Invoke-RemoteMaintenance.ps1

Remote maintenance toolkit for executing maintenance tasks on shopfloor PCs via WinRM.

Table of Contents

Overview

This script provides a comprehensive remote maintenance toolkit for managing shopfloor PCs. It executes maintenance tasks via WinRM (Windows Remote Management) and can target PCs individually, by type, by business unit, or all at once.

Location: S:\dt\shopfloor\scripts\remote-execution\Invoke-RemoteMaintenance.ps1

Key Features:

API Integration

When using -All, -PcType, or -BusinessUnit targeting, the script retrieves PC lists from the ShopDB API:

GET /api.asp?action=getShopfloorPCs
GET /api.asp?action=getShopfloorPCs&pctypeid=2      # CMM PCs only
GET /api.asp?action=getShopfloorPCs&businessunitid=1 # Specific business unit

PC Type IDs:

ID Type ID Type
1 Shopfloor 7 Heat Treat
2 CMM 8 Engineer
3 Wax Trace 9 Standard
4 Keyence 10 Inspection
5 EAS1000 11 Dashboard
6 Genspect 12 Lobby Display

See: ShopDB API Reference for complete API documentation.

Prerequisites

On Your Workstation

  1. PowerShell 5.1 or higher
  2. Network access to target PCs (TCP port 5985)
  3. Admin credentials for target PCs

On Target PCs

  1. WinRM enabled (Enable-PSRemoting -Force)
  2. Firewall rules allowing WinRM traffic

Verify Connectivity

# Test WinRM connectivity
Test-WSMan -ComputerName "SHOPFLOOR-PC01"

# Test with credentials
$cred = Get-Credential
Test-WSMan -ComputerName "SHOPFLOOR-PC01" -Credential $cred

Quick Start

Step 1: Get Credentials

$cred = Get-Credential -Message "Enter domain admin credentials"

Step 2: Run a Simple Task

# Flush DNS on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "SHOPFLOOR-PC01" -Task FlushDNS -Credential $cred

Step 3: Check Results

The script outputs status for each PC:

[SHOPFLOOR-PC01] FlushDNS: SUCCESS
  DNS Resolver Cache flushed successfully

Parameters Reference

Targeting Parameters (Mutually Exclusive)

Parameter Type Description
-ComputerName string[] One or more computer names or IPs
-ComputerListFile string Path to text file with hostnames
-All switch Target all shopfloor PCs from ShopDB
-PcType string Target by PC type (see PC Types)
-BusinessUnit string Target by business unit (see Business Units)

Task Parameter (Required)

Parameter Type Description
-Task string Maintenance task to execute

Optional Parameters

Parameter Type Default Description
-Credential PSCredential Prompt Remote authentication
-ApiUrl string Production ShopDB API endpoint
-ThrottleLimit int 5 Max concurrent sessions
-DnsSuffix string logon.ds.ge.com DNS suffix for resolution

PC Types

Standard, Engineer, Shopfloor, CMM, Wax / Trace, Keyence,
Genspect, Heat Treat, Inspection, Dashboard, Lobby Display, Uncategorized

Business Units

TBD, Blisk, HPT, Spools, Inspection, Venture, Turn/Burn, DT

Available Tasks

Repair Tasks

Task Description Duration Impact
DISM Repair Windows component store 15-60 min Low
SFC System File Checker scan 10-30 min Low

Optimization Tasks

Task Description Duration Impact
OptimizeDisk TRIM (SSD) or Defrag (HDD) 5-60 min Medium
DiskCleanup Remove temp files, updates 5-15 min Low
ClearUpdateCache Clear Windows Update cache 1-2 min Low
ClearBrowserCache Clear Chrome/Edge cache 1-2 min Low

Service Tasks

Task Description Duration Impact
RestartSpooler Restart Print Spooler <1 min Low
FlushDNS Clear DNS cache <1 min None
RestartWinRM Restart WinRM service <1 min Temp disconnect

