powershell-scripts/WINRM_REMOTE_COLLECTION.md

WinRM Remote Asset Collection

This system allows centralized asset data collection from multiple shopfloor PCs using PowerShell remoting (WinRM).

Overview

The remote collection system consists of:

1. Invoke-RemoteAssetCollection.ps1 - Main script that orchestrates remote execution
2. Setup-WinRM.ps1 - Helper script to configure WinRM on management server
3. Run-RemoteCollection.bat - Batch file for easy execution
4. shopfloor-pcs-example.txt - Example computer list file

Prerequisites

Management Server (where you run the remote collection)

• Windows with PowerShell 5.1 or later
• Administrator privileges
• Network connectivity to target computers
• Update-PC-CompleteAsset.ps1 script

Target Computers (shopfloor PCs)

• Windows with PowerShell 5.1 or later
• WinRM enabled and configured
• Update-PC-CompleteAsset.ps1 script installed locally
• Administrator account for remote access

Setup Instructions

1. Configure Management Server

Run as Administrator:

# Set up WinRM to trust all shopfloor computers
.\Setup-WinRM.ps1 -TrustedHosts "*"

# OR set up specific trusted hosts (more secure)
.\Setup-WinRM.ps1 -TrustedHosts "10.48.130.100,10.48.130.101,10.48.130.102"

2. Configure Target Computers

On each shopfloor PC, run as Administrator:

# Enable PowerShell remoting
Enable-PSRemoting -Force

# Configure firewall
Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Enabled True

# Optional: Run the setup script
.\Setup-WinRM.ps1

3. Deploy Asset Collection Script

Ensure Update-PC-CompleteAsset.ps1 and Get-ShopfloorConfig.ps1 are present on each target computer at:

• C:\Scripts\Update-PC-CompleteAsset.ps1 (default path)
• C:\Scripts\Get-ShopfloorConfig.ps1

Or specify a different path using the -ScriptPath parameter.

4. Create Computer List

Copy shopfloor-pcs-example.txt to shopfloor-pcs.txt and edit with your actual computer IP addresses:

# Production computers
10.48.130.100
10.48.130.101
10.48.130.102

# Quality control
10.48.130.110
10.48.130.111

Usage Examples

Test Connections

# Test specific computers
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101") -TestConnections

# Test from file
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -TestConnections

Collect Asset Data

# Collect from specific computers
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100", "10.48.130.101")

# Collect from computer list file
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt"

# Use stored credentials
$cred = Get-Credential
.\Invoke-RemoteAssetCollection.ps1 -ComputerListFile ".\shopfloor-pcs.txt" -Credential $cred

# Custom script path
.\Invoke-RemoteAssetCollection.ps1 -ComputerList @("10.48.130.100") -ScriptPath "D:\Scripts\Update-PC-CompleteAsset.ps1"

Batch File Execution

Simply double-click Run-RemoteCollection.bat for easy execution with default settings.

Parameters

Invoke-RemoteAssetCollection.ps1 Parameters

Parameter	Description	Default
ComputerList	Array of computer names/IPs	@()
ComputerListFile	Path to text file with computer list	-
Credential	PSCredential for remote authentication	(prompts)
MaxConcurrent	Max concurrent remote sessions	5
ProxyURL	Warranty proxy server URL	http://10.48.130.158/vendor-api-proxy.php
DashboardURL	Dashboard API URL	http://10.48.130.197/dashboard-v2/api.php
SkipWarranty	Skip warranty lookups	$true
LogPath	Log file path	.\logs\remote-collection.log
TestConnections	Test connections only	$false
ScriptPath	Path to script on remote computers	C:\Scripts\Update-PC-CompleteAsset.ps1

Troubleshooting

Common Issues

1. "Access is denied" errors

   • Ensure you're running as Administrator
   • Check that credentials have admin rights on target computers
   • Verify WinRM is enabled on target computers

2. "WinRM cannot complete the operation" errors

   • Check trusted hosts configuration: Get-Item WSMan:\localhost\Client\TrustedHosts
   • Verify network connectivity to target computers
   • Check Windows Firewall settings on target computers

3. "Script not found" errors

   • Ensure Update-PC-CompleteAsset.ps1 exists on target computers
   • Check the script path specified in -ScriptPath parameter
   • Verify the script has execute permissions

4. "Execution policy" errors

   • Set execution policy: Set-ExecutionPolicy RemoteSigned -Force
   • Or use: powershell.exe -ExecutionPolicy Bypass -File script.ps1

Diagnostic Commands

# Check WinRM configuration
winrm get winrm/config

# Test specific computer
Test-WSMan -ComputerName "10.48.130.100"

# Check trusted hosts
Get-Item WSMan:\localhost\Client\TrustedHosts

# Test PowerShell remoting
Enter-PSSession -ComputerName "10.48.130.100" -Credential (Get-Credential)

Security Considerations

1. Trusted Hosts: Use specific IP addresses rather than "*" when possible
2. Credentials: Store credentials securely, avoid hardcoding passwords
3. Network: Ensure WinRM traffic is secured on your network
4. Firewall: Configure Windows Firewall rules appropriately
5. Logging: Monitor log files for security events

Log Files

Logs are stored in .\logs\remote-collection.log and include:

• Connection attempts and results
• Script execution status for each computer
• Error messages and troubleshooting information
• Summary statistics

Performance

• Default max concurrent sessions: 5
• Adjust -MaxConcurrent based on network capacity and server resources
• Monitor performance during large-scale collections
• Consider running during off-peak hours for production environments

Integration

This remote collection system integrates with:

• Existing Update-PC-CompleteAsset.ps1 script
• Dashboard API for data storage
• Warranty proxy server for Dell warranty lookups
• Database normalization system for machine assignments