#Requires -RunAsAdministrator <# .SYNOPSIS Configure WinRM client settings for remote connections .DESCRIPTION This script configures the WinRM client on your management computer to allow connections to shopfloor PCs via WinRM HTTPS. Run this ONCE on your management computer as Administrator. .EXAMPLE .\Configure-WinRM-Client.ps1 .NOTES Author: System Administrator Date: 2025-10-17 Run as: Administrator #> Write-Host "" Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Cyan Write-Host "║ WinRM Client Configuration Script ║" -ForegroundColor Cyan Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Cyan Write-Host "" Write-Host "This script will configure WinRM client settings on this computer" -ForegroundColor White Write-Host "to allow remote connections to shopfloor PCs." -ForegroundColor White Write-Host "" # Check for admin privileges $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent()) $isAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { Write-Host "✗ ERROR: This script must be run as Administrator" -ForegroundColor Red Write-Host "" Write-Host "Right-click PowerShell and select 'Run as Administrator'" -ForegroundColor Yellow exit 1 } Write-Host "✓ Running with Administrator privileges" -ForegroundColor Green Write-Host "" # Configuration Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 1: Enable WinRM Client Service" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" try { # Start WinRM service $winrmService = Get-Service WinRM if ($winrmService.Status -ne 'Running') { Write-Host "Starting WinRM service..." -ForegroundColor Gray Start-Service WinRM Write-Host "✓ WinRM service started" -ForegroundColor Green } else { Write-Host "✓ WinRM service is already running" -ForegroundColor Green } # Set to automatic startup if ($winrmService.StartType -ne 'Automatic') { Write-Host "Setting WinRM to automatic startup..." -ForegroundColor Gray Set-Service WinRM -StartupType Automatic Write-Host "✓ WinRM set to automatic startup" -ForegroundColor Green } else { Write-Host "✓ WinRM already set to automatic startup" -ForegroundColor Green } } catch { Write-Host "✗ Failed to configure WinRM service: $($_.Exception.Message)" -ForegroundColor Red exit 1 } Write-Host "" # Enable PowerShell Remoting Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 2: Enable PowerShell Remoting" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" try { Write-Host "Enabling PowerShell Remoting..." -ForegroundColor Gray Enable-PSRemoting -Force -SkipNetworkProfileCheck | Out-Null Write-Host "✓ PowerShell Remoting enabled" -ForegroundColor Green } catch { Write-Host "⚠ Warning: Could not enable PSRemoting: $($_.Exception.Message)" -ForegroundColor Yellow Write-Host " This may be normal if already configured" -ForegroundColor Gray } Write-Host "" # Configure TrustedHosts Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 3: Configure Trusted Hosts" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" $domain = "*.logon.ds.ge.com" try { # Get current trusted hosts $currentTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value Write-Host "Current TrustedHosts: " -NoNewline -ForegroundColor Gray if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) { Write-Host "(empty)" -ForegroundColor Gray } else { Write-Host "$currentTrustedHosts" -ForegroundColor White } # Check if domain already in trusted hosts if ($currentTrustedHosts -like "*$domain*") { Write-Host "✓ $domain is already in TrustedHosts" -ForegroundColor Green } else { Write-Host "" Write-Host "Adding $domain to TrustedHosts..." -ForegroundColor Gray if ([string]::IsNullOrWhiteSpace($currentTrustedHosts)) { # TrustedHosts is empty, set it Set-Item WSMan:\localhost\Client\TrustedHosts -Value $domain -Force } else { # TrustedHosts has values, append to it Set-Item WSMan:\localhost\Client\TrustedHosts -Value "$currentTrustedHosts,$domain" -Force } Write-Host "✓ Added $domain to TrustedHosts" -ForegroundColor Green } # Show final value $finalTrustedHosts = (Get-Item WSMan:\localhost\Client\TrustedHosts).Value Write-Host "" Write-Host "Final TrustedHosts: $finalTrustedHosts" -ForegroundColor White } catch { Write-Host "✗ Failed to configure TrustedHosts: $($_.Exception.Message)" -ForegroundColor Red Write-Host "" Write-Host "You can manually set it with:" -ForegroundColor Yellow Write-Host " Set-Item