diff --git a/DEPLOYMENT-CLEAN.md b/DEPLOYMENT-CLEAN.md index 4827630..96566d5 100644 --- a/DEPLOYMENT-CLEAN.md +++ b/DEPLOYMENT-CLEAN.md @@ -5,7 +5,7 @@ The original deployment scripts contained Unicode box-drawing characters that ca ## Clean Scripts Available -### 1. Deploy-Simple.bat ✅ **RECOMMENDED** +### 1. Deploy-Simple.bat **RECOMMENDED** - **Clean ASCII only** - No Unicode characters - **Minimal output** - Easy to read - **Essential functionality** - Just copies files efficiently diff --git a/DEPLOYMENT_DUALPATH.md b/DEPLOYMENT_DUALPATH.md index 99578f3..8268cb2 100644 --- a/DEPLOYMENT_DUALPATH.md +++ b/DEPLOYMENT_DUALPATH.md @@ -84,7 +84,7 @@ mysql -u your_user -p shopdb < dualpath_migration.sql ### /home/camp/asset_data/fin/Update-PC-CompleteAsset.ps1 **Changes:** -- Fixed Unicode arrow character (→ to ->) +- Fixed Unicode arrow character ( to ->) - Integrated application detection for shopfloor PCs ### /home/camp/asset_data/fin/Get-ShopfloorConfig.ps1 diff --git a/PRODUCTION_URL_UPDATE.md b/PRODUCTION_URL_UPDATE.md index f12193f..b98b77b 100644 --- a/PRODUCTION_URL_UPDATE.md +++ b/PRODUCTION_URL_UPDATE.md @@ -1,7 +1,7 @@ # PowerShell Scripts - Production URL Configuration **Date:** 2025-11-21 -**Status:** ✅ Updated for Production +**Status:** Updated for Production **Target Server:** https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp --- @@ -57,11 +57,11 @@ xcopy /Y /E "\\fileserver\shares\IT\PowerShell\*.*" "C:\Apps\PowerShell\" **GPO Path:** ``` Computer Configuration - → Policies - → Windows Settings - → Scripts (Startup/Shutdown) - → Startup - → Add: deploy-powershell-scripts.bat + Policies + Windows Settings + Scripts (Startup/Shutdown) + Startup + Add: deploy-powershell-scripts.bat ``` #### Option B: Manual Copy via Network Share @@ -107,10 +107,10 @@ Run with highest privileges: Yes **GPO Scheduled Task:** ``` Computer Configuration - → Preferences - → Control Panel Settings - → Scheduled Tasks - → New → Scheduled Task (Windows 7+) + Preferences + Control Panel Settings + Scheduled Tasks + New Scheduled Task (Windows 7+) ``` **Settings:** @@ -389,11 +389,11 @@ Remove-Item "S:\dt\cameron\scan\logs\test.txt" ## Production Readiness Status -✅ **Scripts Updated:** Both .bat and .ps1 files configured for production URL -✅ **Documentation:** Complete deployment guide created -✅ **Testing Plan:** 3-tier testing (Standard, Shopfloor, Engineer) -✅ **Monitoring:** API logs and PowerShell logs configured -✅ **Rollback Plan:** DEV URL reversion documented + **Scripts Updated:** Both .bat and .ps1 files configured for production URL + **Documentation:** Complete deployment guide created + **Testing Plan:** 3-tier testing (Standard, Shopfloor, Engineer) + **Monitoring:** API logs and PowerShell logs configured + **Rollback Plan:** DEV URL reversion documented **Ready for Deployment:** YES diff --git a/README.md b/README.md index 14e8acd..a63df07 100644 --- a/README.md +++ b/README.md @@ -14,21 +14,21 @@ This repository contains PowerShell scripts designed to collect detailed system ## Key Features -### 🏭 Manufacturing-Specific Data Collection +### Manufacturing-Specific Data Collection - **DNC Configuration**: Extracts GE Aircraft Engines registry settings - **DualPath Detection**: Identifies Path1Name/Path2Name for dual communication paths - **Registry Architecture Analysis**: Tracks 32-bit vs 64-bit service locations per DNC service - **Machine Network Detection**: Automatically identifies 192.168.*.* networks - **GE Machine Number Extraction**: Derives machine numbers from hostname patterns -### 📊 Comprehensive System Analysis +### Comprehensive System Analysis - Hardware specifications (manufacturer, model, serial, memory) - Operating system details and user information - Network interface configurations with DHCP detection - Serial port configurations for machine communication - PC type classification based on environment characteristics -### 🔧 Local Deployment +### Local Deployment - Dashboard API integration for centralized data storage - Individual PC execution and data collection - Error handling and graceful degradation @@ -94,7 +94,7 @@ All collected data is transmitted to a centralized dashboard API for storage in ## Architecture ``` -PowerShell Scripts → Proxy Server (warranty APIs) → Dashboard API → MySQL Database +PowerShell Scripts Proxy Server (warranty APIs) Dashboard API MySQL Database ↘ ↗ Dashboard API (direct storage) ``` diff --git a/docs/API_INTEGRATION.md b/docs/API_INTEGRATION.md index f470af2..095de41 100644 --- a/docs/API_INTEGRATION.md +++ b/docs/API_INTEGRATION.md @@ -102,7 +102,7 @@ $postData.dncConfig = { } | ConvertTo-Json -Compress ``` -#### GE Registry Architecture Data ⭐ **New in v3.0** +#### GE Registry Architecture Data **New in v3.0** ```powershell # DualPath Communication Settings $postData.dncDualPathEnabled = $true # Boolean: DualPath enabled @@ -204,7 +204,7 @@ UPDATE pc SET WHERE pcid = ? ``` -#### `pc_dnc_config` Table (Manufacturing Configuration) ⭐ **Enhanced in v3.0** +#### `pc_dnc_config` Table (Manufacturing Configuration) **Enhanced in v3.0** ```sql INSERT INTO pc_dnc_config ( pcid, site, cnc, ncif, machinenumber, hosttype, @@ -217,7 +217,7 @@ INSERT INTO pc_dnc_config ( ON DUPLICATE KEY UPDATE ... ``` -#### `machines` Table (Auto-Population) ⭐ **New in v3.2** +#### `machines` Table (Auto-Population) **New in v3.2** ```sql -- Machine records created from PC data INSERT INTO machines ( diff --git a/docs/API_KEY_INTEGRATION.md b/docs/API_KEY_INTEGRATION.md index 80535f4..58fc96a 100644 --- a/docs/API_KEY_INTEGRATION.md +++ b/docs/API_KEY_INTEGRATION.md @@ -219,9 +219,9 @@ echo Creating configuration file... ## Security Best Practices ### 1. Never Hardcode API Keys -- ❌ Don't put API keys directly in scripts -- ✅ Use environment variables or config files -- ✅ Add `dashboard-config.json` to `.gitignore` +- Don't put API keys directly in scripts +- Use environment variables or config files +- Add `dashboard-config.json` to `.gitignore` ### 2. Secure Storage on Client PCs ```powershell diff --git a/docs/DATA_COLLECTION_REFERENCE.md b/docs/DATA_COLLECTION_REFERENCE.md index e8314be..fd62d6b 100644 --- a/docs/DATA_COLLECTION_REFERENCE.md +++ b/docs/DATA_COLLECTION_REFERENCE.md @@ -63,7 +63,7 @@ foreach ($interface in $networkInterfaces) { --- -## 🏭 Manufacturing/Shopfloor Configuration +## Manufacturing/Shopfloor Configuration ### DNC (Direct Numerical Control) System Data | Field | Source | Type | Description | diff --git a/docs/DEPLOYMENT_GUIDE.md b/docs/DEPLOYMENT_GUIDE.md index ca3a042..a4437a7 100644 --- a/docs/DEPLOYMENT_GUIDE.md +++ b/docs/DEPLOYMENT_GUIDE.md @@ -107,7 +107,7 @@ Deploy-With-PsExec.bat #### Group Policy Deployment 1. **Copy Scripts**: Place in network share accessible to all target computers 2. **Create GPO**: New Group Policy Object for computer configuration -3. **Add Startup Script**: Computer Configuration → Policies → Windows Settings → Scripts → Startup +3. **Add Startup Script**: Computer Configuration Policies Windows Settings Scripts Startup 4. **Configure Path**: Point to network share location of `Update-PC-CompleteAsset.bat` 5. **Apply to OUs**: Link GPO to appropriate Organizational Units @@ -221,7 +221,7 @@ Register-ScheduledTask -TaskName "GE Asset Collection" -Action $action -Trigger ### Startup Script Integration ```batch REM Add to computer startup scripts -REM Computer Configuration → Policies → Windows Settings → Scripts → Startup +REM Computer Configuration Policies Windows Settings Scripts Startup @echo off timeout 60 >nul 2>&1 @@ -307,7 +307,7 @@ Update-PC-CompleteAsset.ps1 -TestConnections whoami /priv # Run as administrator -Right-click → "Run as administrator" +Right-click "Run as administrator" # Service account configuration # Configure service account with: diff --git a/docs/FUNCTION_REFERENCE.md b/docs/FUNCTION_REFERENCE.md index e01a23d..f3a51dd 100644 --- a/docs/FUNCTION_REFERENCE.md +++ b/docs/FUNCTION_REFERENCE.md @@ -80,8 +80,8 @@ function Get-PCType { - `$Hostname` (string) - Computer hostname **Pattern Matching**: -- `H###` patterns → `M###` (H123 → M123) -- `G###` patterns → `M###` (G456 → M456) +- `H###` patterns `M###` (H123 M123) +- `G###` patterns `M###` (G456 M456) - Regex: `[HG](\d{3})` **Returns**: `[string]` - Formatted machine number or `$null` @@ -162,7 +162,7 @@ $response = Invoke-RestMethod -Uri $uri -Method Get -TimeoutSec 30 **Payload Construction**: Creates comprehensive HTTP POST payload with structured data -**Manufacturing Data Handling** ⭐ **Enhanced in v3.0**: +**Manufacturing Data Handling** **Enhanced in v3.0**: ```powershell # DualPath and Registry Architecture Data $postData.dncDualPathEnabled = $geInfo.DualPathEnabled @@ -258,7 +258,7 @@ $dncConfig = @{ --- -#### `Get-GERegistryInfo` ⭐ **New in v3.0** +#### `Get-GERegistryInfo` **New in v3.0** **Purpose**: Comprehensive GE Aircraft Engines registry architecture analysis with DualPath detection **Returns**: `[hashtable]` - Complete registry architecture and DualPath configuration diff --git a/docs/README.md b/docs/README.md index cb79f88..b4c6999 100644 --- a/docs/README.md +++ b/docs/README.md @@ -31,7 +31,7 @@ This directory contains comprehensive technical documentation for the GE Manufac - Error handling patterns and best practices - Code examples and usage patterns -### 🚀 [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) +### [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) **Enterprise deployment strategies and procedures** - Single PC and multiple PC deployment methods - Enterprise integration (Group Policy, SCCM, Tanium) @@ -117,4 +117,4 @@ When updating scripts or functionality: --- -**📚 Comprehensive documentation for enterprise manufacturing asset management** \ No newline at end of file +** Comprehensive documentation for enterprise manufacturing asset management** \ No newline at end of file diff --git a/docs/SCRIPTS_REFERENCE.md b/docs/SCRIPTS_REFERENCE.md index 3c831ae..3bfa10f 100644 --- a/docs/SCRIPTS_REFERENCE.md +++ b/docs/SCRIPTS_REFERENCE.md @@ -443,7 +443,7 @@ Located in `winrm-https/` folder. These scripts configure secure WinRM over HTTP ┌─────────────────────────────────────────────────────────────────┐ │ ShopDB API Server │ │ ┌──────────────────────────────────────────────────────────┐ │ -│ │ api.asp (IIS) → MySQL Database │ │ +│ │ api.asp (IIS) MySQL Database │ │ │ └──────────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ``` diff --git a/docs/TECHNICAL_ARCHITECTURE.md b/docs/TECHNICAL_ARCHITECTURE.md index 3fa1cc2..e44eb5f 100644 --- a/docs/TECHNICAL_ARCHITECTURE.md +++ b/docs/TECHNICAL_ARCHITECTURE.md @@ -86,7 +86,7 @@ The GE Manufacturing Asset Management System is a comprehensive PowerShell-based - Gateway and subnet mapping ``` -#### `Get-GERegistryInfo` ⭐ **New in v3.0** +#### `Get-GERegistryInfo` **New in v3.0** ```powershell # Dual registry architecture analysis - 32-bit registry path: HKLM:\SOFTWARE\GE Aircraft Engines @@ -109,7 +109,7 @@ The GE Manufacturing Asset Management System is a comprehensive PowerShell-based ### Phase 1: System Discovery ``` -PC Environment → System Info Collection → Classification Engine +PC Environment System Info Collection Classification Engine │ ├─ Hardware Identification (WMI/CIM) ├─ Operating System Analysis @@ -119,7 +119,7 @@ PC Environment → System Info Collection → Classification Engine ### Phase 2: Manufacturing Intelligence ``` -Registry Analysis → Manufacturing Config → Service Architecture +Registry Analysis Manufacturing Config Service Architecture │ ├─ GE Aircraft Engines Detection (32-bit/64-bit) ├─ DualPath Configuration Analysis @@ -129,7 +129,7 @@ Registry Analysis → Manufacturing Config → Service Architecture ### Phase 3: Network Topology ``` -Network Interfaces → Machine Network Detection → Communication Analysis +Network Interfaces Machine Network Detection Communication Analysis │ ├─ Active Interface Enumeration ├─ Machine Network Identification (192.168.