# PowerShell Scripts - Production URL Configuration **Date:** 2025-11-21 **Status:** Updated for Production **Target Server:** https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp --- ## Changes Made ### Files Updated 1. **Update-PC-CompleteAsset-Silent.bat** - Dashboard URL: https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp 2. **Update-PC-CompleteAsset.ps1** - Default parameter: https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp - Auto-discovery list (first priority) - Fallback default URL --- ## Deployment Instructions ### Step 1: Copy Files to Client PCs **Source Location (Linux Dev):** ``` /home/camp/projects/powershell/ ``` **Target Location (Windows PCs):** ``` C:\Apps\PowerShell\ ``` **Files to Deploy:** ``` Update-PC-CompleteAsset.ps1 Update-PC-CompleteAsset-Silent.bat Get-ShopfloorConfig.ps1 Backup-GERegistry.ps1 applications.csv ``` ### Step 2: Deployment Methods #### Option A: Group Policy (Recommended) **GPO Startup Script:** ```batch @echo off REM Copy PowerShell scripts from network share to local PC xcopy /Y /E "\\fileserver\shares\IT\PowerShell\*.*" "C:\Apps\PowerShell\" ``` **GPO Path:** ``` Computer Configuration Policies Windows Settings Scripts (Startup/Shutdown) Startup Add: deploy-powershell-scripts.bat ``` #### Option B: Manual Copy via Network Share ```batch REM On each PC (or via remote execution) xcopy /Y /E "\\tsgwp00525\IT\PowerShell\*.*" "C:\Apps\PowerShell\" ``` #### Option C: PowerShell Remoting (Bulk Deployment) ```powershell # Run from admin workstation $PCs = Get-Content "C:\PCList.txt" foreach ($PC in $PCs) { Write-Host "Deploying to $PC..." # Create directory if doesn't exist Invoke-Command -ComputerName $PC -ScriptBlock { New-Item -Path "C:\Apps\PowerShell" -ItemType Directory -Force } # Copy files Copy-Item -Path "\\source\PowerShell\*" -Destination "\\$PC\C$\Apps\PowerShell\" -Recurse -Force Write-Host " [OK] Deployed to $PC" -ForegroundColor Green } ``` ### Step 3: Create Scheduled Task **Task Configuration:** ```xml Name: Update PC Asset Data Description: Daily collection of PC hardware and software inventory Trigger: Daily at 6:00 AM Action: C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat Run as: SYSTEM Run with highest privileges: Yes ``` **GPO Scheduled Task:** ``` Computer Configuration Preferences Control Panel Settings Scheduled Tasks New Scheduled Task (Windows 7+) ``` **Settings:** - Name: `Update PC Asset Data` - Program: `C:\Apps\PowerShell\Update-PC-CompleteAsset-Silent.bat` - Trigger: Daily, 6:00 AM - Random delay: 0-10 minutes (built into script) - Run whether user logged on or not: Yes - Run with highest privileges: Yes ### Step 4: Test on Sample PCs **Test on 3 different PC types:** 1. **Standard PC (Office):** ```powershell # Run manually cd C:\Apps\PowerShell .\Update-PC-CompleteAsset.ps1 ``` **Expected:** - Detects PC type: Standard - Collects system info - Sends to https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp - Success message 2. **Shopfloor PC (LTSC):** ```powershell cd C:\Apps\PowerShell .\Update-PC-CompleteAsset.ps1 ``` **Expected:** - Detects PC type: Shopfloor - Collects system info + network interfaces + DNC config - Sends to production API - Success message 3. **Engineer PC (Has C:\Apps + V: drive):** ```powershell cd C:\Apps\PowerShell .\Update-PC-CompleteAsset.ps1 ``` **Expected:** - Detects PC type: Engineer - Collects system info - Sends to production API - Success message ### Step 5: Verify in Database ```sql -- Check recent PC updates (last 24 hours) SELECT hostname, machinetypeid, serialnumber, lastupdated FROM machines WHERE pctypeid IS NOT NULL AND lastupdated >= DATE_SUB(NOW(), INTERVAL 24 HOUR) ORDER BY lastupdated DESC; ``` ### Step 6: Monitor Logs **Check API logs on server:** ``` https://tsgwp00525.rd.ds.ge.com/shopdb/logs/api-2025-11-21.log ``` **Check PowerShell logs on network share:** ``` S:\dt\cameron\scan\logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log ``` **Fallback location (if network share unavailable):** ``` C:\Apps\PowerShell\Logs\CompleteAsset-[HOSTNAME]-[TIMESTAMP].log ``` --- ## URL Configuration Details ### Production URL **Full URL:** ``` https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp ``` **Server:** tsgwp00525.rd.ds.ge.com **Protocol:** HTTPS (secure) **Path:** /shopdb/api.asp **Port:** 443 (default HTTPS) ### Network Requirements **Firewall Rules:** - Allow outbound HTTPS (port 443) from all client PCs - Destination: tsgwp00525.rd.ds.ge.com - Protocol: TCP/443 **DNS Resolution:** - tsgwp00525.rd.ds.ge.com must resolve from client PCs - Test: `nslookup tsgwp00525.rd.ds.ge.com` **Certificate:** - Server must have valid SSL certificate - Client PCs must trust certificate authority - If using self-signed cert, may need to add to trusted root CAs **Network Share Access:** - All client PCs must have read/write access to `S:\dt\cameron\scan\logs` - Share permissions: DOMAIN\Domain Computers (Modify) - NTFS permissions: DOMAIN\Domain Computers (Modify) - If