc.exe`)
-
-### UDC Web Server Config Details
-
-The `DeployUDCWebServerConfig` task:
-
-1. **Pre-check:** Verifies UDC is installed (`C:\Program Files\UDC` exists)
-2. **Skip:** PCs without UDC are skipped (not counted as failures)
-3. **Destination:** `C:\ProgramData\UDC\udc_webserver_settings.json`
-4. **Backup:** Creates backup before overwriting
+1. **Source:** `.reg` file specified via `-SourcePath`
+2. **Import method:** `regedit.exe /s` via one-shot scheduled task as logged-in user
+3. **HKCU support:** Runs as the logged-in user, so both HKLM and HKCU keys apply correctly
+4. **Fallback:** If no user is logged in, runs `regedit.exe /s` directly (HKLM only)
+5. **Cleanup:** Temp `.reg` file removed after import
 
 ### Dashboard/Lobby Display Install Details
 
 Both kiosk app installers:
 
 1. **Installer type:** Inno Setup (supports `/VERYSILENT`)
-2. **Execution:** Silent install with no user prompts
-3. **Cleanup:** Installer removed from temp after execution
+2. **Pre-install:** Kills running Edge kiosk via `PrepareToInstall` in Inno Setup
+3. **Execution:** Silent install with no user prompts (120-second timeout)
+4. **Post-install:** Creates a one-shot scheduled task to relaunch Edge in kiosk mode as the logged-in user (e.g. `lg044513sd`), then auto-deletes the task
+5. **Cleanup:** Installer removed from temp after execution
+6. **Connectivity:** Offline PCs are skipped with a ping check before connecting
 
 **Uninstall GUIDs:**
 - Dashboard: `{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}`
@@ -295,7 +352,7 @@ Both kiosk app installers:
 
 To add a new application for deployment, edit the script in two places:
 
-**Step 1: Add to `$KioskAppConfig` hashtable (~line 1388)**
+**Step 1: Add to `$KioskAppConfig` hashtable**
 
 ```powershell
 $KioskAppConfig = @{
@@ -304,10 +361,11 @@ $KioskAppConfig = @{
     # Add new application
     'InstallNewApp' = @{
         Action = 'Install'
-        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
+        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
         InstallerName = 'NewAppSetup.exe'
         AppName = 'New Application Name'
         UninstallGuid = '{YOUR-GUID-HERE}'  # Find in registry after manual install
+        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/your-page/'  # Optional: relaunch Edge kiosk after install
     }
     'UninstallNewApp' = @{
         Action = 'Uninstall'
@@ -334,7 +392,7 @@ $KioskAppConfig = @{
 **Step 3: Place installer on network share**
 
 ```
-\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe
+\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\NewApp\NewAppSetup.exe
 ```
 
 **Finding the Uninstall GUID:**
@@ -562,37 +620,129 @@ wuauclt /detectnow
 
 ### How to Update DNC Configurations
 
-#### Update eMx Authentication Token
+#### Update DNC MX Hosts
 
-**Scenario:** eMx authentication is failing on DNC PCs.
+**Scenario:** FtpHostPrimary/FtpHostSecondary in DNC\MX registry needs updating (hostname migration).
 
 ```powershell
 # Single PC
-.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateEMxAuthToken -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateDNCMXHosts -Credential $cred
 
 # All shopfloor PCs
-.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateEMxAuthToken -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateDNCMXHosts -Credential $cred
 ```
 
 **What it does:**
-1. Backs up existing `eMxInfo.txt` with timestamp
-2. Copies new token file from network share
-3. Verifies file was updated
+1. Checks both 32-bit (WOW6432Node) and 64-bit registry paths
+2. Only updates values matching the old hostname - skips unexpected values
+3. Safe to run on all PCs: no-ops if DNC\MX key doesn't exist
 
-#### Deploy UDC Web Server Configuration
+#### Audit DNC Config vs UDC Backup
 
-**Scenario:** UDC web server settings need to be updated.
+**Scenario:** Verify DNC registry settings match UDC backup JSON files.
 
 ```powershell
-# Deploy to PCs with UDC installed
-.\Invoke-RemoteMaintenance.ps1 -ComputerName "UDC-PC01","UDC-PC02" -Task DeployUDCWebServerConfig -Credential $cred
+.\Invoke-RemoteMaintenance.ps1 -All -Task AuditDNCConfig -Credential $cred -LogFile
 ```
 
 **What it does:**
-1. Checks if UDC is installed
-2. Backs up existing configuration
-3. Deploys new web server settings
-4. Does NOT restart UDC (requires manual restart)
+1. Reads DNC registry values (General, eFocas, Hssb, PPDCS keys)
+2. Compares against UDC backup JSON files on the network share
+3. Reports MATCH/MISMATCH/MISSING for each field
+4. Exports CSV report to `logs/`
+
+#### Check Defect Tracker Status
+
+```powershell
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CheckDefectTracker -Credential $cred
+```
+
+**What it does:**
+1. Checks if `Defect_Tracker.exe` is running on each PC
+2. Reports machine number + running status
+3. Exports CSV report to `logs/`
+
+---
+
+### How to Deploy Files
+
+**Scenario:** Push any file to remote PCs with automatic backup of existing files.
+
+#### Basic File Copy
+
+```powershell
+# Copy a config file to a specific destination
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task CopyFile `
+    -SourcePath "\\server\share\config.json" `
+    -DestinationPath "C:\ProgramData\App\config.json" `
+    -Credential $cred
+```
+
+**What it does:**
+1. Copies source file to `C:\Windows\Temp\` on remote PC via WinRM
+2. Creates backup of existing file (if any) with timestamp
+3. Moves temp file to final destination
+4. Verifies deployment
+
+#### File Copy with Post-Copy Command
+
+**Scenario:** Deploy a file and restart a service/app in the logged-in user's session.
+
+```powershell
+# Deploy eMxInfo.txt and kill DNC so it picks up the new file
+.\Invoke-RemoteMaintenance.ps1 -All -Task CopyFile `
+    -SourcePath "\\server\share\eMxInfo.txt" `
+    -DestinationPath "C:\Program Files (x86)\DNC\Server Files\eMxInfo.txt" `
+    -RunCommand "taskkill /IM DNCMain.exe /F" `
+    -Credential $cred
+
+# Deploy UDC config (no restart needed)
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task CopyFile `
+    -SourcePath "\\server\share\udc_webserver_settings.json" `
+    -DestinationPath "C:\ProgramData\UDC\udc_webserver_settings.json" `
+    -Credential $cred
+```
+
+The `-RunCommand` runs via a one-shot scheduled task as the logged-in user, so it works for user-session processes (same pattern as Dashboard/Lobby Display kiosk relaunch).
+
+---
+
+### How to Import Registry Files
+
+**Scenario:** Apply registry settings from a `.reg` file to remote PCs.
+
+```powershell
+# Import a .reg file on all shopfloor PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task ImportReg `
+    -SourcePath "\\server\share\intranet-zone.reg" `
+    -Credential $cred
+
+# Import on specific PCs
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ImportReg `
+    -SourcePath "C:\Scripts\my-settings.reg" `
+    -Credential $cred
+```
+
+**What it does (default — as logged-in user):**
+1. Copies `.reg` file to `C:\Windows\Temp\` on remote PC via WinRM
+2. Creates a one-shot scheduled task as the logged-in user
+3. Runs `regedit.exe /s` to silently import the registry file
+4. Cleans up temp file and scheduled task
+
+**HKCU support:** Because the import runs as the logged-in user (via scheduled task), both `HKLM` and `HKCU` keys in the `.reg` file are applied correctly. If no user is logged in, it falls back to direct import (HKLM only).
+
+#### HKLM-Only / System Context
+
+Use `-AsSystem` when the `.reg` file only contains `HKLM` keys and you want to skip the scheduled task overhead:
+
+```powershell
+# Import HKLM-only registry settings directly as SYSTEM
+.\Invoke-RemoteMaintenance.ps1 -All -Task ImportReg `
+    -SourcePath "\\server\share\machine-policy.reg" `
+    -AsSystem -Credential $cred
+```
+
+This runs `regedit.exe /s` directly in the WinRM session (SYSTEM context). Faster, but HKCU keys will not apply to any user.
 
 ---
 
@@ -612,22 +762,21 @@ $kiosks = @("KIOSK-01", "KIOSK-02", "KIOSK-03")
 ```
 
 **What it does:**
-1. Copies installer from network share
-2. Runs silent installation
-3. Configures auto-start
-4. Cleans up installer
+1. Pings target PC (skips if offline)
+2. Copies installer from network share to `C:\Windows\Temp\`
+3. Kills running Edge kiosk
+4. Runs silent installation (120-second timeout)
+5. Relaunches Edge kiosk via scheduled task as the logged-in user
+6. Cleans up installer and scheduled task
 
-**After installation:**
-- Run data collection to update PC type
-- Reboot PC to complete setup
+**No reboot required** — Edge relaunches automatically in the logged-in user's session.
 
 ```powershell
-# Complete Dashboard deployment sequence
-.\Invoke-RemoteMaintenance.ps1 -ComputerName "KIOSK-01" -Task InstallDashboard -Credential $cred
-.\Invoke-RemoteMaintenance.ps1 -ComputerName "KIOSK-01" -Task Reboot -Credential $cred
+# Deploy to all Dashboard kiosks
+.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task InstallDashboard -Credential $cred
 
-# After reboot, update ShopDB
-.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "KIOSK-01" -Credential $cred
+# Deploy to all Lobby Display kiosks
+.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task InstallLobbyDisplay -Credential $cred
 ```
 
 #### Install Lobby Display
diff --git a/docs/SCRIPTS_REFERENCE.md b/docs/SCRIPTS_REFERENCE.md
index 3bfa10f..ded7977 100644
--- a/docs/SCRIPTS_REFERENCE.md
+++ b/docs/SCRIPTS_REFERENCE.md
@@ -23,7 +23,7 @@ powershell-scripts/
 ## Table of Contents
 