Time/Date Tasks

Task Description Duration Impact
SetTimezone Set to Eastern Time <1 min None
SyncTime Force time sync with DC <1 min None

DNC Tasks

Task Description Duration Impact
UpdateEMxAuthToken Update eMx auth from share 1-2 min None
DeployUDCWebServerConfig Deploy UDC config 1-2 min None

System Tasks

Task Description Duration Impact
Reboot Restart PC (30s delay) 2-5 min High

Software Deployment Tasks

Task Description Duration Impact
InstallDashboard Install GE Dashboard app 2-5 min Medium
InstallLobbyDisplay Install Lobby Display app 2-5 min Medium
UninstallDashboard Remove GE Dashboard 1-2 min Low
UninstallLobbyDisplay Remove Lobby Display 1-2 min Low

Software Deployment Mechanism

Source File Locations

Deployment tasks require source files to be available before execution:

Task Source File Path
InstallDashboard \\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\Dashboard\GEAerospaceDashboardSetup.exe
InstallLobbyDisplay \\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\LobbyDisplay\GEAerospaceLobbyDisplaySetup.exe
UpdateEMxAuthToken \\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt
DeployUDCWebServerConfig \\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\UDC\udc_webserver_settings.json

How Deployment Works

  1. Pre-flight Check: Script verifies source file exists
  2. WinRM Session: Opens remote session to target PC
  3. File Push: Copies source file to C:\Windows\Temp\ on remote PC
  4. Execution: Runs install/copy task using pushed file
  5. Cleanup: Removes temp file from remote PC
+---------------------+     WinRM      +---------------------+
|  Your Workstation   | ------------>  |   Target PC         |
|                     |                |                     |
|  Source Files:      |   Push File    |  Temp Location:     |
|  - Setup.exe        | ------------>  |  C:\Windows\Temp    |
|  - config.json      |                |                     |
|  - eMxInfo.txt      |   Execute      |  Final Location:    |
|    (network)        | ------------>  |  C:\Program Files   |
+---------------------+                +---------------------+

Directory Structure

Ensure your script directory contains the required files:

S:\dt\shopfloor\scripts\remote-execution\
├── Invoke-RemoteMaintenance.ps1
├── GEAerospaceDashboardSetup.exe      # For InstallDashboard
├── GEAerospaceLobbyDisplaySetup.exe   # For InstallLobbyDisplay
└── udc_webserver_settings.json        # For DeployUDCWebServerConfig

eMx Auth Token Details

The UpdateEMxAuthToken task:

  1. Source: \\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\eMx\eMxInfo.txt
  2. Destinations: (both paths if they exist)
  1. Backup: Creates eMxInfo-old-YYYYMMDD-HHMMSS.txt before overwriting
  2. Post-action: Restarts DNC service (LDnc.exe)

UDC Web Server Config Details

The DeployUDCWebServerConfig task:

  1. Pre-check: Verifies UDC is installed (C:\Program Files\UDC exists)
  2. Skip: PCs without UDC are skipped (not counted as failures)
  3. Destination: C:\ProgramData\UDC\udc_webserver_settings.json
  4. Backup: Creates backup before overwriting

Dashboard/Lobby Display Install Details

Both kiosk app installers:

  1. Installer type: Inno Setup (supports /VERYSILENT)
  2. Execution: Silent install with no user prompts
  3. Cleanup: Installer removed from temp after execution

Uninstall GUIDs:

Adding New Deployable Applications

To add a new application for deployment, edit the script in two places:

Step 1: Add to $KioskAppConfig hashtable (~line 1388)

$KioskAppConfig = @{
    # Existing entries...

