Update-ShopfloorPCs-Remote.ps1

Remote data collection script that gathers PC information from shopfloor PCs via WinRM and updates the ShopDB database.

Table of Contents

Overview

This script remotely connects to shopfloor PCs using Windows Remote Management (WinRM) to collect comprehensive system information including hardware details, network configuration, DNC settings, and installed applications. The collected data is then sent to the ShopDB API for asset tracking.

Location: S:\dt\shopfloor\scripts\remote-execution\Update-ShopfloorPCs-Remote.ps1

Use Cases:

API Integration

This script interacts with the ShopDB API (api.asp) for both retrieving PC lists and storing collected data.

Retrieving PC Lists

When using -All, the script queries the API to get the list of shopfloor PCs:

GET /api.asp?action=getShopfloorPCs

This returns all active PCs with 10.134.. IP addresses. Optional filters:

Retrieving High Uptime PCs

When using -Reboot, the script queries:

GET /api.asp?action=getHighUptimePCs&minUptime=30

This returns PCs that haven't been rebooted in the specified number of days.

Storing Collected Data

After collecting data from each PC, the script POSTs to:

POST /api.asp?action=updateCompleteAsset

With parameters including hostname, serial number, network interfaces, DNC config, and installed applications.

See: ShopDB API Reference for complete API documentation.

Prerequisites

On Your Workstation (Where You Run the Script)

  1. PowerShell 5.1 or higher
   $PSVersionTable.PSVersion
  1. Network access to target PCs on port 5985 (HTTP) or 5986 (HTTPS)
  1. Domain admin or local admin credentials for target PCs

On Target PCs

  1. WinRM must be enabled
   # Check if WinRM is running
   Get-Service WinRM

   # Enable WinRM (run as admin on target PC)
   Enable-PSRemoting -Force
  1. Firewall rules allowing WinRM traffic (TCP 5985/5986)

WinRM Trusted Hosts Setup

If your workstation is not domain-joined or targets are in a different domain:

# Option 1: Use the script's built-in setup
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts

# Option 2: Manual setup (run as admin)
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.*" -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Concatenate -Force

Quick Start

Step 1: Open PowerShell as Administrator

# Navigate to script directory
cd C:\Path\To\powershell\remote-execution

Step 2: Get Credentials

# Store credentials for the session
$cred = Get-Credential -Message "Enter domain admin credentials"

Step 3: Run Your First Collection

# Test with a single PC
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-PC01" -Credential $cred

Step 4: Verify Results

Check the ShopDB database or web interface to confirm the PC data was updated.

Parameters Reference

Targeting Parameters

Parameter Type Description
-ComputerName string[] One or more computer names to target
-All switch Query ShopDB for all shopfloor PCs

Authentication Parameters

Parameter Type Default Description
-Credential PSCredential Prompt Admin credentials for remote access
-UseSSL switch False Use HTTPS (port 5986) instead of HTTP

API Parameters

Parameter Type Default Description
-ApiUrl string Production URL ShopDB API endpoint

Network Parameters

Parameter Type Default Description
-DnsSuffix string logon.ds.ge.com DNS suffix for FQDN resolution
-SkipDnsLookup switch False Use hostnames as-is without DNS
-ThrottleLimit int 25 Max concurrent remote sessions

Reboot Parameters

Parameter Type Description
-Reboot switch Enable reboot mode
-MinUptimeDays int Minimum uptime threshold for reboot
-Force switch Skip confirmation prompts
-WhatIf switch Preview without executing

Setup Parameters

Parameter Type Description
-SetupTrustedHosts switch Configure WinRM trusted hosts

How-To Guides

How to Update a Single PC

Scenario: You need to update asset data for one specific PC.

# Basic usage
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "G1ZTNCX3ESF"

# With credentials (avoids prompt)
$cred = Get-Credential
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "G1ZTNCX3ESF" -Credential $cred

# Using IP address instead of hostname
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

Expected Output:

Connecting to G1ZTNCX3ESF...
  [OK] Connected successfully
  Collecting system information...
  Hostname: G1ZTNCX3ESF
  Serial: ABC1234
  PC Type: Shopfloor
  Sending data to API...
  [OK] Data stored successfully (PCID: 1234)

How to Update Multiple PCs

Scenario: You have a list of PCs that need updating.

