# PowerShell Scripts Reference Complete documentation for all scripts in this repository. **Last Updated:** 2025-12-10 --- ## Repository Structure ``` powershell-scripts/ ├── asset-collection/ # Local PC data collection scripts ├── remote-execution/ # Remote WinRM execution scripts ├── setup-utilities/ # Configuration and testing ├── registry-backup/ # GE registry backup ├── winrm-https/ # WinRM HTTPS/certificate setup └── docs/ # Documentation ``` --- ## Table of Contents 1. [Asset Collection Scripts](#asset-collection-scripts) (`asset-collection/`) 2. [Remote Execution Scripts](#remote-execution-scripts) (`remote-execution/`) 3. [Setup & Utility Scripts](#setup--utility-scripts) (`setup-utilities/`) 4. [Registry Backup Scripts](#registry-backup-scripts) (`registry-backup/`) 5. [WinRM HTTPS Scripts](#winrm-https-scripts) (`winrm-https/`) --- ## Asset Collection Scripts **Location:** `asset-collection/` ### Update-PC-CompleteAsset.ps1 **Purpose:** Primary script for comprehensive PC asset data collection and database storage. **What It Does:** 1. Collects system information (hostname, serial number, manufacturer, model) 2. Determines PC type (Engineer/Shopfloor/Standard/Measuring) 3. Collects network interface configurations 4. For shopfloor PCs: Collects DNC/machine configurations from GE registry 5. Optionally retrieves Dell warranty information via proxy 6. Sends all data to ShopDB API for storage **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ProxyURL` | `http://10.48.130.158/vendor-api-proxy.php` | Warranty API proxy server | | `-DashboardURL` | `https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp` | ShopDB API endpoint | | `-SkipWarranty` | `$true` | Skip warranty lookups (enabled by default) | | `-TestConnections` | `$false` | Test API connectivity without collecting data | **Usage:** ```powershell # Standard execution (run as administrator) .\Update-PC-CompleteAsset.ps1 # Test connectivity only .\Update-PC-CompleteAsset.ps1 -TestConnections # With warranty lookup enabled .\Update-PC-CompleteAsset.ps1 -SkipWarranty:$false ``` **Requires:** Administrator privileges for full data collection --- ### Get-ShopfloorConfig.ps1 **Purpose:** Library of functions for collecting shopfloor-specific configurations. **What It Does:** - Enumerates all network interfaces and their configurations - Detects "machine networks" (192.168.x.x subnets) - Collects serial port (COM) configurations - Extracts DNC settings from GE Aircraft Engines registry - Analyzes DualPath configurations for multi-machine setups **Key Functions:** | Function | Description | |----------|-------------| | `Get-NetworkInterfaceConfig` | Collects all network adapter information | | `Get-SerialPortConfig` | Enumerates COM port configurations | | `Get-DNCConfig` | Extracts DNC registry settings | | `Get-GERegistryConfig` | Reads GE Aircraft Engines registry keys | **Note:** This script is sourced (dot-sourced) by `Update-PC-CompleteAsset.ps1` and not run directly. --- ### Update-PC-Minimal.ps1 **Purpose:** Lightweight asset collection for locked-down PCs with restricted permissions. **What It Does:** 1. Collects basic system info without requiring admin privileges 2. Uses only non-elevated WMI/CIM queries 3. Detects PC-DMIS software for measuring machine classification 4. Sends minimal data to ShopDB API **When to Use:** - PCs where users cannot run as administrator - Measuring machines with restricted permissions - Quick data collection without full registry access **Usage:** ```powershell .\Update-PC-Minimal.ps1 ``` **Requires:** No elevated privileges (runs as standard user) --- ### Backup-GERegistry.ps1 **Purpose:** Backs up GE Aircraft Engines registry keys for disaster recovery and auditing. **What It Does:** 1. Exports registry keys from both 32-bit and 64-bit locations 2. Creates backup files named with machine number and serial number 3. Saves to network share for centralized backup storage **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-BackupPath` | `S:\DT\cameron\scan\backup\reg` | Network path for backup files | | `-Silent` | `$false` | Suppress console output | **Backup Locations:** - `HKLM:\Software\GE Aircraft Engines` - `HKLM:\Software\WOW6432Node\GE Aircraft Engines` **Output Filename Format:** `[machinenumber-]serialnumber-YYYY-MM-DD.reg` **Usage:** ```powershell # Interactive backup .\Backup-GERegistry.ps1 # Silent backup (for scheduled tasks) .