 1. [Asset Collection Scripts](#asset-collection-scripts) (`asset-collection/`)
-2. [Remote Execution Scripts](#remote-execution-scripts) (`remote-execution/`)
+2. [Remote Execution Scripts](#remote-execution-scripts) (`S:\dt\shopfloor\scripts\remote-execution\`)
 3. [Setup & Utility Scripts](#setup--utility-scripts) (`setup-utilities/`)
 4. [Registry Backup Scripts](#registry-backup-scripts) (`registry-backup/`)
 5. [WinRM HTTPS Scripts](#winrm-https-scripts) (`winrm-https/`)
diff --git a/docs/convert_to_docx.py b/docs/convert_to_docx.py
new file mode 100644
index 0000000..8c9f88f
--- /dev/null
+++ b/docs/convert_to_docx.py
@@ -0,0 +1,308 @@
+#!/usr/bin/env python3
+"""
+Convert Markdown documentation to Word documents (.docx)
+With proper code block formatting (shaded boxes)
+"""
+
+import re
+import os
+from docx import Document
+from docx.shared import Inches, Pt, RGBColor, Twips
+from docx.enum.text import WD_ALIGN_PARAGRAPH
+from docx.enum.style import WD_STYLE_TYPE
+from docx.enum.table import WD_TABLE_ALIGNMENT
+from docx.oxml.ns import qn, nsmap
+from docx.oxml import OxmlElement
+
+def set_cell_shading(cell, color="E8E8E8"):
+    """Set cell background shading color."""
+    tc = cell._tc
+    tcPr = tc.get_or_add_tcPr()
+    shd = OxmlElement('w:shd')
+    shd.set(qn('w:fill'), color)
+    shd.set(qn('w:val'), 'clear')
+    tcPr.append(shd)
+
+def set_cell_borders(cell, color="CCCCCC"):
+    """Set cell border color."""
+    tc = cell._tc
+    tcPr = tc.get_or_add_tcPr()
+    tcBorders = OxmlElement('w:tcBorders')
+    for border_name in ['top', 'left', 'bottom', 'right']:
+        border = OxmlElement(f'w:{border_name}')
+        border.set(qn('w:val'), 'single')
+        border.set(qn('w:sz'), '4')
+        border.set(qn('w:color'), color)
+        tcBorders.append(border)
+    tcPr.append(tcBorders)
+
+def add_code_block(doc, code_text, language=""):
+    """Add a formatted code block with shading."""
+    # Create a single-cell table for the code block
+    table = doc.add_table(rows=1, cols=1)
+    table.autofit = True
+
+    cell = table.rows[0].cells[0]
+
+    # Set cell shading (light gray background)
+    set_cell_shading(cell, "F5F5F5")
+    set_cell_borders(cell, "DDDDDD")
+
+    # Clear default paragraph and add code
+    cell.paragraphs[0].clear()
+
+    # Add each line of code
+    lines = code_text.split('\n')
+    for i, line in enumerate(lines):
+        if i == 0:
+            para = cell.paragraphs[0]
+        else:
+            para = cell.add_paragraph()
+
+        para.paragraph_format.space_before = Pt(0)
+        para.paragraph_format.space_after = Pt(0)
+        para.paragraph_format.line_spacing = 1.0
+
+        run = para.add_run(line if line else ' ')  # Use space for empty lines
+        run.font.name = 'Consolas'
+        run.font.size = Pt(9)
+        run.font.color.rgb = RGBColor(0, 0, 0)
+
+    # Add spacing after the code block
+    doc.add_paragraph()
+
+def parse_markdown(md_content):
+    """Parse markdown content into structured elements."""
+    lines = md_content.split('\n')
+    elements = []
+    i = 0
+
+    while i < len(lines):
+        line = lines[i]
+
+        # Skip empty lines
+        if not line.strip():
+            i += 1
+            continue
+
+        # Headers
+        if line.startswith('# '):
+            elements.append(('h1', line[2:].strip()))
+            i += 1
+        elif line.startswith('## '):
+            elements.append(('h2', line[3:].strip()))
+            i += 1
+        elif line.startswith('### '):
+            elements.append(('h3', line[4:].strip()))
+            i += 1
+        elif line.startswith('#### '):
+            elements.append(('h4', line[5:].strip()))
+            i += 1
+
+        # Horizontal rule
+        elif line.strip() == '---':
+            elements.append(('hr', ''))
+            i += 1
+
+        # Code blocks
+        elif line.strip().startswith('```'):
+            code_lang = line.strip()[3:]
+            code_lines = []
+            i += 1
+            while i < len(lines) and not lines[i].strip().startswith('```'):
+                code_lines.append(lines[i])
+                i += 1
+            # Store language info with code
+            elements.append(('code', (code_lang, '\n'.join(code_lines))))
+            i += 1  # Skip closing ```
+
+        # Tables
+        elif '|' in line and i + 1 < len(lines) and '---' in lines[i + 1]:
+            table_lines = [line]
+            i += 1
+            while i < len(lines) and '|' in lines[i]:
+                table_lines.append(lines[i])
+                i += 1
+            elements.append(('table', table_lines))
+
+        # Bullet lists
+        elif line.strip().startswith('- ') or line.strip().startswith('* '):
+            list_items = []
+            while i < len(lines) and (lines[i].strip().startswith('- ') or lines[i].strip().startswith('* ') or (lines[i].startswith('  ') and lines[i].strip())):
+                if lines[i].strip().startswith('- ') or lines[i].strip().startswith('* '):
+                    list_items.append(lines[i].strip()[2:])
+                elif lines[i].startswith('  ') and list_items:
+                    list_items[-1] += ' ' + lines[i].strip()
+                i += 1
+            elements.append(('bullet', list_items))
+
+        # Numbered lists
+        elif re.match(r'^\d+\.\s', line.strip()):
+            list_items = []
+            while i < len(lines) and (re.match(r'^\d+\.\s', lines[i].strip()) or lines[i].startswith('   ')):
+                if re.match(r'^\d+\.\s', lines[i].strip()):
+                    list_items.append(re.sub(r'^\d+\.\s', '', lines[i].strip()))
+                elif lines[i].startswith('   ') and list_items:
+                    list_items[-1] += ' ' + lines[i].strip()
+                i += 1
+            elements.append(('numbered', list_items))
+
+        # Regular paragraph
+        else:
+            para_lines = [line]
+            i += 1
+            while i < len(lines) and lines[i].strip() and not lines[i].startswith('#') and not lines[i].startswith('```') and not lines[i].startswith('- ') and not lines[i].startswith('* ') and '|' not in lines[i] and not re.match(r'^\d+\.\s', lines[i].strip()):
+                para_lines.append(lines[i])
+                i += 1
+            elements.append(('para', ' '.join(para_lines)))
+
+    return elements
+
+def clean_text(text):
+    """Remove markdown formatting from text."""
+    # Bold
+    text = re.sub(r'\*\*([^*]+)\*\*', r'\1', text)
+    # Italic
+    text = re.sub(r'\*([^*]+)\*', r'\1', text)
+    # Code
+    text = re.sub(r'`([^`]+)`', r'\1', text)
+    # Links
+    text = re.sub(r'\[([^\]]+)\]\([^)]+\)', r'\1', text)
+    return text
+
+def add_formatted_text(paragraph, text):
+    """Add text with basic formatting to a paragraph."""
+    # Split by formatting markers and add runs
+    parts = re.split(r'(\*\*[^*]+\*\*|`[^`]+`|\[[^\]]+\]\([^)]+\))', text)
+
+    for part in parts:
+        if not part:
+            continue
+        if part.startswith('**') and part.endswith('**'):
+            run = paragraph.add_run(part[2:-2])
+            run.bold = True
+        elif part.startswith('`') and part.endswith('`'):
+            run = paragraph.add_run(part[1:-1])
+            run.font.name = 'Consolas'
+            run.font.size = Pt(9)
+            # Add light background for inline code
+            run.font.highlight_color = 15  # Light gray (WD_COLOR_INDEX.GRAY_25)
+        elif part.startswith('[') and '](' in part:
+            match = re.match(r'\[([^\]]+)\]\(([^)]+)\)', part)
+            if match:
+                run = paragraph.add_run(match.group(1))
+                run.font.color.rgb = RGBColor(0, 0, 255)
+                run.underline = True
+        else:
+            paragraph.add_run(part)
+
+def convert_md_to_docx(md_file, docx_file):
+    """Convert a markdown file to a Word document."""
+    print(f"Converting {md_file} to {docx_file}...")
+
+    with open(md_file, 'r', encoding='utf-8') as f:
+        content = f.read()
+
+    elements = parse_markdown(content)
+
+    doc = Document()
+
+    # Set default font
+    style = doc.styles['Normal']
+    style.font.name = 'Calibri'
+    style.font.size = Pt(11)
+
+    for elem_type, elem_content in elements:
+        if elem_type == 'h1':
+            p = doc.add_heading(clean_text(elem_content), level=0)
+            p.alignment = WD_ALIGN_PARAGRAPH.CENTER
+
+        elif elem_type == 'h2':
+            doc.add_heading(clean_text(elem_content), level=1)
+
+        elif elem_type == 'h3':
+            doc.add_heading(clean_text(elem_content), level=2)
+
+        elif elem_type == 'h4':
+            doc.add_heading(clean_text(elem_content), level=3)
+
+        elif elem_type == 'hr':
+            p = doc.add_paragraph()
+            p.add_run('─' * 70)
+            p.alignment = WD_ALIGN_PARAGRAPH.CENTER
+
+        elif elem_type == 'para':
+            p = doc.add_paragraph()
+            add_formatted_text(p, elem_content)
+
+        elif elem_type == 'code':
+            code_lang, code_text = elem_content
+            add_code_block(doc, code_text, code_lang)
+
+        elif elem_type == 'bullet':
+            for item in elem_content:
+                p = doc.add_paragraph(style='List Bullet')
+                add_formatted_text(p, item)
+
+        elif elem_type == 'numbered':
+            for item in elem_content:
+                p = doc.add_paragraph(style='List Number')
+                add_formatted_text(p, item)
+
+        elif elem_type == 'table':
+            # Parse table
+            rows = []
+            for line in elem_content:
+                if '---' in line:
+                    continue
+                cells = [c.strip() for c in line.split('|')[1:-1]]
+                if cells:
+                    rows.append(cells)
+
+            if rows:
+                num_cols = len(rows[0])
+                table = doc.add_table(rows=len(rows), cols=num_cols)
+                table.style = 'Table Grid'
+                table.alignment = WD_TABLE_ALIGNMENT.CENTER
+
+                for i, row in enumerate(rows):
+                    for j, cell in enumerate(row):
+                        if j < num_cols:
+                            table.rows[i].cells[j].text = clean_text(cell)
+                            # Bold and shade header row
+                            if i == 0:
+                                set_cell_shading(table.rows[i].cells[j], "E0E0E0")
+                                for para in table.rows[i].cells[j].paragraphs:
+                                    for run in para.runs:
+                                        run.bold = True
+
+                # Add spacing after table
+                doc.add_paragraph()
+
+    doc.save(docx_file)
+    print(f"  Created: {docx_file}")
+
+def main():
+    docs_dir = '/home/camp/projects/powershell/docs'
+
+    md_files = [
+        'Update-ShopfloorPCs-Remote.md',
+        'Invoke-RemoteMaintenance.md',
+        'Update-PC-CompleteAsset.md',
+        'DATA_COLLECTION_PARITY.md'
+    ]
+
+    for md_file in md_files:
+        md_path = os.path.join(docs_dir, md_file)
+        docx_path = os.path.join(docs_dir, md_file.replace('.md', '.docx'))
+
+        if os.path.exists(md_path):
+            convert_md_to_docx(md_path, docx_path)
+        else:
+            print(f"Warning: {md_path} not found")
+
+    print("\nConversion complete!")
+    print(f"Word documents saved to: {docs_dir}")
+
+if __name__ == '__main__':
+    main()
diff --git a/edncfix b/edncfix
index 28641c4..2748bfa 160000
--- a/edncfix
+++ b/edncfix
@@ -1 +1 @@
-Subproject commit 28641c47c5af83021bd6b5fefe7b6dcc22a4251b
+Subproject commit 2748bfa0373e143841deb70c4d4b5051f3cb95b6
diff --git a/fixnetworkshare/NetworkDriveManager.ps1 b/fixnetworkshare/NetworkDriveManager.ps1
new file mode 100644
index 0000000..15590f5
--- /dev/null
+++ b/fixnetworkshare/NetworkDriveManager.ps1
@@ -0,0 +1,1149 @@
+<#
+.SYNOPSIS
+    Network Drive Manager - Backup, validate credentials, and reconnect SMB shares
+.DESCRIPTION
+    This script helps users manage network drives connected to legacy domain servers.
+    It backs up current mappings, validates credentials, and reconnects drives after
+    password changes.
+.NOTES
+    Author: Cameron Proudlock / GE Aerospace
+    Version: 1.0
+    Requires: PowerShell 5.1+
+#>
+
+#Requires -Version 5.1
+
+# ============================================================================
+# CONFIGURATION - Modify these variables as needed
+# ============================================================================
+
+# Legacy domain servers to manage (add/remove as needed)
+$LegacyServers = @(
+    "tsgwp00525.rd.ds.ge.com"
+    # Add additional servers here:
+    # "server2.rd.ds.ge.com"
+    # "server3.rd.ds.ge.com"
+)
+
+# Legacy domain suffix
+$LegacyDomain = "logon.ds.ge.com"
+
+# Password reset URL
+$PasswordResetURL = "https://mypassword.ge.com"
+
+# Backup file location (OneDrive Documents)
+$OneDrivePath = [Environment]::GetFolderPath('MyDocuments')  # Falls back if OneDrive not configured
+$BackupFileName = "NetworkDriveMappings.json"
+$BackupFilePath = Join-Path -Path $OneDrivePath -ChildPath $BackupFileName
+
+# ============================================================================
+# FUNCTIONS
+# ============================================================================
+
+function Get-LegacyUsername {
+    <#
+    .SYNOPSIS
+        Derives the legacy username from the current Windows profile
+    #>
+    $currentUser = $env:USERNAME
+    return "$currentUser@$LegacyDomain"
+}
+
+function Invoke-PasswordResetFlow {
+    <#
+    .SYNOPSIS
+        Guides user through password reset and re-prompts for new credentials
+    .OUTPUTS
+        Returns new SecureString password if successful, $null if cancelled
+    #>
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host "              Password Reset Required" -ForegroundColor Yellow
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host ""
+    Write-Host "  Your legacy domain password needs to be reset." -ForegroundColor White
+    Write-Host ""
+    Write-Host "  Steps to complete:" -ForegroundColor Cyan
+    Write-Host "    1. Click 'Y' below to open the password reset portal"
+    Write-Host "    2. Reset your password at $PasswordResetURL"
+    Write-Host "    3. Return here and type 'DONE'"
+    Write-Host "    4. Wait for the 10-minute sync timer"
+    Write-Host "    5. Enter your NEW password to continue"
+    Write-Host ""
+    Write-Host "  NOTE: Password changes can take up to 10 minutes to sync" -ForegroundColor Gray
+    Write-Host "  from Azure AD to the legacy domain. The script will wait" -ForegroundColor Gray
+    Write-Host "  automatically after you confirm the reset." -ForegroundColor Gray
+    Write-Host ""
+    
+    $openPortal = Read-Host "Open password reset portal now? (Y/n)"
+    if ($openPortal.ToLower() -ne 'n') {
+        Start-Process $PasswordResetURL
+        Write-Host ""
+        Write-Host "  Browser opened to password reset portal..." -ForegroundColor Gray
+    }
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host ""
+    Write-Host "  [ ] I have reset my password at $PasswordResetURL" -ForegroundColor White
+    Write-Host ""
+    
+    $confirmed = $false
+    while (-not $confirmed) {
+        $confirmation = Read-Host "Type 'DONE' when you have reset your password (or 'CANCEL' to abort)"
+        
+        switch ($confirmation.ToUpper()) {
+            "DONE" {
+                $confirmed = $true
+            }
+            "CANCEL" {
+                Write-Host ""
+                Write-Host "  Password reset cancelled." -ForegroundColor Yellow
+                return $null
+            }
+            default {
+                Write-Host "  Please type 'DONE' or 'CANCEL'" -ForegroundColor Yellow
+            }
+        }
+    }
+    
+    Write-Host ""
+    Write-Host "  [X] Password reset confirmed!" -ForegroundColor Green
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host "           Waiting for AD Sync (~10 minutes)" -ForegroundColor Cyan
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "  Your new password needs time to sync to the legacy domain." -ForegroundColor White
+    Write-Host "  Please wait for the timer to complete, or press 'S' to skip" -ForegroundColor White
+    Write-Host "  if you've already waited." -ForegroundColor White
+    Write-Host ""
+    
+    # 10 minute countdown timer
+    $totalSeconds = 600  # 10 minutes
+    $startTime = Get-Date
+    $endTime = $startTime.AddSeconds($totalSeconds)
+    $skipped = $false
+    
+    # Check if a key is available to read (non-blocking)
+    $host.UI.RawUI.FlushInputBuffer()
+    
+    while ((Get-Date) -lt $endTime -and -not $skipped) {
+        $remaining = $endTime - (Get-Date)
+        $minutes = [math]::Floor($remaining.TotalMinutes)
+        $seconds = $remaining.Seconds
+        
+        # Create progress bar
+        $elapsed = ((Get-Date) - $startTime).TotalSeconds
+        $percentComplete = [math]::Min(100, [math]::Floor(($elapsed / $totalSeconds) * 100))
+        $barLength = 40
+        $filledLength = [math]::Floor($barLength * $percentComplete / 100)
+        $bar = ("█" * $filledLength) + ("░" * ($barLength - $filledLength))
+        
+        # Write progress on same line
+        Write-Host "`r  [$bar] $($minutes.ToString('00')):$($seconds.ToString('00')) remaining   (Press 'S' to skip)   " -NoNewline -ForegroundColor Cyan
+        
+        # Check for keypress (non-blocking)
+        if ([Console]::KeyAvailable) {
+            $key = [Console]::ReadKey($true)
+            if ($key.Key -eq 'S') {
+                $skipped = $true
+                Write-Host ""
+                Write-Host ""
+                Write-Host "  Timer skipped by user." -ForegroundColor Yellow
+            }
+        }
+        
+        Start-Sleep -Milliseconds 500
+    }
+    
+    if (-not $skipped) {
+        Write-Host ""
+        Write-Host ""
+        Write-Host "  [OK] Sync wait complete!" -ForegroundColor Green
+    }
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "  Please enter your NEW password below." -ForegroundColor White
+    Write-Host ""
+    
+    $newPassword = Read-Host "  Enter your NEW legacy password" -AsSecureString
+    
+    if ($newPassword.Length -eq 0) {
+        Write-Host ""
+        Write-Host "  [ERROR] Password cannot be empty." -ForegroundColor Red
+        return $null
+    }
+    
+    # Confirm password
+    Write-Host ""
+    $confirmPassword = Read-Host "  Confirm your NEW legacy password" -AsSecureString
+    
+    # Compare the two passwords
+    $BSTR1 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($newPassword)
+    $BSTR2 = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($confirmPassword)
+    $plain1 = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR1)
+    $plain2 = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR2)
+    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR1)
+    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR2)
+    
+    if ($plain1 -ne $plain2) {
+        Write-Host ""
+        Write-Host "  [ERROR] Passwords do not match. Please try again." -ForegroundColor Red
+        $plain1 = $null
+        $plain2 = $null
+        return $null
+    }
+    
+    $plain1 = $null
+    $plain2 = $null
+    
+    Write-Host ""
+    Write-Host "  [OK] Password confirmed!" -ForegroundColor Green
+    
+    return $newPassword
+}
+
+function Invoke-ZscalerReauthPrompt {
+    <#
+    .SYNOPSIS
+        Prompts user to re-authenticate to Zscaler and retry
+    .OUTPUTS
+        Returns $true if user wants to retry, $false to cancel
+    #>
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host "              Zscaler Re-Authentication Required" -ForegroundColor Yellow
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host ""
+    Write-Host "  The network path could not be found. This typically means" -ForegroundColor White
+    Write-Host "  your Zscaler connection needs to be re-authenticated." -ForegroundColor White
+    Write-Host ""
+    Write-Host "  Steps to fix:" -ForegroundColor Cyan
+    Write-Host "    1. Look for the Zscaler icon in your system tray"
+    Write-Host "    2. Right-click and select 'Sign In' or 'Authenticate'"
+    Write-Host "    3. Complete the authentication process"
+    Write-Host "    4. Return here and select 'Retry'"
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Yellow
+    Write-Host ""
+    
+    $retry = Read-Host "Type 'RETRY' after re-authenticating to Zscaler (or 'CANCEL' to abort)"
+    
+    return ($retry.ToUpper() -eq "RETRY")
+}
+
+function Invoke-ErrorActionHandler {
+    <#
+    .SYNOPSIS
+        Handles specific error actions and returns whether to retry
+    .OUTPUTS
+        Hashtable with:
+          - Retry: $true if operation should be retried
+          - NewPassword: SecureString if password was reset, $null otherwise
+          - Cancel: $true if user wants to cancel entirely
+    #>
+    param(
+        [Parameter(Mandatory)]
+        [string]$Action,
+        
+        [Parameter(Mandatory)]
+        [int]$ErrorCode,
+        
+        [string]$AdditionalInfo = ""
+    )
+    
+    $result = @{
+        Retry       = $false
+        NewPassword = $null
+        Cancel      = $false
+    }
+    
+    switch ($Action) {
+        "contact_manager" {
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host "                   Access Denied (Error 5)" -ForegroundColor Red
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            Write-Host "  You do not have permission to access this share." -ForegroundColor White
+            Write-Host ""
+            Write-Host "  ACTION REQUIRED:" -ForegroundColor Yellow
+            Write-Host "    Contact your manager to request access to this resource."
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+            $result.Cancel = $true
+        }
+        
+        "zscaler_reauth" {
+            $retry = Invoke-ZscalerReauthPrompt
+            $result.Retry = $retry
+            $result.Cancel = (-not $retry)
+        }
+        
+        "retry_or_zscaler" {
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host "              Connection Dropped (Error 64)" -ForegroundColor Yellow
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host ""
+            Write-Host "  The network connection was unexpectedly terminated." -ForegroundColor White
+            Write-Host ""
+            Write-Host "  This could be caused by:" -ForegroundColor Cyan
+            Write-Host "    - Zscaler connection timeout (most common)"
+            Write-Host "    - Network instability"
+            Write-Host "    - Server-side connection reset"
+            Write-Host ""
+            Write-Host "  Try re-authenticating to Zscaler first." -ForegroundColor Yellow
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host ""
+            
+            $retry = Invoke-ZscalerReauthPrompt
+            $result.Retry = $retry
+            $result.Cancel = (-not $retry)
+        }
+        
+        "verify_path" {
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host "              Invalid Share Path (Error 67)" -ForegroundColor Yellow
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host ""
+            Write-Host "  The share path appears to be invalid or malformed." -ForegroundColor White
+            if ($AdditionalInfo) {
+                Write-Host "  Path: $AdditionalInfo" -ForegroundColor Gray
+            }
+            Write-Host ""
+            Write-Host "  Possible causes:" -ForegroundColor Cyan
+            Write-Host "    - The share may have been renamed or removed"
+            Write-Host "    - The path may be incorrectly formatted"
+            Write-Host "    - Typo in the server or share name"
+            Write-Host ""
+            Write-Host "  ACTION REQUIRED:" -ForegroundColor Yellow
+            Write-Host "    Verify the share path is correct, or contact IT support"
+            Write-Host "    if you believe this share should exist."
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Yellow
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+            # Don't retry automatically - path needs manual verification
+            $result.Cancel = $true
+        }
+        
+        "reassign_drive_letter" {
+            # This is handled automatically - we'll disconnect and reconnect
+            Write-Host ""
+            Write-Host "  [INFO] Drive letter conflict detected - will reassign automatically" -ForegroundColor Cyan
+            $result.Retry = $true
+        }
+        
+        "reset_password_flow" {
+            $newPassword = Invoke-PasswordResetFlow
+            if ($null -ne $newPassword) {
+                $result.Retry = $true
+                $result.NewPassword = $newPassword
+            }
+            else {
+                $result.Cancel = $true
+            }
+        }
+        
+        "clear_connections" {
+            Write-Host ""
+            Write-Host "  [INFO] Clearing existing connections to resolve conflict..." -ForegroundColor Cyan
+            # This is handled in the main flow
+            $result.Retry = $true
+        }
+        
+        "contact_helpdesk" {
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host "                Account Issue Detected" -ForegroundColor Red
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            Write-Host "  Your account has a restriction that prevents connection." -ForegroundColor White
+            Write-Host "  Error Code: $ErrorCode" -ForegroundColor Gray
+            Write-Host ""
+            Write-Host "  ACTION REQUIRED:" -ForegroundColor Yellow
+            Write-Host "    Please contact the IT Helpdesk for assistance."
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+            $result.Cancel = $true
+        }
+        
+        "unknown_error" {
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host "                Unknown Error (Code: $ErrorCode)" -ForegroundColor Red
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            Write-Host "  An unexpected error occurred." -ForegroundColor White
+            if ($AdditionalInfo) {
+                Write-Host "  Details: $AdditionalInfo" -ForegroundColor Gray
+            }
+            Write-Host ""
+            Write-Host "  Options:" -ForegroundColor Cyan
+            Write-Host "    - Try re-authenticating to Zscaler"
+            Write-Host "    - Check your network connection"
+            Write-Host "    - Contact IT Helpdesk if the issue persists"
+            Write-Host ""
+            Write-Host "============================================================" -ForegroundColor Red
+            Write-Host ""
+            
+            $choice = Read-Host "Type 'RETRY' to try again, or press Enter to cancel"
+            $result.Retry = ($choice.ToUpper() -eq "RETRY")
+            $result.Cancel = (-not $result.Retry)
+        }
+        
+        default {
+            $result.Cancel = $true
+        }
+    }
+    
+    return $result
+}
+
+function Get-CurrentDriveMappings {
+    <#
+    .SYNOPSIS
+        Gets all current network drive mappings and filters for legacy servers
+    #>
+    param(
+        [switch]$AllDrives,
+        [string[]]$ServerFilter = $LegacyServers
+    )
+    
+    $mappings = @()
+    
+    # Get all network drives
+    $netDrives = Get-WmiObject -Class Win32_MappedLogicalDisk -ErrorAction SilentlyContinue
+    
+    foreach ($drive in $netDrives) {
+        $mapping = [PSCustomObject]@{
+            DriveLetter = $drive.DeviceID
+            RemotePath  = $drive.ProviderName
+            ServerName  = if ($drive.ProviderName -match '\\\\([^\\]+)\\') { $Matches[1] } else { $null }
+            ShareName   = if ($drive.ProviderName -match '\\\\[^\\]+\\(.+)$') { $Matches[1] } else { $null }
+            IsLegacy    = $false
+        }
+        
+        # Check if this is a legacy server drive
+        foreach ($server in $ServerFilter) {
+            if ($mapping.ServerName -like "*$server*" -or $mapping.RemotePath -like "*$server*") {
+                $mapping.IsLegacy = $true
+                break
+            }
+        }
+        
+        if ($AllDrives -or $mapping.IsLegacy) {
+            $mappings += $mapping
+        }
+    }
+    
+    return $mappings
+}
+
+function Backup-DriveMappings {
+    <#
+    .SYNOPSIS
+        Saves current drive mappings to a JSON file in OneDrive
+    #>
+    param(
+        [string]$FilePath = $BackupFilePath
+    )
+    
+    $mappings = Get-CurrentDriveMappings -AllDrives
+    
+    $backupData = [PSCustomObject]@{
+        BackupDate    = (Get-Date -Format "yyyy-MM-dd HH:mm:ss")
+        ComputerName  = $env:COMPUTERNAME
+        Username      = $env:USERNAME
+        Mappings      = $mappings
+    }
+    
+    try {
+        $backupData | ConvertTo-Json -Depth 3 | Out-File -FilePath $FilePath -Encoding UTF8 -Force
+        Write-Host "[OK] " -ForegroundColor Green -NoNewline
+        Write-Host "Backup saved to: $FilePath"
+        return $true
+    }
+    catch {
+        Write-Host "[ERROR] " -ForegroundColor Red -NoNewline
+        Write-Host "Failed to save backup: $_"
+        return $false
+    }
+}
+
+function Get-SavedMappings {
+    <#
+    .SYNOPSIS
+        Loads previously saved drive mappings from backup file
+    #>
+    param(
+        [string]$FilePath = $BackupFilePath
+    )
+    
+    if (-not (Test-Path $FilePath)) {
+        Write-Host "[WARN] " -ForegroundColor Yellow -NoNewline
+        Write-Host "No backup file found at: $FilePath"
+        return $null
+    }
+    
+    try {
+        $backupData = Get-Content -Path $FilePath -Raw | ConvertFrom-Json
+        Write-Host "[OK] " -ForegroundColor Green -NoNewline
+        Write-Host "Loaded backup from: $($backupData.BackupDate)"
+        return $backupData
+    }
+    catch {
+        Write-Host "[ERROR] " -ForegroundColor Red -NoNewline
+        Write-Host "Failed to read backup: $_"
+        return $null
+    }
+}
+
+function Test-SMBCredentials {
+    <#
+    .SYNOPSIS
+        Tests credentials against a legacy SMB server
+    .OUTPUTS
+        Returns a hashtable with Success, ErrorCode, and Message
+    #>
+    param(
+        [Parameter(Mandatory)]
+        [string]$Server,
+        
+        [Parameter(Mandatory)]
+        [string]$Username,
+        
+        [Parameter(Mandatory)]
+        [SecureString]$Password
+    )
+    
+    $result = @{
+        Success   = $false
+        ErrorCode = 0
+        Message   = ""
+        Action    = ""
+    }
+    
+    # Convert SecureString to plain text for net use (unfortunately required)
+    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
+    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
+    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
+    
+    # Try to connect to the server's IPC$ share (doesn't require a specific share to exist)
+    $testPath = "\\$Server\IPC$"
+    
+    # First, remove any existing connection to this server
+    $null = net use $testPath /delete /y 2>&1
+    
+    # Attempt connection
+    $netUseOutput = net use $testPath /user:$Username $PlainPassword 2>&1
+    $exitCode = $LASTEXITCODE
+    
+    # Clean up the test connection
+    $null = net use $testPath /delete /y 2>&1
+    
+    # Clear password from memory
+    $PlainPassword = $null
+    
+    # Interpret the result
+    switch ($exitCode) {
+        0 {
+            $result.Success = $true
+            $result.Message = "Credentials validated successfully"
+            $result.Action = "none"
+        }
+        5 {
+            $result.ErrorCode = 5
+            $result.Message = "Access denied - you may not have permission to this share"
+            $result.Action = "contact_manager"
+        }
+        53 {
+            $result.ErrorCode = 53
+            $result.Message = "Network path not found - Zscaler may need re-authentication"
+            $result.Action = "zscaler_reauth"
+        }
+        64 {
+            $result.ErrorCode = 64
+            $result.Message = "Network connection was dropped unexpectedly"
+            $result.Action = "retry_or_zscaler"
+        }
+        67 {
+            $result.ErrorCode = 67
+            $result.Message = "Network name cannot be found - invalid share path"
+            $result.Action = "verify_path"
+        }
+        85 {
+            $result.ErrorCode = 85
+            $result.Message = "Drive letter is already in use"
+            $result.Action = "reassign_drive_letter"
+        }
+        86 {
+            $result.ErrorCode = 86
+            $result.Message = "Invalid password"
+            $result.Action = "reset_password_flow"
+        }
+        1219 {
+            $result.ErrorCode = 1219
+            $result.Message = "Multiple connections to server exist with different credentials"
+            $result.Action = "clear_connections"
+        }
+        1326 {
+            $result.ErrorCode = 1326
+            $result.Message = "Logon failure - unknown username or bad password"
+            $result.Action = "reset_password_flow"
+        }
+        1327 {
+            $result.ErrorCode = 1327
+            $result.Message = "Account restriction - policy is preventing logon"
+            $result.Action = "contact_helpdesk"
+        }
+        1330 {
+            $result.ErrorCode = 1330
+            $result.Message = "Password has expired"
+            $result.Action = "reset_password_flow"
+        }
+        1331 {
+            $result.ErrorCode = 1331
+            $result.Message = "Account is disabled"
+            $result.Action = "contact_helpdesk"
+        }
+        1909 {
+            $result.ErrorCode = 1909
+            $result.Message = "Account is locked out"
+            $result.Action = "reset_password_flow"
+        }
+        default {
+            $result.ErrorCode = $exitCode
+            $result.Message = "Unknown error (code: $exitCode) - $netUseOutput"
+            $result.Action = "unknown_error"
+        }
+    }
+    
+    return $result
+}
+
+function Remove-LegacyDriveMappings {
+    <#
+    .SYNOPSIS
+        Removes all network drive mappings for legacy servers
+    #>
+    param(
+        [string[]]$Servers = $LegacyServers
+    )
+    
+    $currentMappings = Get-CurrentDriveMappings
+    $removed = @()
+    
+    foreach ($mapping in $currentMappings) {
+        if ($mapping.IsLegacy) {
+            Write-Host "  Removing $($mapping.DriveLetter) ($($mapping.RemotePath))... " -NoNewline
+            
+            $result = net use $mapping.DriveLetter /delete /y 2>&1
+            
+            if ($LASTEXITCODE -eq 0) {
+                Write-Host "OK" -ForegroundColor Green
+                $removed += $mapping
+            }
+            else {
+                Write-Host "Failed" -ForegroundColor Red
+            }
+        }
+    }
+    
+    # Also clear any cached connections to these servers
+    foreach ($server in $Servers) {
+        $null = net use "\\$server\IPC$" /delete /y 2>&1
+    }
+    
+    return $removed
+}
+
+function Remove-WindowsCredentials {
+    <#
+    .SYNOPSIS
+        Removes stored Windows credentials for legacy servers
+    #>
+    param(
+        [string[]]$Servers = $LegacyServers
+    )
+    
+    foreach ($server in $Servers) {
+        Write-Host "  Clearing credentials for $server... " -NoNewline
+        
+        # Try different credential target formats
+        $targets = @(
+            $server,
+            "Domain:target=$server",
+            "LegacyGeneric:target=$server",
+            "*$server*"
+        )
+        
+        $cleared = $false
+        foreach ($target in $targets) {
+            $result = cmdkey /delete:$target 2>&1
+            if ($LASTEXITCODE -eq 0) {
+                $cleared = $true
+            }
+        }
+        
+        if ($cleared) {
+            Write-Host "OK" -ForegroundColor Green
+        }
+        else {
+            Write-Host "Not found/Already cleared" -ForegroundColor Yellow
+        }
+    }
+}
+
+function Add-DriveMappings {
+    <#
+    .SYNOPSIS
+        Reconnects drive mappings with new credentials
+        Handles error 85 (drive letter in use) automatically
+    #>
+    param(
+        [Parameter(Mandatory)]
+        [PSCustomObject[]]$Mappings,
+        
+        [Parameter(Mandatory)]
+        [string]$Username,
+        
+        [Parameter(Mandatory)]
+        [SecureString]$Password
+    )
+    
+    # Convert SecureString to plain text
+    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
+    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
+    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
+    
+    $results = @()
+    
+    foreach ($mapping in $Mappings) {
+        if (-not $mapping.IsLegacy) { continue }
+        
+        Write-Host "  Mapping $($mapping.DriveLetter) to $($mapping.RemotePath)... " -NoNewline
+        
+        # First attempt
+        $netUseOutput = net use $mapping.DriveLetter $mapping.RemotePath /user:$Username $PlainPassword /persistent:yes 2>&1
+        $exitCode = $LASTEXITCODE
+        
+        # Handle error 85 - drive letter already in use
+        if ($exitCode -eq 85) {
+            Write-Host "in use, reassigning... " -NoNewline -ForegroundColor Yellow
+            
+            # Try to disconnect the existing mapping
+            $null = net use $mapping.DriveLetter /delete /y 2>&1
+            Start-Sleep -Milliseconds 500
+            
+            # Retry the mapping
+            $netUseOutput = net use $mapping.DriveLetter $mapping.RemotePath /user:$Username $PlainPassword /persistent:yes 2>&1
+            $exitCode = $LASTEXITCODE
+        }
+        
+        $mapResult = [PSCustomObject]@{
+            DriveLetter = $mapping.DriveLetter
+            RemotePath  = $mapping.RemotePath
+            Success     = ($exitCode -eq 0)
+            ErrorCode   = $exitCode
+            Message     = $netUseOutput
+        }
+        
+        if ($exitCode -eq 0) {
+            Write-Host "OK" -ForegroundColor Green
+        }
+        else {
+            Write-Host "Failed (Error: $exitCode)" -ForegroundColor Red
+        }
+        
+        $results += $mapResult
+    }
+    
+    # Clear password from memory
+    $PlainPassword = $null
+    
+    return $results
+}
+
+function Show-Menu {
+    <#
+    .SYNOPSIS
+        Displays the main menu
+    #>
+    Clear-Host
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host "       GE Aerospace - Network Drive Manager" -ForegroundColor Cyan
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "  Current User: $env:USERNAME" -ForegroundColor Gray
+    Write-Host "  Legacy User:  $(Get-LegacyUsername)" -ForegroundColor Gray
+    Write-Host "  Backup File:  $BackupFilePath" -ForegroundColor Gray
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "  1. " -NoNewline -ForegroundColor Yellow
+    Write-Host "View current network drive mappings"
+    Write-Host "  2. " -NoNewline -ForegroundColor Yellow
+    Write-Host "Backup current mappings to OneDrive"
+    Write-Host "  3. " -NoNewline -ForegroundColor Yellow
+    Write-Host "Test legacy credentials"
+    Write-Host "  4. " -NoNewline -ForegroundColor Yellow
+    Write-Host "Full reset - Disconnect, clear creds, and reconnect drives"
+    Write-Host "  5. " -NoNewline -ForegroundColor Yellow
+    Write-Host "Restore drives from backup"
+    Write-Host "  6. " -NoNewline -ForegroundColor Yellow
+    Write-Host "Open password reset portal"
+    Write-Host ""
+    Write-Host "  Q. " -NoNewline -ForegroundColor Red
+    Write-Host "Quit"
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+}
+
+function Invoke-FullReset {
+    <#
+    .SYNOPSIS
+        Performs full credential reset and drive reconnection
+        With intelligent error handling and retry logic
+    #>
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host "       Full Credential Reset & Drive Reconnection" -ForegroundColor Cyan
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host ""
+    
+    # Step 1: Backup current mappings
+    Write-Host "[Step 1/5] Backing up current drive mappings..." -ForegroundColor Yellow
+    $backupSuccess = Backup-DriveMappings
+    if (-not $backupSuccess) {
+        Write-Host ""
+        $continue = Read-Host "Backup failed. Continue anyway? (y/N)"
+        if ($continue -ne 'y') { return }
+    }
+    
+    # Load the backup we just made (or existing one)
+    $savedMappings = Get-SavedMappings
+    $legacyMappings = $savedMappings.Mappings | Where-Object { $_.IsLegacy -eq $true }
+    
+    if (-not $legacyMappings -or $legacyMappings.Count -eq 0) {
+        Write-Host ""
+        Write-Host "[WARN] " -ForegroundColor Yellow -NoNewline
+        Write-Host "No legacy drive mappings found to restore."
+        Write-Host "       Press Enter to return to menu..."
+        Read-Host
+        return
+    }
+    
+    Write-Host ""
+    Write-Host "Found $($legacyMappings.Count) legacy drive(s) to manage:" -ForegroundColor Cyan
+    foreach ($map in $legacyMappings) {
+        Write-Host "  $($map.DriveLetter) -> $($map.RemotePath)" -ForegroundColor Gray
+    }
+    Write-Host ""
+    
+    # Step 2: Get credentials from user
+    Write-Host "[Step 2/5] Enter your legacy domain credentials" -ForegroundColor Yellow
+    $legacyUser = Get-LegacyUsername
+    Write-Host "  Username: $legacyUser" -ForegroundColor Gray
+    Write-Host ""
+    $password = Read-Host "  Enter your legacy password" -AsSecureString
+    
+    if ($password.Length -eq 0) {
+        Write-Host "[ERROR] " -ForegroundColor Red -NoNewline
+        Write-Host "Password cannot be empty."
+        Read-Host "Press Enter to return to menu..."
+        return
+    }
+    
+    # Step 3: Test credentials first (with retry loop for errors)
+    $credentialsValid = $false
+    $maxRetries = 3
+    $retryCount = 0
+    
+    while (-not $credentialsValid -and $retryCount -lt $maxRetries) {
+        Write-Host ""
+        Write-Host "[Step 3/5] Testing credentials against $($LegacyServers[0])..." -ForegroundColor Yellow
+        $testResult = Test-SMBCredentials -Server $LegacyServers[0] -Username $legacyUser -Password $password
+        
+        if ($testResult.Success) {
+            $credentialsValid = $true
+            Write-Host "[OK] " -ForegroundColor Green -NoNewline
+            Write-Host "Credentials validated successfully!"
+        }
+        else {
+            Write-Host ""
+            Write-Host "[FAILED] " -ForegroundColor Red -NoNewline
+            Write-Host $testResult.Message
+            
+            # Handle the specific error
+            $errorHandler = Invoke-ErrorActionHandler -Action $testResult.Action -ErrorCode $testResult.ErrorCode
+            
+            if ($errorHandler.Cancel) {
+                Write-Host ""
+                Write-Host "Operation cancelled." -ForegroundColor Yellow
+                Read-Host "Press Enter to return to menu..."
+                return
+            }
+            
+            if ($errorHandler.NewPassword) {
+                # User reset their password - use the new one
+                $password = $errorHandler.NewPassword
+                Write-Host ""
+                Write-Host "  Retrying with new password..." -ForegroundColor Cyan
+            }
+            elseif ($errorHandler.Retry) {
+                # Retry with same credentials (e.g., after Zscaler reauth)
+                Write-Host ""
+                Write-Host "  Retrying..." -ForegroundColor Cyan
+            }
+            
+            $retryCount++
+        }
+    }
+    
+    if (-not $credentialsValid) {
+        Write-Host ""
+        Write-Host "[ERROR] " -ForegroundColor Red -NoNewline
+        Write-Host "Maximum retry attempts reached. Please try again later."
+        Read-Host "Press Enter to return to menu..."
+        return
+    }
+    
+    Write-Host ""
+    
+    # Step 4: Remove existing mappings and credentials
+    Write-Host "[Step 4/5] Removing existing mappings and credentials..." -ForegroundColor Yellow
+    Remove-LegacyDriveMappings
+    Remove-WindowsCredentials
+    
+    Write-Host ""
+    
+    # Step 5: Reconnect drives (with individual error handling)
+    Write-Host "[Step 5/5] Reconnecting drives with new credentials..." -ForegroundColor Yellow
+    $mapResults = Add-DriveMappings -Mappings $legacyMappings -Username $legacyUser -Password $password
+    
+    # Check for failures that need individual handling
+    $failedMappings = $mapResults | Where-Object { -not $_.Success }
+    
+    foreach ($failed in $failedMappings) {
+        Write-Host ""
+        Write-Host "  Handling failed mapping: $($failed.DriveLetter)" -ForegroundColor Yellow
+        
+        # Determine the action based on error code
+        $action = switch ($failed.ErrorCode) {
+            5   { "contact_manager" }
+            53  { "zscaler_reauth" }
+            64  { "retry_or_zscaler" }
+            67  { "verify_path" }
+            86  { "reset_password_flow" }
+            1326 { "reset_password_flow" }
+            1330 { "reset_password_flow" }
+            1909 { "reset_password_flow" }
+            default { "unknown_error" }
+        }
+        
+        $errorHandler = Invoke-ErrorActionHandler -Action $action -ErrorCode $failed.ErrorCode -AdditionalInfo $failed.RemotePath
+        
+        if ($errorHandler.Retry -and -not $errorHandler.Cancel) {
+            if ($errorHandler.NewPassword) {
+                $password = $errorHandler.NewPassword
+            }
+            
+            # Retry just this one mapping
+            Write-Host "  Retrying $($failed.DriveLetter)... " -NoNewline
+            
+            $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
+            $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
+            [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
+            
+            $retryOutput = net use $failed.DriveLetter $failed.RemotePath /user:$legacyUser $PlainPassword /persistent:yes 2>&1
+            $PlainPassword = $null
+            
+            if ($LASTEXITCODE -eq 0) {
+                Write-Host "OK" -ForegroundColor Green
+                # Update the result
+                $failed.Success = $true
+                $failed.ErrorCode = 0
+            }
+            else {
+                Write-Host "Still failed (Error: $LASTEXITCODE)" -ForegroundColor Red
+            }
+        }
+    }
+    
+    Write-Host ""
+    Write-Host "============================================================" -ForegroundColor Cyan
+    Write-Host "                        Summary" -ForegroundColor Cyan
+    Write-Host "============================================================" -ForegroundColor Cyan
+    
+    $successCount = ($mapResults | Where-Object { $_.Success }).Count
+    $failCount = ($mapResults | Where-Object { -not $_.Success }).Count
+    
+    Write-Host ""
+    Write-Host "  Successful: " -NoNewline
+    Write-Host $successCount -ForegroundColor Green
+    Write-Host "  Failed:     " -NoNewline
+    Write-Host $failCount -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "Green" })
+    Write-Host ""
+    
+    if ($failCount -gt 0) {
+        Write-Host "Failed mappings:" -ForegroundColor Red
+        foreach ($result in ($mapResults | Where-Object { -not $_.Success })) {
+            Write-Host "  $($result.DriveLetter) - Error $($result.ErrorCode)" -ForegroundColor Red
+        }
+        Write-Host ""
+        Write-Host "  You may need to map these drives manually or contact IT support." -ForegroundColor Yellow
+    }
+    
+    Write-Host ""
+    Read-Host "Press Enter to return to menu..."
+}
+
+# ============================================================================
+# MAIN SCRIPT
+# ============================================================================
+
+# Check if running interactively or with parameters
+param(
+    [switch]$Silent,
+    [switch]$BackupOnly,
+    [switch]$Reset
+)
+
+if ($BackupOnly) {
+    Backup-DriveMappings
+    exit 0
+}
+
+if ($Reset) {
+    # Non-interactive reset - would need credentials passed in or prompted
+    Write-Host "Non-interactive reset not yet implemented. Please run without -Reset for interactive mode."
+    exit 1
+}
+
+# Interactive menu loop
+do {
+    Show-Menu
+    $choice = Read-Host "Select an option"
+    
+    switch ($choice.ToLower()) {
+        "1" {
+            # View current mappings
+            Write-Host ""
+            Write-Host "Current Network Drive Mappings:" -ForegroundColor Cyan
+            Write-Host "================================" -ForegroundColor Cyan
+            $mappings = Get-CurrentDriveMappings -AllDrives
+            
+            if ($mappings.Count -eq 0) {
+                Write-Host "  No network drives mapped." -ForegroundColor Yellow
+            }
+            else {
+                foreach ($map in $mappings) {
+                    $legacyTag = if ($map.IsLegacy) { " [LEGACY]" } else { "" }
+                    $color = if ($map.IsLegacy) { "Yellow" } else { "Gray" }
+                    Write-Host "  $($map.DriveLetter) -> $($map.RemotePath)$legacyTag" -ForegroundColor $color
+                }
+            }
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+        }
+        "2" {
+            # Backup mappings
+            Write-Host ""
+            Backup-DriveMappings
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+        }
+        "3" {
+            # Test credentials
+            Write-Host ""
+            Write-Host "Testing Legacy Credentials" -ForegroundColor Cyan
+            Write-Host "==========================" -ForegroundColor Cyan
+            $legacyUser = Get-LegacyUsername
+            Write-Host "Username: $legacyUser" -ForegroundColor Gray
+            Write-Host ""
+            $password = Read-Host "Enter your legacy password" -AsSecureString
+            
+            Write-Host ""
+            Write-Host "Testing against servers..." -ForegroundColor Yellow
+            
+            foreach ($server in $LegacyServers) {
+                Write-Host "  $server... " -NoNewline
+                $result = Test-SMBCredentials -Server $server -Username $legacyUser -Password $password
+                
+                if ($result.Success) {
+                    Write-Host "OK" -ForegroundColor Green
+                }
+                else {
+                    Write-Host "FAILED - $($result.Message)" -ForegroundColor Red
+                }
+            }
+            
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+        }
+        "4" {
+            # Full reset
+            Invoke-FullReset
+        }
+        "5" {
+            # Restore from backup
+            Write-Host ""
+            $savedMappings = Get-SavedMappings
+            
+            if ($savedMappings) {
+                Write-Host ""
+                Write-Host "Saved mappings from $($savedMappings.BackupDate):" -ForegroundColor Cyan
+                foreach ($map in $savedMappings.Mappings) {
+                    $legacyTag = if ($map.IsLegacy) { " [LEGACY]" } else { "" }
+                    Write-Host "  $($map.DriveLetter) -> $($map.RemotePath)$legacyTag"
+                }
+                
+                Write-Host ""
+                $restore = Read-Host "Restore legacy drives from this backup? (y/N)"
+                
+                if ($restore -eq 'y') {
+                    $legacyUser = Get-LegacyUsername
+                    Write-Host ""
+                    Write-Host "Username: $legacyUser" -ForegroundColor Gray
+                    $password = Read-Host "Enter your legacy password" -AsSecureString
+                    
+                    $legacyMappings = $savedMappings.Mappings | Where-Object { $_.IsLegacy }
+                    Add-DriveMappings -Mappings $legacyMappings -Username $legacyUser -Password $password
+                }
+            }
+            
+            Write-Host ""
+            Read-Host "Press Enter to continue..."
+        }
+        "6" {
+            # Open password portal
+            Write-Host ""
+            Write-Host "Opening $PasswordResetURL ..." -ForegroundColor Cyan
+            Start-Process $PasswordResetURL
+            Start-Sleep -Seconds 2
+        }
+        "q" {
+            Write-Host ""
+            Write-Host "Goodbye!" -ForegroundColor Cyan
+        }
+        default {
+            Write-Host ""
+            Write-Host "Invalid option. Please try again." -ForegroundColor Red
+            Start-Sleep -Seconds 1
+        }
+    }
+} while ($choice.ToLower() -ne 'q')
diff --git a/minimal-asset/Update-PC-Minimal.ps1 b/minimal-asset/Update-PC-Minimal.ps1
index 7f42ce3..5ffc607 100644
--- a/minimal-asset/Update-PC-Minimal.ps1
+++ b/minimal-asset/Update-PC-Minimal.ps1
@@ -160,9 +160,9 @@ try {
         # Machine numbers that indicate specific PC types (these ARE valid machine numbers)
         $machineTypeIndicators = @{
             "^0?600$"                    = "Wax Trace"    # Wax trace machines
-            "^0?(612|613|615)$"          = "Part Marker"  # Part marker machines
-            "^M?(612|613|615)$"          = "Part Marker"  # Part marker machines (M prefix)
-            "^8003$"                     = "Part Marker"  # Part marker machines
+            "^0?(612|613|615)$"          = "Inspection"  # Part marker machines
+            "^M?(612|613|615)$"          = "Inspection"  # Part marker machines (M prefix)
+            "^8003$"                     = "Inspection"  # Part marker machines
         }
 