# Array of computer names
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01","PC02","PC03","PC04"

# From a variable
$pcs = @("SHOPFLOOR-01", "SHOPFLOOR-02", "SHOPFLOOR-03")
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -Credential $cred

# From a text file (one hostname per line)
$pcs = Get-Content "C:\Lists\shopfloor-pcs.txt"
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -Credential $cred

Adjusting Concurrency:

# Slower network - reduce concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -ThrottleLimit 5

# Fast network - increase concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $pcs -ThrottleLimit 50

How to Update All Shopfloor PCs

Scenario: Scheduled full inventory update of all shopfloor PCs.

# Update all PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred

# With lower throttle for off-hours
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred -ThrottleLimit 10

Scheduling with Task Scheduler:

  1. Create a batch file run-collection.bat:
   @echo off
   powershell.exe -ExecutionPolicy Bypass -File "C:\Scripts\Update-ShopfloorPCs-Remote.ps1" -All
  1. Create scheduled task:

How to Reboot PCs with High Uptime

Scenario: Reboot PCs that haven't been restarted in 30+ days.

# Step 1: Preview which PCs would be rebooted
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -WhatIf

# Output shows:
# Would reboot: SHOPFLOOR-01 (Uptime: 45 days)
# Would reboot: SHOPFLOOR-02 (Uptime: 62 days)
# Would skip: SHOPFLOOR-03 (Uptime: 12 days)

# Step 2: Execute with confirmation
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -Credential $cred
# Prompts: "Reboot 2 PCs? [Y/N]"

# Step 3: Or execute without confirmation
.\Update-ShopfloorPCs-Remote.ps1 -Reboot -MinUptimeDays 30 -Force -Credential $cred

Best Practices for Reboots:

How to Set Up WinRM Trusted Hosts

Scenario: Your workstation can't connect to shopfloor PCs.

# Use built-in setup (configures common shopfloor subnets)
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts

# Verify configuration
Get-Item WSMan:\localhost\Client\TrustedHosts

# Manual addition of specific subnet
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Force

How to Use Different API Endpoints

Scenario: Testing against development or staging environments.

# Development environment
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "TEST-PC" -ApiUrl "http://192.168.122.151:8080/api.asp"

# Staging environment
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "TEST-PC" -ApiUrl "https://staging-server/shopdb/api.asp"

How to Handle DNS Resolution Issues

Scenario: PC hostnames aren't resolving correctly.

# Skip DNS and use hostnames as-is
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-01" -SkipDnsLookup

# Use different DNS suffix
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SHOPFLOOR-01" -DnsSuffix "shopfloor.local"

# Use IP addresses directly
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

How to Use Secure Connections (SSL)

Scenario: Security requirements mandate encrypted WinRM connections.

# Enable SSL for WinRM (uses port 5986)
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "SECURE-PC" -UseSSL -Credential $cred

Prerequisites for SSL:

Data Collected

Basic System Information

Field Example Description
Hostname G1ZTNCX3ESF Computer name
Serial Number ABC1234567 BIOS serial
Service Tag ABC1234567 Dell service tag
Manufacturer Dell Inc. System manufacturer
Model OptiPlex 7080 System model
OS Version Microsoft Windows 10 Enterprise Windows edition
Last Boot Time 2025-01-15 08:30:00 Last restart
Total Physical Memory 16.0 RAM in GB
Domain Role 1 0=Standalone, 1=Member Workstation
Current Time Zone Eastern Standard Time System timezone
Logged In User DOMAIN\jsmith Current user

DNC Configuration

Field Example Description
Site WJF GE site code
CNC FANUC CNC controller type
NcIF FOCAS2 NC interface protocol
Machine No M0612 GE machine number
FTP Primary 10.134.50.10 Primary FTP server
FTP Secondary 10.134.50.11 Backup FTP server

Network Interfaces

Field Example Description
Interface Name Ethernet0 Adapter name
IP Address 10.134.50.101 IPv4 address
Subnet Mask 24 CIDR prefix
Default Gateway 10.134.50.1 Gateway
MAC Address 00-11-22-33-44-55 Physical address
Is Primary 1 10.134.. network
Is Machine Network 0 192.168.. or 100.0.0.* network (CMM)