*.*) @@ -139,7 +139,7 @@ Network Interfaces → Machine Network Detection → Communication Analysis ### Phase 4: Data Consolidation ``` -Collected Data → JSON Serialization → API Payload Construction +Collected Data JSON Serialization API Payload Construction │ ├─ System Information Packaging ├─ Manufacturing Configuration JSON @@ -149,7 +149,7 @@ Collected Data → JSON Serialization → API Payload Construction ### Phase 5: Centralized Storage ``` -Dashboard API → Database Normalization → Relational Storage +Dashboard API Database Normalization Relational Storage │ ├─ PC Table (Basic System Information) ├─ PC_DNC_Config Table (Manufacturing Settings + Registry Architecture) @@ -158,9 +158,9 @@ Dashboard API → Database Normalization → Relational Storage └─ Machines Table (Auto-populated from PC machine numbers) ``` -### Phase 6: Machine Auto-Population ⭐ **New in v3.2** +### Phase 6: Machine Auto-Population **New in v3.2** ``` -PC Data Collection → Machine Number Extraction → Automated Machine Creation +PC Data Collection Machine Number Extraction Automated Machine Creation │ │ │ ├─ Registry Scan ├─ Hostname Patterns ├─ Machine Records ├─ DNC Detection ├─ GE Machine Numbers ├─ PC Relationships @@ -190,12 +190,12 @@ function Get-GEMachineNumber { # Pattern matching for GE hostname conventions if ($Hostname -match '[HG](\d{3})') { $machineNum = $Matches[1] - return "M$machineNum" # Convert H123/G123 → M123 + return "M$machineNum" # Convert H123/G123 M123 } } ``` -### Machine Auto-Population Architecture ⭐ **New in v3.2** +### Machine Auto-Population Architecture **New in v3.2** The system automatically creates machine records from shopfloor PC data using a multi-phase approach: @@ -210,7 +210,7 @@ function Get-GEMachineNumber { # Priority 2: Hostname pattern matching if ($Hostname -match '[HG](\d{3})') { - return "M$($Matches[1])" # H3103 → M3103 + return "M$($Matches[1])" # H3103 M3103 } } ``` @@ -260,7 +260,7 @@ END - **Multiple PC Handling**: Machine 0615 has 5 connected PCs - **Role Classification**: Control, HMI, Engineering, Backup PCs identified -### Dual Registry Architecture Handling ⭐ **New in v3.0** +### Dual Registry Architecture Handling **New in v3.0** ```powershell # Intelligent priority system prevents data overwrites if ($geInfo.DualPathEnabled -eq $null) { diff --git a/winrm-https/CA-APPROACH-GUIDE.md b/winrm-https/CA-APPROACH-GUIDE.md index 9d8333b..11df50c 100644 --- a/winrm-https/CA-APPROACH-GUIDE.md +++ b/winrm-https/CA-APPROACH-GUIDE.md @@ -113,7 +113,7 @@ Your Computer Remote PC │ CN=*.logon.ds.ge.com │ │ Self-signed (untrusted) │ │ │ - ├─ ❌ ERROR: Untrusted certificate │ + ├─ ERROR: Untrusted certificate │ │ │ └─ Must use -SessionOption to skip validation @@ -136,7 +136,7 @@ Your Computer Remote PC ├─ Checks issuer: Shopfloor WinRM CA │ ├─ Do I trust this issuer? │ ├─ YES! (CA is in Trusted Root) │ - ├─ ✓ Certificate trusted │ + ├─ Certificate trusted │ │ │ └─ Connection succeeds! ◄─────────────┘ No -SessionOption needed! @@ -230,7 +230,7 @@ $cert = Import-PfxCertificate ` # Test basic connectivity - NO -SessionOption needed! Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986 -# ✓ Works! No certificate errors! +# Works! No certificate errors! # Get credentials $cred = Get-Credential @@ -238,7 +238,7 @@ $cred = Get-Credential # Interactive session - NO -SessionOption needed! Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com ` -Credential $cred -UseSSL -Port 5986 -# ✓ Connected! No certificate warnings! +# Connected! No certificate warnings! # Run remote command Invoke-Command -ComputerName g9kn7pz3esf.logon.ds.ge.com ` @@ -265,10 +265,10 @@ Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com ` ``` **Problems:** -- ❌ Certificate validation bypassed (insecure) -- ❌ Same certificate on all 175 PCs -- ❌ If compromised, affects all PCs -- ❌ Certificate CN mismatch errors +- Certificate validation bypassed (insecure) +- Same certificate on all 175 PCs +- If compromised, affects all PCs +- Certificate CN mismatch errors --- @@ -281,12 +281,12 @@ Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com ` ``` **Benefits:** -- ✅ Proper certificate validation (secure) -- ✅ Each PC has its own certificate -- ✅ If one compromised, only affects one PC -- ✅ Proper hostname in certificate (no CN mismatch) -- ✅ Easy to revoke individual certificates -- ✅ Professional enterprise approach +- Proper certificate validation (secure) +- Each PC has its own certificate +- If one compromised, only affects one PC +- Proper hostname in certificate (no CN mismatch) +- Easy to revoke individual certificates +- Professional enterprise approach --- @@ -380,9 +380,9 @@ When you connect, Windows automatically validates: ↓ 4. YES! Found in Cert:\LocalMachine\Root ↓ -5. ✓ Certificate trusted +5. Certificate trusted ↓ -6. ✓ Connection allowed +6. Connection allowed ``` --- diff --git a/winrm-https/GETTING_STARTED.md b/winrm-https/GETTING_STARTED.md index 6bdf75e..6bbd005 100644 --- a/winrm-https/GETTING_STARTED.md +++ b/winrm-https/GETTING_STARTED.md @@ -128,7 +128,7 @@ STEP 3: Verify WinRM Configuration STEP 4: Test Local HTTPS Connection [OK] Local HTTPS connection successful -✅ Test setup complete! + Test setup complete! ``` **If you see errors:** @@ -175,7 +175,7 @@ CsName OsName WindowsVersion YOUR-PC Microsoft Windows 11 Pro 10.0.22631 ``` -**✅ Success!