# Remote Execution Scripts

Scripts for remotely executing asset collection on multiple shopfloor PCs via WinRM.

## Scripts

### Invoke-RemoteAssetCollection.ps1
**Remote collection via WinRM HTTP** - Execute asset collection on multiple PCs using WinRM over HTTP (port 5985).

**What it does:**
1. Establishes WinRM connections to target PCs
2. Executes `Update-PC-CompleteAsset.ps1` remotely
3. Collects and logs results from each PC
4. Supports parallel execution for efficiency

**Usage:**
```powershell
# From file with prompted credentials
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"

# Specific computers with stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred

# Test connections only
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections
```

**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerList` | - | Array of computer names/IPs |
| `-ComputerListFile` | - | Path to text file with computer list |
| `-Credential` | - | PSCredential for authentication |
| `-MaxConcurrent` | `5` | Maximum parallel sessions |
| `-TestConnections` | `$false` | Test connectivity only |
| `-ScriptPath` | `C:\Scripts\Update-PC-CompleteAsset.ps1` | Path to script on remote PCs |

**Prerequisites:**
- WinRM enabled on target PCs (`Enable-PSRemoting -Force`)
- Admin credentials for remote PCs
- Port 5985 (HTTP) open in firewall

---

### Invoke-RemoteAssetCollection-HTTPS.ps1
**Secure remote collection via WinRM HTTPS** - Same as above but uses encrypted HTTPS connections (port 5986).

**What it does:**
- Uses HTTPS/TLS encryption for secure communication
- Supports wildcard certificates for domain-wide deployment
- Automatic FQDN construction from hostnames

**Usage:**
```powershell
# With domain suffix
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com"

# From file
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com"

# Test HTTPS connections
.\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001") -Domain "logon.ds.ge.com" -TestConnections
```

**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-HostnameList` | - | Array of hostnames (without domain) |
| `-HostnameListFile` | - | Path to text file with hostnames |
| `-Domain` | - | Domain suffix (e.g., "logon.ds.ge.com") |
| `-Port` | `5986` | HTTPS port |
| `-SkipCertificateCheck` | `$false` | Skip SSL validation |

**Prerequisites:**
- WinRM HTTPS configured on targets (see `winrm-https/` folder)
- Valid SSL certificates installed
- Port 5986 open in firewall

---

### Update-ShopfloorPCs-Remote.ps1
**Query and update all shopfloor PCs** - Queries ShopDB for PC list and updates them remotely.

**What it does:**
1. Queries ShopDB API for list of all shopfloor PCs
2. Establishes WinRM connections to each PC
3. Collects system info remotely and POSTs to API
4. Logs success/failure for each PC

**Usage:**
```powershell
# Update all shopfloor PCs from ShopDB database
.\Update-ShopfloorPCs-Remote.ps1 -All

# Update specific PCs
.\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002"

# Setup WinRM trusted hosts first
.\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts
```

**Parameters:**
| Parameter | Default | Description |
|-----------|---------|-------------|
| `-ComputerName` | - | Specific PC(s) to update |
| `-All` | `$false` | Update all shopfloor PCs from ShopDB |
| `-SetupTrustedHosts` | `$false` | Configure WinRM trusted hosts |
| `-Credential` | - | PSCredential for authentication |
| `-ApiUrl` | Production URL | ShopDB API URL |

---

## Batch File Launchers

| File | Purpose |
|------|---------|
| `Run-RemoteCollection.bat` | Launcher for remote collection script |

---

## Requirements

- PowerShell 5.1 or later
- **Administrator privileges** (required)
- WinRM enabled on management server and target PCs
- Network access to target PCs (ports 5985 or 5986)
- Admin credentials for target PCs

## Architecture

```
┌─────────────────────────────────────┐
│        Management Server            │
│  ┌───────────────────────────────┐  │
│  │ Invoke-RemoteAssetCollection  │  │
│  │ Update-ShopfloorPCs-Remote    │  │
│  └──────────────┬────────────────┘  │
└─────────────────┼───────────────────┘
                  │ WinRM (5985/5986)
                  ▼
┌─────────────────────────────────────┐
│         Shopfloor PC 1              │
│  ┌───────────────────────────────┐  │
│  │ Update-PC-CompleteAsset.ps1   │  │
│  └───────────────────────────────┘  │
└─────────────────────────────────────┘
┌─────────────────────────────────────┐
│         Shopfloor PC 2              │
│  ┌───────────────────────────────┐  │
│  │ Update-PC-CompleteAsset.ps1   │  │
│  └───────────────────────────────┘  │
└─────────────────────────────────────┘
         ... (parallel execution)
```

## WinRM Setup

### On Management Server:
```powershell
Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force
```

### On Target PCs:
```powershell
Enable-PSRemoting -Force
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True
```

For HTTPS setup, see the `winrm-https/` folder documentation.