    # Add new application
    'InstallNewApp' = @{
        Action = 'Install'
        InstallerPath = '\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'  # Find in registry after manual install
    }
    'UninstallNewApp' = @{
        Action = 'Uninstall'
        InstallerName = 'NewAppSetup.exe'
        AppName = 'New Application Name'
        UninstallGuid = '{YOUR-GUID-HERE}'
    }
}

Step 2: Add task names to ValidateSet (~line 142)

[ValidateSet(
    'DISM', 'SFC', 'OptimizeDisk', 'DiskCleanup', 'ClearUpdateCache',
    'RestartSpooler', 'FlushDNS', 'RestartWinRM', 'ClearBrowserCache',
    'SetTimezone', 'SyncTime', 'UpdateEMxAuthToken', 'DeployUDCWebServerConfig', 'Reboot',
    'InstallDashboard', 'InstallLobbyDisplay', 'UninstallDashboard', 'UninstallLobbyDisplay',
    'InstallNewApp', 'UninstallNewApp'  # Add new tasks here
)]
[string]$Task

Step 3: Place installer on network share

\\tsgwp00525.wjs.geaerospace.net\dt\shopfloor\scripts\NewApp\NewAppSetup.exe

Finding the Uninstall GUID:

After manually installing the application on a test PC, find the GUID in registry:

# Search for app in registry
Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" |
    Get-ItemProperty | Where-Object { $_.DisplayName -like "*AppName*" } |
    Select-Object DisplayName, PSChildName, UninstallString

The PSChildName is typically the GUID (e.g., {9D9EEE25-4D24-422D-98AF-2ADEDA4745ED}).

Installer Requirements:

If your installer uses different flags, modify the InstallKioskApp scriptblock.

How-To Guides

How to Repair System Files

Scenario: A PC has corrupted system files causing crashes or errors.

Option 1: DISM (Component Store Repair)

# Run DISM repair on a single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

What it does:

Expected output:

[PROBLEM-PC] DISM: SUCCESS
  Deployment Image Servicing and Management tool
  The restore operation completed successfully.

Option 2: SFC (System File Checker)

# Run SFC after DISM
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

What it does:

Best Practice - Full Repair Sequence:

# Step 1: Run DISM first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

# Step 2: Run SFC after DISM completes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task SFC -Credential $cred

# Step 3: Reboot to apply changes
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task Reboot -Credential $cred

How to Optimize Disks

Scenario: PCs are running slow due to disk fragmentation or lack of TRIM.

Single PC Optimization

.\Invoke-RemoteMaintenance.ps1 -ComputerName "SLOW-PC" -Task OptimizeDisk -Credential $cred

What it does:

Optimize All CMM PCs (After Hours)

# CMM PCs often have large files - optimize overnight
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task OptimizeDisk -Credential $cred -ThrottleLimit 3

Full Cleanup Sequence

# Step 1: Clear update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache -Credential $cred

# Step 2: Run disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task DiskCleanup -Credential $cred

# Step 3: Optimize disk
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task OptimizeDisk -Credential $cred

How to Fix Stuck Windows Updates

Scenario: Windows Update is stuck or failing repeatedly.

# Clear the Windows Update cache
.\Invoke-RemoteMaintenance.ps1 -ComputerName "UPDATE-STUCK-PC" -Task ClearUpdateCache -Credential $cred

What it does:

  1. Stops Windows Update service
  2. Stops BITS service
  3. Clears C:\Windows\SoftwareDistribution\Download
  4. Restarts services

After clearing, trigger new update check:

# On the target PC (optional follow-up)
wuauclt /detectnow

How to Clear Browser Cache

Scenario: CMM or inspection PCs have slow browser performance.

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "CMM-PC01" -Task ClearBrowserCache -Credential $cred

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task ClearBrowserCache -Credential $cred

What it does:

How to Manage Services

Fix Printing Issues

# Restart print spooler on a PC with stuck print jobs
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PRINT-PROBLEM-PC" -Task RestartSpooler -Credential $cred

What it does:

  1. Stops Print Spooler service
  2. Clears print queue
  3. Restarts Print Spooler service

Fix DNS Resolution Issues

# Flush DNS cache when a PC can't resolve hostnames
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNS-ISSUE-PC" -Task FlushDNS -Credential $cred

# Flush DNS on all PCs in a business unit
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task FlushDNS -Credential $cred

Fix Remote Management Issues

# Restart WinRM if subsequent remote commands fail
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WINRM-ISSUE-PC" -Task RestartWinRM -Credential $cred

Note: Connection will briefly drop during restart.

