# Remote Execution Scripts Scripts for remotely executing asset collection on multiple shopfloor PCs via WinRM. ## Quick Start ```batch Run-RemoteCollection.bat ``` Or run PowerShell directly: ```powershell .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" ``` --- ## Batch Launchers (Entry Points) | Batch File | Purpose | |------------|---------| | `Run-RemoteCollection.bat` | Main launcher for remote collection | --- ## PowerShell Scripts ### Invoke-RemoteMaintenance.ps1 **Remote maintenance toolkit** - Execute maintenance tasks on shopfloor PCs via WinRM. **Available Tasks:** | Category | Task | Description | |----------|------|-------------| | **Repair** | `DISM` | Run DISM /Online /Cleanup-Image /RestoreHealth | | | `SFC` | Run SFC /scannow (System File Checker) | | **Optimization** | `OptimizeDisk` | TRIM for SSD, Defrag for HDD | | | `DiskCleanup` | Windows Disk Cleanup (temp files, updates) | | | `ClearUpdateCache` | Clear Windows Update cache (fixes stuck updates) | | | `ClearBrowserCache` | Clear Chrome/Edge cache files | | **Services** | `RestartSpooler` | Restart Print Spooler service | | | `FlushDNS` | Clear DNS resolver cache | | | `RestartWinRM` | Restart WinRM service | | **Time/Date** | `SetTimezone` | Set timezone to Eastern Standard Time | | | `SyncTime` | Force time sync with domain controller | **Usage:** ```powershell # Run DISM on a single PC .\Invoke-RemoteMaintenance.ps1 -ComputerName "G1ZTNCX3ESF" -Task DISM # Optimize disks on multiple PCs .\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01","PC02" -Task OptimizeDisk # Run disk cleanup on all shopfloor PCs .\Invoke-RemoteMaintenance.ps1 -All -Task DiskCleanup # Clear Windows Update cache (fixes stuck updates) .\Invoke-RemoteMaintenance.ps1 -ComputerName "PC01" -Task ClearUpdateCache ``` **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ComputerName` | - | Single or multiple computer names/IPs | | `-ComputerListFile` | - | Path to text file with computer list | | `-All` | - | Target all shopfloor PCs from ShopDB | | `-Task` | (required) | Maintenance task to execute | | `-Credential` | (prompts) | PSCredential for authentication | | `-ThrottleLimit` | `5` | Maximum concurrent sessions | **Notes:** - DISM and SFC tasks can take 10-30 minutes per PC - OptimizeDisk automatically detects SSD vs HDD - ClearUpdateCache stops Windows Update service, clears cache, restarts service --- ### Invoke-RemoteAssetCollection.ps1 **Remote collection via WinRM HTTP** - Execute asset collection on multiple PCs using WinRM over HTTP (port 5985). **What it does:** 1. Establishes WinRM connections to target PCs 2. Executes `Update-PC-CompleteAsset.ps1` remotely 3. Collects and logs results from each PC 4. Supports parallel execution for efficiency **Usage:** ```powershell # From file with prompted credentials .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" # Specific computers with stored credentials $cred = Get-Credential .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred # Test connections only .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections ``` **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ComputerList` | - | Array of computer names/IPs | | `-ComputerListFile` | - | Path to text file with computer list | | `-Credential` | - | PSCredential for authentication | | `-MaxConcurrent` | `5` | Maximum parallel sessions | | `-TestConnections` | `$false` | Test connectivity only | | `-ScriptPath` | `C:\Scripts\Update-PC-CompleteAsset.ps1` | Path to script on remote PCs | **Prerequisites:** - WinRM enabled on target PCs (`Enable-PSRemoting -Force`) - Admin credentials for remote PCs - Port 5985 (HTTP) open in firewall --- ### Invoke-RemoteAssetCollection-HTTPS.ps1 **Secure remote collection via WinRM HTTPS** - Same as above but uses encrypted HTTPS connections (port 5986). **What it does:** - Uses HTTPS/TLS encryption for secure communication - Supports wildcard certificates for domain-wide deployment - Automatic FQDN construction from hostnames **Usage:** ```powershell # With domain suffix .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com" # From file .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com" # Test HTTPS connections .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001") -Domain "logon.ds.ge.com" -TestConnections ``` **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-HostnameList` | - | Array of hostnames (without domain) | | `-HostnameListFile` | - | Path to text file with hostnames | | `-Domain` | - | Domain suffix (e.g., "logon.ds.ge.com") | | `-Port` | `5986` | HTTPS port | | `-SkipCertificateCheck` | `$false` | Skip SSL validation | **Prerequisites:** - WinRM HTTPS configured on targets (see `winrm-https/` folder) - Valid SSL certificates installed - Port 5986 open in firewall --- ### Update-ShopfloorPCs-Remote.ps1 **Query and update all shopfloor PCs** - Queries ShopDB for PC list and updates them remotely. **What it does:** 1. Queries ShopDB API for list of all shopfloor PCs 2. Establishes WinRM connections to each PC 3. Collects system info remotely and POSTs to API 4. Logs success/failure for each PC **Usage:** ```powershell # Update all shopfloor PCs from ShopDB database .\Update-ShopfloorPCs-Remote.ps1 -All # Update specific PCs .\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002" # Setup WinRM trusted hosts first .\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts ``` **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ComputerName` | - | Specific PC(s) to update | | `-All` | `$false` | Update all shopfloor PCs from ShopDB | | `-SetupTrustedHosts` | `$false` | Configure WinRM trusted hosts | | `-Credential` | - | PSCredential for authentication | | `-ApiUrl` | Production URL | ShopDB API URL | --- ## Batch File Launchers | File | Purpose | |------|---------| | `Run-RemoteCollection.bat` | Launcher for remote collection script | --- ## Requirements - PowerShell 5.1 or later - **Administrator privileges** (required) - WinRM enabled on management server and target PCs - Network access to target PCs (ports 5985 or 5986) - Admin credentials for target PCs ## Architecture ``` ┌──────────────────────────────────────────────────────────────┐ │ Management Server │ │ ┌────────────────────────────────────────────────────────┐ │ │ │ Update-ShopfloorPCs-Remote.ps1 - Data collection │ │ │ │ Invoke-RemoteMaintenance.ps1 - Maintenance tasks │ │ │ │ Invoke-RemoteAssetCollection.ps1 - General execution │ │ │ └────────────────────────┬───────────────────────────────┘ │ └───────────────────────────┼──────────────────────────────────┘ │ WinRM (5985/5986) ▼ ┌──────────────────────────────────────────────────────────────┐ │ Shopfloor PCs │ │ ┌────────────────────────────────────────────────────────┐ │ │ │ Data Collection: │ │ │ │ - System info, network, DNC config, installed apps │ │ │ │ │ │ │ │ Maintenance Tasks: │ │ │ │ - DISM, SFC, Disk Cleanup, Optimize Disk │ │ │ │ - Restart Spooler, Flush DNS, Clear Caches │ │ │ └────────────────────────────────────────────────────────┘ │ └──────────────────────────────────────────────────────────────┘ │ ▼ HTTPS POST ┌──────────────────────────────────────────────────────────────┐ │ ShopDB API │ │ api.asp -> MySQL (machines, communications, dncconfig) │ └──────────────────────────────────────────────────────────────┘ ``` ## WinRM Setup ### On Management Server: ```powershell Enable-PSRemoting -Force Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force ``` ### On Target PCs: ```powershell Enable-PSRemoting -Force Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True ``` For HTTPS setup, see the `winrm-https/` folder documentation.