         # Check if machine number indicates a specific PC type
diff --git a/remote-execution/DeployOpenTextProfiles-Examples.txt b/remote-execution/DeployOpenTextProfiles-Examples.txt
new file mode 100644
index 0000000..73a1d0a
--- /dev/null
+++ b/remote-execution/DeployOpenTextProfiles-Examples.txt
@@ -0,0 +1,29 @@
+# DeployOpenTextProfiles - Example Usage
+# Source: \\tsgwp00525.wjs.geaerospace.net\shared\dt\csf\
+
+# Single PC
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DeployOpenTextProfiles
+
+# Multiple PCs
+.\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF","G1ZTNCX4ESF","G1ZTNCX5ESF" -Task DeployOpenTextProfiles
+
+# All shopfloor PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task DeployOpenTextProfiles
+
+# Wax / Trace PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType "Wax / Trace" -Task DeployOpenTextProfiles
+
+# Keyence PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Keyence -Task DeployOpenTextProfiles
+
+# Genspect PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Genspect -Task DeployOpenTextProfiles
+
+# Heat Treat PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType "Heat Treat" -Task DeployOpenTextProfiles
+
+# CMM PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task DeployOpenTextProfiles
+
+# Inspection PCs
+.\Invoke-RemoteMaintenance.ps1 -PcType Inspection -Task DeployOpenTextProfiles
diff --git a/remote-execution/INSTRUCTIONS.txt b/remote-execution/INSTRUCTIONS.txt
index 618151d..a7e3643 100644
--- a/remote-execution/INSTRUCTIONS.txt
+++ b/remote-execution/INSTRUCTIONS.txt
@@ -13,8 +13,11 @@ REQUIREMENTS
 
   - PowerShell 5.1+
   - Run as Administrator (required for scheduling only)
-  - Invoke-RemoteMaintenance.ps1 in the same folder
-  - A PC list text file (one hostname per line)
+  - ALL scripts must be in the SAME folder:
+      Invoke-RemoteMaintenance.ps1
+      Schedule-Maintenance.ps1
+      Export-PCList.ps1
+      shopfloor-pcs.txt (or your PC list file)
 
 
 ============================================================
@@ -34,53 +37,92 @@ PARAMETERS
 
 
 ============================================================
-USAGE
+STEP 1: Save Credentials (one time)
 ============================================================
 
-1. SAVE CREDENTIALS (one time, does not require admin)
+  .\Schedule-Maintenance.ps1 -SaveCredential -Username "DS\570005354" -Password "MyP@ssw0rd"
 
-   .\Schedule-Maintenance.ps1 -SaveCredential -Username "DS\570005354" -Password "MyP@ssw0rd"
-
-   - Encrypted with Windows DPAPI
-   - Only your user account on this machine can decrypt
-   - Re-run if your password changes
-
-
-2. RUN IMMEDIATELY (does not require admin)
-
-   .\Schedule-Maintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot
-
-
-3. SCHEDULE A ONE-TIME TASK (requires admin)
-
-   # Reboot one PC today at 3:00 PM
-   .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\test-reboot.txt" -Task Reboot -TaskFrequency Once -TaskTime "15:00" -TaskDate "2026-02-19"
-
-   # Reboot all PCs Sunday Feb 22 at 12:01 AM
-   .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot -TaskFrequency Once -TaskTime "00:01" -TaskDate "2026-02-22"
-
-
-4. SCHEDULE A RECURRING TASK (requires admin)
-
-   # Every Sunday at 12:01 AM
-   .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot -TaskFrequency Weekly -TaskDay Sunday -TaskTime "00:01"
-
-   # Every day at 2:00 AM
-   .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\shopfloor-pcs.txt" -Task DiskCleanup -TaskFrequency Daily -TaskTime "02:00"
-
-
-5. MANAGE SCHEDULED TASKS
-
-   Get-ScheduledTask | Where-Object { $_.TaskName -like "ShopfloorMaintenance*" }
-   Start-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot"
-   Unregister-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot"
+  - Encrypted with AES-256 key
+  - Works from normal or admin PowerShell
+  - Stored in .creds\ folder (not plaintext)
+  - Re-run if your password changes
 
 
 ============================================================
-LOGS
+STEP 2: Generate PC List
 ============================================================
 
-  .\logs\maintenance-YYYY-MM-DD_HHMMSS-TaskName.log
+  # All shopfloor PCs from API
+  .\Export-PCList.ps1
+
+  # Filter by type
+  .\Export-PCList.ps1 -PcType Shopfloor
+
+  # Single PC for testing
+  "G63TVG04ESF" | Out-File -FilePath ".\test-reboot.txt" -Encoding UTF8
+
+
+============================================================
+STEP 3: Run or Schedule
+============================================================
+
+  RUN IMMEDIATELY (no admin needed):
+    .\Schedule-Maintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot
+
+  SCHEDULE ONE-TIME (admin required):
+    .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot -TaskFrequency Once -TaskTime "00:01" -TaskDate "2026-02-22"
+
+  SCHEDULE RECURRING (admin required):
+    .\Schedule-Maintenance.ps1 -CreateScheduledTask -ComputerListFile ".\shopfloor-pcs.txt" -Task Reboot -TaskFrequency Weekly -TaskDay Sunday -TaskTime "00:01"
+
+
+============================================================
+CHECKING RESULTS
+============================================================
+
+  AFTER A SCHEDULED RUN:
+    Get-Content ".\logs\LAST-RUN-SUMMARY.txt"
+
+  FULL LOG (most recent):
+    Get-ChildItem ".\logs\" -Filter "maintenance-*-Reboot.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 1 | Get-Content
+
+  CHECK IF TASK RAN:
+    Get-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot" | Get-ScheduledTaskInfo
+
+    LastTaskResult = 0 means success
+    Anything else means it errored before writing logs
+
+  LOGS LOCATION:
+    .\logs\    (inside your scripts folder)
+
+
+============================================================
+MANAGING SCHEDULED TASKS
+============================================================
+
+  # List maintenance tasks
+  Get-ScheduledTask | Where-Object { $_.TaskName -like "ShopfloorMaintenance*" }
+
+  # Run now (don't wait for schedule)
+  Start-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot"
+
+  # Delete a task
+  Unregister-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot"
+
+  # Or use: Task Scheduler GUI (taskschd.msc)
+
+
+============================================================
+AVAILABLE TASKS
+============================================================
+
+  Reboot, DISM, SFC, OptimizeDisk, DiskCleanup,
+  ClearUpdateCache, ClearBrowserCache, RestartSpooler,
+  FlushDNS, RestartWinRM, SetTimezone, SyncTime,
+  UpdateEMxAuthToken, DeployUDCWebServerConfig,
+  UpdateDNCMXHosts,
+  InstallDashboard, InstallLobbyDisplay,
+  UninstallDashboard, UninstallLobbyDisplay
 
 
 ============================================================
@@ -88,13 +130,24 @@ TROUBLESHOOTING
 ============================================================
 
   "No saved credentials found"
-    -> Run -SaveCredential with -Username and -Password
+    -> .\Schedule-Maintenance.ps1 -SaveCredential -Username "DS\user" -Password "pass"
 
   "Access is denied" when scheduling
     -> Right-click PowerShell -> Run as Administrator
 
   "No credentials provided. Exiting."
-    -> GUI prompt failed. Use -Username and -Password flags
+    -> Use -Username and -Password flags instead of GUI prompt
+
+  No logs folder / empty logs
+    -> Task may not have run yet. Check:
+       Get-ScheduledTask -TaskName "ShopfloorMaintenance-Reboot" | Get-ScheduledTaskInfo
 
   Password changed
-    -> Re-run -SaveCredential with new password
+    -> .\Schedule-Maintenance.ps1 -SaveCredential -Username "DS\user" -Password "newpass"
+
+  NOTE ABOUT "Running as AEROAD\SSO":
+    This is normal. The scheduled task runs as your Windows login.
+    It still uses your SAVED credentials for WinRM connections
+    to the remote shopfloor PCs. Two separate accounts:
+      1. Your Windows login = runs the script
+      2. Saved credentials = connects to remote PCs
diff --git a/remote-execution/Invoke-RemoteMaintenance.ps1 b/remote-execution/Invoke-RemoteMaintenance.ps1
index 13cd28e..00413e1 100644
--- a/remote-execution/Invoke-RemoteMaintenance.ps1
+++ b/remote-execution/Invoke-RemoteMaintenance.ps1
@@ -48,10 +48,22 @@
       - SyncTime         : Force time sync with domain controller
 
     DNC:
-      - UpdateEMxAuthToken       : Update eMx auth token (eMxInfo.txt) from network share (backs up old file first)
-      - DeployUDCWebServerConfig  : Deploy UDC web server settings to PCs with UDC installed
+      - UpdateDNCMXHosts         : Update FtpHostPrimary/Secondary in DNC\MX registry key (both 32-bit and 64-bit paths)
+      - AuditDNCConfig           : Compare DNC registry settings against UDC backup JSON files, report mismatches
+      - CheckDefectTracker       : Check if Defect_Tracker.exe is running on target PCs (reports machine number + status)
+      - BackupNTLARS             : Export DNC registry (NTLARS settings + subkeys) to .reg file, save to \\tsgwp00525 backup share
+                                    Named by machine number (from DNC\General\MachineNo), falls back to serial number
+      - VerifyNTLARS             : Compare collected .reg backups against ShopDB - reports which machines are missing backups
+
+    FILE DEPLOYMENT:
+      - CopyFile                : Copy file from -SourcePath to -DestinationPath on remote PCs (backs up existing files)
+      - ImportReg               : Copy .reg file from -SourcePath to remote PCs and execute reg import
+      - DeployOpenTextProfiles  : Deploy OpenText HostExplorer profiles, accessories, keymaps, and menus to ProgramData
+                                   and all user AppData\Roaming profiles. Kills hostex32.exe, deploys from csf.zip,
+                                   then relaunches HostExplorer with WJ Shopfloor profile as the logged-in user.
 
     SYSTEM:
+      - GPUpdate         : Force Group Policy refresh (gpupdate /force)
       - Reboot           : Restart the computer (30 second delay)
 
     SOFTWARE DEPLOYMENT:
@@ -60,6 +72,23 @@
       - UninstallDashboard    : Uninstall GE Aerospace Dashboard
       - UninstallLobbyDisplay : Uninstall GE Aerospace Lobby Display
 
+.PARAMETER SourcePath
+    Source file path (local or UNC) for CopyFile and ImportReg tasks.
+
+.PARAMETER DestinationPath
+    Destination file path on remote PCs for CopyFile task.
+
+.PARAMETER RunCommand
+    Optional command to execute after CopyFile completes.
+    By default runs as the logged-in user via a scheduled task (for user-session
+    processes like Edge kiosk). Use -AsSystem to run in the WinRM session instead.
+    Example: "taskkill /IM MyApp.exe /F"
+
+.PARAMETER AsSystem
+    Run ImportReg and -RunCommand directly in the WinRM session (SYSTEM context)
+    instead of as the logged-in user via scheduled task.
+    Use this for HKLM-only registry imports or system-level commands.
+
 .PARAMETER Credential
     PSCredential for remote authentication. Prompts if not provided.
 
@@ -109,6 +138,30 @@
     # Uninstall Dashboard from a PC
     .\Invoke-RemoteMaintenance.ps1 -ComputerName "PC001" -Task UninstallDashboard
 
+.EXAMPLE
+    # Copy a config file to remote PCs
+    .\Invoke-RemoteMaintenance.ps1 -ComputerName "PC001" -Task CopyFile -SourcePath "\\server\share\config.json" -DestinationPath "C:\ProgramData\App\config.json"
+
+.EXAMPLE
+    # Copy file and restart an app as the logged-in user
+    .\Invoke-RemoteMaintenance.ps1 -All -Task CopyFile -SourcePath "\\server\share\eMxInfo.txt" -DestinationPath "C:\Program Files (x86)\DNC\Server Files\eMxInfo.txt" -RunCommand "taskkill /IM DNCMain.exe /F"
+
+.EXAMPLE
+    # Import a .reg file on remote PCs (runs as logged-in user for HKCU support)
+    .\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task ImportReg -SourcePath "\\server\share\intranet-zone.reg"
+
+.EXAMPLE
+    # Deploy OpenText HostExplorer profiles to a single PC
+    .\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DeployOpenTextProfiles
+
+.EXAMPLE
+    # Deploy OpenText HostExplorer profiles to all shopfloor PCs
+    .\Invoke-RemoteMaintenance.ps1 -PcType Shopfloor -Task DeployOpenTextProfiles
+
+.EXAMPLE
+    # Deploy OpenText HostExplorer profiles to all Keyence PCs
+    .\Invoke-RemoteMaintenance.ps1 -PcType Keyence -Task DeployOpenTextProfiles
+
 .NOTES
     Author: Shop Floor Tools
     Date: 2025-12-26
@@ -139,7 +192,8 @@ param(
     [ValidateSet(
         'DISM', 'SFC', 'OptimizeDisk', 'DiskCleanup', 'ClearUpdateCache',
         'RestartSpooler', 'FlushDNS', 'ClearBrowserCache', 'RestartWinRM',
-        'SetTimezone', 'SyncTime', 'UpdateEMxAuthToken', 'DeployUDCWebServerConfig', 'Reboot',
+        'SetTimezone', 'SyncTime', 'UpdateDNCMXHosts', 'AuditDNCConfig', 'CheckDefectTracker', 'BackupNTLARS', 'VerifyNTLARS', 'GPUpdate', 'Reboot',
+        'CopyFile', 'ImportReg', 'DeployOpenTextProfiles',
         'InstallDashboard', 'InstallLobbyDisplay', 'UninstallDashboard', 'UninstallLobbyDisplay'
     )]
     [string]$Task,
@@ -148,13 +202,31 @@ param(
     [PSCredential]$Credential,
 
     [Parameter()]
-    [string]$ApiUrl = "https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp",
+    [string]$ApiUrl = "https://tsgwp00525.wjs.geaerospace.net/shopdb/api.asp",
 
     [Parameter()]
     [string]$DnsSuffix = "logon.ds.ge.com",
 
     [Parameter()]
-    [int]$ThrottleLimit = 5
+    [int]$ThrottleLimit = 5,
+
+    [Parameter()]
+    [string]$SourcePath,
+
+    [Parameter()]
+    [string]$DestinationPath,
+
+    [Parameter()]
+    [string]$RunCommand,
+
+    [Parameter()]
+    [switch]$AsSystem,
+
+    [Parameter()]
+    [PSCredential]$ShareCredential,
+
+    [Parameter()]
+    [switch]$LogFile
 )
 
 # =============================================================================
@@ -756,271 +828,633 @@ $TaskScripts = @{
     }
 
     # -------------------------------------------------------------------------
-    # UpdateEMxAuthToken - Backup and prepare for file copy (runs on remote PC)
-    # The actual file is pushed via Copy-Item -ToSession from the caller
+    # CopyFile - General-purpose file deployment to remote PCs
+    # File is pushed to C:\Windows\Temp\ via Copy-Item -ToSession, then
+    # moved to the destination. Optionally runs a post-copy command as the
+    # logged-in user via a one-shot scheduled task.
     # -------------------------------------------------------------------------
-    'UpdateEMxAuthToken' = {
-        param($SourceFileContent)
+    'CopyFile' = {
+        param($DestinationPath, $RunCommand, [bool]$AsSystem = $false)
 
         $result = @{
             Success = $false
-            Task = 'UpdateEMxAuthToken'
+            Task = 'CopyFile'
             Hostname = $env:COMPUTERNAME
             Output = ""
             Error = $null
-            FailReason = ""
-            PathsUpdated = @()
-            PathsFailed = @()
-            BackupsCreated = @()
-            TempFile = ""
-            DNCKilled = $false
-            DNCRestarted = $false
+            BackupCreated = $false
+            CommandRan = $false
         }
 
-        $destFile = "eMxInfo.txt"
-        $tempPath = "C:\Windows\Temp\eMxInfo.txt"
-
-        # Check both possible DNC installation paths
-        $destDirs = @(
-            "C:\Program Files (x86)\DNC\Server Files",
-            "C:\Program Files\DNC\Server Files"
-        )
+        $fileName = Split-Path $DestinationPath -Leaf
+        $tempPath = "C:\Windows\Temp\$fileName"
 
         try {
-            # Check if temp file was pushed
+            # Verify temp file was pushed
             if (-not (Test-Path $tempPath)) {
-                $result.FailReason = "Source file not found at $tempPath - file push may have failed"
-                $result.Error = $result.FailReason
-                Write-Output $result.FailReason
+                $result.Error = "Source file not found at $tempPath - file push may have failed"
+                Write-Output $result.Error
                 return $result
             }
 
-            # Track which paths exist
-            $validPaths = @()
-            foreach ($destDir in $destDirs) {
-                if (Test-Path $destDir) {
-                    $validPaths += $destDir
-                }
+            # Create destination directory if needed
+            $destDir = Split-Path $DestinationPath -Parent
+            if (-not (Test-Path $destDir)) {
+                New-Item -Path $destDir -ItemType Directory -Force | Out-Null
+                Write-Output "Created directory: $destDir"
             }
 
-            if ($validPaths.Count -eq 0) {
-                $result.FailReason = "No DNC Server Files directory found in Program Files or Program Files (x86)"
-                $result.Error = $result.FailReason
-                Write-Output $result.FailReason
-                # Clean up temp file
-                Remove-Item $tempPath -Force -ErrorAction SilentlyContinue
+            # Backup existing file
+            if (Test-Path $DestinationPath) {
+                $dateStamp = Get-Date -Format "yyyyMMdd-HHmmss"
+                $ext = [System.IO.Path]::GetExtension($fileName)
+                $base = [System.IO.Path]::GetFileNameWithoutExtension($fileName)
+                $backupName = "${base}-old-${dateStamp}${ext}"
+                $backupPath = Join-Path $destDir $backupName
+
+                Copy-Item -Path $DestinationPath -Destination $backupPath -Force -ErrorAction Stop
+                $result.BackupCreated = $true
+                Write-Output "Backed up existing file to: $backupName"
+            }
+
+            # Move temp file to destination
+            Move-Item -Path $tempPath -Destination $DestinationPath -Force -ErrorAction Stop
+
+            # Verify
+            if (-not (Test-Path $DestinationPath)) {
+                $result.Error = "File not found at destination after move"
+                Write-Output $result.Error
                 return $result
             }
 
-            Write-Output "Found $($validPaths.Count) DNC installation(s)"
+            $result.Success = $true
+            $result.Output = "Deployed to $DestinationPath"
+            if ($result.BackupCreated) { $result.Output += " (backup created)" }
+            Write-Output $result.Output
 
-            # Kill DNCMain.exe before copying
-            Write-Output "Stopping DNCMain.exe..."
-            $dncProcess = Get-Process -Name "DNCMain" -ErrorAction SilentlyContinue
-            if ($dncProcess) {
-                try {
-                    taskkill /IM DNCMain.exe /F 2>&1 | Out-Null
-                    Start-Sleep -Seconds 2
-                    $result.DNCKilled = $true
-                    Write-Output "  DNCMain.exe stopped"
-                } catch {
-                    Write-Output "  Warning: Could not stop DNCMain.exe - $($_.Exception.Message)"
-                }
-            } else {
-                Write-Output "  DNCMain.exe not running"
-            }
-
-            # Process each valid path
-            foreach ($destDir in $validPaths) {
-                $destPath = Join-Path $destDir $destFile
-                $pathLabel = if ($destDir -like "*x86*") { "x86" } else { "x64" }
-
-                Write-Output "Processing $pathLabel path: $destDir"
-
-                # Check if destination file exists and back it up
-                if (Test-Path $destPath) {
-                    $dateStamp = Get-Date -Format "yyyyMMdd"
-                    $backupName = "eMxInfo-old-$dateStamp.txt"
-                    $backupPath = Join-Path $destDir $backupName
-
-                    Write-Output "  File exists, renaming to $backupName..."
-
-                    try {
-                        # Remove existing backup if same date
-                        if (Test-Path $backupPath) {
-                            Remove-Item $backupPath -Force -ErrorAction Stop
-                        }
-
-                        Rename-Item -Path $destPath -NewName $backupName -Force -ErrorAction Stop
-                        $result.BackupsCreated += "$pathLabel`:$backupName"
-                    } catch {
-                        $result.PathsFailed += "$pathLabel`: Failed to rename - $($_.Exception.Message)"
-                        Write-Output "  FAILED to rename: $($_.Exception.Message)"
-                        continue
-                    }
+            # Run optional post-copy command
+            if ($RunCommand) {
+                if ($AsSystem) {
+                    # Run directly in WinRM session (SYSTEM context)
+                    Write-Output "Running post-copy command as SYSTEM..."
+                    $cmdOutput = & cmd.exe /c $RunCommand 2>&1
+                    $result.CommandRan = $true
+                    $result.Output += " | Post-copy command executed as SYSTEM"
+                    Write-Output "  Post-copy command completed"
                 } else {
-                    Write-Output "  File does not exist, creating new..."
-                }
+                    # Run as logged-in user via scheduled task
+                    $loggedInUser = (Get-WmiObject -Class Win32_ComputerSystem).UserName
 
-                # Copy from temp location to destination
-                try {
-                    Copy-Item -Path $tempPath -Destination $destPath -Force -ErrorAction Stop
+                    if ($loggedInUser) {
+                        $taskName = "CopyFilePostCmd_$(Get-Random)"
+                        Write-Output "Running post-copy command as $loggedInUser..."
 
-                    # Verify the copy
-                    if (Test-Path $destPath) {
-                        $result.PathsUpdated += $pathLabel
-                        Write-Output "  SUCCESS"
+                        $action = New-ScheduledTaskAction -Execute "cmd.exe" -Argument "/c $RunCommand"
+                        $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddSeconds(3)
+                        Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -User $loggedInUser -Force | Out-Null
+
+                        Start-Sleep -Seconds 8
+
+                        $taskInfo = Get-ScheduledTaskInfo -TaskName $taskName -ErrorAction SilentlyContinue
+                        Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
+
+                        $result.CommandRan = $true
+                        $result.Output += " | Post-copy command executed as $loggedInUser"
+                        Write-Output "  Post-copy command completed"
                     } else {
-                        $result.PathsFailed += "$pathLabel`: Copy succeeded but file not found"
-                        Write-Output "  FAILED: File not found after copy"
-                    }
-                } catch {
-                    $result.PathsFailed += "$pathLabel`: Failed to copy - $($_.Exception.Message)"
-                    Write-Output "  FAILED to copy: $($_.Exception.Message)"
-                }
-            }
-
-            # Clean up temp file
-            Remove-Item $tempPath -Force -ErrorAction SilentlyContinue
-
-            # Determine overall success
-            if ($result.PathsUpdated.Count -gt 0) {
-                $result.Success = $true
-                $result.Output = "Updated: $($result.PathsUpdated -join ', ')"
-                if ($result.BackupsCreated.Count -gt 0) {
-                    $result.Output += " | Backups: $($result.BackupsCreated -join ', ')"
-                }
-                if ($result.PathsFailed.Count -gt 0) {
-                    $result.Output += " | Failed: $($result.PathsFailed.Count)"
-                }
-
-                # Restart DNC - find LDnc.exe in one of the valid paths
-                Write-Output "Starting LDnc.exe..."
-                $ldncStarted = $false
-                foreach ($destDir in $validPaths) {
-                    $ldncPath = Join-Path $destDir "LDnc.exe"
-                    if (Test-Path $ldncPath) {
-                        try {
-                            Start-Process -FilePath $ldncPath -ErrorAction Stop
-                            $result.DNCRestarted = $true
-                            $ldncStarted = $true
-                            Write-Output "  LDnc.exe started from $destDir"
-                            break
-                        } catch {
-                            Write-Output "  Warning: Could not start LDnc.exe from $destDir - $($_.Exception.Message)"
-                        }
+                        $result.Output += " | No logged-in user found, post-copy command skipped"
+                        Write-Output "  Warning: No logged-in user - post-copy command skipped"
                     }
                 }
-                if (-not $ldncStarted) {
-                    Write-Output "  Warning: LDnc.exe not found or could not be started"
-                }
-
-                $result.Output += " | DNC restarted: $($result.DNCRestarted)"
-            } else {
-                $result.FailReason = "All paths failed: $($result.PathsFailed -join '; ')"
-                $result.Error = $result.FailReason
             }
 
         } catch {
-            $result.FailReason = "Unexpected error: $($_.Exception.Message)"
-            $result.Error = $result.FailReason
-            Write-Output $result.FailReason
+            $result.Error = $_.Exception.Message
+            Write-Output "Error: $($result.Error)"
+            Remove-Item $tempPath -Force -ErrorAction SilentlyContinue
         }
 
         return $result
     }
 
     # -------------------------------------------------------------------------
-    # DeployUDCWebServerConfig - Deploy udc_webserver_settings.json to UDC PCs
-    # The actual file is pushed via Copy-Item -ToSession from the caller
+    # DeployOpenTextProfiles - Deploy HostExplorer config files to ProgramData
+    # A single zip is pushed to C:\Windows\Temp\, extracted, then files are
+    # copied to ProgramData destinations, overwriting existing.
     # -------------------------------------------------------------------------
-    'DeployUDCWebServerConfig' = {
+    'DeployOpenTextProfiles' = {
         $result = @{
             Success = $false
-            Task = 'DeployUDCWebServerConfig'
+            Task = 'DeployOpenTextProfiles'
             Hostname = $env:COMPUTERNAME
             Output = ""
             Error = $null
-            FailReason = ""
-            UDCInstalled = $false
-            BackupCreated = $false
+            FilesDeployed = 0
+            UserProfile = ""
         }
 
-        $udcInstallDir = "C:\Program Files\UDC"
-        $destDir = "C:\ProgramData\UDC"
-        $destFile = "udc_webserver_settings.json"
-        $destPath = Join-Path $destDir $destFile
-        $tempPath = "C:\Windows\Temp\udc_webserver_settings.json"
+        $tempZip = "C:\Windows\Temp\csf.zip"
+        $tempExtract = "C:\Windows\Temp\csf"
+        $pdRoot = "C:\ProgramData\Hummingbird\Connectivity\15.00\Shared"
+
+        # Build deploy map: ProgramData destinations
+        $deployMap = @(
+            @{ Source = "$tempExtract\Profile";              Dest = "$pdRoot\Profile" }
+            @{ Source = "$tempExtract\Accessories\EB";       Dest = "$pdRoot\Accessories\EB" }
+            @{ Source = "$tempExtract\HostExplorer\Keymap";  Dest = "$pdRoot\HostExplorer\Keymap" }
+            @{ Source = "$tempExtract\HostExplorer\Menu";    Dest = "$pdRoot\HostExplorer\Menu" }
+        )
+
+        # Add AppData\Roaming destinations for all user profiles
+        $skipUsers = @('Public', 'Default', 'Default User', 'All Users')
+        $userProfiles = Get-ChildItem "C:\Users" -Directory | Where-Object {
+            ($skipUsers -notcontains $_.Name) -and (Test-Path (Join-Path $_.FullName "AppData\Roaming"))
+        }
+
+        $userCount = 0
+        foreach ($profile in $userProfiles) {
+            $adRoot = "$($profile.FullName)\AppData\Roaming\Hummingbird\Connectivity\15.00"
+            $deployMap += @(
+                @{ Source = "$tempExtract\Profile";              Dest = "$adRoot\Profile" }
+                @{ Source = "$tempExtract\Accessories\EB";       Dest = "$adRoot\Accessories\EB" }
+                @{ Source = "$tempExtract\HostExplorer\Keymap";  Dest = "$adRoot\HostExplorer\Keymap" }
+                @{ Source = "$tempExtract\HostExplorer\Menu";    Dest = "$adRoot\HostExplorer\Menu" }
+            )
+            $userCount++
+            Write-Output "Found user profile: $($profile.Name)"
+        }
+        $result.UserProfile = "$userCount user(s)"
+        if ($userCount -eq 0) { Write-Output "WARNING: No user profiles found under C:\Users" }
 
         try {
-            # Check if UDC is installed
-            if (-not (Test-Path $udcInstallDir)) {
-                $result.FailReason = "UDC not installed ($udcInstallDir not found) - skipping"
-                $result.Output = $result.FailReason
-                Write-Output $result.FailReason
+            if (-not (Test-Path $tempZip)) {
+                $result.Error = "Zip file not found at $tempZip - file push may have failed"
+                Write-Output $result.Error
                 return $result
             }
 