WSMan:\localhost\Client\TrustedHosts -Value '$domain' -Force" -ForegroundColor White } Write-Host "" # Configure network profile (if needed) Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 4: Check Network Profile" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" try { $profile = Get-NetConnectionProfile | Where-Object {$_.IPv4Connectivity -eq 'Internet' -or $_.IPv4Connectivity -eq 'LocalNetwork'} if ($profile) { Write-Host "Active Network Profile:" -ForegroundColor White Write-Host " Name: $($profile.Name)" -ForegroundColor Gray Write-Host " Category: $($profile.NetworkCategory)" -ForegroundColor Gray if ($profile.NetworkCategory -eq 'Public') { Write-Host "" Write-Host "⚠ Network is set to Public profile" -ForegroundColor Yellow Write-Host "" Write-Host "For WinRM to work across subnets, you may need to:" -ForegroundColor Yellow Write-Host " 1. Change network to Private/DomainAuthenticated, OR" -ForegroundColor Gray Write-Host " 2. Configure firewall rules for WinRM on Public profile" -ForegroundColor Gray Write-Host "" $change = Read-Host "Would you like to change network to Private? (y/n)" if ($change -eq 'y' -or $change -eq 'Y') { Set-NetConnectionProfile -Name $profile.Name -NetworkCategory Private Write-Host "✓ Network profile changed to Private" -ForegroundColor Green } } else { Write-Host "✓ Network profile is $($profile.NetworkCategory) (OK)" -ForegroundColor Green } } } catch { Write-Host "⚠ Could not check network profile: $($_.Exception.Message)" -ForegroundColor Yellow } Write-Host "" # Configure firewall (optional) Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 5: Check Firewall Rules" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" try { # Check for WinRM firewall rules $winrmRules = Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*WinRM*" -and $_.Enabled -eq $true} if ($winrmRules) { Write-Host "✓ Found $($winrmRules.Count) active WinRM firewall rule(s)" -ForegroundColor Green foreach ($rule in $winrmRules) { Write-Host " - $($rule.DisplayName)" -ForegroundColor Gray } } else { Write-Host "⚠ No WinRM firewall rules found (may be created by Enable-PSRemoting)" -ForegroundColor Yellow } } catch { Write-Host "⚠ Could not check firewall rules: $($_.Exception.Message)" -ForegroundColor Yellow } Write-Host "" # Test configuration Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "STEP 6: Verify Configuration" -ForegroundColor Yellow Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ForegroundColor Gray Write-Host "" Write-Host "WinRM Client Configuration:" -ForegroundColor White try { $config = winrm get winrm/config/client Write-Host $config -ForegroundColor Gray } catch { Write-Host "Could not retrieve WinRM client config" -ForegroundColor Yellow } Write-Host "" # Success summary Write-Host "╔══════════════════════════════════════════════════════════════╗" -ForegroundColor Green Write-Host "║ CONFIGURATION COMPLETE ║" -ForegroundColor Green Write-Host "╚══════════════════════════════════════════════════════════════╝" -ForegroundColor Green Write-Host "" Write-Host "Your WinRM client is now configured to connect to shopfloor PCs." -ForegroundColor Green Write-Host "" # Next steps Write-Host "Next Steps:" -ForegroundColor Yellow Write-Host "" Write-Host "1. Test connection to a shopfloor PC:" -ForegroundColor White Write-Host "" Write-Host " Option A - Skip certificate validation (for self-signed certs):" -ForegroundColor Gray Write-Host " `$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck" -ForegroundColor White Write-Host " Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White Write-Host "" Write-Host " Option B - Install certificate (recommended for production):" -ForegroundColor Gray Write-Host " Import-Certificate -FilePath 'C:\path\to\cert.cer' -CertStoreLocation Cert:\LocalMachine\Root" -ForegroundColor White Write-Host "" Write-Host "2. Use the test script:" -ForegroundColor White Write-Host " .\Test-ShopfloorPC.ps1 -ComputerName g9kn7pz3esf -SkipCertificateCheck" -ForegroundColor White Write-Host "" Write-Host "3. Create interactive session:" -ForegroundColor White Write-Host " `$cred = Get-Credential" -ForegroundColor White Write-Host " Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com -Credential `$cred -UseSSL -Port 5986 -SessionOption `$sessionOption" -ForegroundColor White Write-Host ""