\Backup-GERegistry.ps1 -Silent ``` --- ## Remote Execution Scripts ### Invoke-RemoteAssetCollection.ps1 **Purpose:** Remotely executes asset collection on multiple PCs via WinRM (HTTP). **What It Does:** 1. Establishes WinRM connections to target PCs 2. Executes `Update-PC-CompleteAsset.ps1` remotely 3. Collects and logs results from each PC 4. Supports parallel execution for efficiency **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ComputerList` | - | Array of computer names/IPs | | `-ComputerListFile` | - | Path to text file with computer list | | `-Credential` | - | PSCredential for authentication | | `-MaxConcurrent` | `5` | Maximum parallel sessions | | `-TestConnections` | `$false` | Test connectivity only | | `-ScriptPath` | `C:\Scripts\Update-PC-CompleteAsset.ps1` | Path to script on remote PCs | **Prerequisites:** - WinRM enabled on target PCs (`Enable-PSRemoting -Force`) - Admin credentials for remote PCs - Port 5985 (HTTP) open **Usage:** ```powershell # From file with prompted credentials .\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" # Specific computers with stored credentials $cred = Get-Credential .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001","PC002") -Credential $cred # Test connections only .\Invoke-RemoteAssetCollection.ps1 -ComputerList @("PC001") -TestConnections ``` **Requires:** Administrator privileges, WinRM access to targets --- ### Invoke-RemoteAssetCollection-HTTPS.ps1 **Purpose:** Secure remote asset collection via WinRM over HTTPS (port 5986). **What It Does:** Same as `Invoke-RemoteAssetCollection.ps1` but uses: - HTTPS/TLS encryption for secure communication - Wildcard certificates for domain-wide deployment - Automatic FQDN construction from hostnames **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-HostnameList` | - | Array of hostnames (without domain) | | `-HostnameListFile` | - | Path to text file with hostnames | | `-Domain` | - | Domain suffix (e.g., "logon.ds.ge.com") | | `-Port` | `5986` | HTTPS port | | `-SkipCertificateCheck` | `$false` | Skip SSL validation (not recommended) | **Usage:** ```powershell # With domain suffix .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @("PC001","PC002") -Domain "logon.ds.ge.com" # From file .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameListFile ".\hostnames.txt" -Domain "logon.ds.ge.com" ``` **Requires:** WinRM HTTPS configured on targets (see winrm-https folder) --- ### Update-ShopfloorPCs-Remote.ps1 **Purpose:** Query ShopDB for all shopfloor PCs and update them remotely. **What It Does:** 1. Queries ShopDB API for list of all shopfloor PCs 2. Establishes WinRM connections to each PC 3. Collects system info remotely and POSTs to API 4. Logs success/failure for each PC **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ComputerName` | - | Specific PC(s) to update | | `-All` | `$false` | Update all shopfloor PCs from ShopDB | | `-SetupTrustedHosts` | `$false` | Configure WinRM trusted hosts | | `-Credential` | - | PSCredential for authentication | | `-ApiUrl` | `https://tsgwp00525.rd.ds.ge.com/shopdb/api.asp` | ShopDB API URL | **Usage:** ```powershell # Update all shopfloor PCs .\Update-ShopfloorPCs-Remote.ps1 -All # Update specific PCs .\Update-ShopfloorPCs-Remote.ps1 -ComputerName "PC001","PC002" # Setup trusted hosts first .\Update-ShopfloorPCs-Remote.ps1 -SetupTrustedHosts ``` --- ## Configuration & Setup Scripts ### Setup-WinRM.ps1 **Purpose:** Configures WinRM on the management server for remote asset collection. **What It Does:** 1. Enables WinRM service 2. Configures trusted hosts for remote connections 3. Sets up HTTP listener on port 5985 4. Tests connectivity to specified computers **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-TrustedHosts` | `""` | Comma-separated list of trusted hosts (use "*" for all) | | `-TestConnection` | `@()` | Array of computers to test after setup | **Usage:** ```powershell # Trust all hosts (less secure, simpler) .\Setup-WinRM.ps1 -TrustedHosts "*" # Trust specific IPs .\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101" # Setup and test .\Setup-WinRM.ps1 -TrustedHosts "*" -TestConnection @("10.48.130.100") ``` **Requires:** Administrator privileges --- ### Install-AssetCollectionSchedule.ps1 **Purpose:** Creates a Windows scheduled task for automated asset collection. **What It Does:** 1. Creates scheduled task running 4 times daily (6:00, 12:00, 18:00, 00:00) 2. Configures silent execution (no window popup) 3. Runs as SYSTEM account 4. Handles battery/network conditions appropriately **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-ScriptPath` | `S:\DT\adata\script\Update-PC-CompleteAsset-Silent.bat` | Path to batch file | | `-TaskName` | `"GE Asset Collection"` | Name for scheduled task | **Usage:** ```powershell # Install with defaults .