-            $result.UDCInstalled = $true
-            Write-Output "UDC installation found at $udcInstallDir"
-
-            # Check if temp file was pushed
-            if (-not (Test-Path $tempPath)) {
-                $result.FailReason = "Source file not found at $tempPath - file push may have failed"
-                $result.Error = $result.FailReason
-                Write-Output $result.FailReason
-                return $result
-            }
-
-            # Create destination directory if it doesn't exist
-            if (-not (Test-Path $destDir)) {
-                New-Item -Path $destDir -ItemType Directory -Force | Out-Null
-                Write-Output "Created directory: $destDir"
-            }
-
-            # Backup existing config if present
-            if (Test-Path $destPath) {
-                $dateStamp = Get-Date -Format "yyyyMMdd"
-                $backupName = "udc_webserver_settings-old-$dateStamp.json"
-                $backupPath = Join-Path $destDir $backupName
-
-                Write-Output "Existing config found, backing up to $backupName..."
-
-                try {
-                    if (Test-Path $backupPath) {
-                        Remove-Item $backupPath -Force -ErrorAction Stop
-                    }
-                    Rename-Item -Path $destPath -NewName $backupName -Force -ErrorAction Stop
-                    $result.BackupCreated = $true
-                } catch {
-                    Write-Output "Warning: Could not backup existing config - $($_.Exception.Message)"
-                }
-            }
-
-            # Copy from temp location to destination
-            Copy-Item -Path $tempPath -Destination $destPath -Force -ErrorAction Stop
-
-            # Verify the copy
-            if (Test-Path $destPath) {
-                $result.Success = $true
-                $result.Output = "Config deployed to $destPath"
-                if ($result.BackupCreated) {
-                    $result.Output += " (backup created)"
-                }
-                Write-Output "SUCCESS: $($result.Output)"
+            # Kill HostExplorer if running
+            $hostex = Get-Process -Name "hostex32" -ErrorAction SilentlyContinue
+            if ($hostex) {
+                Stop-Process -Name "hostex32" -Force -ErrorAction SilentlyContinue
+                Write-Output "Killed hostex32.exe"
             } else {
-                $result.FailReason = "Copy succeeded but file not found at destination"
-                $result.Error = $result.FailReason
-                Write-Output "FAILED: $($result.FailReason)"
+                Write-Output "hostex32.exe not running"
             }
 
-            # Clean up temp file
-            Remove-Item $tempPath -Force -ErrorAction SilentlyContinue
+            # Extract zip
+            if (Test-Path $tempExtract) { Remove-Item -Path $tempExtract -Recurse -Force }
+            Expand-Archive -Path $tempZip -DestinationPath $tempExtract -Force
+            Write-Output "Extracted csf.zip to $tempExtract"
+
+            foreach ($mapping in $deployMap) {
+                if (-not (Test-Path $mapping.Source)) { continue }
+
+                # Create destination directory if needed
+                if (-not (Test-Path $mapping.Dest)) {
+                    New-Item -Path $mapping.Dest -ItemType Directory -Force | Out-Null
+                    Write-Output "Created directory: $($mapping.Dest)"
+                }
+
+                $files = Get-ChildItem -Path $mapping.Source -File
+                foreach ($file in $files) {
+                    $destFile = Join-Path $mapping.Dest $file.Name
+                    Copy-Item -Path $file.FullName -Destination $destFile -Force -ErrorAction Stop
+                    $result.FilesDeployed++
+                    Write-Output "  Deployed: $($file.Name) -> $($mapping.Dest)"
+                }
+            }
+
+            # Cleanup temp files
+            Remove-Item -Path $tempZip -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $tempExtract -Recurse -Force -ErrorAction SilentlyContinue
+
+            # Relaunch HostExplorer with WJ Shopfloor profile as logged-in user
+            # Must run from the user's Profile directory: hostex32.exe -P "WJ Shopfloor.hep"
+            $loggedInUser = (Get-WmiObject -Class Win32_ComputerSystem).UserName
+            if ($loggedInUser) {
+                $hostexPath = "C:\Program Files\Hummingbird\Connectivity\15.00\HostExplorer\hostex32.exe"
+                $username = ($loggedInUser -split '\\')[-1]
+                $profileDir = "C:\Users\$username\AppData\Roaming\Hummingbird\Connectivity\15.00\Profile"
+
+                if ((Test-Path $hostexPath) -and (Test-Path $profileDir)) {
+                    $taskName = "OpenTextRelaunch_$(Get-Random)"
+                    $action = New-ScheduledTaskAction -Execute $hostexPath -Argument "-P `"WJ Shopfloor.hep`"" -WorkingDirectory $profileDir
+                    $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddSeconds(3)
+                    Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -User $loggedInUser -Force | Out-Null
+
+                    Start-Sleep -Seconds 5
+                    Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
+
+                    Write-Output "Relaunched hostex32.exe -P 'WJ Shopfloor.hep' as $loggedInUser from $profileDir"
+                } else {
+                    Write-Output "WARNING: hostex32.exe or profile directory not found - skipping relaunch"
+                }
+            } else {
+                Write-Output "WARNING: No logged-in user found - skipping relaunch"
+            }
+
+            $result.Success = $true
+            $result.Output = "Deployed $($result.FilesDeployed) files to ProgramData + $($result.UserProfile)"
+            Write-Output $result.Output
 
         } catch {
-            $result.FailReason = "Unexpected error: $($_.Exception.Message)"
-            $result.Error = $result.FailReason
-            Write-Output $result.FailReason
+            $result.Error = $_.Exception.Message
+            Write-Output "Error: $($result.Error)"
+            Remove-Item -Path $tempZip -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path $tempExtract -Recurse -Force -ErrorAction SilentlyContinue
+        }
+
+        return $result
+    }
+
+    # -------------------------------------------------------------------------
+    # ImportReg - Import a .reg file on remote PCs
+    # File is pushed to C:\Windows\Temp\ via Copy-Item -ToSession, then
+    # imported via a one-shot scheduled task running as the logged-in user
+    # so that both HKLM and HKCU keys are applied correctly.
+    # -------------------------------------------------------------------------
+    'ImportReg' = {
+        param($RegFileName, [bool]$AsSystem = $false)
+
+        $result = @{
+            Success = $false
+            Task = 'ImportReg'
+            Hostname = $env:COMPUTERNAME
+            Output = ""
+            Error = $null
+        }
+
+        $tempRegPath = "C:\Windows\Temp\$RegFileName"
+
+        try {
+            if (-not (Test-Path $tempRegPath)) {
+                $result.Error = "Registry file not found at $tempRegPath - file push may have failed"
+                Write-Output $result.Error
+                return $result
+            }
+
+            if ($AsSystem) {
+                # Run directly in WinRM session (SYSTEM context) - HKLM only
+                Write-Output "Importing $RegFileName directly as SYSTEM..."
+                $regOutput = & regedit.exe /s "$tempRegPath" 2>&1
+                $result.Success = $true
+                $result.Output = "Registry imported as SYSTEM (HKCU keys will not apply to logged-in user)"
+            } else {
+                $loggedInUser = (Get-WmiObject -Class Win32_ComputerSystem).UserName
+
+                if ($loggedInUser) {
+                    # Use scheduled task as logged-in user (handles HKCU keys)
+                    $taskName = "ImportReg_$(Get-Random)"
+                    Write-Output "Importing $RegFileName as $loggedInUser via scheduled task..."
+
+                    $action = New-ScheduledTaskAction -Execute "regedit.exe" -Argument "/s `"$tempRegPath`""
+                    $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddSeconds(3)
+                    Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -User $loggedInUser -Force | Out-Null
+
+                    Start-Sleep -Seconds 8
+
+                    $taskInfo = Get-ScheduledTaskInfo -TaskName $taskName -ErrorAction SilentlyContinue
+                    $lastResult = if ($taskInfo) { $taskInfo.LastTaskResult } else { -1 }
+
+                    Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
+
+                    if ($lastResult -eq 0) {
+                        $result.Success = $true
+                        $result.Output = "Registry imported successfully as $loggedInUser"
+                    } else {
+                        $result.Success = $true  # Task ran, regedit /s doesn't reliably set exit codes
+                        $result.Output = "Registry import task completed as $loggedInUser (task result: $lastResult)"
+                    }
+                } else {
+                    # No user logged in - direct import (HKLM only)
+                    Write-Output "No logged-in user, importing directly (HKLM only)..."
+                    $regOutput = & regedit.exe /s "$tempRegPath" 2>&1
+                    $result.Success = $true
+                    $result.Output = "Registry imported directly (no logged-in user, HKCU keys will not apply)"
+                }
+            }
+
+            Write-Output $result.Output
+
+        } catch {
+            $result.Error = $_.Exception.Message
+            Write-Output "Error: $($result.Error)"
+        } finally {
+            Remove-Item $tempRegPath -Force -ErrorAction SilentlyContinue
+        }
+
+        return $result
+    }
+
+    # -------------------------------------------------------------------------
+    # UpdateDNCMXHosts - Update FtpHostPrimary/Secondary in DNC\MX registry
+    # Checks both WOW6432Node (32-bit) and native 64-bit registry paths.
+    # Only updates values that match the old hostname - skips anything else.
+    # Safe to run on all shopfloor PCs: no-ops if DNC\MX key doesn't exist.
+    # -------------------------------------------------------------------------
+    'UpdateDNCMXHosts' = {
+        $result = @{
+            Success   = $false
+            Task      = 'UpdateDNCMXHosts'
+            Hostname  = $env:COMPUTERNAME
+            Output    = ""
+            Error     = $null
+            FailReason = ""
+            Changed   = @()
+            Skipped   = @()
+            Warnings  = @()
+        }
+
+        $OldHost   = "tsgwp00525.us.ae.ge.com"
+        $NewHost   = "tsgwp00525.wjs.geaerospace.net"
+        $ValueNames = @("FtpHostPrimary", "FtpHostSecondary")
+        $RegPaths  = @(
+            "HKLM:\SOFTWARE\WOW6432Node\GE Aircraft Engines\DNC\MX",
+            "HKLM:\SOFTWARE\GE Aircraft Engines\DNC\MX"
+        )
+
+        try {
+            $anyKeyFound = $false
+
+            foreach ($regPath in $RegPaths) {
+                if (-not (Test-Path $regPath)) {
+                    continue
+                }
+
+                $anyKeyFound = $true
+
+                foreach ($valueName in $ValueNames) {
+                    try {
+                        $current = (Get-ItemProperty -Path $regPath -Name $valueName -ErrorAction Stop).$valueName
+
+                        if ($current -eq $OldHost) {
+                            Set-ItemProperty -Path $regPath -Name $valueName -Value $NewHost -ErrorAction Stop
+                            $result.Changed += "$valueName @ $(Split-Path $regPath -Leaf): $OldHost -> $NewHost"
+                        } elseif ($current -eq $NewHost) {
+                            $result.Skipped += "$valueName @ $(Split-Path $regPath -Leaf): already correct"
+                        } else {
+                            $result.Warnings += "$valueName @ $(Split-Path $regPath -Leaf): unexpected value '$current' - NOT modified"
+                        }
+                    } catch {
+                        $result.Skipped += "$valueName @ $(Split-Path $regPath -Leaf): value not found"
+                    }
+                }
+            }
+
+            if (-not $anyKeyFound) {
+                # PC doesn't have DNC\MX at all - not an error, just not applicable
+                $result.Success = $true
+                $result.Output  = "DNC\MX key not present - PC does not use MX DNC (skipped)"
+                return $result
+            }
+
+            $result.Success = $true
+            $result.Output  = if ($result.Changed.Count -gt 0 -and $result.Warnings.Count -gt 0) {
+                "Updated $($result.Changed.Count) value(s), $($result.Warnings.Count) unexpected value(s) - review output"
+            } elseif ($result.Changed.Count -gt 0) {
+                "Updated $($result.Changed.Count) value(s)"
+            } elseif ($result.Warnings.Count -gt 0) {
+                "$($result.Warnings.Count) unexpected value(s) - review output"
+            } else {
+                "No changes needed"
+            }
+
+        } catch {
+            $result.FailReason = $_.Exception.Message
+            $result.Error      = $result.FailReason
+        }
+
+        return $result
+    }
+
+    # -------------------------------------------------------------------------
+    # AuditDNCConfig - Read DNC registry values for comparison with UDC backup
+    # Reads General, eFocas, and Hssb keys from both 32-bit and 64-bit paths.
+    # -------------------------------------------------------------------------
+    'AuditDNCConfig' = {
+        $result = @{
+            Success    = $false
+            Task       = 'AuditDNCConfig'
+            Hostname   = $env:COMPUTERNAME
+            Error      = $null
+            Values     = @{}
+            FoundDNC   = $false
+        }
+
+        $regRoots = @(
+            "HKLM:\SOFTWARE\WOW6432Node\GE Aircraft Engines\DNC",
+            "HKLM:\SOFTWARE\GE Aircraft Engines\DNC"
+        )
+
+        try {
+            foreach ($root in $regRoots) {
+                if (Test-Path $root) {
+                    $result.FoundDNC = $true
+
+                    # General subkey
+                    $generalPath = Join-Path $root "General"
+                    if (Test-Path $generalPath) {
+                        $props = Get-ItemProperty -Path $generalPath -ErrorAction SilentlyContinue
+                        if ($props.MachineNo) { $result.Values['General_MachineNo'] = [string]$props.MachineNo }
+                        if ($props.NcIF)      { $result.Values['General_NcIF']      = [string]$props.NcIF }
+                        if ($null -ne $props.DualPath) { $result.Values['General_DualPath'] = [string]$props.DualPath }
+                    }
+
+                    # eFocas subkey
+                    $efocasPath = Join-Path $root "eFocas"
+                    if (Test-Path $efocasPath) {
+                        $props = Get-ItemProperty -Path $efocasPath -ErrorAction SilentlyContinue
+                        if ($props.IpAddr)    { $result.Values['eFocas_IpAddr']    = [string]$props.IpAddr }
+                        if ($null -ne $props.SocketNo)  { $result.Values['eFocas_SocketNo']  = [string]$props.SocketNo }
+                        if ($null -ne $props.DualPath)  { $result.Values['eFocas_DualPath']  = [string]$props.DualPath }
+                    }
+
+                    # Hssb subkey
+                    $hssbPath = Join-Path $root "Hssb"
+                    if (Test-Path $hssbPath) {
+                        $props = Get-ItemProperty -Path $hssbPath -ErrorAction SilentlyContinue
+                        if ($null -ne $props.KRelay1) { $result.Values['Hssb_KRelay1'] = [string][int]$props.KRelay1 }
+                    }
+
+                    # PPDCS subkey
+                    $ppdcsPath = Join-Path $root "PPDCS"
+                    if (Test-Path $ppdcsPath) {
+                        $props = Get-ItemProperty -Path $ppdcsPath -ErrorAction SilentlyContinue
+                        if ($null -ne $props.'CycleStart Inhibits') { $result.Values['PPDCS_CycleStartInhibits'] = [string]$props.'CycleStart Inhibits' }
+                    }
+
+                    # Found values in this root, no need to check the other
+                    if ($result.Values.Count -gt 0) { break }
+                }
+            }
+
+            $result.Success = $true
+        } catch {
+            $result.Error = $_.Exception.Message
+        }
+
+        return $result
+    }
+
+    # -------------------------------------------------------------------------
+    # CheckDefectTracker - Check if Defect_Tracker.exe is running
+    # -------------------------------------------------------------------------
+    'CheckDefectTracker' = {
+        $result = @{
+            Success  = $false
+            Task     = 'CheckDefectTracker'
+            Hostname = $env:COMPUTERNAME
+            Running  = $false
+            Output   = ''
+            Error    = $null
+        }
+
+        try {
+            $output = & tasklist /FI "IMAGENAME eq Defect_Tracker.exe" /NH 2>&1
+            $result.Output = ($output | Out-String).Trim()
+            $result.Running = $result.Output -match 'Defect_Tracker\.exe'
+            $result.Success = $true
+        } catch {
+            $result.Error = $_.Exception.Message
+        }
+
+        return $result
+    }
+
+    # -------------------------------------------------------------------------
+    # BackupNTLARS - Export DNC registry tree to .reg content
+    # Returns the .reg file content + machine number + serial number.
+    # Uses PowerShell registry provider (Get-ItemProperty) instead of reg.exe
+    # because GE Group Policy blocks reg.exe on managed workstations.
+    # The caller writes the file to the backup share (avoids WinRM double-hop).
+    # -------------------------------------------------------------------------
+    'BackupNTLARS' = {
+        $result = @{
+            Success    = $false
+            Task       = 'BackupNTLARS'
+            Hostname   = $env:COMPUTERNAME
+            Error      = $null
+            MachineNo  = $null
+            Serial     = $null
+            RegContent = $null
+            FoundDNC   = $false
+        }
+
+        $regRoots = @(
+            "HKLM:\SOFTWARE\WOW6432Node\GE Aircraft Engines\DNC",
+            "HKLM:\SOFTWARE\GE Aircraft Engines\DNC"
+        )
+
+        try {
+            # Get serial number for fallback naming
+            $bios = Get-WmiObject Win32_BIOS -ErrorAction SilentlyContinue
+            if ($bios.SerialNumber -and $bios.SerialNumber -ne "To be filled by O.E.M.") {
+                $result.Serial = $bios.SerialNumber.Trim()
+            }
+
+            # Find DNC registry root
+            $dncRoot = $null
+            foreach ($root in $regRoots) {
+                if (Test-Path $root) {
+                    $dncRoot = $root
+                    $result.FoundDNC = $true
+                    break
+                }
+            }
+
+            if (-not $dncRoot) {
+                $result.Success = $true
+                return $result
+            }
+
+            # Read machine number from DNC\General
+            $generalPath = Join-Path $dncRoot "General"
+            if (Test-Path $generalPath) {
+                $props = Get-ItemProperty -Path $generalPath -ErrorAction SilentlyContinue
+                if ($props.MachineNo) {
+                    $result.MachineNo = [string]$props.MachineNo
+                }
+            }
+
+            # Build .reg file content using PowerShell registry provider
+            # (reg.exe is blocked by GE Group Policy)
+            $regLines = @()
+            $regLines += "Windows Registry Editor Version 5.00"
+            $regLines += ""
+            $regLines += "; NTLARS DNC Registry Backup"
+            $regLines += "; Computer: $env:COMPUTERNAME"
+            $regLines += "; Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
+            $regLines += ""
+
+            # Recursive function to export a key and all subkeys
+            function Export-RegKey {
+                param([string]$Path)
+
+                # Handle both "HKLM:\..." and "Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\..."
+                $regPath = $Path -replace '^Microsoft\.PowerShell\.Core\\Registry::', '' -replace '^HKLM:\\', 'HKEY_LOCAL_MACHINE\'
+                $lines = @()
+                $lines += "[$regPath]"
+
+                # Export values in this key
+                $item = Get-Item -Path $Path -ErrorAction SilentlyContinue
+                if ($item) {
+                    foreach ($valueName in $item.GetValueNames()) {
+                        $valueData = $item.GetValue($valueName, $null, 'DoNotExpandEnvironmentNames')
+                        $valueKind = $item.GetValueKind($valueName)
+
+                        # Format the value name
+                        $nameStr = if ($valueName -eq '') { '@' } else { "`"$valueName`"" }
+
+                        switch ($valueKind) {
+                            'String' {
+                                $escaped = [string]$valueData -replace '\\', '\\' -replace '"', '\"'
+                                $lines += "$nameStr=`"$escaped`""
+                            }
+                            'DWord' {
+                                $lines += "$nameStr=dword:$($valueData.ToString('x8'))"
+                            }
+                            'QWord' {
+                                $lines += "$nameStr=hex(b):$(([BitConverter]::GetBytes([long]$valueData) | ForEach-Object { $_.ToString('x2') }) -join ',')"
+                            }
+                            'Binary' {
+                                $hexStr = ($valueData | ForEach-Object { $_.ToString('x2') }) -join ','
+                                $lines += "$nameStr=hex:$hexStr"
+                            }
+                            'MultiString' {
+                                # Multi-string: UTF-16LE encoded, double-null terminated
+                                $raw = [System.Text.Encoding]::Unicode.GetBytes(($valueData -join "`0") + "`0`0")
+                                $hexStr = ($raw | ForEach-Object { $_.ToString('x2') }) -join ','
+                                $lines += "$nameStr=hex(7):$hexStr"
+                            }
+                            'ExpandString' {
+                                $raw = [System.Text.Encoding]::Unicode.GetBytes($valueData + "`0")
+                                $hexStr = ($raw | ForEach-Object { $_.ToString('x2') }) -join ','
+                                $lines += "$nameStr=hex(2):$hexStr"
+                            }
+                            default {
+                                $lines += "; Unsupported type $valueKind for $valueName"
+                            }
+                        }
+                    }
+                }
+
+                $lines += ""
+
+                # Recurse into subkeys
+                $subKeys = Get-ChildItem -Path $Path -ErrorAction SilentlyContinue
+                foreach ($sub in $subKeys) {
+                    $lines += Export-RegKey -Path $sub.PSPath
+                }
+
+                return $lines
+            }
+
+            $regLines += Export-RegKey -Path $dncRoot
+            $result.RegContent = $regLines -join "`r`n"
+            $result.Success = $true
+        } catch {
+            $result.Error = $_.Exception.Message
         }
 
         return $result
@@ -1030,7 +1464,7 @@ $TaskScripts = @{
     # InstallDashboard / InstallLobbyDisplay - Install kiosk app
     # -------------------------------------------------------------------------
     'InstallKioskApp' = {
-        param($InstallerPath, $AppName)
+        param($InstallerPath, $AppName, $KioskUrl)
 
         $result = @{
             Success = $false
@@ -1049,14 +1483,41 @@ $TaskScripts = @{
             }
 
             Write-Output "Installing $AppName..."
-            $proc = Start-Process -FilePath $InstallerPath -ArgumentList "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART" -Wait -PassThru -WindowStyle Hidden
+            $proc = Start-Process -FilePath $InstallerPath -ArgumentList "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART" -PassThru -WindowStyle Hidden
+
+            # Wait up to 120 seconds for installer to finish
+            $completed = $proc.WaitForExit(120000)
 
             # Clean up installer
             Remove-Item $InstallerPath -Force -ErrorAction SilentlyContinue
 
-            if ($proc.ExitCode -eq 0) {
+            if (-not $completed) {
+                $proc | Stop-Process -Force -ErrorAction SilentlyContinue
+                $result.Error = "Installer timed out after 120 seconds"
+            } elseif ($proc.ExitCode -eq 0) {
                 $result.Success = $true
                 $result.Output = "$AppName installed successfully"
+
+                # Relaunch Edge kiosk via scheduled task running as the logged-in user
+                if ($KioskUrl) {
+                    $edgePath = "${env:ProgramFiles(x86)}\Microsoft\Edge\Application\msedge.exe"
+                    $taskName = "RelaunchKiosk_$($AppName -replace '\s','')"
+                    $loggedInUser = (Get-WmiObject -Class Win32_ComputerSystem).UserName
+
+                    if ($loggedInUser) {
+                        $action = New-ScheduledTaskAction -Execute $edgePath -Argument "-kiosk $KioskUrl --edge-kiosk-type=fullscreen"
+                        $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddSeconds(5)
+                        Register-ScheduledTask -TaskName $taskName -Action $action -Trigger $trigger -User $loggedInUser -Force | Out-Null
+
+                        # Wait for it to fire, then clean up
+                        Start-Sleep -Seconds 10
+                        Unregister-ScheduledTask -TaskName $taskName -Confirm:$false -ErrorAction SilentlyContinue
+
+                        $result.Output += " | Edge relaunched via scheduled task as $loggedInUser"
+                    } else {
+                        $result.Output += " | No logged-in user found, reboot required to relaunch Edge"
+                    }
+                }
             } else {
                 $result.Error = "Installer exited with code $($proc.ExitCode)"
             }
@@ -1122,6 +1583,32 @@ $TaskScripts = @{
         return $result
     }
 
+    # -------------------------------------------------------------------------
+    # GPUpdate - Force Group Policy refresh
+    # -------------------------------------------------------------------------
+    'GPUpdate' = {
+        $result = @{
+            Success = $false
+            Task = 'GPUpdate'
+            Hostname = $env:COMPUTERNAME
+            Output = ""
+            Error = $null
+        }
+
+        try {
+            $gpOutput = & gpupdate /target:computer /force 2>&1
+            $result.Output = ($gpOutput | Out-String).Trim()
+            $result.Success = $result.Output -match 'completed successfully'
+            if (-not $result.Success) {
+                $result.Error = $result.Output
+            }
+        } catch {
+            $result.Error = $_.Exception.Message
+        }
+
+        return $result
+    }
+
     # -------------------------------------------------------------------------
     # Reboot - Restart the computer
     # -------------------------------------------------------------------------
@@ -1168,6 +1655,15 @@ Write-Host "  Remote Maintenance Tool - Task: $Task" -ForegroundColor Cyan
 Write-Host "=" * 70 -ForegroundColor Cyan
 Write-Host ""
 
+if ($LogFile) {
+    $logDir = Join-Path $PSScriptRoot "logs"
+    if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
+    $logPath = Join-Path $logDir "maintenance-$(Get-Date -Format 'yyyy-MM-dd_HHmmss')-$Task.log"
+    Start-Transcript -Path $logPath -Force | Out-Null
+    Write-Host "Logging to: $logPath" -ForegroundColor DarkGray
+    Write-Host ""
+}
+
 # Get credentials
 if (-not $Credential) {
     Write-Log "Enter credentials for remote PCs:" -Level "INFO"
@@ -1221,6 +1717,115 @@ Write-Log "Target computers: $($computers.Count)" -Level "INFO"
 Write-Log "Task: $Task" -Level "TASK"
 Write-Host ""
 
+# Special handling for VerifyNTLARS - no WinRM needed, just API + file comparison
+if ($Task -eq 'VerifyNTLARS') {
+    $backupShare = "\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\backup\ntlars"
+
+    # Need ShopDB data - fetch if not already loaded via -All / -PcType / -BusinessUnit
+    if (-not $shopfloorPCs) {
+        Write-Log "Fetching all shopfloor PCs from ShopDB for verification..." -Level "INFO"
+        $shopfloorPCs = Get-ShopfloorPCsFromApi -ApiUrl $ApiUrl
+    }
+
+    # Build list of PCs that have machine numbers (these are the ones that should have backups)
+    $expectedMachines = @{}
+    foreach ($pc in $shopfloorPCs) {
+        if ($pc.hostname -and $pc.machinenumber) {
+            # Machine numbers can be comma-separated
+            $numbers = $pc.machinenumber -split ',' | ForEach-Object { $_.Trim() } | Where-Object { $_ }
+            foreach ($num in $numbers) {
+                if (-not $expectedMachines.ContainsKey($num)) {
+                    $expectedMachines[$num] = @()
+                }
+                $expectedMachines[$num] += $pc.hostname.ToUpper()
+            }
+        }
+    }
+
+    Write-Log "ShopDB: $($expectedMachines.Count) unique machine numbers across $($shopfloorPCs.Count) PCs" -Level "INFO"
+
+    # Verify share is accessible
+    if (-not (Test-Path $backupShare)) {
+        Write-Log "Cannot access backup share: $backupShare" -Level "ERROR"
+        exit 1
+    }
+
+    # List .reg files and extract machine numbers from filenames (prefix before first "-")
+    $regFiles = Get-ChildItem -Path $backupShare -Filter "*.reg" -ErrorAction SilentlyContinue
+    $backedUpNumbers = @{}
+    foreach ($file in $regFiles) {
+        $baseName = $file.BaseName
+        if ($baseName -match '^(\d+)-') {
+            $num = $matches[1]
+            $backedUpNumbers[$num] = $file.Name
+        } elseif ($baseName -match '^\d+$') {
+            # Plain number without hostname suffix (old format)
+            $backedUpNumbers[$baseName] = $file.Name
+        }
+    }
+
+    Write-Log "Backup share: $($regFiles.Count) .reg files, $($backedUpNumbers.Count) unique machine numbers" -Level "INFO"
+    Write-Host ""
+
+    # Compare: find machines in ShopDB without backups
+    $missing = @()
+    $found = 0
+
+    foreach ($num in ($expectedMachines.Keys | Sort-Object)) {
+        $hosts = $expectedMachines[$num] -join ', '
+        if ($backedUpNumbers.ContainsKey($num)) {
+            Write-Log "[OK] Machine $num ($hosts) -> $($backedUpNumbers[$num])" -Level "SUCCESS"
+            $found++
+        } else {
+            Write-Log "[MISSING] Machine $num ($hosts) - no backup found" -Level "WARNING"
+            $missing += [PSCustomObject]@{
+                MachineNumber = $num
+                Hostnames     = $hosts
+            }
+        }
+    }
+
+    # Check for backups with no ShopDB match (orphans)
+    $orphans = @()
+    foreach ($num in ($backedUpNumbers.Keys | Sort-Object)) {
+        if (-not $expectedMachines.ContainsKey($num)) {
+            Write-Log "[ORPHAN] $($backedUpNumbers[$num]) - machine $num not in ShopDB" -Level "INFO"
+            $orphans += $backedUpNumbers[$num]
+        }
+    }
+
+    # Summary
+    Write-Host ""
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  NTLARS BACKUP VERIFICATION" -ForegroundColor Cyan
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  ShopDB machines:  $($expectedMachines.Count)" -ForegroundColor White
+    Write-Host "  Backups found:    $found" -ForegroundColor Green
+    Write-Host "  Missing backups:  $($missing.Count)" -ForegroundColor $(if ($missing.Count -gt 0) { "Red" } else { "Green" })
+    Write-Host "  Orphan backups:   $($orphans.Count)" -ForegroundColor $(if ($orphans.Count -gt 0) { "Yellow" } else { "White" })
+    Write-Host "  Backup dir:       $backupShare" -ForegroundColor White
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+
+    # Export missing list to CSV
+    if ($missing.Count -gt 0) {
+        $logDir = Join-Path $PSScriptRoot "logs"
+        if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
+        $csvPath = Join-Path $logDir "VerifyNTLARS-Missing-$(Get-Date -Format 'yyyy-MM-dd_HHmmss').csv"
+        $missing | Export-Csv -Path $csvPath -NoTypeInformation -Force
+        Write-Host ""
+        Write-Log "Missing machines CSV: $csvPath" -Level "INFO"
+        Write-Log "Re-run BackupNTLARS targeting these PCs to fill gaps." -Level "INFO"
+    }
+
+    if ($LogFile) {
+        Stop-Transcript | Out-Null
+        Write-Host ""
+        Write-Host "Log saved to: $logPath" -ForegroundColor DarkGray
+    }
+
+    exit 0
+}
+
 # Build FQDNs
 $targetFQDNs = $computers | ForEach-Object {
     if ($_ -like "*.*") { $_ } else { "$_.$DnsSuffix" }
@@ -1232,19 +1837,26 @@ $tasksToRun = @($Task)
 # Create session options
 $sessionOption = New-PSSessionOption -OpenTimeout 30000 -OperationTimeout 600000 -NoMachineProfile
 