How to Fix Time Sync Issues

Scenario: PC clock is wrong, causing certificate errors or login issues.

Set Correct Timezone

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SetTimezone -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task SetTimezone -Credential $cred

Sets timezone to: Eastern Standard Time

Force Time Synchronization

# Sync time with domain controller
.\Invoke-RemoteMaintenance.ps1 -ComputerName "WRONG-TIME-PC" -Task SyncTime -Credential $cred

Full time fix sequence:

# Step 1: Set correct timezone
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SetTimezone -Credential $cred

# Step 2: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task SyncTime -Credential $cred

How to Update DNC Configurations

Update eMx Authentication Token

Scenario: eMx authentication is failing on DNC PCs.

# Single PC
.\Invoke-RemoteMaintenance.ps1 -ComputerName "DNC-PC01" -Task UpdateEMxAuthToken -Credential $cred

# All shopfloor PCs
.\Invoke-RemoteMaintenance.ps1 -All -Task UpdateEMxAuthToken -Credential $cred

What it does:

  1. Backs up existing eMxInfo.txt with timestamp
  2. Copies new token file from network share
  3. Verifies file was updated

Deploy UDC Web Server Configuration

Scenario: UDC web server settings need to be updated.

# Deploy to PCs with UDC installed
.\Invoke-RemoteMaintenance.ps1 -ComputerName "UDC-PC01","UDC-PC02" -Task DeployUDCWebServerConfig -Credential $cred

What it does:

  1. Checks if UDC is installed
  2. Backs up existing configuration
  3. Deploys new web server settings
  4. Does NOT restart UDC (requires manual restart)

How to Deploy Software

Install GE Aerospace Dashboard

Scenario: Convert a PC to a Dashboard kiosk.

# Single PC installation
.\Invoke-RemoteMaintenance.ps1 -ComputerName "NEWKIOSK-01" -Task InstallDashboard -Credential $cred

# Multiple PCs from a list
$kiosks = @("KIOSK-01", "KIOSK-02", "KIOSK-03")
.\Invoke-RemoteMaintenance.ps1 -ComputerName $kiosks -Task InstallDashboard -Credential $cred

What it does:

  1. Copies installer from network share
  2. Runs silent installation
  3. Configures auto-start
  4. Cleans up installer

After installation:

# Complete Dashboard deployment sequence
.\Invoke-RemoteMaintenance.ps1 -ComputerName "KIOSK-01" -Task InstallDashboard -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName "KIOSK-01" -Task Reboot -Credential $cred

# After reboot, update ShopDB
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "KIOSK-01" -Credential $cred

Install Lobby Display

.\Invoke-RemoteMaintenance.ps1 -ComputerName "LOBBY-01" -Task InstallLobbyDisplay -Credential $cred

Uninstall Dashboard or Lobby Display

# Remove Dashboard
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-KIOSK" -Task UninstallDashboard -Credential $cred

# Remove Lobby Display
.\Invoke-RemoteMaintenance.ps1 -ComputerName "OLD-LOBBY" -Task UninstallLobbyDisplay -Credential $cred

How to Reboot PCs

Single PC Reboot

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PC-TO-REBOOT" -Task Reboot -Credential $cred

Note: Reboot has a 30-second delay to allow graceful shutdown.