\Install-AssetCollectionSchedule.ps1 # Custom script path .\Install-AssetCollectionSchedule.ps1 -ScriptPath "C:\Scripts\Update-PC-CompleteAsset-Silent.bat" ``` **Requires:** Administrator privileges --- ## Utility Scripts ### Test-API-Connection.ps1 **Purpose:** Tests connectivity and functionality of the ShopDB API. **What It Does:** 1. Tests basic API connectivity 2. Tests INSERT operation (creates test PC record) 3. Tests UPDATE operation (modifies test record) 4. Tests DELETE operation (cleans up test record) 5. Reports success/failure for each operation **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `-DashboardURL` | `http://192.168.122.151:8080/api.asp` | API endpoint to test | **Usage:** ```powershell # Test development API .\Test-API-Connection.ps1 # Test production API .\Test-API-Connection.ps1 -DashboardURL "https://production-server/shopdb/api.asp" ``` --- ### Get-InstalledApps.ps1 **Purpose:** Collects list of installed applications from a PC. **What It Does:** - Queries registry for installed programs - Returns application names and versions - Used for software inventory in ShopDB **Usage:** ```powershell .\Get-InstalledApps.ps1 ``` --- ## Batch File Launchers ### Update-PC-CompleteAsset.bat Standard launcher - opens PowerShell window with output visible. ### Update-PC-CompleteAsset-Silent.bat Silent launcher - runs hidden, suitable for scheduled tasks. ### Update-PC-Minimal.bat Launcher for minimal collection script. ### Run-RemoteCollection.bat Launcher for remote collection script. ### Get-InstalledApps.bat Launcher for application inventory script. ### Run-GetInstalledApps.bat Alternative launcher for application inventory. --- ## WinRM HTTPS Scripts Located in `winrm-https/` folder. These scripts configure secure WinRM over HTTPS. ### Key Scripts: | Script | Purpose | |--------|---------| | `Setup-WinRM-HTTPS.ps1` | Configure WinRM HTTPS on target PCs | | `Create-CertificateAuthority.ps1` | Create internal CA for certificates | | `Sign-PCCertificate.ps1` | Sign individual PC certificates | | `Sign-BulkPCCertificates.ps1` | Sign certificates for multiple PCs | | `Configure-WinRM-Client.ps1` | Configure client for HTTPS connections | | `Test-WinRM-HTTPS-Setup.ps1` | Verify HTTPS configuration | | `Test-ShopfloorPC.ps1` | Test connectivity to shopfloor PC | ### Documentation: | Document | Description | |----------|-------------| | `README.md` | Overview and quick start | | `CA-APPROACH-GUIDE.md` | Certificate Authority setup guide | | `GETTING_STARTED.md` | Step-by-step initial setup | | `NETWORK_SHARE_DEPLOYMENT.md` | Deploying via network share | | `SECURE_CREDENTIAL_MANAGEMENT.md` | Credential security best practices | | `TROUBLESHOOTING_CERTIFICATE_GENERATION.md` | Certificate troubleshooting | --- ## Architecture Overview ``` ┌─────────────────────────────────────────────────────────────────┐ │ Management Server │ │ ┌──────────────────────────────────────────────────────────┐ │ │ │ Invoke-RemoteAssetCollection.ps1 │ │ │ │ Invoke-RemoteAssetCollection-HTTPS.ps1 │ │ │ │ Update-ShopfloorPCs-Remote.ps1 │ │ │ └──────────────────────┬───────────────────────────────────┘ │ └─────────────────────────┼───────────────────────────────────────┘ │ WinRM (5985/5986) ▼ ┌─────────────────────────────────────────────────────────────────┐ │ Shopfloor PCs │ │ ┌──────────────────────────────────────────────────────────┐ │ │ │ Update-PC-CompleteAsset.ps1 │ │ │ │ Get-ShopfloorConfig.ps1 │ │ │ │ Backup-GERegistry.ps1 │ │ │ └──────────────────────┬───────────────────────────────────┘ │ └─────────────────────────┼───────────────────────────────────────┘ │ HTTPS ▼ ┌─────────────────────────────────────────────────────────────────┐ │ ShopDB API Server │ │ ┌──────────────────────────────────────────────────────────┐ │ │ │ api.asp (IIS) MySQL Database │ │ │ └──────────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ``` --- ## Quick Reference ### Run asset collection on local PC: ```batch Update-PC-CompleteAsset.bat ``` ### Run silent collection (for scheduled tasks): ```batch Update-PC-CompleteAsset-Silent.bat ``` ### Collect from all shopfloor PCs remotely: ```powershell .\Update-ShopfloorPCs-Remote.ps1 -All ``` ### Test API connectivity: ```powershell .\Test-API-Connection.ps1 ``` ### Setup scheduled collection: ```powershell .\Install-AssetCollectionSchedule.ps1 ``` --- **Repository:** http://localhost:3000/cproudlock/powershell-scripts