# WinRM Remote Asset Collection This system allows centralized asset data collection from multiple shopfloor PCs using PowerShell remoting (WinRM). ## Overview The remote collection system consists of: 1. **Invoke-RemoteAssetCollection.ps1** - Main script that orchestrates remote execution 2. **Setup-WinRM.ps1** - Helper script to configure WinRM on management server 3. **Run-RemoteCollection.bat** - Batch file for easy execution 4. **shopfloor-pcs-example.txt** - Example computer list file ## Prerequisites ### Management Server (where you run the remote collection) - Windows with PowerShell 5.1 or later - Administrator privileges - Network connectivity to target computers - Update-PC-CompleteAsset.ps1 script ### Target Computers (shopfloor PCs) - Windows with PowerShell 5.1 or later - WinRM enabled and configured - Update-PC-CompleteAsset.ps1 script installed locally - Administrator account for remote access ## Setup Instructions ### 1. Configure Management Server Run as Administrator: ```powershell # Set up WinRM to trust all shopfloor computers .\Setup-WinRM.ps1 -TrustedHosts "*" # OR set up specific trusted hosts (more secure) .\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101,10.48.130.102" ``` ### 2. Configure Target Computers On each shopfloor PC, run as Administrator: ```powershell # Enable PowerShell remoting Enable-PSRemoting -Force # Configure firewall Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True # Optional: Run the setup script .\Setup-WinRM.ps1 ``` ### 3. Deploy Asset Collection Script Ensure `Update-PC-CompleteAsset.ps1` and `Get-ShopfloorConfig.ps1` are present on each target computer at: - `C:\Scripts\Update-PC-CompleteAsset.ps1` (default path) - `C:\Scripts\Get-ShopfloorConfig.ps1` Or specify a different path using the `-ScriptPath` parameter. ### 4. Create Computer List Copy `shopfloor-pcs-example.txt` to `shopfloor-pcs.txt` and edit with your actual computer IP addresses: ``` # Production computers 10.48.130.100 10.48.130.101 10.48.130.102 # Quality control 10.48.130.110 10.48.130.111 ``` ## Usage Examples ### Test Connections ```powershell # Test specific computers .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101") -TestConnections # Test from file .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -TestConnections ``` ### Collect Asset Data ```powershell # Collect from specific computers .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101") # Collect from computer list file .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" # Use stored credentials $cred = Get-Credential .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Credential $cred # Custom script path .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100") -ScriptPath "D:\Scripts\Update-PC-CompleteAsset.ps1" ``` ### Batch File Execution Simply double-click `Run-RemoteCollection.bat` for easy execution with default settings. ## Parameters ### Invoke-RemoteAssetCollection.ps1 Parameters | Parameter | Description | Default | |-----------|-------------|---------| | ComputerList | Array of computer names/IPs | `@()` | | ComputerListFile | Path to text file with computer list | - | | Credential | PSCredential for remote authentication | (prompts) | | MaxConcurrent | Max concurrent remote sessions | `5` | | ProxyURL | Warranty proxy server URL | `http://10.48.130.158/vendor-api-proxy.php` | | DashboardURL | Dashboard API URL | `http://10.48.130.197/dashboard-v2/api.php` | | SkipWarranty | Skip warranty lookups | `$true` | | LogPath | Log file path | `.\logs\remote-collection.log` | | TestConnections | Test connections only | `$false` | | ScriptPath | Path to script on remote computers | `C:\Scripts\Update-PC-CompleteAsset.ps1` | ## Troubleshooting ### Common Issues 1. **"Access is denied" errors** - Ensure you're running as Administrator - Check that credentials have admin rights on target computers - Verify WinRM is enabled on target computers 2. **"WinRM cannot complete the operation" errors** - Check trusted hosts configuration: `Get-Item WSMan:\localhost\Client\TrustedHosts` - Verify network connectivity to target computers - Check Windows Firewall settings on target computers 3. **"Script not found" errors** - Ensure Update-PC-CompleteAsset.ps1 exists on target computers - Check the script path specified in -ScriptPath parameter - Verify the script has execute permissions 4. **"Execution policy" errors** - Set execution policy: `Set-ExecutionPolicy RemoteSigned -Force` - Or use: `powershell.exe -ExecutionPolicy Bypass -File script.ps1` ### Diagnostic Commands ```powershell # Check WinRM configuration winrm get winrm/config # Test specific computer Test-WSMan -ComputerName "10.48.130.100" # Check trusted hosts Get-Item WSMan:\localhost\Client\TrustedHosts # Test PowerShell remoting Enter-PSSession -ComputerName "10.48.130.100" -Credential (Get-Credential) ``` ## Security Considerations 1. **Trusted Hosts**: Use specific IP addresses rather than "*" when possible 2. **Credentials**: Store credentials securely, avoid hardcoding passwords 3. **Network**: Ensure WinRM traffic is secured on your network 4. **Firewall**: Configure Windows Firewall rules appropriately 5. **Logging**: Monitor log files for security events ## Log Files Logs are stored in `.\logs\remote-collection.log` and include: - Connection attempts and results - Script execution status for each computer - Error messages and troubleshooting information - Summary statistics ## Performance - Default max concurrent sessions: 5 - Adjust `-MaxConcurrent` based on network capacity and server resources - Monitor performance during large-scale collections - Consider running during off-peak hours for production environments ## Integration This remote collection system integrates with: - Existing Update-PC-CompleteAsset.ps1 script - Dashboard API for data storage - Warranty proxy server for Dell warranty lookups - Database normalization system for machine assignments