** If this works, you're ready to move to the next phase. +** Success!** If this works, you're ready to move to the next phase. --- @@ -338,7 +338,7 @@ Failed: 0 Collection completed. Success: 3, Failed: 0 ``` -**✅ Success!** If this works, you're ready for full deployment. +** Success!** If this works, you're ready for full deployment. --- @@ -754,14 +754,14 @@ Get-Content .\logs\remote-collection-https.log -Tail 50 Follow these phases: -1. ✅ **Phase 1:** Test on single device (your computer) -2. ✅ **Phase 2:** Test on 3-5 shopfloor PCs -3. ✅ **Phase 3:** Deploy to all 175 PCs in batches -4. ✅ **Daily Ops:** Run automated collection +1. **Phase 1:** Test on single device (your computer) +2. **Phase 2:** Test on 3-5 shopfloor PCs +3. **Phase 3:** Deploy to all 175 PCs in batches +4. **Daily Ops:** Run automated collection **Total Time:** - Phase 1: 15-30 minutes - Phase 2: 1-2 hours - Phase 3: 4-8 hours (depending on method) -**Good luck with your deployment!** 🚀 +**Good luck with your deployment!** diff --git a/winrm-https/NETWORK_SHARE_DEPLOYMENT.md b/winrm-https/NETWORK_SHARE_DEPLOYMENT.md index b5a2591..7153e14 100644 --- a/winrm-https/NETWORK_SHARE_DEPLOYMENT.md +++ b/winrm-https/NETWORK_SHARE_DEPLOYMENT.md @@ -32,7 +32,7 @@ New-SmbShare -Name "WinRM-HTTPS" -Path $deployPath -FullAccess "Everyone" **Or manually:** 1. Create folder: `C:\Deployment\WinRM-HTTPS` 2. Copy all files from `winrm-https` folder -3. Right-click folder → Properties → Sharing → Advanced Sharing +3. Right-click folder Properties Sharing Advanced Sharing 4. Check "Share this folder" 5. Share name: `WinRM-HTTPS` 6. Permissions: Give "Everyone" Read access (or specific security group) @@ -49,10 +49,10 @@ Get-ChildItem "\\SERVER\WinRM-HTTPS" ``` Expected files: -- ✅ `Deploy-WinRM-HTTPS.bat` -- ✅ `Setup-WinRM-HTTPS.ps1` -- ✅ `wildcard-logon-ds-ge-com-20251017.pfx` -- ✅ Other PS1 scripts +- `Deploy-WinRM-HTTPS.bat` +- `Setup-WinRM-HTTPS.ps1` +- `wildcard-logon-ds-ge-com-20251017.pfx` +- Other PS1 scripts --- @@ -105,13 +105,13 @@ Include everything for troubleshooting: 6. Wait for completion **Advantages:** -- ✅ Simple - no copying needed -- ✅ Always uses latest files -- ✅ No local disk space used +- Simple - no copying needed +- Always uses latest files +- No local disk space used **Disadvantages:** -- ⚠️ Requires network connectivity during install -- ⚠️ Slower if network is congested +- Requires network connectivity during install +- Slower if network is congested --- @@ -139,13 +139,13 @@ Deploy-WinRM-HTTPS.bat ``` **Advantages:** -- ✅ Faster execution -- ✅ Works if network connection lost -- ✅ Can verify files before running +- Faster execution +- Works if network connection lost +- Can verify files before running **Disadvantages:** -- ⚠️ Uses local disk space -- ⚠️ Extra copy step +- Uses local disk space +- Extra copy step --- @@ -193,14 +193,14 @@ foreach ($hostname in $targetPCs) { ``` **Advantages:** -- ✅ Deploy to many PCs from one location -- ✅ No physical access needed -- ✅ Can run overnight/batch +- Deploy to many PCs from one location +- No physical access needed +- Can run overnight/batch **Disadvantages:** -- ⚠️ Requires existing remote access (WinRM or admin shares) -- ⚠️ More complex -- ⚠️ Password visible in script (use secure credential management) +- Requires existing remote access (WinRM or admin shares) +- More complex +- Password visible in script (use secure credential management) --- @@ -219,8 +219,8 @@ foreach ($hostname in $targetPCs) { - Edit GPO 3. **Add Startup Script:** - - Computer Configuration → Policies → Windows Settings → Scripts - - Startup → Add + - Computer Configuration Policies Windows Settings Scripts + - Startup Add - Script: `\\DOMAIN\NETLOGON\Scripts\WinRM-HTTPS\Deploy-WinRM-HTTPS.bat` 4. **Link GPO to OU:** @@ -228,14 +228,14 @@ foreach ($hostname in $targetPCs) { - PCs will run script on next reboot **Advantages:** -- ✅ Automated deployment -- ✅ Centrally managed -- ✅ Runs with SYSTEM privileges +- Automated deployment +- Centrally managed +- Runs with SYSTEM privileges **Disadvantages:** -- ⚠️ Requires domain environment -- ⚠️ Requires restart -- ⚠️ Password handling more complex +- Requires domain environment +- Requires restart +- Password handling more complex --- @@ -270,7 +270,7 @@ REM Set on each PC or via GPO setx WINRM_CERT_PASS "XqHuyaLZSyCYEcpsMz6h5" /M ``` -**⚠️ Never:** +** Never:** - Hardcode password in batch file on network share (readable by everyone) - Email password in plaintext - Store password in unencrypted text file @@ -293,7 +293,7 @@ Grant-SmbShareAccess -Name "WinRM-HTTPS" -AccountName "DOMAIN\IT Admins" -Access The certificate PFX file contains the private key. Protect it: 1. **Use share permissions** to restrict access -2. **Use certificate password** (you did ✅) +2. **Use certificate password** (you did ) 3. **Monitor access** to the share 4. **Delete from share** after deployment complete @@ -315,7 +315,7 @@ The certificate PFX file contains the private key. Protect it: ``` For each test PC: 1. Navigate to \\SERVER\WinRM-HTTPS -2. Right-click Deploy-WinRM-HTTPS.bat → Run as Administrator +2. Right-click Deploy-WinRM-HTTPS.bat Run as Administrator 3. Enter password when prompted 4. Verify success 5. Test connection from management server @@ -378,7 +378,7 @@ Write-Host "Share created: \\$env:COMPUTERNAME\WinRM-HTTPS" **On test PC (G1JJVH63ESF):** 1. Open Explorer: `\\MANAGEMENT-SERVER\WinRM-HTTPS` -2. Right-click `Deploy-WinRM-HTTPS.bat` → Run as Administrator +2. Right-click `Deploy-WinRM-HTTPS.bat` Run as Administrator 3. Enter password: `XqHuyaLZSyCYEcpsMz6h5` 4. Wait for