-# Special handling for UpdateEMxAuthToken - requires pushing file first
-if ($Task -eq 'UpdateEMxAuthToken') {
-    $sourcePath = "\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt"
-    $remoteTempPath = "C:\Windows\Temp\eMxInfo.txt"
-
-    Write-Log "UpdateEMxAuthToken: Checking source file..." -Level "INFO"
-
-    if (-not (Test-Path $sourcePath)) {
-        Write-Log "Source file not found: $sourcePath" -Level "ERROR"
+# Special handling for CopyFile - push file from source to destination on remote PCs
+if ($Task -eq 'CopyFile') {
+    if (-not $SourcePath) {
+        Write-Log "-SourcePath is required for CopyFile task" -Level "ERROR"
+        exit 1
+    }
+    if (-not $DestinationPath) {
+        Write-Log "-DestinationPath is required for CopyFile task" -Level "ERROR"
+        exit 1
+    }
+    if (-not (Test-Path $SourcePath)) {
+        Write-Log "Source file not found: $SourcePath" -Level "ERROR"
         exit 1
     }
 
-    Write-Log "Source file found. Will push to each PC before executing." -Level "INFO"
+    $fileName = Split-Path $SourcePath -Leaf
+    $remoteTempPath = "C:\Windows\Temp\$fileName"
+
+    Write-Log "CopyFile: $fileName -> $DestinationPath" -Level "INFO"
+    if ($RunCommand) { Write-Log "Post-copy command: $RunCommand $(if ($AsSystem) { '(as SYSTEM)' } else { '(as logged-in user)' })" -Level "INFO" }
 
     $successCount = 0
     $failCount = 0
@@ -1253,51 +1865,43 @@ if ($Task -eq 'UpdateEMxAuthToken') {
         Write-Host ""
         Write-Log "Processing: $fqdn" -Level "TASK"
 
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[FAIL] ${fqdn}: Offline or unreachable (ping timeout)" -Level "ERROR"
+            $failCount++
+            continue
+        }
+
+        $session = $null
         try {
-            # Create session
             $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
 
-            # Push the file to remote temp location
             Write-Log "  Pushing file to remote PC..." -Level "INFO"
-            Copy-Item -Path $sourcePath -Destination $remoteTempPath -ToSession $session -Force -ErrorAction Stop
+            Copy-Item -Path $SourcePath -Destination $remoteTempPath -ToSession $session -Force -ErrorAction Stop
 
-            # Execute the scriptblock
-            Write-Log "  Executing update task..." -Level "INFO"
-            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['UpdateEMxAuthToken'] -ErrorAction Stop
+            Write-Log "  Deploying to destination..." -Level "INFO"
+            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['CopyFile'] -ArgumentList $DestinationPath, $RunCommand, [bool]$AsSystem -ErrorAction Stop
 
-            # Close session
             Remove-PSSession $session -ErrorAction SilentlyContinue
 
-            # Process result
             if ($result.Success) {
-                Write-Log "[OK] $($result.Hostname)" -Level "SUCCESS"
-                Write-Host "     $($result.Output)" -ForegroundColor Gray
-                if ($result.PathsFailed.Count -gt 0) {
-                    foreach ($fail in $result.PathsFailed) {
-                        Write-Host "     [!] $fail" -ForegroundColor Yellow
-                    }
-                }
+                Write-Log "[OK] $($result.Hostname): $($result.Output)" -Level "SUCCESS"
                 $successCount++
             } else {
-                $errorMsg = if ($result.FailReason) { $result.FailReason } else { $result.Error }
-                Write-Log "[FAIL] $($result.Hostname): $errorMsg" -Level "ERROR"
+                Write-Log "[FAIL] $($result.Hostname): $($result.Error)" -Level "ERROR"
                 $failCount++
             }
-
         } catch {
             Write-Log "[FAIL] ${fqdn}: $($_.Exception.Message)" -Level "ERROR"
             $failCount++
-            # Clean up session if it exists
             if ($session) { Remove-PSSession $session -ErrorAction SilentlyContinue }
         }
     }
 
-    # Summary
     Write-Host ""
     Write-Host ("=" * 70) -ForegroundColor Cyan
     Write-Host "  SUMMARY" -ForegroundColor Cyan
     Write-Host ("=" * 70) -ForegroundColor Cyan
-    Write-Host "  Task:       $Task" -ForegroundColor White
+    Write-Host "  Task:       CopyFile ($fileName -> $DestinationPath)" -ForegroundColor White
     Write-Host "  Successful: $successCount" -ForegroundColor Green
     Write-Host "  Failed:     $failCount" -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "White" })
     Write-Host ("=" * 70) -ForegroundColor Cyan
@@ -1305,64 +1909,58 @@ if ($Task -eq 'UpdateEMxAuthToken') {
     exit 0
 }
 
-# Special handling for DeployUDCWebServerConfig - check for UDC installation, then push config file
-if ($Task -eq 'DeployUDCWebServerConfig') {
-    $sourcePath = "\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\UDC\udc_webserver_settings.json"
-    $remoteTempPath = "C:\Windows\Temp\udc_webserver_settings.json"
-
-    Write-Log "DeployUDCWebServerConfig: Checking source file..." -Level "INFO"
-
-    if (-not (Test-Path $sourcePath)) {
-        Write-Log "Source file not found: $sourcePath" -Level "ERROR"
+# Special handling for ImportReg - push .reg file and import via scheduled task as logged-in user
+if ($Task -eq 'ImportReg') {
+    if (-not $SourcePath) {
+        Write-Log "-SourcePath is required for ImportReg task" -Level "ERROR"
         exit 1
     }
+    if (-not (Test-Path $SourcePath)) {
+        Write-Log "Source file not found: $SourcePath" -Level "ERROR"
+        exit 1
+    }
+    if ($SourcePath -notlike "*.reg") {
+        Write-Log "Warning: SourcePath does not end in .reg - are you sure this is a registry file?" -Level "WARNING"
+    }
 
-    Write-Log "Source file found: $sourcePath" -Level "INFO"
-    Write-Log "Will check each PC for UDC installation before deploying." -Level "INFO"
+    $regFileName = Split-Path $SourcePath -Leaf
+    $remoteTempPath = "C:\Windows\Temp\$regFileName"
+
+    $modeLabel = if ($AsSystem) { "as SYSTEM (HKLM only)" } else { "as logged-in user (HKCU support)" }
+    Write-Log "ImportReg: $regFileName ($modeLabel)" -Level "INFO"
 
     $successCount = 0
     $failCount = 0
-    $skippedCount = 0
 
     foreach ($fqdn in $targetFQDNs) {
         Write-Host ""
         Write-Log "Processing: $fqdn" -Level "TASK"
 
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[FAIL] ${fqdn}: Offline or unreachable (ping timeout)" -Level "ERROR"
+            $failCount++
+            continue
+        }
+
+        $session = $null
         try {
-            # Create session
             $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
 
-            # Check if UDC is installed before pushing the file
-            $udcInstalled = Invoke-Command -Session $session -ScriptBlock { Test-Path "C:\Program Files\UDC" } -ErrorAction Stop
+            Write-Log "  Pushing .reg file to remote PC..." -Level "INFO"
+            Copy-Item -Path $SourcePath -Destination $remoteTempPath -ToSession $session -Force -ErrorAction Stop
 
-            if (-not $udcInstalled) {
-                Write-Log "[SKIP] $fqdn - UDC not installed" -Level "INFO"
-                Remove-PSSession $session -ErrorAction SilentlyContinue
-                $skippedCount++
-                continue
-            }
+            Write-Log "  Importing registry file..." -Level "INFO"
+            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['ImportReg'] -ArgumentList $regFileName, [bool]$AsSystem -ErrorAction Stop
 
-            # Push the config file to remote temp location
-            Write-Log "  UDC installed - pushing config file..." -Level "INFO"
-            Copy-Item -Path $sourcePath -Destination $remoteTempPath -ToSession $session -Force -ErrorAction Stop
-
-            # Execute the scriptblock
-            Write-Log "  Executing deploy task..." -Level "INFO"
-            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['DeployUDCWebServerConfig'] -ErrorAction Stop
-
-            # Close session
             Remove-PSSession $session -ErrorAction SilentlyContinue
 
-            # Process result
             if ($result.Success) {
                 Write-Log "[OK] $($result.Hostname): $($result.Output)" -Level "SUCCESS"
                 $successCount++
             } else {
-                $errorMsg = if ($result.FailReason) { $result.FailReason } else { $result.Error }
-                Write-Log "[FAIL] $($result.Hostname): $errorMsg" -Level "ERROR"
+                Write-Log "[FAIL] $($result.Hostname): $($result.Error)" -Level "ERROR"
                 $failCount++
             }
-
         } catch {
             Write-Log "[FAIL] ${fqdn}: $($_.Exception.Message)" -Level "ERROR"
             $failCount++
@@ -1370,14 +1968,78 @@ if ($Task -eq 'DeployUDCWebServerConfig') {
         }
     }
 
-    # Summary
     Write-Host ""
     Write-Host ("=" * 70) -ForegroundColor Cyan
     Write-Host "  SUMMARY" -ForegroundColor Cyan
     Write-Host ("=" * 70) -ForegroundColor Cyan
-    Write-Host "  Task:       $Task" -ForegroundColor White
+    Write-Host "  Task:       ImportReg ($regFileName)" -ForegroundColor White
+    Write-Host "  Successful: $successCount" -ForegroundColor Green
+    Write-Host "  Failed:     $failCount" -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "White" })
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+
+    exit 0
+}
+
+# Special handling for DeployOpenTextProfiles - zip, push single file, extract and deploy
+if ($Task -eq 'DeployOpenTextProfiles') {
+    $localZipPath = "\\tsgwp00525.wjs.geaerospace.net\shared\dt\csf.zip"
+    $remoteZipPath = "C:\Windows\Temp\csf.zip"
+
+    # Verify zip exists on network share
+    if (-not (Test-Path $localZipPath)) {
+        Write-Log "OpenText csf.zip not found: $localZipPath" -Level "ERROR"
+        exit 1
+    }
+
+    $zipSize = [math]::Round((Get-Item $localZipPath).Length / 1KB, 1)
+    Write-Log "DeployOpenTextProfiles: csf.zip (${zipSize} KB) from $localZipPath" -Level "INFO"
+
+    $successCount = 0
+    $failCount = 0
+
+    foreach ($fqdn in $targetFQDNs) {
+        Write-Host ""
+        Write-Log "Processing: $fqdn" -Level "TASK"
+
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[FAIL] ${fqdn}: Offline or unreachable (ping timeout)" -Level "ERROR"
+            $failCount++
+            continue
+        }
+
+        $session = $null
+        try {
+            $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
+
+            Write-Log "  Pushing csf.zip to remote temp..." -Level "INFO"
+            Copy-Item -Path $localZipPath -Destination $remoteZipPath -ToSession $session -Force -ErrorAction Stop
+
+            Write-Log "  Extracting and deploying to ProgramData..." -Level "INFO"
+            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['DeployOpenTextProfiles'] -ErrorAction Stop
+
+            Remove-PSSession $session -ErrorAction SilentlyContinue
+
+            if ($result.Success) {
+                Write-Log "[OK] $($result.Hostname): $($result.Output)" -Level "SUCCESS"
+                $successCount++
+            } else {
+                Write-Log "[FAIL] $($result.Hostname): $($result.Error)" -Level "ERROR"
+                $failCount++
+            }
+        } catch {
+            Write-Log "[FAIL] ${fqdn}: $($_.Exception.Message)" -Level "ERROR"
+            $failCount++
+            if ($session) { Remove-PSSession $session -ErrorAction SilentlyContinue }
+        }
+    }
+
+    Write-Host ""
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  SUMMARY" -ForegroundColor Cyan
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  Task:       DeployOpenTextProfiles" -ForegroundColor White
+    Write-Host "  Source:     $localZipPath (${zipSize} KB)" -ForegroundColor White
     Write-Host "  Successful: $successCount" -ForegroundColor Green
-    Write-Host "  Skipped:    $skippedCount (UDC not installed)" -ForegroundColor Yellow
     Write-Host "  Failed:     $failCount" -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "White" })
     Write-Host ("=" * 70) -ForegroundColor Cyan
 
@@ -1388,17 +2050,19 @@ if ($Task -eq 'DeployUDCWebServerConfig') {
 $KioskAppConfig = @{
     'InstallDashboard' = @{
         Action = 'Install'
-        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe'
+        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe'
         InstallerName = 'GEAerospaceDashboardSetup.exe'
         AppName = 'GE Aerospace Dashboard'
         UninstallGuid = '{9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}'
+        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/shopfloor-dashboard/'
     }
     'InstallLobbyDisplay' = @{
         Action = 'Install'
-        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe'
+        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe'
         InstallerName = 'GEAerospaceLobbyDisplaySetup.exe'
         AppName = 'GE Aerospace Lobby Display'
         UninstallGuid = '{42FFB952-0B72-493F-8869-D957344CA305}'
+        KioskUrl = 'https://tsgwp00525.wjs.geaerospace.net/shopdb/tv-dashboard/'
     }
     'UninstallDashboard' = @{
         Action = 'Uninstall'
@@ -1438,6 +2102,13 @@ if ($KioskAppConfig.ContainsKey($Task)) {
         Write-Host ""
         Write-Log "Processing: $fqdn" -Level "TASK"
 
+        # Quick connectivity check before attempting session
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[FAIL] ${fqdn}: Offline or unreachable (ping timeout)" -Level "ERROR"
+            $failCount++
+            continue
+        }
+
         try {
             $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
 
@@ -1448,7 +2119,7 @@ if ($KioskAppConfig.ContainsKey($Task)) {
                 Copy-Item -Path $installerPath -Destination $remoteTempPath -ToSession $session -Force -ErrorAction Stop
 
                 Write-Log "  Running installer silently..." -Level "INFO"
-                $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['InstallKioskApp'] -ArgumentList $remoteTempPath, $appConfig.AppName -ErrorAction Stop
+                $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['InstallKioskApp'] -ArgumentList $remoteTempPath, $appConfig.AppName, $appConfig.KioskUrl -ErrorAction Stop
             } else {
                 Write-Log "  Running uninstaller..." -Level "INFO"
                 $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['UninstallKioskApp'] -ArgumentList $appConfig.UninstallGuid, $appConfig.AppName -ErrorAction Stop
@@ -1486,6 +2157,431 @@ if ($KioskAppConfig.ContainsKey($Task)) {
     exit 0
 }
 
+# Special handling for CheckDefectTracker - report Defect_Tracker.exe process status
+if ($Task -eq 'CheckDefectTracker') {
+    # Fetch shopfloor PCs for machine number lookup
+    if (-not $shopfloorPCs) {
+        Write-Log "Fetching shopfloor PC list from API for machine number lookup..." -Level "INFO"
+        $shopfloorPCs = Get-ShopfloorPCsFromApi -ApiUrl $ApiUrl
+    }
+
+    # Build hostname -> machine number lookup
+    $machineLookup = @{}
+    foreach ($pc in $shopfloorPCs) {
+        if ($pc.hostname -and $pc.machinenumber) {
+            $machineLookup[$pc.hostname.ToUpper()] = $pc.machinenumber
+        }
+    }
+
+    $checkResults = @()
+    $totalChecked = 0
+    $runningCount = 0
+    $notRunningCount = 0
+    $offlineCount = 0
+
+    foreach ($fqdn in $targetFQDNs) {
+        Write-Host ""
+        Write-Log "Processing: $fqdn" -Level "TASK"
+
+        $hostname = ($fqdn -split '\.')[0].ToUpper()
+        $machineNumber = $machineLookup[$hostname]
+
+        # Connectivity check
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[OFFLINE] ${hostname}: Unreachable" -Level "WARNING"
+            $offlineCount++
+            $checkResults += [PSCustomObject]@{
+                Hostname      = $hostname
+                MachineNumber = $machineNumber
+                Running       = 'N/A'
+                Status        = 'Offline'
+            }
+            continue
+        }
+
+        # Open WinRM session and invoke scriptblock
+        $session = $null
+        try {
+            $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
+            $result = Invoke-Command -Session $session -ScriptBlock $TaskScripts['CheckDefectTracker'] -ErrorAction Stop
+            Remove-PSSession $session -ErrorAction SilentlyContinue
+
+            $totalChecked++
+            $runningStr = if ($result.Running) { 'Yes' } else { 'No' }
+
+            if ($result.Running) {
+                Write-Log "[RUNNING] ${hostname} (Machine: $machineNumber): Defect_Tracker.exe is running" -Level "SUCCESS"
+                $runningCount++
+            } else {
+                Write-Log "[NOT RUNNING] ${hostname} (Machine: $machineNumber): Defect_Tracker.exe is NOT running" -Level "ERROR"
+                $notRunningCount++
+            }
+
+            $checkResults += [PSCustomObject]@{
+                Hostname      = $hostname
+                MachineNumber = $machineNumber
+                Running       = $runningStr
+                Status        = 'OK'
+            }
+        } catch {
+            Write-Log "[FAIL] ${hostname}: $($_.Exception.Message)" -Level "ERROR"
+            if ($session) { Remove-PSSession $session -ErrorAction SilentlyContinue }
+            $offlineCount++
+            $checkResults += [PSCustomObject]@{
+                Hostname      = $hostname
+                MachineNumber = $machineNumber
+                Running       = 'N/A'
+                Status        = 'Offline'
+            }
+        }
+    }
+
+    # Save CSV report
+    $logDir = Join-Path $PSScriptRoot "logs"
+    if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
+    $csvPath = Join-Path $logDir "CheckDefectTracker-$(Get-Date -Format 'yyyy-MM-dd_HHmmss').csv"
+    if ($checkResults.Count -gt 0) {
+        $checkResults | Export-Csv -Path $csvPath -NoTypeInformation -Force
+        Write-Host ""
+        Write-Log "CSV report saved: $csvPath" -Level "INFO"
+    }
+
+    # Summary
+    Write-Host ""
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  DEFECT TRACKER CHECK SUMMARY" -ForegroundColor Cyan
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  PCs checked:        $totalChecked" -ForegroundColor White
+    Write-Host "  Running:            $runningCount" -ForegroundColor $(if ($runningCount -gt 0) { "Green" } else { "White" })
+    Write-Host "  Not running:        $notRunningCount" -ForegroundColor $(if ($notRunningCount -gt 0) { "Red" } else { "White" })
+    Write-Host "  Offline:            $offlineCount" -ForegroundColor $(if ($offlineCount -gt 0) { "Yellow" } else { "White" })
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+
+    if ($LogFile) {
+        Stop-Transcript | Out-Null
+        Write-Host ""
+        Write-Host "Log saved to: $logPath" -ForegroundColor DarkGray
+    }
+
+    exit 0
+}
+
+# Special handling for AuditDNCConfig - compare DNC registry vs UDC backup JSON
+if ($Task -eq 'AuditDNCConfig') {
+    $udcBackupRoot = "\\tsgwp00525.wjs.geaerospace.net\shared\spc\udc\settings_backups"
+
+    # We need the shopfloorPCs data for equipment numbers.
+    # If we already fetched it via -All, -PcType, or -BusinessUnit, reuse it.
+    # If targeting by -ComputerName or -ComputerListFile, fetch all shopfloor PCs to build the lookup.
+    if (-not $shopfloorPCs) {
+        Write-Log "Fetching shopfloor PC list from API for equipment number lookup..." -Level "INFO"
+        $shopfloorPCs = Get-ShopfloorPCsFromApi -ApiUrl $ApiUrl
+    }
+
+    # Build hostname -> equipment_numbers lookup
+    $equipmentLookup = @{}
+    foreach ($pc in $shopfloorPCs) {
+        if ($pc.hostname -and $pc.machinenumber) {
+            $equipmentLookup[$pc.hostname.ToUpper()] = $pc.machinenumber
+        }
+    }
+
+    # Field mapping: Registry key -> UDC JSON path
+    # Format: RegistryKey = @{ UDCPath; DisplayName }
+    $fieldMappings = @(
+        @{ RegKey = 'General_MachineNo'; UDCPath = 'GeneralSettings.MachineNumber'; Display = 'MachineNo/MachineNumber' }
+        @{ RegKey = 'General_NcIF';      UDCPath = 'GeneralSettings.ControlType';   Display = 'NcIF/ControlType' }
+        @{ RegKey = 'eFocas_IpAddr';     UDCPath = 'FocasSettings.IPAddress';       Display = 'eFocas IpAddr/FocasSettings.IPAddress' }
+        @{ RegKey = 'eFocas_SocketNo';   UDCPath = 'FocasSettings.Port';            Display = 'eFocas SocketNo/FocasSettings.Port' }
+        @{ RegKey = 'Hssb_KRelay1';              UDCPath = 'FocasSettings.KeepRelay';       Display = 'Hssb KRelay1/FocasSettings.KeepRelay' }
+        @{ RegKey = 'PPDCS_CycleStartInhibits'; UDCPath = 'FocasSettings.InhibitOnOff';    Display = 'PPDCS CycleStart Inhibits/FocasSettings.InhibitOnOff' }
+        @{ RegKey = 'eFocas_DualPath';           UDCPath = 'GeneralSettings.DualPath';      Display = 'eFocas DualPath/GeneralSettings.DualPath' }
+    )
+
+    $auditResults = @()
+    $pcChecked = 0
+    $pcMismatch = 0
+    $pcNoUDC = 0
+    $pcOffline = 0
+    $pcNoEquipment = 0
+
+    foreach ($fqdn in $targetFQDNs) {
+        Write-Host ""
+        Write-Log "Processing: $fqdn" -Level "TASK"
+
+        # Extract hostname from FQDN
+        $hostname = ($fqdn -split '\.')[0].ToUpper()
+
+        # Look up equipment numbers for this PC
+        $equipmentStr = $equipmentLookup[$hostname]
+        if (-not $equipmentStr) {
+            Write-Log "[SKIP] ${hostname}: No equipment number in ShopDB" -Level "WARNING"
+            $pcNoEquipment++
+            continue
+        }
+
+        # Split comma-separated equipment numbers
+        $machineNumbers = $equipmentStr -split ',' | ForEach-Object { $_.Trim() } | Where-Object { $_ }
+
+        # Connectivity check
+        if (-not (Test-Connection -ComputerName $fqdn -Count 1 -Quiet -ErrorAction SilentlyContinue)) {
+            Write-Log "[FAIL] ${hostname}: Offline or unreachable" -Level "ERROR"
+            $pcOffline++
+            continue
+        }
+
+        # Get registry values from remote PC
+        $regResult = $null
+        $session = $null
+        try {
+            $session = New-PSSession -ComputerName $fqdn -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate -ErrorAction Stop
+            $regResult = Invoke-Command -Session $session -ScriptBlock $TaskScripts['AuditDNCConfig'] -ErrorAction Stop
+            Remove-PSSession $session -ErrorAction SilentlyContinue
+        } catch {
+            Write-Log "[FAIL] ${hostname}: $($_.Exception.Message)" -Level "ERROR"
+            if ($session) { Remove-PSSession $session -ErrorAction SilentlyContinue }
+            $pcOffline++
+            continue
+        }
+
+        if (-not $regResult.Success) {
+            Write-Log "[FAIL] ${hostname}: Registry read error - $($regResult.Error)" -Level "ERROR"
+            $pcOffline++
+            continue
+        }
+
+        if (-not $regResult.FoundDNC) {
+            Write-Log "[SKIP] ${hostname}: No DNC registry keys found" -Level "INFO"
+            $pcNoEquipment++
+            continue
+        }
+
+        $pcChecked++
+        $pcHasMismatch = $false
+
+        foreach ($machineNum in $machineNumbers) {
+            # Read UDC backup JSON
+            $udcJsonPath = Join-Path $udcBackupRoot "udc_settings_${machineNum}.json"
+            $udcData = $null
+
+            if (Test-Path $udcJsonPath) {
+                try {
+                    $udcData = Get-Content $udcJsonPath -Raw | ConvertFrom-Json
+                } catch {
+                    Write-Log "  [WARN] Could not parse UDC JSON for machine $machineNum" -Level "WARNING"
+                }
+            } else {
+                Write-Log "  [WARN] No UDC backup found for machine ${machineNum}: $udcJsonPath" -Level "WARNING"
+                $pcNoUDC++
+            }
+
+            # Compare each field
+            foreach ($mapping in $fieldMappings) {
+                $regValue = $regResult.Values[$mapping.RegKey]
+
+                # Get UDC value by navigating the JSON path
+                $udcValue = $null
+                if ($udcData) {
+                    $parts = $mapping.UDCPath -split '\.'
+                    $obj = $udcData
+                    foreach ($part in $parts) {
+                        if ($obj) { $obj = $obj.$part }
+                    }
+                    if ($null -ne $obj) { $udcValue = [string]$obj }
+                }
+
+                # Normalize values for comparison
+                if ($mapping.RegKey -like '*DualPath*' -and $regValue) {
+                    # DualPath: registry YES/NO -> True/False
+                    $regValueNormalized = if ($regValue -eq 'YES') { 'True' } elseif ($regValue -eq 'NO') { 'False' } else { $regValue }
+                } elseif ($mapping.RegKey -eq 'PPDCS_CycleStartInhibits' -and $regValue) {
+                    # CycleStart Inhibits: registry YES/NO -> True/False
+                    $regValueNormalized = if ($regValue -eq 'YES') { 'True' } elseif ($regValue -eq 'NO') { 'False' } else { $regValue }
+                } else {
+                    $regValueNormalized = $regValue
+                }
+
+                # Determine status
+                $status = if ($null -eq $regValue -and $null -eq $udcValue) {
+                    continue  # Both absent, skip
+                } elseif ($null -eq $regValue) {
+                    'REGISTRY_MISSING'
+                } elseif ($null -eq $udcValue -and -not $udcData) {
+                    'UDC_FILE_MISSING'
+                } elseif ($null -eq $udcValue) {
+                    'UDC_MISSING'
+                } elseif ($regValueNormalized -eq $udcValue) {
+                    'MATCH'
+                } else {
+                    'MISMATCH'
+                }
+
+                $row = [PSCustomObject]@{
+                    Hostname      = $hostname
+                    MachineNumber = $machineNum
+                    Field         = $mapping.Display
+                    RegistryValue = if ($regValue) { $regValue } else { '' }
+                    UDCValue      = if ($udcValue) { $udcValue } else { '' }
+                    Status        = $status
+                }
+                $auditResults += $row
+
+                # Console output
+                $color = switch ($status) {
+                    'MATCH'            { 'Green' }
+                    'MISMATCH'         { 'Red' }
+                    'REGISTRY_MISSING' { 'Yellow' }
+                    'UDC_MISSING'      { 'Yellow' }
+                    'UDC_FILE_MISSING' { 'DarkYellow' }
+                    default            { 'Gray' }
+                }
+                if ($status -ne 'MATCH') {
+                    Write-Host "     [$status] $($mapping.Display): Registry='$regValue' UDC='$udcValue'" -ForegroundColor $color
+                    $pcHasMismatch = $true
+                }
+            }
+        }
+
+        if ($pcHasMismatch) {
+            Write-Log "[MISMATCH] ${hostname}: Differences found (see above)" -Level "WARNING"
+            $pcMismatch++
+        } else {
+            Write-Log "[OK] ${hostname}: All fields match" -Level "SUCCESS"
+        }
+    }
+
+    # Save CSV report
+    $logDir = Join-Path $PSScriptRoot "logs"
+    if (-not (Test-Path $logDir)) { New-Item -Path $logDir -ItemType Directory -Force | Out-Null }
+    $csvPath = Join-Path $logDir "AuditDNCConfig-$(Get-Date -Format 'yyyy-MM-dd_HHmmss').csv"
+    if ($auditResults.Count -gt 0) {
+        $auditResults | Export-Csv -Path $csvPath -NoTypeInformation -Force
+        Write-Host ""
+        Write-Log "CSV report saved: $csvPath" -Level "INFO"
+    }
+
+    # Summary
+    Write-Host ""
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  AUDIT SUMMARY" -ForegroundColor Cyan
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  PCs checked:            $pcChecked" -ForegroundColor White
+    Write-Host "  PCs with mismatches:    $pcMismatch" -ForegroundColor $(if ($pcMismatch -gt 0) { "Red" } else { "Green" })
+    Write-Host "  PCs with no UDC backup: $pcNoUDC" -ForegroundColor $(if ($pcNoUDC -gt 0) { "Yellow" } else { "White" })
+    Write-Host "  PCs offline:            $pcOffline" -ForegroundColor $(if ($pcOffline -gt 0) { "Red" } else { "White" })
+    Write-Host "  PCs no equipment #:     $pcNoEquipment" -ForegroundColor $(if ($pcNoEquipment -gt 0) { "Yellow" } else { "White" })
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+
+    if ($LogFile) {
+        Stop-Transcript | Out-Null
+        Write-Host ""
+        Write-Host "Log saved to: $logPath" -ForegroundColor DarkGray
+    }
+
+    exit 0
+}
+
+# Special handling for BackupNTLARS - export DNC registry from each PC, save to share
+if ($Task -eq 'BackupNTLARS') {
+    $backupShare = "\\tsgwp00525.wjs.geaerospace.net\shared\dt\shopfloor\backup\ntlars"
+
+    # Verify share is accessible
+    if (-not (Test-Path $backupShare)) {
+        Write-Log "Cannot access backup share: $backupShare" -Level "ERROR"
+        Write-Log "Ensure you have access to \\tsgwp00525 and the ntlars folder exists." -Level "ERROR"
+        exit 1
+    }
+
+    # Run scriptblock on all PCs in parallel
+    Write-Log "Collecting DNC registry from $($targetFQDNs.Count) PC(s) in parallel..." -Level "INFO"
+
+    $invokeParams = @{
+        ComputerName   = $targetFQDNs
+        ScriptBlock    = $TaskScripts['BackupNTLARS']
+        Credential     = $Credential
+        SessionOption  = $sessionOption
+        ErrorAction    = 'SilentlyContinue'
+        ErrorVariable  = 'remoteErrors'
+    }
+
+    if ($ThrottleLimit -and $PSVersionTable.PSVersion.Major -ge 7) {
+        $invokeParams.ThrottleLimit = $ThrottleLimit
+    }
+
+    $results = Invoke-Command @invokeParams
+
+    # Write results to share
+    $backedUp = 0
+    $skipped = 0
+    $failed = 0
+
+    foreach ($regResult in $results) {
+        $hostname = $regResult.Hostname.ToUpper()
+
+        if (-not $regResult.Success) {
+            Write-Log "[FAIL] ${hostname}: $($regResult.Error)" -Level "ERROR"
+            $failed++
+            continue
+        }
+
+        if (-not $regResult.FoundDNC) {
+            Write-Log "[SKIP] ${hostname}: No DNC registry keys found" -Level "INFO"
+            $skipped++
+            continue
+        }
+
+        # Determine filename: machine number or serial, always include hostname to avoid collisions
+        if ($regResult.MachineNo) {
+            $fileName = "$($regResult.MachineNo)-$hostname.reg"
+            $label = "Machine $($regResult.MachineNo)"
+        } elseif ($regResult.Serial) {
+            $fileName = "$($regResult.Serial)-$hostname.reg"
+            $label = "Serial $($regResult.Serial) (no machine number)"
+        } else {
+            $fileName = "$hostname.reg"
+            $label = "Hostname $hostname (no machine number or serial)"
+        }
+
+        $destPath = Join-Path $backupShare $fileName
+
+        try {
+            $regResult.RegContent | Out-File -FilePath $destPath -Encoding Unicode -Force
+            $fileSize = [math]::Round((Get-Item $destPath).Length / 1KB, 1)
+            Write-Log "[OK] ${hostname}: $label -> $fileName (${fileSize} KB)" -Level "SUCCESS"
+            $backedUp++
+        } catch {
+            Write-Log "[FAIL] ${hostname}: Failed to write $destPath - $($_.Exception.Message)" -Level "ERROR"
+            $failed++
+        }
+    }
+
+    # Handle connection errors
+    foreach ($err in $remoteErrors) {
+        $target = if ($err.TargetObject) { $err.TargetObject } else { "Unknown" }
+        Write-Log "[FAIL] ${target}: $($err.Exception.Message)" -Level "ERROR"
+        $failed++
+    }
+
+    # Summary
+    Write-Host ""
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  NTLARS BACKUP SUMMARY" -ForegroundColor Cyan
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+    Write-Host "  Backed up:  $backedUp" -ForegroundColor Green
+    Write-Host "  Skipped:    $skipped (no DNC keys)" -ForegroundColor $(if ($skipped -gt 0) { "Yellow" } else { "White" })
+    Write-Host "  Failed:     $failed" -ForegroundColor $(if ($failed -gt 0) { "Red" } else { "White" })
+    Write-Host "  Backup dir: $backupShare" -ForegroundColor White
+    Write-Host ("=" * 70) -ForegroundColor Cyan
+
+    if ($LogFile) {
+        Stop-Transcript | Out-Null
+        Write-Host ""
+        Write-Host "Log saved to: $logPath" -ForegroundColor DarkGray
+    }
+
+    exit 0
+}
+
 # Process each task
 foreach ($currentTask in $tasksToRun) {
 