Reboot All Dashboard PCs

# Reboot all Dashboard PCs (e.g., for software update)
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

Reboot All Lobby Display PCs

.\Invoke-RemoteMaintenance.ps1 -PcType "Lobby Display" -Task Reboot -Credential $cred

Reboot PCs by Business Unit

# Reboot all HPT PCs during maintenance window
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit HPT -Task Reboot -Credential $cred

How to Run Batch Operations

Using a Computer List File

Create a text file with one hostname per line:

# shopfloor-pcs.txt
PC001
PC002
PC003
PC004
PC005

Run tasks against the list:

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Task FlushDNS -Credential $cred

Running Multiple Tasks in Sequence

# Maintenance routine for a PC
$pc = "SHOPFLOOR-PC01"

# Step 1: Clear caches
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearUpdateCache -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task ClearBrowserCache -Credential $cred

# Step 2: Disk cleanup
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DiskCleanup -Credential $cred

# Step 3: Repair
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task DISM -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SFC -Credential $cred

# Step 4: Sync time
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SetTimezone -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task SyncTime -Credential $cred

# Step 5: Reboot
.\Invoke-RemoteMaintenance.ps1 -ComputerName $pc -Task Reboot -Credential $cred

Targeting Strategies

By Individual PCs

Best for: Specific troubleshooting, targeted fixes

.\Invoke-RemoteMaintenance.ps1 -ComputerName "PROBLEM-PC" -Task DISM -Credential $cred

By PC Type

Best for: Type-specific maintenance, software updates

# All CMM PCs
.\Invoke-RemoteMaintenance.ps1 -PcType CMM -Task DiskCleanup -Credential $cred

# All Dashboard kiosks
.\Invoke-RemoteMaintenance.ps1 -PcType Dashboard -Task Reboot -Credential $cred

By Business Unit

Best for: Department-specific maintenance windows

# All Blisk area PCs
.\Invoke-RemoteMaintenance.ps1 -BusinessUnit Blisk -Task SyncTime -Credential $cred

All Shopfloor PCs

Best for: Global maintenance, security updates

# Flush DNS everywhere
.\Invoke-RemoteMaintenance.ps1 -All -Task FlushDNS -Credential $cred -ThrottleLimit 10

Using a List File

Best for: Custom groups, staged rollouts

.\Invoke-RemoteMaintenance.ps1 -ComputerListFile ".\phase1-pcs.txt" -Task DISM -Credential $cred

Troubleshooting

Task Times Out

Cause: Task takes longer than session timeout.

Solution: DISM and SFC can take a long time. Check if task completed on target:

# Check DISM log
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Get-Content "C:\Windows\Logs\DISM\dism.log" -Tail 50
}

"Access Denied" on Some PCs

Cause: Credentials don't have admin rights on that PC.

Solutions:

  1. Use different credentials
  2. Add account to local Administrators group on target
  3. Check if UAC is blocking remote admin

Software Installation Fails

Cause: Network share not accessible or installer missing.

Solutions:

  1. Verify network share path is accessible
  2. Check installer exists at expected location
  3. Verify credentials can access the share

Reboot Doesn't Happen

Cause: User cancelled shutdown or application blocked it.

Solutions:

# Force immediate reboot (no 30-second delay)
Invoke-Command -ComputerName "PC01" -Credential $cred -ScriptBlock {
    Restart-Computer -Force
}

Best Practices

1. Start Small

Test on one PC before running against groups:

# Test on single PC first
.\Invoke-RemoteMaintenance.ps1 -ComputerName "TEST-PC" -Task DISM -Credential $cred

2. Use Appropriate Throttle Limits

Scenario Recommended ThrottleLimit
Fast network, light tasks 10-25
Normal operations 5 (default)
Heavy tasks (DISM, Defrag) 2-3
Slow network 2-3

3. Schedule Disruptive Tasks

Run reboots and heavy tasks during maintenance windows:

4. Verify Before Rebooting

Always confirm which PCs will be affected:

# Check PC type before reboot
.\Update-ShopfloorPCs-Remote.ps1 -PcType Dashboard -WhatIf

5. Keep Logs

Redirect output for audit trail:

.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred | Tee-Object -FilePath "maintenance-log-$(Get-Date -Format 'yyyyMMdd').txt"