completion @@ -462,7 +462,7 @@ Get-SmbShareAccess -Name "WinRM-HTTPS" ### Problem: "Access Denied" running batch file **Solution:** -- Right-click → Run as Administrator +- Right-click Run as Administrator - User must be local admin on PC - Check UAC settings @@ -514,15 +514,15 @@ Save as `README.txt` in the share. **Best Practice for Your Scenario:** -1. ✅ Create network share: `\\SERVER\WinRM-HTTPS` -2. ✅ Include: +1. Create network share: `\\SERVER\WinRM-HTTPS` +2. Include: - `Deploy-WinRM-HTTPS.bat` - `Setup-WinRM-HTTPS.ps1` - `wildcard-logon-ds-ge-com-20251017.pfx` -3. ✅ Deploy to 3-5 test PCs manually -4. ✅ Verify each deployment -5. ✅ Deploy to remaining PCs in batches -6. ✅ Remove certificate from share when done +3. Deploy to 3-5 test PCs manually +4. Verify each deployment +5. Deploy to remaining PCs in batches +6. Remove certificate from share when done **Certificate Password Storage:** - Store in password manager @@ -530,7 +530,7 @@ Save as `README.txt` in the share. - Use encrypted files for automation **The batch files handle:** -- ✅ Administrator check -- ✅ File verification -- ✅ Error handling -- ✅ User feedback +- Administrator check +- File verification +- Error handling +- User feedback diff --git a/winrm-https/PROJECT-SUMMARY.md b/winrm-https/PROJECT-SUMMARY.md index 09075b7..8a58c17 100644 --- a/winrm-https/PROJECT-SUMMARY.md +++ b/winrm-https/PROJECT-SUMMARY.md @@ -4,7 +4,7 @@ **Objective**: Deploy secure WinRM over HTTPS to 175 shopfloor PCs using a wildcard certificate for `*.logon.ds.ge.com` -**Status**: ✅ READY FOR TESTING +**Status**: READY FOR TESTING **Certificate Generated**: `wildcard-logon-ds-ge-com-20251017.pfx` **Certificate Password**: `XqHuyaLZSyCYEcpsMz6h5` @@ -45,13 +45,13 @@ ## Key Features Implemented -### ✅ Certificate Generation +### Certificate Generation - Self-signed wildcard certificate for `*.logon.ds.ge.com` - Alternative generation methods to avoid smart card conflicts - 2048-bit RSA with SHA256 - Valid for 2 years (expires 2027-10-17) -### ✅ Deployment Scripts +### Deployment Scripts - **Two deployment methods**: - `Deploy-WinRM-HTTPS.bat` - Secure (prompts for password) - `Deploy-WinRM-HTTPS-AutoPassword.bat` - Testing (auto-password) @@ -60,7 +60,7 @@ - Execution policy bypass (`-ExecutionPolicy Bypass`) - Network share compatible -### ✅ Comprehensive Logging +### Comprehensive Logging - **Log Location**: `S:\DT\ADATA\SCRIPT\DEPLOY\LOGS\` - **Log Format**: `HOSTNAME-YYYYMMDD-HHMMSS.txt` - **Logged Information**: @@ -72,7 +72,7 @@ - Success/failure status - All error messages -### ✅ WinRM HTTPS Configuration +### WinRM HTTPS Configuration - Creates HTTPS listener on port 5986 - Uses wildcard certificate for all PCs - Constructs FQDN: `hostname.logon.ds.ge.com` @@ -80,13 +80,13 @@ - Enables certificate authentication - Maintains HTTP listener (port 5985) -### ✅ Testing & Validation +### Testing & Validation - Test scripts for connectivity verification - Log viewer with filtering capabilities - Summary report generation - Remote connection examples -### ✅ Documentation +### Documentation - Quick start guides - Detailed deployment instructions - Security best practices @@ -139,17 +139,17 @@ PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command ^ ### 1. Smart Card Device Error **Problem**: Certificate generation failed with "smart card device is read-only" **Solution**: Created alternative script using `certreq.exe` with fallback methods -**Status**: ✅ Resolved - Certificate generated successfully +**Status**: Resolved - Certificate generated successfully ### 2. LogFile Parameter Not Found **Problem**: Batch file tried to pass `-LogFile` parameter that didn't exist **Solution**: Added `-LogFile` parameter to `Setup-WinRM-HTTPS.ps1` param block -**Status**: ✅ Resolved - Logging now works correctly +**Status**: Resolved - Logging now works correctly ### 3. WinRM HTTPS Listener Creation Failed (First Issue) **Problem**: Listener creation failed due to PowerShell string escaping issues **Solution**: Changed from `Invoke-Expression` to `cmd.exe /c` execution -**Status**: ✅ Resolved - Command execution fixed +**Status**: Resolved - Command execution fixed ### 4. Certificate CN Mismatch Error (Critical Fix) **Problem**: Listener creation failed with error "The certificate CN and the hostname that were provided do not match" @@ -177,23 +177,23 @@ winrm create ... @{Hostname="*.logon.ds.ge.com";...} - WinRM matches specific hostname against wildcard pattern - Certificate validation succeeds for all subdomains -**Status**: ✅ Resolved - Wildcard matching now works correctly +**Status**: Resolved - Wildcard matching now works correctly **Documentation**: See `WILDCARD-CERT-FIX.txt` for detailed explanation ### 5. Plaintext Password in Examples **Problem**: Security concern with plaintext passwords in documentation **Solution**: Created `SECURE_CREDENTIAL_MANAGEMENT.md` and updated all examples -**Status**: ✅ Resolved - All examples use secure methods +**Status**: Resolved - All examples use secure methods --- ## Deployment Workflow ### Phase 1: Preparation (CURRENT PHASE) -1. ✅ Generate wildcard certificate -2. ✅ Create deployment scripts -3. ✅ Setup logging infrastructure -4. ✅ Create documentation +1. Generate wildcard certificate +2. Create deployment scripts +3. Setup logging infrastructure +4. Create documentation 5. ⏳ Copy certificate to deployment-package folder 6. ⏳ Copy deployment-package to network share 7. ⏳ Set permissions on network share @@ -230,9 +230,9 @@ winrm create ... @{Hostname="*.logon.ds.ge.com";...