@@ -1544,12 +2640,16 @@ foreach ($currentTask in $tasksToRun) {
                 'DiskCleanup' {
                     Write-Host "     Space freed: $($result.SpaceFreed) GB" -ForegroundColor Gray
                 }
-                'UpdateEMxAuthToken' {
+                'UpdateDNCMXHosts' {
                     Write-Host "     $($result.Output)" -ForegroundColor Gray
-                    if ($result.PathsFailed.Count -gt 0) {
-                        foreach ($fail in $result.PathsFailed) {
-                            Write-Host "     [!] $fail" -ForegroundColor Yellow
-                        }
+                    foreach ($change in $result.Changed) {
+                        Write-Host "     [changed] $change" -ForegroundColor Green
+                    }
+                    foreach ($warn in $result.Warnings) {
+                        Write-Host "     [warn]    $warn" -ForegroundColor Yellow
+                    }
+                    foreach ($skip in $result.Skipped) {
+                        Write-Host "     [skip]    $skip" -ForegroundColor DarkGray
                     }
                 }
                 default {
@@ -1585,3 +2685,9 @@ Write-Host "  Task:       $Task" -ForegroundColor White
 Write-Host "  Successful: $successCount" -ForegroundColor Green
 Write-Host "  Failed:     $failCount" -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "White" })
 Write-Host "=" * 70 -ForegroundColor Cyan
+
+if ($LogFile) {
+    Stop-Transcript | Out-Null
+    Write-Host ""
+    Write-Host "Log saved to: $logPath" -ForegroundColor DarkGray
+}
diff --git a/remote-execution/Resume-Download.bat b/remote-execution/Resume-Download.bat
new file mode 100644
index 0000000..18f871e
--- /dev/null
+++ b/remote-execution/Resume-Download.bat
@@ -0,0 +1,18 @@
+@echo off
+:: Resume-Download — Resumable download for SharePoint and general URLs
+:: Uses domain credentials for SharePoint auth
+
+if "%~1"=="" (
+    set /p "URL=Enter download URL: "
+) else (
+    set "URL=%~1"
+)
+
+if "%~2"=="" (
+    set /p "DEST=Save as (full path, e.g. C:\Temp\file.iso): "
+) else (
+    set "DEST=%~2"
+)
+
+powershell -NoProfile -ExecutionPolicy Bypass -File "%~dp0Resume-Download.ps1" -Url "%URL%" -Destination "%DEST%"
+pause
diff --git a/remote-execution/Resume-Download.ps1 b/remote-execution/Resume-Download.ps1
new file mode 100644
index 0000000..d920c1d
--- /dev/null
+++ b/remote-execution/Resume-Download.ps1
@@ -0,0 +1,117 @@
+param(
+    [Parameter(Mandatory=$true)]
+    [string]$Url,
+
+    [Parameter(Mandatory=$true)]
+    [string]$Destination
+)
+
+$ErrorActionPreference = 'Stop'
+
+Write-Host "============================================"
+Write-Host "  Resumable File Download"
+Write-Host "============================================"
+Write-Host ""
+Write-Host "Destination: $Destination"
+Write-Host ""
+
+try {
+    # Check for partial file to resume
+    $startBytes = 0
+    if (Test-Path $Destination) {
+        $startBytes = (Get-Item $Destination).Length
+        if ($startBytes -gt 0) {
+            Write-Host "Partial file found: $([math]::Round($startBytes / 1MB, 1)) MB already downloaded"
+            Write-Host "Resuming..."
+            Write-Host ""
+        }
+    }
+
+    # Ensure destination directory exists
+    $destDir = Split-Path $Destination -Parent
+    if ($destDir -and !(Test-Path $destDir)) {
+        New-Item -ItemType Directory -Path $destDir -Force | Out-Null
+    }
+
+    # Build headers
+    $headers = @{}
+    if ($startBytes -gt 0) {
+        $headers["Range"] = "bytes=$startBytes-"
+    }
+
+    # Use Invoke-WebRequest with domain credentials for SharePoint auth
+    $params = @{
+        Uri                = $Url
+        OutFile            = $Destination
+        UseDefaultCredentials = $true
+        UserAgent          = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
+        Headers            = $headers
+        UseBasicParsing    = $true
+    }
+
+    # If resuming, we need to handle appending manually
+    if ($startBytes -gt 0) {
+        # Download to a temp file, then append
+        $tempFile = "$Destination.partial"
+        $params.OutFile = $tempFile
+
+        Write-Host "Downloading..."
+        Invoke-WebRequest @params
+
+        # Check if we got actual content
+        $tempSize = (Get-Item $tempFile).Length
+        if ($tempSize -eq 0) {
+            Remove-Item $tempFile -Force
+            Write-Host ""
+            Write-Host "WARNING: Server returned 0 bytes. The URL may have expired."
+            Write-Host "Get a fresh SharePoint link and try again."
+            exit 1
+        }
+
+        # Append to existing file
+        $existingBytes = [System.IO.File]::ReadAllBytes($Destination)
+        $newBytes = [System.IO.File]::ReadAllBytes($tempFile)
+        $combined = New-Object byte[] ($existingBytes.Length + $newBytes.Length)
+        [System.Buffer]::BlockCopy($existingBytes, 0, $combined, 0, $existingBytes.Length)
+        [System.Buffer]::BlockCopy($newBytes, 0, $combined, $existingBytes.Length, $newBytes.Length)
+        [System.IO.File]::WriteAllBytes($Destination, $combined)
+        Remove-Item $tempFile -Force
+
+        $totalMB = [math]::Round(($existingBytes.Length + $newBytes.Length) / 1MB, 1)
+        Write-Host ""
+        Write-Host "Download complete: $totalMB MB saved to $Destination"
+    }
+    else {
+        Write-Host "Downloading..."
+        Invoke-WebRequest @params
+
+        # Verify we got actual content
+        $fileSize = (Get-Item $Destination).Length
+        if ($fileSize -eq 0) {
+            Remove-Item $Destination -Force
+            Write-Host ""
+            Write-Host "WARNING: Downloaded 0 bytes. Possible causes:"
+            Write-Host "  - SharePoint URL expired or requires browser login"
+            Write-Host "  - URL is a redirect/login page, not the actual file"
+            Write-Host ""
+            Write-Host "Try this: In Edge, start the download, then go to"
+            Write-Host "edge://downloads and copy the source URL from there."
+            exit 1
+        }
+
+        $totalMB = [math]::Round($fileSize / 1MB, 1)
+        Write-Host ""
+        Write-Host "Download complete: $totalMB MB saved to $Destination"
+    }
+
+} catch {
+    Write-Host ""
+    Write-Host "Error: $_"
+    Write-Host ""
+    if (Test-Path $Destination) {
+        $partialMB = [math]::Round((Get-Item $Destination).Length / 1MB, 1)
+        Write-Host "Partial file kept: $partialMB MB"
+    }
+    Write-Host "Re-run with the same arguments to resume."
+    exit 1
+}
diff --git a/remote-execution/Run-UpdateDNCMXHosts.bat b/remote-execution/Run-UpdateDNCMXHosts.bat
new file mode 100644
index 0000000..79895c7
--- /dev/null
+++ b/remote-execution/Run-UpdateDNCMXHosts.bat
@@ -0,0 +1,32 @@
+@echo off
+REM Run-UpdateDNCMXHosts.bat
+REM Updates FtpHostPrimary/Secondary in DNC\MX registry on remote shopfloor PCs
+REM Usage:
+REM   Run-UpdateDNCMXHosts.bat              -> runs on all PCs in shopfloor-pcs.txt
+REM   Run-UpdateDNCMXHosts.bat G5N9PWM3ESF  -> runs on a single PC (for testing)
+
+echo ============================================================
+echo   UpdateDNCMXHosts - FTP Host Migration
+echo   tsgwp00525.us.ae.ge.com -^> tsgwp00525.wjs.geaerospace.net
+echo ============================================================
+echo.
+
+if not "%~1"=="" (
+    echo Target: %~1
+    echo.
+    powershell.exe -ExecutionPolicy Bypass -File "%~dp0Invoke-RemoteMaintenance.ps1" -ComputerName "%~1" -Task UpdateDNCMXHosts -LogFile
+) else (
+    if not exist "%~dp0shopfloor-pcs.txt" (
+        echo ERROR: shopfloor-pcs.txt not found in %~dp0
+        echo Either place shopfloor-pcs.txt in the same folder or pass a PC name:
+        echo   Run-UpdateDNCMXHosts.bat G5N9PWM3ESF
+        pause
+        exit /b 1
+    )
+    echo Target: shopfloor-pcs.txt
+    echo.
+    powershell.exe -ExecutionPolicy Bypass -File "%~dp0Invoke-RemoteMaintenance.ps1" -ComputerListFile "%~dp0shopfloor-pcs.txt" -Task UpdateDNCMXHosts -LogFile
+)
+
+echo.
+pause
diff --git a/remote-execution/Schedule-Maintenance.ps1 b/remote-execution/Schedule-Maintenance.ps1
index 76c9854..4f02b3b 100644
--- a/remote-execution/Schedule-Maintenance.ps1
+++ b/remote-execution/Schedule-Maintenance.ps1
@@ -68,11 +68,41 @@ param(
     [string]$Password
 )
 
-$credFile = Join-Path $PSScriptRoot ".maintenance-cred.xml"
+$credDir = Join-Path $PSScriptRoot ".creds"
+$keyFile = Join-Path $credDir "aes.key"
+$userFile = Join-Path $credDir "username.txt"
+$passFile = Join-Path $credDir "password.txt"
 $scriptDir = $PSScriptRoot
 
 # ---------------------------------------------------------------------------
-# Save credentials (DPAPI - only decryptable by this user on this machine)
+# Helper: load or create AES key (works across all user contexts on this PC)
+# ---------------------------------------------------------------------------
+function Get-AESKey {
+    if (-not (Test-Path $credDir)) {
+        New-Item -Path $credDir -ItemType Directory -Force | Out-Null
+    }
+    if (Test-Path $keyFile) {
+        return [byte[]](Get-Content $keyFile)
+    }
+    $key = New-Object byte[] 32
+    [System.Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($key)
+    $key | Set-Content $keyFile
+    return $key
+}
+
+function Load-SavedCredential {
+    if (-not (Test-Path $userFile) -or -not (Test-Path $passFile)) {
+        return $null
+    }
+    $key = Get-AESKey
+    $user = Get-Content $userFile
+    $encPass = Get-Content $passFile
+    $secPass = $encPass | ConvertTo-SecureString -Key $key
+    return New-Object System.Management.Automation.PSCredential($user, $secPass)
+}
+
+# ---------------------------------------------------------------------------
+# Save credentials (AES key file - works from any user context on this PC)
 # ---------------------------------------------------------------------------
 if ($SaveCredential) {
     if ($Username -and $Password) {
@@ -87,9 +117,11 @@ if ($SaveCredential) {
         Write-Host "No credentials provided. Exiting." -ForegroundColor Red
         exit 1
     }
-    $cred | Export-Clixml -Path $credFile
-    Write-Host "Credentials saved to: $credFile" -ForegroundColor Green
-    Write-Host "Encrypted with DPAPI - only YOUR user account on THIS machine can decrypt them." -ForegroundColor Yellow
+    $key = Get-AESKey
+    $cred.UserName | Set-Content $userFile
+    $cred.Password | ConvertFrom-SecureString -Key $key | Set-Content $passFile
+    Write-Host "Credentials saved to: $credDir" -ForegroundColor Green
+    Write-Host "Encrypted with AES-256 key - works from any user context (normal or admin)." -ForegroundColor Yellow
     Write-Host ""
     Write-Host "You can now run tasks unattended:" -ForegroundColor Cyan
     Write-Host "  .\Schedule-Maintenance.ps1 -ComputerListFile '.\shopfloor-pcs.txt' -Task Reboot"
@@ -113,7 +145,7 @@ if ($CreateScheduledTask) {
     $absListFile = (Resolve-Path $ComputerListFile -ErrorAction Stop).Path
     $absScript = Join-Path $scriptDir "Schedule-Maintenance.ps1"
 
-    if (-not (Test-Path $credFile)) {
+    if (-not (Test-Path $passFile)) {
         Write-Host "ERROR: No saved credentials found. Run with -SaveCredential first." -ForegroundColor Red
         exit 1
     }
@@ -177,20 +209,13 @@ if (-not $ComputerListFile) {
 }
 
 # Load saved credentials
-if (-not (Test-Path $credFile)) {
-    Write-Host "ERROR: No saved credentials found at $credFile" -ForegroundColor Red
+$cred = Load-SavedCredential
+if (-not $cred) {
+    Write-Host "ERROR: No saved credentials found in $credDir" -ForegroundColor Red
     Write-Host "Run with -SaveCredential first to store credentials." -ForegroundColor Yellow
     exit 1
 }
-
-try {
-    $cred = Import-Clixml -Path $credFile
-    Write-Host "Loaded saved credentials for: $($cred.UserName)" -ForegroundColor Green
-} catch {
-    Write-Host "ERROR: Failed to load credentials: $_" -ForegroundColor Red
-    Write-Host "Re-run with -SaveCredential to save new credentials." -ForegroundColor Yellow
-    exit 1
-}
+Write-Host "Loaded saved credentials for: $($cred.UserName)" -ForegroundColor Green
 
 # Log output
 $logDir = Join-Path $scriptDir "logs"
@@ -202,7 +227,41 @@ Write-Host "Log: $logFile" -ForegroundColor Gray
 
 $mainScript = Join-Path $scriptDir "Invoke-RemoteMaintenance.ps1"
 
-& $mainScript -ComputerListFile $ComputerListFile -Task $Task -Credential $cred 2>&1 | Tee-Object -FilePath $logFile
+Start-Transcript -Path $logFile -Force | Out-Null
+& $mainScript -ComputerListFile $ComputerListFile -Task $Task -Credential $cred
+Stop-Transcript | Out-Null
+
+# Parse log for results summary
+$logContent = Get-Content $logFile -ErrorAction SilentlyContinue
+$okPCs = @($logContent | Select-String '\[OK\]\s+(\S+)' | ForEach-Object { $_.Matches[0].Groups[1].Value })
+$failPCs = @($logContent | Select-String '\[FAIL\]\s+(\S+)' | ForEach-Object { $_.Matches[0].Groups[1].Value } | Where-Object { $_ -ne ':' } | Sort-Object -Unique)
+
+$summaryFile = Join-Path $logDir "LAST-RUN-SUMMARY.txt"
+$summary = @()
+$summary += "============================================"
+$summary += "  MAINTENANCE RESULTS - $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
+$summary += "  Task: $Task"
+$summary += "============================================"
+$summary += ""
+$summary += "SUCCEEDED: $($okPCs.Count)"
+foreach ($pc in $okPCs) { $summary += "  [OK]   $pc" }
+$summary += ""
+$summary += "FAILED: $($failPCs.Count)"
+foreach ($pc in $failPCs) { $summary += "  [FAIL] $pc" }
+$summary += ""
+$summary += "Full log: $logFile"
+
+$summary | Out-File -FilePath $summaryFile -Encoding UTF8
 