network share unavailable, script will fallback to local `C:\Apps\PowerShell\Logs\` ### URL Priority (Auto-Discovery) If parameter not provided, script tries URLs in this order: 1. https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp (PRODUCTION) 2. http://192.168.122.151:8080/api.asp (DEV) 3. http://localhost:8080/api.asp (Local test) 4. (other fallbacks...) --- ## Rollback Instructions If production deployment fails, revert to DEV URLs: **Update-PC-CompleteAsset-Silent.bat:** ```batch Line 27: echo Dashboard: http://192.168.122.151:8080/api.asp >> "%logfile%" 2>&1 Line 60: -DashboardURL "http://192.168.122.151:8080/api.asp" ``` **Update-PC-CompleteAsset.ps1:** ```powershell Line 26: [string]$DashboardURL = "http://192.168.122.151:8080/api.asp", Line 70: First candidate = "http://192.168.122.151:8080/api.asp" Line 98: $defaultUrl = "http://192.168.122.151:8080/api.asp" ``` --- ## Verification Checklist Before production rollout: - [ ] Verify network share exists: `S:\dt\cameron\scan\logs` - [ ] Test network share write permissions from client PC - [ ] Test script on Standard PC - [ ] Test script on Shopfloor PC - [ ] Test script on Engineer PC - [ ] Verify logs written to `S:\dt\cameron\scan\logs` - [ ] Verify data appears in database - [ ] Check API logs on server - [ ] Test scheduled task execution - [ ] Confirm HTTPS certificate valid - [ ] Verify firewall allows outbound HTTPS - [ ] Test DNS resolution of tsgwp00525.rd.ds.ge.com - [ ] Deploy to pilot group (5-10 PCs) - [ ] Monitor for 1 week (check network share logs) - [ ] Deploy to all PCs via GPO --- ## Troubleshooting ### Issue: Cannot reach dashboard **Symptom:** ``` [FAIL] Cannot reach: The remote name could not be resolved ``` **Causes:** 1. DNS not resolving tsgwp00525.rd.ds.ge.com 2. Firewall blocking port 443 3. Server offline **Fix:** ```powershell # Test DNS nslookup tsgwp00525.rd.ds.ge.com # Test HTTPS connectivity Test-NetConnection -ComputerName tsgwp00525.rd.ds.ge.com -Port 443 # Test API endpoint Invoke-RestMethod -Uri "https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp?action=getDashboardData" ``` ### Issue: SSL certificate error **Symptom:** ``` The underlying connection was closed: Could not establish trust relationship ``` **Cause:** Self-signed or untrusted certificate **Fix:** ```powershell # Temporary bypass (testing only) [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} # Permanent fix: Install certificate to Trusted Root Import-Certificate -FilePath "server-cert.crt" -CertStoreLocation Cert:\LocalMachine\Root ``` ### Issue: 401 Unauthorized **Symptom:** ``` The remote server returned an error: (401) Unauthorized ``` **Cause:** Server requires authentication **Fix:** - Check IIS authentication settings - Ensure Anonymous Authentication enabled for api.asp - Or add credentials to script ### Issue: 500 Internal Server Error **Symptom:** ``` The remote server returned an error: (500) Internal Server Error ``` **Cause:** API error on server side **Fix:** - Check server logs: `C:\inetpub\wwwroot\shopdb\logs\api-YYYY-MM-DD.log` - Check IIS logs: `C:\inetpub\logs\LogFiles\` - Verify database connectivity from server - Check ASP error details (disable friendly errors) ### Issue: Network log directory not accessible **Symptom:** ``` WARNING: Network log directory S:\dt\cameron\scan\logs not accessible, using local Logs directory ``` **Cause:** Network share not accessible or permissions issue **Fix:** ```powershell # Test network share access Test-Path "S:\dt\cameron\scan\logs" # Verify drive mapping Get-PSDrive S # Test write permissions New-Item -Path "S:\dt\cameron\scan\logs\test.txt" -ItemType File -Value "test" -Force Remove-Item "S:\dt\cameron\scan\logs\test.txt" ``` **Permission Requirements:** - Share: `\\fileserver\share` mapped to S: drive - Share Permissions: Domain Computers (Read/Write) - NTFS Permissions: Domain Computers (Modify) - Ensure folder exists: `S:\dt\cameron\scan\logs` --- ## Production Readiness Status **Scripts Updated:** Both .bat and .ps1 files configured for production URL **Documentation:** Complete deployment guide created **Testing Plan:** 3-tier testing (Standard, Shopfloor, Engineer) **Monitoring:** API logs and PowerShell logs configured **Rollback Plan:** DEV URL reversion documented **Ready for Deployment:** YES **Recommended Timeline:** 1. Day 1-2: Test on 3 PCs (one of each type) 2. Day 3-7: Deploy to pilot group (10 PCs) 3. Day 8-14: Monitor pilot group 4. Day 15+: Full deployment via GPO to all PCs --- ## Contact **For deployment issues:** - Check this documentation - Review PowerShell logs on client PC - Review API logs on server - Contact: IT Asset Management Team **File Locations:** - Dev: `/home/camp/projects/powershell/` - Production Scripts: `C:\Apps\PowerShell\` (on PCs) - Production Logs: `S:\dt\cameron\scan\logs\` (network share) - Server: `https://tsgwp00525.rd.ds.ge.com/shopdb/` --- **Document Version:** 1.0 **Last Updated:** 2025-11-21 **Status:** Production Ready