} **Hostname List**: `shopfloor-hostnames.txt` **Example Hostnames**: -- G1JJVH63ESF → g1jjvh63esf.logon.ds.ge.com -- G1JJXH63ESF → g1jjxh63esf.logon.ds.ge.com -- G9KN7PZ3ESF → g9kn7pz3esf.logon.ds.ge.com (test PC) +- G1JJVH63ESF g1jjvh63esf.logon.ds.ge.com +- G1JJXH63ESF g1jjxh63esf.logon.ds.ge.com +- G9KN7PZ3ESF g9kn7pz3esf.logon.ds.ge.com (test PC) - ... (172 more) --- @@ -279,24 +279,24 @@ Get-Service WinRM | Select-Object Name, Status, StartType ## Security Considerations ### Certificate Security -- ✅ Self-signed certificate (appropriate for internal use) -- ✅ Private key marked as exportable (for backup purposes) -- ✅ Stored in Local Machine certificate store -- ✅ 2048-bit RSA encryption -- ⚠️ Certificate password stored in deployment scripts (testing only) +- Self-signed certificate (appropriate for internal use) +- Private key marked as exportable (for backup purposes) +- Stored in Local Machine certificate store +- 2048-bit RSA encryption +- Certificate password stored in deployment scripts (testing only) ### Deployment Security -- ✅ Two versions: secure (production) and auto-password (testing) -- ✅ Documentation emphasizes deleting auto-password version -- ✅ Network share requires proper permissions -- ✅ Administrator privileges required for deployment -- ✅ All examples use secure credential methods +- Two versions: secure (production) and auto-password (testing) +- Documentation emphasizes deleting auto-password version +- Network share requires proper permissions +- Administrator privileges required for deployment +- All examples use secure credential methods ### Credential Management -- ✅ Documented 5 secure methods in `SECURE_CREDENTIAL_MANAGEMENT.md` -- ✅ No plaintext passwords in production examples -- ✅ Recommendations for Azure Key Vault integration -- ✅ Windows Credential Manager integration documented +- Documented 5 secure methods in `SECURE_CREDENTIAL_MANAGEMENT.md` +- No plaintext passwords in production examples +- Recommendations for Azure Key Vault integration +- Windows Credential Manager integration documented --- @@ -348,8 +348,8 @@ Executing WinRM HTTPS setup... ## Files Ready for Deployment ### Required Files (Must Copy to Network Share) -- ✅ `deployment-package/` folder (all contents) -- ⚠️ `wildcard-logon-ds-ge-com-20251017.pfx` (MUST ADD to deployment-package!) +- `deployment-package/` folder (all contents) +- `wildcard-logon-ds-ge-com-20251017.pfx` (MUST ADD to deployment-package!) ### Network Share Setup ``` @@ -405,25 +405,25 @@ Executing WinRM HTTPS setup... ## Success Criteria ### Deployment Success -- ✅ Certificate imported to Local Machine store -- ✅ HTTPS listener created on port 5986 -- ✅ Firewall rule "WinRM HTTPS-In" created -- ✅ WinRM service running and set to automatic -- ✅ Log file created with SUCCESS status -- ✅ No errors in log file +- Certificate imported to Local Machine store +- HTTPS listener created on port 5986 +- Firewall rule "WinRM HTTPS-In" created +- WinRM service running and set to automatic +- Log file created with SUCCESS status +- No errors in log file ### Connectivity Success -- ✅ `Test-WSMan` succeeds from management server -- ✅ Can create remote PSSession with `-UseSSL` -- ✅ Can execute remote commands via HTTPS -- ✅ Certificate validation passes +- `Test-WSMan` succeeds from management server +- Can create remote PSSession with `-UseSSL` +- Can execute remote commands via HTTPS +- Certificate validation passes ### Project Success -- ✅ All 175 PCs deployed successfully -- ✅ All deployments logged -- ✅ Remote connectivity verified -- ✅ Asset inventory updated -- ✅ Documentation complete +- All 175 PCs deployed successfully +- All deployments logged +- Remote connectivity verified +- Asset inventory updated +- Documentation complete --- @@ -503,4 +503,4 @@ The WinRM HTTPS deployment project is **complete and ready for testing**. All sc **Document Version**: 1.0 **Last Updated**: 2025-10-17 -**Status**: ✅ READY FOR TESTING +**Status**: READY FOR TESTING diff --git a/winrm-https/README.md b/winrm-https/README.md index fa5fc53..6c316b0 100644 --- a/winrm-https/README.md +++ b/winrm-https/README.md @@ -31,7 +31,7 @@ This folder contains scripts and documentation for setting up secure WinRM over |------|-------------| | **WINRM_HTTPS_DEPLOYMENT_GUIDE.md** | Complete deployment guide with troubleshooting | -## 🚀 Quick Start +## Quick Start ### 1. Generate Certificate (Testing) @@ -84,14 +84,14 @@ $certPass = ConvertTo-SecureString "YourPassword" -AsPlainText -Force - Protect the PFX file password - Use `-SkipCertificateCheck` only for testing -## 📊 Shopfloor PCs +## Shopfloor PCs - **Total PCs**: 175 - **Source**: Database query filtered by `pctypeid = 3` (Shopfloor type) - **FQDN Format**: `{hostname}.logon.ds.ge.com` - **Example**: `G1JJVH63ESF.logon.ds.ge.com` -## 🔧 Workflow +## Workflow 1. **Generate/Obtain Certificate** - Use `Generate-WildcardCert.ps1` for testing diff --git a/winrm-https/SECURE_CREDENTIAL_MANAGEMENT.md b/winrm-https/SECURE_CREDENTIAL_MANAGEMENT.md index 3dc645d..ed22c8c 100644 --- a/winrm-https/SECURE_CREDENTIAL_MANAGEMENT.md +++ b/winrm-https/SECURE_CREDENTIAL_MANAGEMENT.md @@ -2,7 +2,7 @@ This guide covers secure methods for handling passwords and credentials in PowerShell, avoiding plaintext passwords in scripts and command history. -## ⚠️ Never Do This +## Never Do This ```powershell # BAD - Password visible in script and command history @@ -18,7 +18,7 @@ $certPass = ConvertTo-SecureString "MyPassword123!" -AsPlainText -Force --- -## ✅ Secure Methods +## Secure Methods ### Method 1: Interactive Prompt (Most Secure for Manual Use) @@ -92,10 +92,10 @@ $certPass = Import-Clixml -Path "C:\Secure\cert-password.xml" ``` **Important notes:** -- ✅ Encrypted files can ONLY be decrypted by the same user on the same computer -- ✅ Safe to store in version control (but not recommended) -- ⚠️ Won't work if script runs as