 Write-Host ""
 Write-Host "Complete. Log saved to: $logFile" -ForegroundColor Green
+Write-Host ""
+Write-Host "=== RESULTS ===" -ForegroundColor White
+Write-Host "  Succeeded: $($okPCs.Count)" -ForegroundColor Green
+foreach ($pc in $okPCs) { Write-Host "    $pc" -ForegroundColor Green }
+if ($failPCs.Count -gt 0) {
+    Write-Host "  Failed: $($failPCs.Count)" -ForegroundColor Red
+    foreach ($pc in $failPCs) { Write-Host "    $pc" -ForegroundColor Red }
+}
+Write-Host ""
+Write-Host "Summary also saved to: $summaryFile" -ForegroundColor Yellow
diff --git a/remote-execution/udc/UDC_Update.ps1 b/remote-execution/udc/UDC_Update.ps1
new file mode 100755
index 0000000..762087a
--- /dev/null
+++ b/remote-execution/udc/UDC_Update.ps1
@@ -0,0 +1,279 @@
+# ============================================
+# UDC Application Update Script (PowerShell)
+# ============================================
+
+param(
+    [string]$Version
+)
+
+# Set error action preference
+$ErrorActionPreference = "Stop"
+
+# Set variables
+$UDC_PATH = "C:\Program Files\UDC"
+$VERSION_FILE = "S:\SPC\UDC\UDC_Update.txt"
+$LOG_DIR = "S:\DT\Cameron\UDC\logs"
+
+# Get hostname and timestamp
+$HOSTNAME = $env:COMPUTERNAME
+$TIMESTAMP = Get-Date -Format "yyyyMMdd_HHmmss"
+$LOG_FILE = "$LOG_DIR\logs_$($HOSTNAME)_$TIMESTAMP.txt"
+
+# Flag to track if we should skip the update
+$SKIP_UPDATE = $false
+
+# Function to write logs
+function Write-Log {
+    param([string]$Message)
+    $LogMessage = "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] $Message"
+    Write-Host $Message
+    Add-Content -Path $LOG_FILE -Value $LogMessage -ErrorAction SilentlyContinue
+}
+
+# Create log directory if needed
+try {
+    if (-not (Test-Path $LOG_DIR)) {
+        New-Item -Path $LOG_DIR -ItemType Directory -Force | Out-Null
+    }
+} catch {
+    Write-Host "WARNING: Cannot access log directory $LOG_DIR"
+    Write-Host "Update will continue but logging is disabled."
+}
+
+Write-Log "============================================"
+Write-Log "UDC Update Script Started on $HOSTNAME"
+Write-Log "============================================"
+
+# ============================================
+# Step 1: Check if PPMon.exe or ppdcs.exe are running
+# ============================================
+Write-Host "Checking for conflicting processes..."
+$conflictingProcesses = Get-Process -Name "PPMon", "ppdcs" -ErrorAction SilentlyContinue
+
+if ($conflictingProcesses) {
+    foreach ($proc in $conflictingProcesses) {
+        Write-Log "$($proc.Name).exe is running. Skipping update process."
+        Write-Host "$($proc.Name).exe is running. Update will be skipped."
+    }
+    $SKIP_UPDATE = $true
+}
+
+# ============================================
+# Step 2: Check if UDC directory exists
+# ============================================
+Write-Host "Checking if UDC is installed..."
+if (-not (Test-Path $UDC_PATH)) {
+    Write-Log "UDC directory not found. Exiting."
+    Write-Host "UDC is not installed on this machine."
+    exit 0
+}
+
+# ============================================
+# Step 3: Check if UDC.exe exists
+# ============================================
+$UDC_EXE = "$UDC_PATH\UDC.exe"
+if (-not (Test-Path $UDC_EXE)) {
+    Write-Log "UDC.exe not found. Exiting."
+    Write-Host "UDC.exe not found in installation directory."
+    exit 0
+}
+
+# ============================================
+# ONLY PROCEED WITH UPDATE IF NOT SKIPPED
+# ============================================
+if (-not $SKIP_UPDATE) {
+    
+    # ============================================
+    # Step 4: Determine target version
+    # ============================================
+    if ($Version) {
+        $NETWORK_VERSION = $Version
+        Write-Host "Using override version: $NETWORK_VERSION"
+        Write-Log "Override version specified: $NETWORK_VERSION"
+    } else {
+        if (-not (Test-Path $VERSION_FILE)) {
+            Write-Log "Version file not found: $VERSION_FILE"
+            Write-Host "ERROR: Version file not found."
+            exit 1
+        }
+
+        Write-Host "Reading version information..."
+        try {
+            $versionContent = Get-Content $VERSION_FILE | Where-Object { $_ -match "Version:" }
+            $NETWORK_VERSION = ($versionContent -split ":")[1].Trim()
+
+            if ([string]::IsNullOrEmpty($NETWORK_VERSION)) {
+                throw "Could not parse network version"
+            }
+
+            Write-Host "Network version: $NETWORK_VERSION"
+            Write-Log "Network version: $NETWORK_VERSION"
+        } catch {
+            Write-Log "Could not read network version. Error: $_"
+            Write-Host "ERROR: Could not determine network version."
+            exit 1
+        }
+    }
+
+    # Build source path from version
+    $SOURCE_PATH = "S:\SPC\UDC\UDC_$NETWORK_VERSION"
+
+    # ============================================
+    # Step 5: Check if source files exist
+    # ============================================
+    if (-not (Test-Path $SOURCE_PATH)) {
+        Write-Log "Source path not found: $SOURCE_PATH"
+        Write-Host "ERROR: Update source files not found at $SOURCE_PATH"
+        exit 1
+    }
+
+    # ============================================
+    # Step 6: Get local UDC.exe version
+    # ============================================
+    try {
+        $fileVersion = (Get-Item $UDC_EXE).VersionInfo.FileVersion
+        # Trim to 3 parts if it has 4 (e.g., 1.0.30.0 -> 1.0.30)
+        $versionParts = $fileVersion.Split('.')
+        if ($versionParts.Count -eq 4) {
+            $LOCAL_VERSION = "$($versionParts[0]).$($versionParts[1]).$($versionParts[2])"
+        } else {
+            $LOCAL_VERSION = $fileVersion
+        }
+        
+        Write-Host "Local version: $LOCAL_VERSION"
+        Write-Log "Local version: $LOCAL_VERSION"
+    } catch {
+        Write-Log "Could not read local version. Error: $_"
+        Write-Host "ERROR: Could not determine local version."
+        exit 1
+    }
+
+    # ============================================
+    # Step 7: Compare versions
+    # ============================================
+    try {
+        $netVer = [version]$NETWORK_VERSION
+        $localVer = [version]$LOCAL_VERSION
+        
+        if ($netVer -eq $localVer) {
+            Write-Log "Versions match ($LOCAL_VERSION). No update needed."
+            Write-Host "Version is current. No update required."
+            $SKIP_UPDATE = $true
+        }
+        elseif ($netVer -le $localVer) {
+            Write-Log "Network version ($NETWORK_VERSION) not newer than local ($LOCAL_VERSION)."
+            Write-Host "Local version is current or newer. No update required."
+            $SKIP_UPDATE = $true
+        }
+        else {
+            Write-Host "Update required: $LOCAL_VERSION -> $NETWORK_VERSION"
+            Write-Log "Update required: $LOCAL_VERSION -> $NETWORK_VERSION"
+        }
+    } catch {
+        Write-Log "Error comparing versions. Error: $_"
+        Write-Host "ERROR: Could not compare versions."
+        exit 1
+    }
+
+    # ============================================
+    # Step 8: Perform update if needed
+    # ============================================
+    if (-not $SKIP_UPDATE) {
+        
+        # Kill UDC.exe if running
+        Write-Host "Checking if UDC.exe is running..."
+        $udcProcess = Get-Process -Name "UDC" -ErrorAction SilentlyContinue
+
+        if ($udcProcess) {
+            Write-Host "UDC.exe is running. Stopping process..."
+            Write-Log "Killing UDC.exe"
+            try {
+                Stop-Process -Name "UDC" -Force
+                Start-Sleep -Seconds 2
+                Write-Log "UDC.exe stopped successfully"
+            } catch {
+                Write-Log "Warning: Could not stop UDC.exe. Error: $_"
+                Write-Host "WARNING: Could not stop UDC.exe"
+            }
+        }
+
+        # Copy update files
+        Write-Host "Copying update files..."
+        Write-Log "Copying files from $SOURCE_PATH to $UDC_PATH"
+
+        try {
+            # Use robocopy for better performance and logging
+            $robocopyArgs = @(
+                $SOURCE_PATH,
+                $UDC_PATH,
+                "/E",      # Copy subdirectories including empty ones
+                "/NFL",    # No file list
+                "/NDL",    # No directory list
+                "/NJH",    # No job header
+                "/NJS",    # No job summary
+                "/NC",     # No class
+                "/NS",     # No size
+                "/NP"      # No progress
+            )
+            
+            $result = robocopy @robocopyArgs
+            
+            # Robocopy exit codes: 0-7 are success, 8+ are errors
+            if ($LASTEXITCODE -ge 8) {
+                throw "Robocopy failed with exit code $LASTEXITCODE"
+            }
+            
+            Write-Host "Files copied successfully."
+            Write-Log "Files copied successfully."
+        } catch {
+            Write-Log "ERROR: File copy failed. Error: $_"
+            Write-Host "ERROR: Failed to copy update files."
+            exit 1
+        }
+    }
+}
+
+# ============================================
+# Step 9: Ensure UDC.exe is running (ONLY if no conflicting processes)
+# ============================================
+# Re-check for conflicting processes before starting UDC
+$conflictingProcesses = Get-Process -Name "PPMon", "ppdcs" -ErrorAction SilentlyContinue
+
+if ($conflictingProcesses) {
+    Write-Log "Conflicting processes still running. Will not start UDC.exe"
+    Write-Host "Conflicting processes detected. UDC.exe will not be started."
+} else {
+    Write-Host "Verifying UDC.exe is running..."
+    $udcProcess = Get-Process -Name "UDC" -ErrorAction SilentlyContinue
+
+    if (-not $udcProcess) {
+        Write-Host "UDC.exe is not running. Starting it now..."
+        Write-Log "UDC.exe not running. Starting UDC.exe"
+        
+        try {
+            Start-Process -FilePath $UDC_EXE
+            Start-Sleep -Seconds 2
+            
+            # Verify it started
+            $udcProcess = Get-Process -Name "UDC" -ErrorAction SilentlyContinue
+            
+            if ($udcProcess) {
+                Write-Log "UDC.exe started successfully."
+                Write-Host "UDC.exe started successfully!"
+            } else {
+                Write-Log "WARNING: UDC.exe may not have started."
+                Write-Host "WARNING: UDC.exe may not have started properly."
+            }
+        } catch {
+            Write-Log "WARNING: Could not start UDC.exe. Error: $_"
+            Write-Host "WARNING: Could not start UDC.exe"
+        }
+    } else {
+        Write-Log "UDC.exe is already running."
+        Write-Host "UDC.exe is already running."
+    }
+}
+
+Write-Log "UDC Update Script Completed"
+Write-Log "============================================"
+exit 0
\ No newline at end of file
diff --git a/remote-execution/udc/udc_update.bat b/remote-execution/udc/udc_update.bat
new file mode 100755
index 0000000..48f32ee
--- /dev/null
+++ b/remote-execution/udc/udc_update.bat
@@ -0,0 +1,8 @@
+@echo off
+:: ============================================
+:: UDC Update PowerShell Launcher
+:: ============================================
+
+powershell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""U:/Scripts/UDC/UDC_Update.ps1""' -Verb RunAs}"
+
+exit /b %ERRORLEVEL%
diff --git a/remote-execution/udc/udc_update_override.bat b/remote-execution/udc/udc_update_override.bat
new file mode 100644
index 0000000..e7568e8
--- /dev/null
+++ b/remote-execution/udc/udc_update_override.bat
@@ -0,0 +1,11 @@
+@echo off
+:: ============================================
+:: UDC Update Override Launcher
+:: Edit the version below to force a specific update
+:: ============================================
+
+set "UDC_VERSION=1.0.32"
+
+powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "& 'U:/Scripts/UDC/UDC_Update.ps1' -Version '%UDC_VERSION%'"
+
+exit /b %ERRORLEVEL%
diff --git a/winrm-setup-package/Invoke-RemoteTask.ps1 b/winrm-setup-package/Invoke-RemoteTask.ps1
new file mode 100644
index 0000000..0106cc1
--- /dev/null
+++ b/winrm-setup-package/Invoke-RemoteTask.ps1
@@ -0,0 +1,535 @@
+<#
+.SYNOPSIS
+    Simple remote maintenance toolkit for Windows PCs via WinRM.
+
+.DESCRIPTION
+    Executes maintenance tasks on remote Windows PCs using WinRM.
+    Reads target computers from a text file (one hostname/IP per line).
+
+.PARAMETER HostsFile
+    Path to text file containing computer names/IPs (one per line).
+    Lines starting with # are treated as comments.
+    Default: .\hosts.txt
+
+.PARAMETER ComputerName
+    Single computer name or IP address (alternative to HostsFile).
+
+.PARAMETER Task
+    Maintenance task to execute. Available tasks:
+      - RestartSpooler   : Restart Print Spooler service
+      - FlushDNS         : Clear DNS resolver cache
+      - ClearTempFiles   : Clear Windows temp files
+      - DiskCleanup      : Run Windows Disk Cleanup
+      - OptimizeDisk     : TRIM (SSD) or Defrag (HDD)
+      - SyncTime         : Force time sync with domain controller
+      - RestartService   : Restart a specific Windows service
+      - RunCommand       : Run a custom command
+      - RestartComputer  : Restart the remote PC (requires confirmation)
+
+.PARAMETER ServiceName
+    Service name for RestartService task.
+
+.PARAMETER Command
+    Custom command for RunCommand task.
+
+.PARAMETER Credential
+    PSCredential for remote authentication. Prompts if not provided.
+
+.PARAMETER DnsSuffix
+    DNS suffix to append to hostnames (if not already FQDN).
+    Default: logon.ds.ge.com
+
+.PARAMETER ThrottleLimit
+    Maximum number of concurrent remote connections.
+    Default: 10
+
+.PARAMETER LogResults
+    Save results to a timestamped log file in the script directory.
+    Log files are saved as: RemoteTask_YYYYMMDD_HHMMSS.log
+
+.EXAMPLE
+    # Restart print spooler on all hosts in hosts.txt
+    .\Invoke-RemoteTask.ps1 -Task RestartSpooler
+
+.EXAMPLE
+    # Flush DNS on a single computer
+    .\Invoke-RemoteTask.ps1 -ComputerName "PC001" -Task FlushDNS
+
+.EXAMPLE
+    # Run disk cleanup on hosts from custom file
+    .\Invoke-RemoteTask.ps1 -HostsFile ".\shopfloor-pcs.txt" -Task DiskCleanup
+
+.EXAMPLE
+    # Restart a specific service
+    .\Invoke-RemoteTask.ps1 -Task RestartService -ServiceName "Spooler"
+
+.EXAMPLE
+    # Run custom command
+    .\Invoke-RemoteTask.ps1 -Task RunCommand -Command "Get-Process | Select -First 5"
+
+.NOTES
+    Author: Shop Floor Tools
+    Requirements: PowerShell 5.1+, WinRM enabled on targets
+#>
+
+[CmdletBinding(DefaultParameterSetName='ByFile')]
+param(
+    [Parameter(ParameterSetName='ByFile')]
+    [string]$HostsFile = ".\hosts.txt",
+
+    [Parameter(ParameterSetName='ByName')]
+    [string[]]$ComputerName,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateSet(
+        'RestartSpooler', 'FlushDNS', 'ClearTempFiles', 'DiskCleanup',
+        'OptimizeDisk', 'SyncTime', 'RestartService', 'RunCommand',
+        'GetDiskSpace', 'GetUptime', 'TestConnection', 'RestartComputer'
+    )]
+    [string]$Task,
+
+    [Parameter()]
+    [string]$ServiceName,
+
+    [Parameter()]
+    [string]$Command,
+
+    [Parameter()]
+    [PSCredential]$Credential,
+
+    [Parameter()]
+    [string]$DnsSuffix = "logon.ds.ge.com",
+
+    [Parameter()]
+    [int]$ThrottleLimit = 10,
+
+    [Parameter()]
+    [switch]$LogResults
+)
+
+# =============================================================================
+# Helper Functions
+# =============================================================================
+
+function Write-Log {
+    param([string]$Message, [string]$Level = "INFO")
+    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+    $color = switch ($Level) {
+        "ERROR"   { "Red" }
+        "WARNING" { "Yellow" }
+        "SUCCESS" { "Green" }
+        "TASK"    { "Cyan" }
+        default   { "White" }
+    }
+    Write-Host "[$timestamp] [$Level] $Message" -ForegroundColor $color
+}
+
+# =============================================================================
+# Task Scriptblocks
+# =============================================================================
+
+$TaskScripts = @{
+
+    'RestartSpooler' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            Stop-Service -Name Spooler -Force -ErrorAction Stop
+            $queuePath = "$env:SystemRoot\System32\spool\PRINTERS"
+            if (Test-Path $queuePath) { Remove-Item "$queuePath\*" -Force -ErrorAction SilentlyContinue }
+            Start-Service -Name Spooler -ErrorAction Stop
+            $status = (Get-Service -Name Spooler).Status
+            $result.Success = ($status -eq 'Running')
+            $result.Output = "Print Spooler restarted. Status: $status"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'FlushDNS' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $flushResult = & ipconfig /flushdns 2>&1
+            $result.Output = ($flushResult -join " ").Trim()
+            $result.Success = $true
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'ClearTempFiles' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null; FilesDeleted = 0 }
+        try {
+            $tempPaths = @("$env:TEMP", "$env:SystemRoot\Temp")
+            foreach ($path in $tempPaths) {
+                if (Test-Path $path) {
+                    $files = Get-ChildItem -Path $path -Recurse -Force -ErrorAction SilentlyContinue
+                    foreach ($file in $files) {
+                        try { Remove-Item $file.FullName -Force -Recurse -ErrorAction SilentlyContinue; $result.FilesDeleted++ } catch { }
+                    }
+                }
+            }
+            $result.Success = $true
+            $result.Output = "Deleted $($result.FilesDeleted) temp files"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'DiskCleanup' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null; SpaceFreedMB = 0 }
+        try {
+            $initialFree = (Get-PSDrive C).Free
+            $cleanupPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches"
+            $categories = @("Temporary Files", "Temporary Setup Files", "Old ChkDsk Files", "Windows Update Cleanup", "Recycle Bin")
+            foreach ($cat in $categories) {
+                $catPath = Join-Path $cleanupPath $cat
+                if (Test-Path $catPath) { Set-ItemProperty -Path $catPath -Name "StateFlags0100" -Value 2 -ErrorAction SilentlyContinue }
+            }
+            Start-Process -FilePath "cleanmgr.exe" -ArgumentList "/sagerun:100" -Wait -WindowStyle Hidden
+            Start-Sleep -Seconds 2
+            $finalFree = (Get-PSDrive C).Free
+            $result.SpaceFreedMB = [math]::Round(($finalFree - $initialFree) / 1MB, 0)
+            $result.Success = $true
+            $result.Output = "Disk cleanup completed. Space freed: $($result.SpaceFreedMB) MB"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'OptimizeDisk' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $volumes = Get-Volume | Where-Object { $_.DriveType -eq 'Fixed' -and $_.DriveLetter }
+            $optimized = @()
+            foreach ($vol in $volumes) {
+                $driveLetter = $vol.DriveLetter
+                $physicalDisk = Get-PhysicalDisk | Where-Object { $_.DeviceId -eq (Get-Partition -DriveLetter $driveLetter -ErrorAction SilentlyContinue).DiskNumber }
+                $mediaType = if ($physicalDisk) { $physicalDisk.MediaType } else { "Unknown" }
+                try {
+                    if ($mediaType -eq 'SSD') { Optimize-Volume -DriveLetter $driveLetter -ReTrim -ErrorAction Stop; $action = "TRIM" }
+                    else { Optimize-Volume -DriveLetter $driveLetter -Defrag -ErrorAction Stop; $action = "Defrag" }
+                    $optimized += "${driveLetter}:($action)"
+                } catch { $optimized += "${driveLetter}:(Failed)" }
+            }
+            $result.Success = $true
+            $result.Output = "Optimized: $($optimized -join ', ')"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'SyncTime' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $source = (& w32tm /query /source 2>&1) -join " "
+            $syncResult = & w32tm /resync /force 2>&1
+            $result.Success = ($syncResult -match "success" -or $LASTEXITCODE -eq 0)
+            $result.Output = "Time synced with $source. Current: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'RestartService' = {
+        param($ServiceName)
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        if (-not $ServiceName) { $result.Error = "ServiceName parameter required"; return $result }
+        try {
+            Restart-Service -Name $ServiceName -Force -ErrorAction Stop
+            $status = (Get-Service -Name $ServiceName).Status
+            $result.Success = ($status -eq 'Running')
+            $result.Output = "Service '$ServiceName' restarted. Status: $status"
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'RunCommand' = {
+        param($Command)
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        if (-not $Command) { $result.Error = "Command parameter required"; return $result }
+        try {
+            $output = Invoke-Expression $Command 2>&1
+            $result.Output = ($output | Out-String).Trim()
+            $result.Success = $true
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'GetDiskSpace' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $drives = Get-PSDrive -PSProvider FileSystem | Where-Object { $_.Used -ne $null }
+            $info = foreach ($drive in $drives) {
+                $freeGB = [math]::Round($drive.Free / 1GB, 1)
+                $usedGB = [math]::Round($drive.Used / 1GB, 1)
+                $totalGB = $freeGB + $usedGB
+                $pctFree = if ($totalGB -gt 0) { [math]::Round(($freeGB / $totalGB) * 100, 0) } else { 0 }
+                "$($drive.Name): $freeGB GB free ($pctFree%)"
+            }
+            $result.Output = $info -join ", "
+            $result.Success = $true
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'GetUptime' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $os = Get-CimInstance -ClassName Win32_OperatingSystem
+            $uptime = (Get-Date) - $os.LastBootUpTime
+            $result.Output = "Up $([math]::Floor($uptime.TotalDays))d $($uptime.Hours)h $($uptime.Minutes)m (Last boot: $($os.LastBootUpTime.ToString('yyyy-MM-dd HH:mm')))"
+            $result.Success = $true
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+
+    'TestConnection' = {
+        $result = @{ Success = $true; Hostname = $env:COMPUTERNAME; Output = "Connection successful"; Error = $null }
+        return $result
+    }
+
+    'RestartComputer' = {
+        $result = @{ Success = $false; Hostname = $env:COMPUTERNAME; Output = ""; Error = $null }
+        try {
+            $result.Output = "Restart initiated"
+            $result.Success = $true
+            # Schedule restart in 5 seconds to allow response to return
+            Start-Process -FilePath "shutdown.exe" -ArgumentList "/r /t 5 /c `"Remote restart initiated via WinRM`"" -NoNewWindow
+        } catch { $result.Error = $_.Exception.Message }
+        return $result
+    }
+}
+
+# =============================================================================
+# Main Execution
+# =============================================================================
+
+Write-Host ""
+Write-Host ("=" * 60) -ForegroundColor Cyan
+Write-Host "  Remote Task Executor - Task: $Task" -ForegroundColor Cyan
+Write-Host ("=" * 60) -ForegroundColor Cyan
+Write-Host ""
+
+# Validate task-specific parameters
+if ($Task -eq 'RestartService' -and -not $ServiceName) {
+    Write-Log "ServiceName parameter is required for RestartService task" -Level "ERROR"
+    exit 1
+}
+if ($Task -eq 'RunCommand' -and -not $Command) {
+    Write-Log "Command parameter is required for RunCommand task" -Level "ERROR"
+    exit 1
+}
+if ($Task -eq 'RestartComputer') {
+    Write-Host ""
+    Write-Host "WARNING: This will restart the target computer(s)!" -ForegroundColor Yellow
+    $confirm = Read-Host "Type 'YES' to confirm"
+    if ($confirm -ne 'YES') {
+        Write-Log "Restart cancelled by user" -Level "WARNING"
+        exit 0
+    }
+}
+
+# Get credentials
+if (-not $Credential) {
+    Write-Log "Enter credentials for remote PCs:" -Level "INFO"
+    $Credential = Get-Credential -Message "Enter admin credentials for remote PCs"
+    if (-not $Credential) {
+        Write-Log "Credentials required. Exiting." -Level "ERROR"
+        exit 1
+    }
+}
+
+# Build computer list
+$computers = @()
+
+if ($ComputerName) {
+    $computers = $ComputerName
+} else {
+    if (-not (Test-Path $HostsFile)) {
+        Write-Log "Hosts file not found: $HostsFile" -Level "ERROR"
+        Write-Log "Create a text file with one hostname or IP per line." -Level "INFO"
+        exit 1
+    }
+    $computers = Get-Content $HostsFile | Where-Object { $_.Trim() -and -not $_.StartsWith("#") }
+}
+
+if ($computers.Count -eq 0) {
+    Write-Log "No computers specified." -Level "ERROR"
+    exit 1
+}
+
+Write-Log "Target computers: $($computers.Count)" -Level "INFO"
+Write-Host ""
+
+# Build FQDNs if DNS suffix provided
+$targets = $computers | ForEach-Object {
+    $name = $_.Trim()
+    if ($DnsSuffix -and $name -notlike "*.*") {
+        "$name.$DnsSuffix"
+    } else {
+        $name
+    }
+}
+
+# Get the scriptblock
+$scriptBlock = $TaskScripts[$Task]
+
+# Create session options
+$sessionOption = New-PSSessionOption -OpenTimeout 30000 -OperationTimeout 300000 -NoMachineProfile
+
+Write-Log "Executing on $($targets.Count) computer(s) in parallel (ThrottleLimit: $ThrottleLimit)..." -Level "INFO"
+Write-Host ""
+
+# Build arguments for tasks that need them
+$taskArgs = @()
+if ($Task -eq 'RestartService') { $taskArgs = @($ServiceName) }
+if ($Task -eq 'RunCommand') { $taskArgs = @($Command) }
+
+# Show progress indicator
+$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
+Write-Host "  [" -NoNewline
+Write-Host "Running..." -ForegroundColor Yellow -NoNewline
+Write-Host "] Please wait..." -NoNewline
+
+# Execute on all remote computers in parallel using Invoke-Command
+$results = @()
+$connectionErrors = @()
+
+try {
+    if ($taskArgs.Count -gt 0) {
+        $results = Invoke-Command -ComputerName $targets -ScriptBlock $scriptBlock -ArgumentList $taskArgs `
+            -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate `
+            -ThrottleLimit $ThrottleLimit -ErrorAction SilentlyContinue -ErrorVariable connectionErrors
+    } else {
+        $results = Invoke-Command -ComputerName $targets -ScriptBlock $scriptBlock `
+            -Credential $Credential -SessionOption $sessionOption -Authentication Negotiate `
+            -ThrottleLimit $ThrottleLimit -ErrorAction SilentlyContinue -ErrorVariable connectionErrors
+    }
+} catch {
+    Write-Host ""
+    Write-Log "Execution error: $($_.Exception.Message)" -Level "ERROR"
+}
+
+$stopwatch.Stop()
+$elapsed = $stopwatch.Elapsed.TotalSeconds
+
+# Clear the progress line
+Write-Host "`r" -NoNewline
+Write-Host (" " * 60) -NoNewline
+Write-Host "`r" -NoNewline
+Write-Log "Completed in $([math]::Round($elapsed, 1)) seconds" -Level "INFO"
+Write-Host ""
+
+# Collect all results (successes, failures, connection errors)
+$allResults = @()
+$successCount = 0
+$failCount = 0
+
+foreach ($result in $results) {
+    $status = if ($result.Success) { "OK"; $successCount++ } else { "FAIL"; $failCount++ }
+    $message = if ($result.Success) { $result.Output } else { $result.Error }
+    $allResults += [PSCustomObject]@{
+        Status = $status
+        Computer = $result.Hostname
+        Message = $message
+    }
+}
+
+# Process connection errors
+foreach ($err in $connectionErrors) {
+    $targetName = if ($err.TargetObject) { $err.TargetObject } else { "Unknown" }
+    # Extract just the computer name from FQDN for display
+    $shortName = ($targetName -split '\.')[0]
+    $errorMsg = $err.Exception.Message -replace '\r?\n', ' '
+    # Truncate long error messages
+    if ($errorMsg.Length -gt 60) { $errorMsg = $errorMsg.Substring(0, 57) + "..." }
+    $allResults += [PSCustomObject]@{
+        Status = "FAIL"
+        Computer = $shortName
+        Message = $errorMsg
+    }
+    $failCount++
+}
+
+# Sort results: failures first, then successes
+$allResults = $allResults | Sort-Object @{Expression={$_.Status}; Descending=$true}, Computer
+
+# Display results in a formatted table
+Write-Host "  STATUS   COMPUTER             RESULT" -ForegroundColor Cyan
+Write-Host "  ------   --------             ------" -ForegroundColor Cyan
+
+foreach ($r in $allResults) {
+    $statusColor = if ($r.Status -eq "OK") { "Green" } else { "Red" }
+    $statusIcon = if ($r.Status -eq "OK") { "[OK]  " } else { "[FAIL]" }
+
+    # Pad/truncate computer name to 20 chars
+    $compName = $r.Computer
+    if ($compName.Length -gt 18) { $compName = $compName.Substring(0, 15) + "..." }
+    $compName = $compName.PadRight(20)
+
+    # Truncate message if too long
+    $msg = $r.Message
+    if ($msg.Length -gt 50) { $msg = $msg.Substring(0, 47) + "..." }
+
+    Write-Host "  " -NoNewline
+    Write-Host $statusIcon -ForegroundColor $statusColor -NoNewline
+    Write-Host " $compName " -NoNewline
+    Write-Host $msg -ForegroundColor $(if ($r.Status -eq "OK") { "White" } else { "Yellow" })
+}
+
+Write-Host ""
+
+# Summary
+Write-Host ""
+Write-Host ("=" * 60) -ForegroundColor Cyan
+Write-Host "  SUMMARY" -ForegroundColor Cyan
+Write-Host ("=" * 60) -ForegroundColor Cyan
+Write-Host "  Task:       $Task" -ForegroundColor White
+Write-Host "  Total:      $($computers.Count)" -ForegroundColor White
+Write-Host "  Successful: $successCount" -ForegroundColor Green
+Write-Host "  Failed:     $failCount" -ForegroundColor $(if ($failCount -gt 0) { "Red" } else { "White" })
+Write-Host ("=" * 60) -ForegroundColor Cyan
+Write-Host ""
+
+# Save to log file if requested
+if ($LogResults) {
+    $scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+    if (-not $scriptDir) { $scriptDir = Get-Location }
+    $logTimestamp = Get-Date -Format "yyyyMMdd_HHmmss"
+    $logFile = Join-Path $scriptDir "RemoteTask_$logTimestamp.log"
+
+    $logContent = @()
+    $logContent += "=" * 60
+    $logContent += "Remote Task Execution Log"
+    $logContent += "=" * 60
+    $logContent += "Date/Time:    $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
+    $logContent += "Task:         $Task"
+    $logContent += "Targets:      $($computers.Count)"
+    $logContent += "ThrottleLimit: $ThrottleLimit"
+    $logContent += "Elapsed:      $([math]::Round($elapsed, 1)) seconds"
+    if ($ServiceName) { $logContent += "ServiceName:  $ServiceName" }
+    if ($Command) { $logContent += "Command:      $Command" }
+    $logContent += ""
+    $logContent += "=" * 60
+    $logContent += "RESULTS"
+    $logContent += "=" * 60
+    $logContent += ""
+    $logContent += "STATUS     COMPUTER                     RESULT"
+    $logContent += "------     --------                     ------"
+
+    foreach ($r in $allResults) {
+        $statusText = if ($r.Status -eq "OK") { "[OK]    " } else { "[FAIL]  " }
+        $compText = $r.Computer.PadRight(28)
+        $logContent += "$statusText $compText $($r.Message)"
+    }
+
+    $logContent += ""
+    $logContent += "=" * 60
+    $logContent += "SUMMARY"
+    $logContent += "=" * 60
+    $logContent += "Total:      $($computers.Count)"
+    $logContent += "Successful: $successCount"
+    $logContent += "Failed:     $failCount"
+    $logContent += "=" * 60
+
+    $logContent | Out-File -FilePath $logFile -Encoding UTF8
+    Write-Log "Results saved to: $logFile" -Level "SUCCESS"
+    Write-Host ""
+}
+
+# Results are displayed above and optionally saved to log file
+# To capture results programmatically, use: $results = Invoke-Command ... directly
diff --git a/winrm-setup-package/README.md b/winrm-setup-package/README.md
new file mode 100644
index 0000000..ad83cf5
--- /dev/null
+++ b/winrm-setup-package/README.md
@@ -0,0 +1,296 @@
+# WinRM Setup Package for Shopfloor PCs
+
+This package provides scripts to configure WinRM (Windows Remote Management) on shopfloor PCs and execute remote maintenance tasks.
+
+## Contents
+
+| File | Description |
+|------|-------------|
+| `Setup-WinRM.bat` | Run on each PC to enable and configure WinRM |
+| `Invoke-RemoteTask.ps1` | PowerShell script to execute tasks on remote PCs |
+| `hosts.txt` | List of target computers (edit before use) |
+| `README.md` | This documentation |
+
+---
+
+## Quick Start
+
+### Step 1: Configure Your Admin Workstation
+
+Before connecting to remote PCs, run this once on your admin workstation (as Administrator):
+
+```powershell
+Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*.logon.ds.ge.com" -Force
+```
+
+This allows your workstation to connect to any PC in the domain.
+
+### Step 2: Configure the Setup Script
+
+Edit `Setup-WinRM.bat` and update these values at the top:
+
+```batch
+REM Default security group - who can use WinRM to connect
+set "DEFAULT_SECURITY_GROUP=logon\groupid"
+
+REM Where to log the inventory CSV (network share recommended)
+set "DEFAULT_LOG_PATH=\\server\share\winrm-inventory"
+
+REM Domain suffix for TrustedHosts
+set "TRUSTED_DOMAIN=*.logon.ds.ge.com"
+
+REM Optional: Trust a specific subnet (uncomment and set)
+REM set "TRUSTED_SUBNET=10.48.130.*"
+```
+
+### Step 3: Create Security Group in Active Directory
+
+1. Open **Active Directory Users and Computers**
+2. Create a new Security Group (or use existing group matching `groupid`)
+3. Add users who should have remote management access
+
+### Step 4: Run Setup on Each Shopfloor PC
+
+Run as Administrator on each PC:
+
+```cmd
+Setup-WinRM.bat
+```
+
