================================================================================ WinRM HTTPS Deployment Package ================================================================================ This folder contains everything needed to deploy WinRM HTTPS to shopfloor PCs. ================================================================================ REQUIRED FILES ================================================================================ Before deploying, you MUST add the certificate file to this folder: [ ] wildcard-logon-ds-ge-com-20251017.pfx Copy this file from the parent folder after you generate it. ================================================================================ QUICK START - NETWORK SHARE DEPLOYMENT ================================================================================ STEP 1: Setup Network Share --------------------------- 1. Copy this entire folder to a network share: Example: \\SERVER\Shares\WinRM-HTTPS 2. Ensure the certificate PFX file is included in the share 3. Set permissions: Read access for "Domain Computers" or "Everyone" STEP 2: Deploy to PCs --------------------------- On each shopfloor PC: 1. Open Windows Explorer 2. Navigate to: \\SERVER\Shares\WinRM-HTTPS 3. Right-click "Deploy-WinRM-HTTPS.bat" 4. Select "Run as Administrator" 5. Enter certificate password when prompted 6. Wait for "SUCCESS" message STEP 3: Verify Deployment --------------------------- From management server, test connection: Test-WSMan -ComputerName "HOSTNAME.logon.ds.ge.com" -UseSSL -Port 5986 ================================================================================ FILES IN THIS PACKAGE ================================================================================ Deploy-WinRM-HTTPS.bat - Main deployment batch file Test-WinRM-HTTPS.bat - Test/verify batch file Setup-WinRM-HTTPS.ps1 - PowerShell setup script Test-WinRM-HTTPS-Setup.ps1 - PowerShell test script NETWORK_SHARE_DEPLOYMENT.md - Detailed deployment guide README-DEPLOYMENT.txt - This file REQUIRED (Add manually): wildcard-logon-ds-ge-com-20251017.pfx - Certificate file (MUST BE ADDED!) ================================================================================ CERTIFICATE PASSWORD ================================================================================ Certificate Password: [Store securely - contact IT if needed] Password: XqHuyaLZSyCYEcpsMz6h5 IMPORTANT: Keep this password secure! Anyone with the PFX file and password can decrypt WinRM HTTPS traffic. For production deployment, use password manager or encrypted credential file. See NETWORK_SHARE_DEPLOYMENT.md for secure password handling. ================================================================================ DEPLOYMENT WORKFLOW ================================================================================ Recommended approach: Phase 1: Test (1-3 PCs) - Deploy to test PCs manually - Verify WinRM HTTPS works - Test remote connection from management server Phase 2: Pilot (10-20 PCs) - Deploy to small production batch - Monitor for issues - Refine process if needed Phase 3: Full Deployment (All 175 PCs) - Deploy in batches of 20-30 - Track completed PCs - Remediate failures Phase 4: Verification - Test all PCs with Invoke-RemoteAssetCollection-HTTPS.ps1 - Document results - Clean up network share ================================================================================ SUPPORT ================================================================================ For detailed instructions, see: NETWORK_SHARE_DEPLOYMENT.md For troubleshooting, see parent folder: - TROUBLESHOOTING_CERTIFICATE_GENERATION.md - GETTING_STARTED.md - SECURE_CREDENTIAL_MANAGEMENT.md Contact: IT Support ================================================================================ SECURITY NOTES ================================================================================ 1. Certificate Protection - The PFX file contains private key - Protect with proper share permissions - Remove from share after deployment 2. Password Security - Do not hardcode password in batch files - Use encrypted files for automation - Store in password manager 3. Share Permissions - Read access: Domain Computers group - Full access: IT Admins only - Monitor access logs 4. Cleanup - Remove certificate from share after deployment - Keep backup in secure location - Document deployed systems ================================================================================