different user (e.g., scheduled task with service account) -- ⚠️ Won't work on different computer +- Encrypted files can ONLY be decrypted by the same user on the same computer +- Safe to store in version control (but not recommended) +- Won't work if script runs as different user (e.g., scheduled task with service account) +- Won't work on different computer --- @@ -131,10 +131,10 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin" ``` **Advantages:** -- ✅ Works with scheduled tasks -- ✅ Can be used by service accounts -- ✅ Centralized management -- ✅ Encrypted by Windows +- Works with scheduled tasks +- Can be used by service accounts +- Centralized management +- Encrypted by Windows --- @@ -152,7 +152,7 @@ $env:WINRM_CERT_PATH = "C:\Certs\wildcard.pfx" -Domain $env:WINRM_DOMAIN ``` -**⚠️ Do NOT use for passwords:** +** Do NOT use for passwords:** ```powershell # BAD - Environment variables are not secure for passwords $env:CERT_PASSWORD = "MyPassword" # DON'T DO THIS @@ -350,7 +350,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin" ## 🛡️ Security Best Practices -### Do's ✅ +### Do's 1. **Always use SecureString for passwords** ```powershell @@ -386,7 +386,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin" [System.GC]::Collect() ``` -### Don'ts ❌ +### Don'ts 1. **Never hardcode passwords** ```powershell @@ -420,7 +420,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin" --- -## 🔧 Setting Up Secure Credential Storage +## Setting Up Secure Credential Storage ### Step 1: Create Secure Directory @@ -543,15 +543,15 @@ $cred = Get-DomainCredential --- -## 📊 Summary Comparison +## Summary Comparison | Method | Security | Ease of Use | Automation | Cross-User | Enterprise | |--------|----------|-------------|------------|------------|------------| -| Interactive Prompt | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ❌ | ❌ | ❌ | -| Encrypted File | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ✅ | ❌ | ❌ | -| Credential Manager | ⭐⭐⭐⭐ | ⭐⭐⭐ | ✅ | ✅ | ⭐⭐⭐ | -| Azure Key Vault | ⭐⭐⭐⭐⭐ | ⭐⭐ | ✅ | ✅ | ⭐⭐⭐⭐⭐ | -| Plaintext (DON'T) | ⭐ | ⭐⭐⭐⭐⭐ | ✅ | ✅ | ❌ | +| Interactive Prompt | | | | | | +| Encrypted File | | | | | | +| Credential Manager | | | | | | +| Azure Key Vault | | | | | | +| Plaintext (DON'T) | | | | | | --- diff --git a/winrm-https/TEST-REMOTE-CONNECTION-GUIDE.md b/winrm-https/TEST-REMOTE-CONNECTION-GUIDE.md index c0e4030..7262b3f 100644 --- a/winrm-https/TEST-REMOTE-CONNECTION-GUIDE.md +++ b/winrm-https/TEST-REMOTE-CONNECTION-GUIDE.md @@ -503,13 +503,13 @@ Remove-PSSession $session ## Next Steps -1. ✅ Run the updated deployment on test PC (with wildcard CN fix) -2. ✅ Use these commands to test connectivity -3. ✅ Verify remote commands work correctly -4. ✅ If successful, deploy to 3-5 more PCs -5. ✅ Test connectivity to all deployed PCs -6. ✅ Document any issues in deployment logs -7. ✅ Proceed with production rollout +1. Run the updated deployment on test PC (with wildcard CN fix) +2. Use these commands to test connectivity +3. Verify remote commands work correctly +4. If successful, deploy to 3-5 more PCs +5. Test connectivity to all deployed PCs +6. Document any issues in deployment logs +7. Proceed with production rollout --- diff --git a/winrm-https/TROUBLESHOOTING_CERTIFICATE_GENERATION.md b/winrm-https/TROUBLESHOOTING_CERTIFICATE_GENERATION.md index f80eb94..e3ae30b 100644 --- a/winrm-https/TROUBLESHOOTING_CERTIFICATE_GENERATION.md +++ b/winrm-https/TROUBLESHOOTING_CERTIFICATE_GENERATION.md @@ -137,7 +137,7 @@ If the above methods don't work, generate the certificate on a computer without **Solution:** ```powershell # Run PowerShell as Administrator -# Right-click PowerShell → Run as Administrator +# Right-click PowerShell Run as Administrator # Verify admin rights $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) @@ -413,11 +413,11 @@ If none of these solutions work: **Recommended approach when you see smart card error:** -1. ✅ Try `Generate-WildcardCert-Alternative.ps1` (uses certreq) -2. ✅ Try disabling smart card service temporarily -3. ✅ Try different crypto provider -4. ✅ Generate on different computer without restrictions -5. ✅ Request certificate from your organization's CA +1. Try `Generate-WildcardCert-Alternative.ps1` (uses certreq) +2. Try disabling smart card service temporarily +3. Try different crypto provider +4. Generate on different computer without restrictions +5. Request certificate from your organization's CA **For production deployment:** - Always get certificates from trusted Certificate Authority diff --git a/winrm-https/deployment-package/NETWORK_SHARE_DEPLOYMENT.md b/winrm-https/deployment-package/NETWORK_SHARE_DEPLOYMENT.md index b5a2591..7153e14 100644 --- a/winrm-https/deployment-package/NETWORK_SHARE_DEPLOYMENT.md +++ b/winrm-https/deployment-package/NETWORK_SHARE_DEPLOYMENT.md @@ -32,7 +32,7 @@ New-SmbShare -Name "WinRM-HTTPS" -Path $deployPath -FullAccess "Everyone" **Or manually:** 1. Create folder: `C:\Deployment\WinRM-HTTPS` 2. Copy all files from `winrm-https` folder -3. Right-click folder → Properties → Sharing → Advanced Sharing +3. Right-click folder Properties Sharing Advanced Sharing 4. Check "Share this folder" 5. Share name: `WinRM-HTTPS` 6. Permissions: Give "Everyone" Read access (or specific security group) @@ -49,10 +49,10 @@ Get-ChildItem "\\SERVER\WinRM-HTTPS" ``` Expected files: -- ✅ `Deploy-WinRM-HTTPS.bat` -- ✅ `Setup-WinRM-HTTPS.ps1` -- ✅ `wildcard-logon-ds-ge-com-20251017.pfx` -- ✅ Other PS1 scripts +- `Deploy-WinRM-HTTPS.bat` +- `Setup-WinRM-HTTPS.ps1` +- `wildcard-logon-ds-ge-com-20251017.pfx` +- Other PS1 scripts --- @@ -105,13 +105,13 @@ Include everything for troubleshooting: 6. Wait for completion **Advantages:** -- ✅ Simple - no