Additional Data

Field Example Description
Serial Ports COM1, COM2 Available COM ports
Has VNC 1 VNC Server installed
Default Printer 10.80.92.53 Network printer port
All Installed Apps Microsoft Office... Complete app list

PC Type Detection

The script automatically classifies PCs based on installed software:

Priority Type Detection Criteria
1 Dashboard GE Aerospace Dashboard installed
2 Lobby Display GE Aerospace Lobby Display installed
3 CMM PC-DMIS, goCMM, or DODA software
4 Wax Trace FormTracePak or FormStatusMonitor
5 Keyence VR-3000, VR-5000, or VR-6000
6 EAS1000 GageCal or NI Software
7 Genspect Genspect measuring software
8 Heat Treat HeatTreat application
9 Inspection Machine #: 0612, 0613, 0615, 8003
10 Shopfloor Default for domain shop PCs

Troubleshooting

Error: "WinRM cannot process the request"

Cause: WinRM not enabled on target PC.

Solution:

# On target PC (as admin)
Enable-PSRemoting -Force
Set-Service WinRM -StartupType Automatic
Start-Service WinRM

Error: "Access is denied"

Cause: Insufficient credentials or UAC blocking remote admin.

Solutions:

# 1. Use explicit domain credentials
$cred = Get-Credential -UserName "DOMAIN\AdminUser" -Message "Enter password"

# 2. On target PC, enable remote UAC (as admin)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord

Error: "The WinRM client cannot process the request... not in TrustedHosts"

Cause: Target not in trusted hosts list.

Solution:

.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
# Or manually:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.134.*" -Force

Error: "The underlying connection was closed"

Cause: TLS/SSL configuration mismatch.

Solution: The script automatically sets TLS 1.2/1.3. If issues persist:

# Force TLS 1.2 before running
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Error: "Cannot find computer" or DNS failures

Cause: Hostname not resolving.

Solutions:

# 1. Skip DNS resolution
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01" -SkipDnsLookup

# 2. Use IP address
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "10.134.50.101" -SkipDnsLookup

# 3. Use different DNS suffix
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC01" -DnsSuffix "yourdomain.local"

Slow Performance with Many PCs

Cause: Network bandwidth or target PC load.

Solutions:

# Reduce concurrent connections
.\Update-ShopfloorPCs-Remote.ps1 -All -ThrottleLimit 5

# Run in batches
$allPCs = Get-Content "all-pcs.txt"
$batch1 = $allPCs[0..49]
$batch2 = $allPCs[50..99]

.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $batch1 -Credential $cred
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName $batch2 -Credential $cred

Advanced Usage

Combining with Other Scripts

# Collect data first, then run maintenance
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred
.\Invoke-RemoteMaintenance.ps1 -All -Task SyncTime -Credential $cred

Exporting Results for Analysis

# Capture output to file
.\Update-ShopfloorPCs-Remote.ps1 -All -Credential $cred | Tee-Object -FilePath "collection-log.txt"

Script Files

Current Scripts (Active)

S:\dt\shopfloor\scripts\
├── remote-execution\
│   ├── Update-ShopfloorPCs-Remote.ps1   # Remote data collection (this script)
│   └── Invoke-RemoteMaintenance.ps1     # Remote maintenance tasks
│
└── complete-asset\
    ├── Update-PC-CompleteAsset.ps1      # Local data collection
    └── Get-ShopfloorConfig.ps1          # Helper functions (required by above)

Deprecated Scripts (Can Be Removed)

The following scripts in remote-execution\ are legacy and have been replaced:

Deprecated Script Replaced By
Invoke-RemoteAssetCollection.ps1 Update-ShopfloorPCs-Remote.ps1
Invoke-RemoteAssetCollection-HTTPS.ps1 Update-ShopfloorPCs-Remote.ps1 -UseSSL
Install-KioskApp.ps1 Invoke-RemoteMaintenance.ps1 -Task InstallDashboard
Test-UserRegistryDetection.ps1 Functionality integrated into main scripts

These deprecated scripts can be archived or deleted.