+Or with parameters:
+```cmd
+Setup-WinRM.bat "logon\groupid" "\\server\share\winrm-inventory"
+```
+
+The script will:
+- Enable WinRM service
+- Configure authentication (Negotiate/Kerberos)
+- Set firewall rules (domain profile only)
+- Restrict access to the security group
+- Log hostname/IP to CSV inventory
+
+### Step 5: Run Remote Tasks
+
+From your admin workstation, edit `hosts.txt` with target PCs, then:
+
+```powershell
+# Test connectivity
+.\Invoke-RemoteTask.ps1 -Task TestConnection
+
+# Restart print spooler on all hosts
+.\Invoke-RemoteTask.ps1 -Task RestartSpooler
+
+# Check disk space
+.\Invoke-RemoteTask.ps1 -Task GetDiskSpace
+
+# Run on a single PC
+.\Invoke-RemoteTask.ps1 -ComputerName "PC001" -Task FlushDNS
+```
+
+---
+
+## Setup Script Details
+
+### What Setup-WinRM.bat Configures
+
+| Setting | Value | Purpose |
+|---------|-------|---------|
+| WinRM Service | Auto-start | Ensures WinRM starts on boot |
+| AllowUnencrypted | false | Security: require encrypted connections |
+| Negotiate Auth | true | Enables Kerberos/NTLM authentication |
+| CredSSP Auth | true | Enables credential delegation (double-hop) |
+| Firewall | Domain profile | Opens port 5985 for domain connections only |
+| TrustedHosts | *.logon.ds.ge.com | Trusts domain-joined PCs |
+| RootSDDL | Security group | Restricts who can connect |
+
+### CSV Inventory
+
+The setup script logs each PC to a CSV file:
+
+```csv
+Hostname,IPAddress,SetupDate,OSVersion,SecurityGroup
+PC001,10.48.130.101,2026-01-08 09:30:00,10.0,logon\groupid
+PC002,10.48.130.102,2026-01-08 09:35:00,10.0,logon\groupid
+```
+
+You can use this CSV as your hosts file:
+```powershell
+# Extract hostnames from CSV
+Import-Csv "\\server\share\winrm-inventory\winrm-inventory.csv" |
+    Select-Object -ExpandProperty Hostname |
+    Set-Content .\hosts.txt
+```
+
+---
+
+## Available Remote Tasks
+
+| Task | Description |
+|------|-------------|
+| `TestConnection` | Verify WinRM connectivity |
+| `GetUptime` | Show system uptime and last boot time |
+| `GetDiskSpace` | Show free space on all drives |
+| `RestartSpooler` | Restart Print Spooler service |
+| `FlushDNS` | Clear DNS resolver cache |
+| `ClearTempFiles` | Delete Windows temp files |
+| `DiskCleanup` | Run Windows Disk Cleanup |
+| `OptimizeDisk` | TRIM (SSD) or Defrag (HDD) |
+| `SyncTime` | Force time sync with domain controller |
+| `RestartService` | Restart any Windows service (requires `-ServiceName`) |
+| `RunCommand` | Run custom PowerShell command (requires `-Command`) |
+| `RestartComputer` | Restart the remote PC (requires YES confirmation) |
+
+### Examples
+
+```powershell
+# Check uptime on all hosts
+.\Invoke-RemoteTask.ps1 -Task GetUptime
+
+# Restart a specific service
+.\Invoke-RemoteTask.ps1 -Task RestartService -ServiceName "Spooler"
+
+# Run custom command
+.\Invoke-RemoteTask.ps1 -Task RunCommand -Command "Get-Process | Sort CPU -Desc | Select -First 5"
+
+# Use custom hosts file
+.\Invoke-RemoteTask.ps1 -HostsFile ".\cnc-machines.txt" -Task FlushDNS
+
+# Specify DNS suffix for short hostnames
+.\Invoke-RemoteTask.ps1 -DnsSuffix "logon.ds.ge.com" -Task TestConnection
+
+# Restart a remote PC (will prompt for confirmation)
+.\Invoke-RemoteTask.ps1 -ComputerName "PC001" -Task RestartComputer
+
+# Increase parallelism for faster execution on many PCs
+.\Invoke-RemoteTask.ps1 -Task FlushDNS -ThrottleLimit 20
+
+# Save results to a log file
+.\Invoke-RemoteTask.ps1 -Task GetDiskSpace -LogResults
+```
+
+### Logging Results
+
+Use `-LogResults` to save task output to a timestamped log file in the script directory:
+
+```powershell
+.\Invoke-RemoteTask.ps1 -Task RestartSpooler -LogResults
+# Creates: RemoteTask_20260108_143022.log
+```
+
+Log files contain:
+- Task name and parameters
+- Execution time
+- Status of each computer (OK/FAIL)
+- Result messages
+- Summary totals
+
+### Targeting Multiple PCs
+
+```powershell
+# Comma-separated list
+.\Invoke-RemoteTask.ps1 -ComputerName "PC001","PC002","PC003" -Task GetUptime
+
+# Array variable
+$pcs = @("PC001", "PC002", "PC003")
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task FlushDNS
+
+# From hosts.txt file (default)
+.\Invoke-RemoteTask.ps1 -Task RestartSpooler
+
+# From CSV inventory
+$pcs = (Import-Csv "\\server\share\winrm-inventory.csv").Hostname
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task GetDiskSpace
+
+# From Active Directory query
+$pcs = (Get-ADComputer -Filter "Name -like 'SHOPFLOOR-*'").Name
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task SyncTime
+```
+
+All commands run in parallel (default: 10 concurrent connections, adjust with `-ThrottleLimit`).
+
+---
+
+## Troubleshooting
+
+### "Access Denied" when connecting
+
+1. Verify you're a member of the WinRM security group
+2. Check that your credentials are correct
+3. Verify the target PC ran Setup-WinRM.bat successfully
+
+### "WinRM cannot complete the operation"
+
+1. Verify the target PC is reachable: `ping PC001`
+2. Check WinRM is running on target: `sc query winrm` (on target PC)
+3. Verify firewall allows port 5985
+
+### "The WinRM client cannot process the request"
+
+1. Add target to TrustedHosts on your admin workstation:
+   ```powershell
+   Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*.logon.ds.ge.com" -Force
+   ```
+
+### Test WinRM Configuration
+
+On your admin workstation:
+```powershell
+# Test basic connectivity
+Test-WSMan -ComputerName PC001
+
+# Test with credentials
+$cred = Get-Credential
+Test-WSMan -ComputerName PC001 -Credential $cred -Authentication Negotiate
+
+# Enter interactive session
+Enter-PSSession -ComputerName PC001 -Credential $cred -Authentication Negotiate
+```
+
+On the target PC:
+```cmd
+winrm enumerate winrm/config/listener
+winrm get winrm/config/service
+```
+
+---
+
+## Security Considerations
+
+1. **Use Security Groups**: Always restrict WinRM access to a specific AD group
+2. **Domain Profile Only**: Firewall rules only allow connections on domain networks
+3. **No Unencrypted Traffic**: AllowUnencrypted is set to false
+4. **Audit Access**: Enable Windows Security auditing for logon events
+5. **Credential Protection**: Use dedicated admin accounts, not personal accounts
+
+---
+
+## Adding Custom Tasks
+
+Edit `Invoke-RemoteTask.ps1` and add to the `$TaskScripts` hashtable:
+
+```powershell
+'MyCustomTask' = {
+    $result = @{
+        Success = $false
+        Hostname = $env:COMPUTERNAME
+        Output = ""
+        Error = $null
+    }
+    try {
+        # Your code here
+        $result.Output = "Task completed"
+        $result.Success = $true
+    } catch {
+        $result.Error = $_.Exception.Message
+    }
+    return $result
+}
+```
+
+Then add the task name to the `ValidateSet` in the param block.
+
+---
+
+## Support
+
+For issues or questions, contact your IT support team.
diff --git a/winrm-setup-package/Setup-WinRM.bat b/winrm-setup-package/Setup-WinRM.bat
new file mode 100644
index 0000000..df92c65
--- /dev/null
+++ b/winrm-setup-package/Setup-WinRM.bat
@@ -0,0 +1,269 @@
+@echo off
+REM ============================================================================
+REM WinRM Setup Script for Shopfloor PCs
+REM ============================================================================
+REM
+REM PURPOSE: Configures WinRM on a Windows PC and restricts access to members
+REM          of a specific Active Directory security group. Logs setup to CSV.
+REM
+REM USAGE:   Run as Administrator on each shopfloor PC
+REM          Setup-WinRM.bat [SecurityGroupName] [LogPath]
+REM
+REM EXAMPLE: Setup-WinRM.bat "logon\groupid" "\\server\share\winrm-inventory"
+REM
+REM REQUIREMENTS:
+REM   - Must be run as Administrator
+REM   - PC must be domain-joined
+REM   - Security group must exist in Active Directory
+REM
+REM ============================================================================
+
+setlocal EnableDelayedExpansion
+
+REM Check for admin privileges
+net session >nul 2>&1
+if %ERRORLEVEL% neq 0 (
+    echo.
+    echo ERROR: This script must be run as Administrator.
+    echo Right-click and select "Run as administrator"
+    echo.
+    pause
+    exit /b 1
+)
+
+REM ============================================================================
+REM Configuration - EDIT THESE VALUES FOR YOUR ENVIRONMENT
+REM ============================================================================
+
+REM Default security group (can be overridden by parameter)
+set "DEFAULT_SECURITY_GROUP=logon\groupid"
+
+REM Default log path for CSV inventory (can be overridden by parameter)
+REM Use a network share that all PCs can write to
+set "DEFAULT_LOG_PATH=\\server\share\winrm-inventory"
+
+REM Domain suffix for TrustedHosts (e.g., *.logon.ds.ge.com)
+set "TRUSTED_DOMAIN=*.logon.ds.ge.com"
+
+REM Optional: Trusted subnets - comma-separated (leave empty to skip)
+REM For /24 subnet: "10.48.130.*"
+REM For /23 subnet: "10.48.130.*,10.48.131.*"
+REM For /22 subnet: "10.48.128.*,10.48.129.*,10.48.130.*,10.48.131.*"
+REM set "TRUSTED_SUBNET=10.48.130.*,10.48.131.*"
+set "TRUSTED_SUBNET="
+
+REM ============================================================================
+
+REM Get parameters or use defaults
+set "SECURITY_GROUP=%~1"
+set "LOG_PATH=%~2"
+
+if "%SECURITY_GROUP%"=="" set "SECURITY_GROUP=%DEFAULT_SECURITY_GROUP%"
+if "%LOG_PATH%"=="" set "LOG_PATH=%DEFAULT_LOG_PATH%"
+
+echo.
+echo ============================================================================
+echo WinRM Setup Script
+echo ============================================================================
+echo.
+echo Computer:       %COMPUTERNAME%
+echo Security Group: %SECURITY_GROUP%
+echo Log Path:       %LOG_PATH%
+echo Trusted Domain: %TRUSTED_DOMAIN%
+if not "%TRUSTED_SUBNET%"=="" echo Trusted Subnet: %TRUSTED_SUBNET%
+echo.
+echo ============================================================================
+echo.
+
+REM Step 1: Enable WinRM service
+echo [1/7] Enabling WinRM service...
+sc config WinRM start= auto >nul 2>&1
+net start WinRM >nul 2>&1
+if %ERRORLEVEL% equ 0 (
+    echo       WinRM service started
+) else (
+    echo       WinRM service already running
+)
+
+REM Step 2: Run quick config (creates listener, firewall rules)
+echo [2/7] Running WinRM quick configuration...
+winrm quickconfig -quiet >nul 2>&1
+echo       Quick config completed
+
+REM Step 3: Configure WinRM settings
+echo [3/7] Configuring WinRM settings...
+
+REM Disable unencrypted traffic (security best practice)
+winrm set winrm/config/service @{AllowUnencrypted="false"} >nul 2>&1
+
+REM Enable Negotiate authentication (Kerberos/NTLM)
+winrm set winrm/config/service/auth @{Negotiate="true"} >nul 2>&1
+
+REM Enable CredSSP for double-hop scenarios (optional)
+winrm set winrm/config/service/auth @{CredSSP="true"} >nul 2>&1
+
+REM Set max concurrent operations
+winrm set winrm/config/service @{MaxConcurrentOperationsPerUser="50"} >nul 2>&1
+
+REM Set max memory per shell (512MB)
+winrm set winrm/config/winrs @{MaxMemoryPerShellMB="512"} >nul 2>&1
+
+echo       WinRM settings configured
+
+REM Step 4: Configure TrustedHosts on CLIENT side (for the admin workstation)
+REM This step configures this PC to trust connections TO other PCs
+echo [4/7] Configuring TrustedHosts...
+
+REM Build TrustedHosts value
+set "TRUSTED_HOSTS=%TRUSTED_DOMAIN%"
+if not "%TRUSTED_SUBNET%"=="" (
+    set "TRUSTED_HOSTS=%TRUSTED_HOSTS%,%TRUSTED_SUBNET%"
+)
+
+REM Get current TrustedHosts and append if needed
+powershell -ExecutionPolicy Bypass -Command ^
+    "$currentTrusted = (Get-Item WSMan:\localhost\Client\TrustedHosts -ErrorAction SilentlyContinue).Value; " ^
+    "$newHosts = '%TRUSTED_HOSTS%'; " ^
+    "if ([string]::IsNullOrEmpty($currentTrusted)) { " ^
+    "    Set-Item WSMan:\localhost\Client\TrustedHosts -Value $newHosts -Force; " ^
+    "    Write-Host '       Set TrustedHosts: ' $newHosts; " ^
+    "} elseif ($currentTrusted -notlike '*%TRUSTED_DOMAIN%*') { " ^
+    "    $combined = $currentTrusted + ',' + $newHosts; " ^
+    "    Set-Item WSMan:\localhost\Client\TrustedHosts -Value $combined -Force; " ^
+    "    Write-Host '       Added to TrustedHosts: ' $newHosts; " ^
+    "} else { " ^
+    "    Write-Host '       TrustedHosts already configured'; " ^
+    "}"
+
+REM Step 5: Configure firewall rules
+echo [5/7] Configuring firewall rules...
+
+REM Enable WinRM firewall rule for domain profile
+netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes profile=domain >nul 2>&1
+if %ERRORLEVEL% neq 0 (
+    netsh advfirewall firewall add rule name="Windows Remote Management (HTTP-In)" dir=in action=allow protocol=tcp localport=5985 profile=domain >nul 2>&1
+)
+echo       Firewall rule enabled for domain profile
+
+REM Step 6: Set WinRM permissions for security group
+echo [6/7] Configuring WinRM permissions for security group...
+
+powershell -ExecutionPolicy Bypass -Command ^
+    "$group = '%SECURITY_GROUP%'; " ^
+    "try { " ^
+    "    $ntAccount = New-Object System.Security.Principal.NTAccount($group); " ^
+    "    $sid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier]); " ^
+    "    $sidString = $sid.Value; " ^
+    "    Write-Host '       Group SID: ' $sidString; " ^
+    "    $currentSDDL = (Get-Item WSMan:\localhost\Service\RootSDDL).Value; " ^
+    "    $newACE = '(A;;GXGR;;;' + $sidString + ')'; " ^
+    "    if ($currentSDDL -notmatch [regex]::Escape($sidString)) { " ^
+    "        $newSDDL = $currentSDDL -replace 'D:', ('D:' + $newACE); " ^
+    "        Set-Item WSMan:\localhost\Service\RootSDDL -Value $newSDDL -Force; " ^
+    "        Write-Host '       Added security group to WinRM permissions'; " ^
+    "    } else { " ^
+    "        Write-Host '       Security group already has WinRM permissions'; " ^
+    "    } " ^
+    "} catch { " ^
+    "    Write-Host '       ERROR: Could not resolve security group - ' $_.Exception.Message; " ^
+    "    exit 1; " ^
+    "}"
+
+if %ERRORLEVEL% neq 0 (
+    echo.
+    echo ERROR: Failed to configure security group permissions.
+    echo        Verify the security group exists in Active Directory.
+    echo.
+    pause
+    exit /b 1
+)
+
+REM Step 7: Log to CSV inventory file
+echo [7/7] Logging to inventory CSV...
+
+REM Get IP address
+for /f "tokens=2 delims=:" %%a in ('ipconfig ^| findstr /i "IPv4"') do (
+    set "IP_ADDRESS=%%a"
+    goto :gotip
+)
+:gotip
+set "IP_ADDRESS=%IP_ADDRESS: =%"
+
+REM Get current date/time
+for /f "tokens=2 delims==" %%a in ('wmic os get localdatetime /value') do set "DT=%%a"
+set "SETUP_DATE=%DT:~0,4%-%DT:~4,2%-%DT:~6,2% %DT:~8,2%:%DT:~10,2%:%DT:~12,2%"
+
+REM Get OS version
+for /f "tokens=4-5 delims=. " %%a in ('ver') do set "OS_VERSION=%%a.%%b"
+
+REM Create CSV directory if it doesn't exist
+if not exist "%LOG_PATH%" (
+    mkdir "%LOG_PATH%" 2>nul
+    if %ERRORLEVEL% neq 0 (
+        echo       WARNING: Could not create log directory. Logging skipped.
+        goto :skiplog
+    )
+)
+
+REM Define CSV file
+set "CSV_FILE=%LOG_PATH%\winrm-inventory.csv"
+
+REM Create CSV header if file doesn't exist
+if not exist "%CSV_FILE%" (
+    echo Hostname,IPAddress,SetupDate,OSVersion,SecurityGroup > "%CSV_FILE%"
+    if %ERRORLEVEL% neq 0 (
+        echo       WARNING: Could not create CSV file. Logging skipped.
+        goto :skiplog
+    )
+)
+
+REM Check if this hostname already exists in CSV and update or append
+powershell -ExecutionPolicy Bypass -Command ^
+    "$csvFile = '%CSV_FILE%'; " ^
+    "$hostname = '%COMPUTERNAME%'; " ^
+    "$newLine = '%COMPUTERNAME%,%IP_ADDRESS%,%SETUP_DATE%,%OS_VERSION%,%SECURITY_GROUP%'; " ^
+    "try { " ^
+    "    $content = Get-Content $csvFile -ErrorAction SilentlyContinue; " ^
+    "    $found = $false; " ^
+    "    $newContent = @(); " ^
+    "    foreach ($line in $content) { " ^
+    "        if ($line -like \"$hostname,*\") { " ^
+    "            $newContent += $newLine; " ^
+    "            $found = $true; " ^
+    "        } else { " ^
+    "            $newContent += $line; " ^
+    "        } " ^
+    "    } " ^
+    "    if (-not $found) { $newContent += $newLine; } " ^
+    "    $newContent | Set-Content $csvFile -Force; " ^
+    "    Write-Host '       Logged: %COMPUTERNAME% (%IP_ADDRESS%)'; " ^
+    "} catch { " ^
+    "    Write-Host '       WARNING: Could not write to CSV - ' $_.Exception.Message; " ^
+    "}"
+
+:skiplog
+
+REM Verify configuration
+echo.
+echo ============================================================================
+echo WinRM Setup Complete!
+echo ============================================================================
+echo.
+echo Computer:       %COMPUTERNAME%
+echo IP Address:     %IP_ADDRESS%
+echo Security Group: %SECURITY_GROUP%
+echo WinRM Port:     5985 (HTTP)
+echo Trusted Hosts:  %TRUSTED_HOSTS%
+echo.
+echo Inventory logged to: %CSV_FILE%
+echo.
+echo Members of '%SECURITY_GROUP%' can now connect using:
+echo   Enter-PSSession -ComputerName %COMPUTERNAME% -Credential (Get-Credential)
+echo.
+echo To test from a remote PC (as a member of the security group):
+echo   Test-WSMan -ComputerName %COMPUTERNAME%
+echo.
+echo ============================================================================
+
+pause
+exit /b 0
diff --git a/winrm-setup-package/WinRM-Setup-Guide.html b/winrm-setup-package/WinRM-Setup-Guide.html
new file mode 100644
index 0000000..f108f0a
--- /dev/null
+++ b/winrm-setup-package/WinRM-Setup-Guide.html
@@ -0,0 +1,424 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>WinRM Setup Package for Shopfloor PCs</title>
+    <style>
+        * { box-sizing: border-box; }
+        body {
+            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            line-height: 1.6;
+            max-width: 900px;
+            margin: 0 auto;
+            padding: 20px;
+            background: #f5f5f5;
+            color: #333;
+        }
+        h1 {
+            color: #0078d4;
+            border-bottom: 3px solid #0078d4;
+            padding-bottom: 10px;
+        }
+        h2 {
+            color: #106ebe;
+            border-bottom: 1px solid #ddd;
+            padding-bottom: 5px;
+            margin-top: 30px;
+        }
+        h3 {
+            color: #333;
+            margin-top: 25px;
+        }
+        code {
+            background: #e8e8e8;
+            padding: 2px 6px;
+            border-radius: 3px;
+            font-family: 'Consolas', 'Courier New', monospace;
+            font-size: 0.9em;
+        }
+        pre {
+            background: #1e1e1e;
+            color: #d4d4d4;
+            padding: 15px;
+            border-radius: 5px;
+            overflow-x: auto;
+            font-family: 'Consolas', 'Courier New', monospace;
+            font-size: 0.85em;
+            line-height: 1.4;
+        }
+        pre code {
+            background: none;
+            padding: 0;
+            color: inherit;
+        }
+        table {
+            width: 100%;
+            border-collapse: collapse;
+            margin: 15px 0;
+            background: white;
+            box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+        }
+        th, td {
+            padding: 10px 12px;
+            text-align: left;
+            border: 1px solid #ddd;
+        }
+        th {
+            background: #0078d4;
+            color: white;
+            font-weight: 600;
+        }
+        tr:nth-child(even) { background: #f9f9f9; }
+        tr:hover { background: #f0f7ff; }
+        hr {
+            border: none;
+            border-top: 1px solid #ddd;
+            margin: 30px 0;
+        }
+        .warning {
+            background: #fff3cd;
+            border-left: 4px solid #ffc107;
+            padding: 10px 15px;
+            margin: 15px 0;
+        }
+        .info {
+            background: #e7f3ff;
+            border-left: 4px solid #0078d4;
+            padding: 10px 15px;
+            margin: 15px 0;
+        }
+        ol, ul { padding-left: 25px; }
+        li { margin: 5px 0; }
+        .toc {
+            background: white;
+            padding: 15px 20px;
+            border-radius: 5px;
+            box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+            margin-bottom: 30px;
+        }
+        .toc h3 { margin-top: 0; }
+        .toc ul { list-style: none; padding-left: 0; }
+        .toc li { margin: 8px 0; }
+        .toc a { color: #0078d4; text-decoration: none; }
+        .toc a:hover { text-decoration: underline; }
+        .comment { color: #6a9955; }
+        .string { color: #ce9178; }
+        .keyword { color: #569cd6; }
+    </style>
+</head>
+<body>
+
+<h1>WinRM Setup Package for Shopfloor PCs</h1>
+
+<p>This package provides scripts to configure WinRM (Windows Remote Management) on shopfloor PCs and execute remote maintenance tasks.</p>
+
+<div class="toc">
+    <h3>Contents</h3>
+    <ul>
+        <li><a href="#quick-start">Quick Start</a></li>
+        <li><a href="#setup-details">Setup Script Details</a></li>
+        <li><a href="#tasks">Available Remote Tasks</a></li>
+        <li><a href="#troubleshooting">Troubleshooting</a></li>
+        <li><a href="#security">Security Considerations</a></li>
+        <li><a href="#custom-tasks">Adding Custom Tasks</a></li>
+    </ul>
+</div>
+
+<h2>Package Contents</h2>
+
+<table>
+    <tr><th>File</th><th>Description</th></tr>
+    <tr><td><code>Setup-WinRM.bat</code></td><td>Run on each PC to enable and configure WinRM</td></tr>
+    <tr><td><code>Invoke-RemoteTask.ps1</code></td><td>PowerShell script to execute tasks on remote PCs</td></tr>
+    <tr><td><code>hosts.txt</code></td><td>List of target computers (edit before use)</td></tr>
+    <tr><td><code>WinRM-Setup-Guide.html</code></td><td>This documentation</td></tr>
+</table>
+
+<hr>
+
+<h2 id="quick-start">Quick Start</h2>
+
+<h3>Step 1: Configure Your Admin Workstation</h3>
+
+<p>Before connecting to remote PCs, run this <strong>once</strong> on your admin workstation (as Administrator):</p>
+
+<pre><code>Set-Item WSMan:\localhost\Client\TrustedHosts -Value <span class="string">"*.logon.ds.ge.com"</span> -Force</code></pre>
+
+<p>This allows your workstation to connect to any PC in the domain.</p>
+
+<h3>Step 2: Configure the Setup Script</h3>
+
+<p>Edit <code>Setup-WinRM.bat</code> and update these values at the top:</p>
+
+<pre><code><span class="comment">REM Default security group - who can use WinRM to connect</span>
+set "DEFAULT_SECURITY_GROUP=<span class="string">logon\groupid</span>"
+
+<span class="comment">REM Where to log the inventory CSV (network share recommended)</span>
+set "DEFAULT_LOG_PATH=<span class="string">\\server\share\winrm-inventory</span>"
+
+<span class="comment">REM Domain suffix for TrustedHosts</span>
+set "TRUSTED_DOMAIN=<span class="string">*.logon.ds.ge.com</span>"
+
+<span class="comment">REM Optional: Trust a specific subnet (uncomment and set)</span>
+<span class="comment">REM set "TRUSTED_SUBNET=10.48.130.*"</span></code></pre>
+
+<h3>Step 3: Create Security Group in Active Directory</h3>
+
+<ol>
+    <li>Open <strong>Active Directory Users and Computers</strong></li>
+    <li>Create a new Security Group (or use existing group matching <code>groupid</code>)</li>
+    <li>Add users who should have remote management access</li>
+</ol>
+
+<h3>Step 4: Run Setup on Each Shopfloor PC</h3>
+
+<p>Run as Administrator on each PC:</p>
+
+<pre><code>Setup-WinRM.bat</code></pre>
+
+<p>Or with parameters:</p>
+
+<pre><code>Setup-WinRM.bat "logon\groupid" "\\server\share\winrm-inventory"</code></pre>
+
+<p>The script will:</p>
+<ul>
+    <li>Enable WinRM service</li>
+    <li>Configure authentication (Negotiate/Kerberos)</li>
+    <li>Set firewall rules (domain profile only)</li>
+    <li>Restrict access to the security group</li>
+    <li>Log hostname/IP to CSV inventory</li>
+</ul>
+
+<h3>Step 5: Run Remote Tasks</h3>
+
+<p>From your admin workstation, edit <code>hosts.txt</code> with target PCs, then:</p>
+
+<pre><code><span class="comment"># Test connectivity</span>
+.\Invoke-RemoteTask.ps1 -Task TestConnection
+
+<span class="comment"># Restart print spooler on all hosts</span>
+.\Invoke-RemoteTask.ps1 -Task RestartSpooler
+
+<span class="comment"># Check disk space</span>
+.\Invoke-RemoteTask.ps1 -Task GetDiskSpace
+
+<span class="comment"># Run on a single PC</span>
+.\Invoke-RemoteTask.ps1 -ComputerName <span class="string">"PC001"</span> -Task FlushDNS</code></pre>
+
+<hr>
+
+<h2 id="setup-details">Setup Script Details</h2>
+
+<h3>What Setup-WinRM.bat Configures</h3>
+
+<table>
+    <tr><th>Setting</th><th>Value</th><th>Purpose</th></tr>
+    <tr><td>WinRM Service</td><td>Auto-start</td><td>Ensures WinRM starts on boot</td></tr>
+    <tr><td>AllowUnencrypted</td><td>false</td><td>Security: require encrypted connections</td></tr>
+    <tr><td>Negotiate Auth</td><td>true</td><td>Enables Kerberos/NTLM authentication</td></tr>
+    <tr><td>CredSSP Auth</td><td>true</td><td>Enables credential delegation (double-hop)</td></tr>
+    <tr><td>Firewall</td><td>Domain profile</td><td>Opens port 5985 for domain connections only</td></tr>
+    <tr><td>TrustedHosts</td><td>*.logon.ds.ge.com</td><td>Trusts domain-joined PCs</td></tr>
+    <tr><td>RootSDDL</td><td>Security group</td><td>Restricts who can connect</td></tr>
+</table>
+
+<h3>CSV Inventory</h3>
+
+<p>The setup script logs each PC to a CSV file:</p>
+
+<pre><code>Hostname,IPAddress,SetupDate,OSVersion,SecurityGroup
+PC001,10.48.130.101,2026-01-08 09:30:00,10.0,logon\groupid
+PC002,10.48.130.102,2026-01-08 09:35:00,10.0,logon\groupid</code></pre>
+
+<p>You can use this CSV as your hosts file:</p>
+
+<pre><code><span class="comment"># Extract hostnames from CSV</span>
+Import-Csv <span class="string">"\\server\share\winrm-inventory\winrm-inventory.csv"</span> |
+    Select-Object -ExpandProperty Hostname |
+    Set-Content .\hosts.txt</code></pre>
+
+<hr>
+
+<h2 id="tasks">Available Remote Tasks</h2>
+
+<table>
+    <tr><th>Task</th><th>Description</th></tr>
+    <tr><td><code>TestConnection</code></td><td>Verify WinRM connectivity</td></tr>
+    <tr><td><code>GetUptime</code></td><td>Show system uptime and last boot time</td></tr>
+    <tr><td><code>GetDiskSpace</code></td><td>Show free space on all drives</td></tr>
+    <tr><td><code>RestartSpooler</code></td><td>Restart Print Spooler service</td></tr>
+    <tr><td><code>FlushDNS</code></td><td>Clear DNS resolver cache</td></tr>
+    <tr><td><code>ClearTempFiles</code></td><td>Delete Windows temp files</td></tr>
+    <tr><td><code>DiskCleanup</code></td><td>Run Windows Disk Cleanup</td></tr>
+    <tr><td><code>OptimizeDisk</code></td><td>TRIM (SSD) or Defrag (HDD)</td></tr>
+    <tr><td><code>SyncTime</code></td><td>Force time sync with domain controller</td></tr>
+    <tr><td><code>RestartService</code></td><td>Restart any Windows service (requires <code>-ServiceName</code>)</td></tr>
+    <tr><td><code>RunCommand</code></td><td>Run custom PowerShell command (requires <code>-Command</code>)</td></tr>
+    <tr><td><code>RestartComputer</code></td><td>Restart the remote PC (requires YES confirmation)</td></tr>
+</table>
+
+<h3>Examples</h3>
+
+<pre><code><span class="comment"># Check uptime on all hosts</span>
+.\Invoke-RemoteTask.ps1 -Task GetUptime
+
+<span class="comment"># Restart a specific service</span>
+.\Invoke-RemoteTask.ps1 -Task RestartService -ServiceName <span class="string">"Spooler"</span>
+
+<span class="comment"># Run custom command</span>
+.\Invoke-RemoteTask.ps1 -Task RunCommand -Command <span class="string">"Get-Process | Sort CPU -Desc | Select -First 5"</span>
+
+<span class="comment"># Use custom hosts file</span>
+.\Invoke-RemoteTask.ps1 -HostsFile <span class="string">".\cnc-machines.txt"</span> -Task FlushDNS
+
+<span class="comment"># Specify DNS suffix for short hostnames</span>
+.\Invoke-RemoteTask.ps1 -DnsSuffix <span class="string">"logon.ds.ge.com"</span> -Task TestConnection
+
+<span class="comment"># Restart a remote PC (will prompt for confirmation)</span>
+.\Invoke-RemoteTask.ps1 -ComputerName <span class="string">"PC001"</span> -Task RestartComputer
+
+<span class="comment"># Increase parallelism for faster execution on many PCs</span>
+.\Invoke-RemoteTask.ps1 -Task FlushDNS -ThrottleLimit 20
+
+<span class="comment"># Save results to a log file</span>
+.\Invoke-RemoteTask.ps1 -Task GetDiskSpace -LogResults</code></pre>
+
+<h3>Targeting Multiple PCs</h3>
+
+<pre><code><span class="comment"># Comma-separated list</span>
+.\Invoke-RemoteTask.ps1 -ComputerName <span class="string">"PC001"</span>,<span class="string">"PC002"</span>,<span class="string">"PC003"</span> -Task GetUptime
+
+<span class="comment"># Array variable</span>
+$pcs = @(<span class="string">"PC001"</span>, <span class="string">"PC002"</span>, <span class="string">"PC003"</span>)
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task FlushDNS
+
+<span class="comment"># From hosts.txt file (default)</span>
+.\Invoke-RemoteTask.ps1 -Task RestartSpooler
+
+<span class="comment"># From CSV inventory</span>
+$pcs = (Import-Csv <span class="string">"\\server\share\winrm-inventory.csv"</span>).Hostname
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task GetDiskSpace
+
+<span class="comment"># From Active Directory query</span>
+$pcs = (Get-ADComputer -Filter <span class="string">"Name -like 'SHOPFLOOR-*'"</span>).Name
+.\Invoke-RemoteTask.ps1 -ComputerName $pcs -Task SyncTime</code></pre>
+
+<div class="info">
+    <strong>Parallel Execution:</strong> All commands run in parallel (default: 10 concurrent connections). Adjust with <code>-ThrottleLimit</code> parameter.
+</div>
+
+<h3>Logging Results</h3>
+
+<p>Use <code>-LogResults</code> to save task output to a timestamped log file in the script directory:</p>
+
+<pre><code>.\Invoke-RemoteTask.ps1 -Task RestartSpooler -LogResults
+<span class="comment"># Creates: RemoteTask_20260108_143022.log</span></code></pre>
+
+<p>Log files contain:</p>
+<ul>
+    <li>Task name and parameters</li>
+    <li>Execution time</li>
+    <li>Status of each computer (OK/FAIL)</li>
+    <li>Result messages</li>
+    <li>Summary totals</li>
+</ul>
+
+<hr>
+
+<h2 id="troubleshooting">Troubleshooting</h2>
+
+<h3>"Access Denied" when connecting</h3>
+
+<ol>
+    <li>Verify you're a member of the WinRM security group</li>
+    <li>Check that your credentials are correct</li>
+    <li>Verify the target PC ran Setup-WinRM.bat successfully</li>
+</ol>
+
+<h3>"WinRM cannot complete the operation"</h3>
+
+<ol>
+    <li>Verify the target PC is reachable: <code>ping PC001</code></li>
+    <li>Check WinRM is running on target: <code>sc query winrm</code> (on target PC)</li>
+    <li>Verify firewall allows port 5985</li>
+</ol>
+
+<h3>"The WinRM client cannot process the request"</h3>
+
+<p>Add target to TrustedHosts on your admin workstation:</p>
+
+<pre><code>Set-Item WSMan:\localhost\Client\TrustedHosts -Value <span class="string">"*.logon.ds.ge.com"</span> -Force</code></pre>
+
+<h3>Test WinRM Configuration</h3>
+
+<p>On your admin workstation:</p>
+
+<pre><code><span class="comment"># Test basic connectivity</span>
+Test-WSMan -ComputerName PC001
+
+<span class="comment"># Test with credentials</span>
+$cred = Get-Credential
+Test-WSMan -ComputerName PC001 -Credential $cred -Authentication Negotiate
+
+<span class="comment"># Enter interactive session</span>
+Enter-PSSession -ComputerName PC001 -Credential $cred -Authentication Negotiate</code></pre>
+
+<p>On the target PC:</p>
+
+<pre><code>winrm enumerate winrm/config/listener
+winrm get winrm/config/service</code></pre>
+
+<hr>
+
+<h2 id="security">Security Considerations</h2>
+
+<div class="warning">
+    <strong>Important Security Notes:</strong>
+</div>
+
+<ol>
+    <li><strong>Use Security Groups</strong>: Always restrict WinRM access to a specific AD group</li>
+    <li><strong>Domain Profile Only</strong>: Firewall rules only allow connections on domain networks</li>
+    <li><strong>No Unencrypted Traffic</strong>: AllowUnencrypted is set to false</li>
+    <li><strong>Audit Access</strong>: Enable Windows Security auditing for logon events</li>
+    <li><strong>Credential Protection</strong>: Use dedicated admin accounts, not personal accounts</li>
+</ol>
+
+<hr>
+
+<h2 id="custom-tasks">Adding Custom Tasks</h2>
+
+<p>Edit <code>Invoke-RemoteTask.ps1</code> and add to the <code>$TaskScripts</code> hashtable:</p>
+
+<pre><code><span class="string">'MyCustomTask'</span> = {
+    $result = @{
+        Success = <span class="keyword">$false</span>
+        Hostname = $env:COMPUTERNAME
+        Output = <span class="string">""</span>
+        Error = <span class="keyword">$null</span>
+    }
+    <span class="keyword">try</span> {
+        <span class="comment"># Your code here</span>
+        $result.Output = <span class="string">"Task completed"</span>
+        $result.Success = <span class="keyword">$true</span>
+    } <span class="keyword">catch</span> {
+        $result.Error = $_.Exception.Message
+    }
+    <span class="keyword">return</span> $result
+}</code></pre>
+
+<p>Then add the task name to the <code>ValidateSet</code> in the param block.</p>
+
+<hr>
+
+<h2>Support</h2>
+
+<p>For issues or questions, contact your IT support team.</p>
+
+<p style="text-align: center; color: #666; margin-top: 40px; font-size: 0.9em;">
+    WinRM Setup Package &copy; 2026 | Generated from README.md
+</p>
+
+</body>
+</html>
diff --git a/winrm-setup-package/hosts.txt b/winrm-setup-package/hosts.txt
new file mode 100644
index 0000000..799e242
--- /dev/null
+++ b/winrm-setup-package/hosts.txt
@@ -0,0 +1,16 @@
+# WinRM Target Hosts
+# -------------------
+# Add one hostname or IP address per line
+# Lines starting with # are comments
+#
+# You can use:
+#   - Hostnames: PC001, SHOPFLOOR-PC-01
+#   - FQDNs: PC001.logon.ds.ge.com
+#   - IP addresses: 10.48.130.100
+#
+# Example:
+# PC001
+# PC002
+# 10.48.130.100
+# shopfloor-cnc-01.logon.ds.ge.com
+