copying needed -- ✅ Always uses latest files -- ✅ No local disk space used +- Simple - no copying needed +- Always uses latest files +- No local disk space used **Disadvantages:** -- ⚠️ Requires network connectivity during install -- ⚠️ Slower if network is congested +- Requires network connectivity during install +- Slower if network is congested --- @@ -139,13 +139,13 @@ Deploy-WinRM-HTTPS.bat ``` **Advantages:** -- ✅ Faster execution -- ✅ Works if network connection lost -- ✅ Can verify files before running +- Faster execution +- Works if network connection lost +- Can verify files before running **Disadvantages:** -- ⚠️ Uses local disk space -- ⚠️ Extra copy step +- Uses local disk space +- Extra copy step --- @@ -193,14 +193,14 @@ foreach ($hostname in $targetPCs) { ``` **Advantages:** -- ✅ Deploy to many PCs from one location -- ✅ No physical access needed -- ✅ Can run overnight/batch +- Deploy to many PCs from one location +- No physical access needed +- Can run overnight/batch **Disadvantages:** -- ⚠️ Requires existing remote access (WinRM or admin shares) -- ⚠️ More complex -- ⚠️ Password visible in script (use secure credential management) +- Requires existing remote access (WinRM or admin shares) +- More complex +- Password visible in script (use secure credential management) --- @@ -219,8 +219,8 @@ foreach ($hostname in $targetPCs) { - Edit GPO 3. **Add Startup Script:** - - Computer Configuration → Policies → Windows Settings → Scripts - - Startup → Add + - Computer Configuration Policies Windows Settings Scripts + - Startup Add - Script: `\\DOMAIN\NETLOGON\Scripts\WinRM-HTTPS\Deploy-WinRM-HTTPS.bat` 4. **Link GPO to OU:** @@ -228,14 +228,14 @@ foreach ($hostname in $targetPCs) { - PCs will run script on next reboot **Advantages:** -- ✅ Automated deployment -- ✅ Centrally managed -- ✅ Runs with SYSTEM privileges +- Automated deployment +- Centrally managed +- Runs with SYSTEM privileges **Disadvantages:** -- ⚠️ Requires domain environment -- ⚠️ Requires restart -- ⚠️ Password handling more complex +- Requires domain environment +- Requires restart +- Password handling more complex --- @@ -270,7 +270,7 @@ REM Set on each PC or via GPO setx WINRM_CERT_PASS "XqHuyaLZSyCYEcpsMz6h5" /M ``` -**⚠️ Never:** +** Never:** - Hardcode password in batch file on network share (readable by everyone) - Email password in plaintext - Store password in unencrypted text file @@ -293,7 +293,7 @@ Grant-SmbShareAccess -Name "WinRM-HTTPS" -AccountName "DOMAIN\IT Admins" -Access The certificate PFX file contains the private key. Protect it: 1. **Use share permissions** to restrict access -2. **Use certificate password** (you did ✅) +2. **Use certificate password** (you did ) 3. **Monitor access** to the share 4. **Delete from share** after deployment complete @@ -315,7 +315,7 @@ The certificate PFX file contains the private key. Protect it: ``` For each test PC: 1. Navigate to \\SERVER\WinRM-HTTPS -2. Right-click Deploy-WinRM-HTTPS.bat → Run as Administrator +2. Right-click Deploy-WinRM-HTTPS.bat Run as Administrator 3. Enter password when prompted 4. Verify success 5. Test connection from management server @@ -378,7 +378,7 @@ Write-Host "Share created: \\$env:COMPUTERNAME\WinRM-HTTPS" **On test PC (G1JJVH63ESF):** 1. Open Explorer: `\\MANAGEMENT-SERVER\WinRM-HTTPS` -2. Right-click `Deploy-WinRM-HTTPS.bat` → Run as Administrator +2. Right-click `Deploy-WinRM-HTTPS.bat` Run as Administrator 3. Enter password: `XqHuyaLZSyCYEcpsMz6h5` 4. Wait for completion @@ -462,7 +462,7 @@ Get-SmbShareAccess -Name "WinRM-HTTPS" ### Problem: "Access Denied" running batch file **Solution:** -- Right-click → Run as Administrator +- Right-click Run as Administrator - User must be local admin on PC - Check UAC settings @@ -514,15 +514,15 @@ Save as `README.txt` in the share. **Best Practice for Your Scenario:** -1. ✅ Create network share: `\\SERVER\WinRM-HTTPS` -2. ✅ Include: +1. Create network share: `\\SERVER\WinRM-HTTPS` +2. Include: - `Deploy-WinRM-HTTPS.bat` - `Setup-WinRM-HTTPS.ps1` - `wildcard-logon-ds-ge-com-20251017.pfx` -3. ✅ Deploy to 3-5 test PCs manually -4. ✅ Verify each deployment -5. ✅ Deploy to remaining PCs in batches -6. ✅ Remove certificate from share when done +3. Deploy to 3-5 test PCs manually +4. Verify each deployment +5. Deploy to remaining PCs in batches +6. Remove certificate from share when done **Certificate Password Storage:** - Store in password manager @@ -530,7 +530,7 @@ Save as `README.txt` in the share. - Use encrypted files for automation **The batch files handle:** -- ✅ Administrator check -- ✅ File verification -- ✅ Error handling -- ✅ User feedback +- Administrator check +- File verification +- Error handling +- User feedback diff --git a/winrm-https/deployment-package/TEST-REMOTE-CONNECTION-GUIDE.md b/winrm-https/deployment-package/TEST-REMOTE-CONNECTION-GUIDE.md index c0e4030..7262b3f 100644 --- a/winrm-https/deployment-package/TEST-REMOTE-CONNECTION-GUIDE.md +++ b/winrm-https/deployment-package/TEST-REMOTE-CONNECTION-GUIDE.md @@ -503,13 +503,13 @@ Remove-PSSession $session ## Next Steps -1. ✅ Run the updated deployment on test PC (with wildcard CN fix) -2. ✅ Use these commands to test connectivity -3. ✅ Verify remote commands work correctly -4. ✅ If successful, deploy to 3-5 more PCs -5. ✅ Test connectivity to all deployed PCs -6. ✅ Document any issues in deployment logs -7. ✅ Proceed with production rollout +1. Run the updated deployment on test PC (with wildcard CN fix) +2. Use these commands to test connectivity +3. Verify remote commands work correctly +4. If successful, deploy to 3-5 more PCs +5. Test connectivity to all deployed PCs +6. Document any issues in deployment logs +7. Proceed with production rollout ---