ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
powershell-scripts/docs/DEPLOYMENT_GUIDE.md
cproudlock 96cb1dd946 Remove all emojis from markdown documentation 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 11:03:45 -05:00

10 KiB
Raw Permalink Blame History

Deployment Guide

Deployment Overview

The GE Manufacturing Asset Management Scripts support multiple deployment strategies for enterprise manufacturing environments, from single-PC execution to large-scale automated rollouts across hundreds of manufacturing systems.

Prerequisites

System Requirements

  • Operating System: Windows 10/11, Windows Server 2016+
  • PowerShell: Version 5.1 or later
  • Execution Policy: RemoteSigned or Unrestricted
  • Network Access: HTTP connectivity to dashboard API
  • Permissions: Administrator rights recommended

Environment Preparation

# Check PowerShell version
$PSVersionTable.PSVersion

# Check execution policy
Get-ExecutionPolicy

# Set execution policy (if needed)
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Deployment Methods

Method 1: Single PC Deployment

Quick Start (Recommended)

# 1. Initial setup (run once)
00-RUN-ME-FIRST.bat

# 2. Execute data collection
Update-PC-CompleteAsset.bat

Manual PowerShell Execution

# Navigate to script directory
cd C:\Path\To\Scripts

# Unblock scripts (security)
Unblock-File .\*.ps1

# Execute main script
.\Update-PC-CompleteAsset.ps1

Silent Execution (Scheduled Tasks)

# For automated/scheduled execution
Update-PC-CompleteAsset-Silent.bat

Method 2: Multiple PC Deployment

Computer List Configuration

Edit computers.txt with target systems:

# Hostnames
H123EXAMPLE
G456MACHINE
SHOPFLOOR-PC-01

# IP Addresses  
192.168.1.100
192.168.1.101

# Fully Qualified Domain Names
machine01.manufacturing.local
cnc-cell-02.shop.local

Enhanced Batch Deployment

# Execute on multiple systems
Deploy-To-Multiple-PCs-Enhanced.bat

Features:

  • Parallel execution for faster deployment
  • Individual system success/failure tracking
  • Comprehensive logging and reporting
  • Network connectivity pre-checks

PsExec Remote Deployment

# Enterprise remote execution
Deploy-With-PsExec.bat

Requirements:

  • PsExec.exe in system PATH or script directory
  • Administrative credentials for target systems
  • SMB/RPC connectivity to target machines

Method 3: Enterprise Integration

Group Policy Deployment

  1. Copy Scripts: Place in network share accessible to all target computers
  2. Create GPO: New Group Policy Object for computer configuration
  3. Add Startup Script: Computer Configuration Policies Windows Settings Scripts Startup
  4. Configure Path: Point to network share location of Update-PC-CompleteAsset.bat
  5. Apply to OUs: Link GPO to appropriate Organizational Units

SCCM/ConfigMgr Integration

# Package creation parameters
Package Name: GE Manufacturing Asset Collection
Program Command Line: Update-PC-CompleteAsset-Silent.bat
Run Mode: Run with administrative rights
Assignment: Required, recurring daily

Tanium Integration

-- Tanium package deployment
SELECT * FROM Packages WHERE Name LIKE '%Asset Collection%'

-- Deploy to manufacturing systems
DEPLOY Package="GE Asset Collection" TO ComputerGroup="Manufacturing Floor"

Configuration Management

Dashboard URL Configuration

Method 1: Environment Variable

# Set user environment variable
[Environment]::SetEnvironmentVariable("ASSET_DASHBOARD_URL", "http://your-server/api.php", "User")

# Set system environment variable (requires admin)
[Environment]::SetEnvironmentVariable("ASSET_DASHBOARD_URL", "http://your-server/api.php", "Machine")

Method 2: Configuration File

Create dashboard-config.json:

{
    "DashboardURL": "http://your-server/dashboard-v2/api.php",
    "Description": "Production Dashboard API Endpoint",
    "LastUpdated": "2025-09-06"
}

Method 3: Command Line Parameter

.\Update-PC-CompleteAsset.ps1 -DashboardURL "http://your-server/api.php"

Advanced Configuration Options

Skip Warranty Lookups (Default)

.\Update-PC-CompleteAsset.ps1 -SkipWarranty

Test Connections Only

.\Update-PC-CompleteAsset.ps1 -TestConnections

Custom Proxy Server

.\Update-PC-CompleteAsset.ps1 -ProxyURL "http://your-proxy/vendor-api-proxy.php"

Scheduling and Automation

Windows Task Scheduler

Create Scheduled Task

<?xml version="1.0" encoding="UTF-16"?>
<Task xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2025-01-01T06:00:00</StartBoundary>
      <ScheduleByDay>
        <DaysInterval>1</DaysInterval>
      </ScheduleByDay>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
  </Settings>
  <Actions>
    <Exec>
      <Command>C:\Scripts\Update-PC-CompleteAsset-Silent.bat</Command>
      <WorkingDirectory>C:\Scripts</WorkingDirectory>
    </Exec>
  </Actions>
</Task>

PowerShell Scheduled Task Creation

$action = New-ScheduledTaskAction -Execute "C:\Scripts\Update-PC-CompleteAsset-Silent.bat" -WorkingDirectory "C:\Scripts"
$trigger = New-ScheduledTaskTrigger -Daily -At 6:00AM
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -MultipleInstances StopExisting

Register-ScheduledTask -TaskName "GE Asset Collection" -Action $action -Trigger $trigger -Principal $principal -Settings $settings

Startup Script Integration

REM Add to computer startup scripts
REM Computer Configuration  Policies  Windows Settings  Scripts  Startup

@echo off
timeout 60 >nul 2>&1
cd /d "\\server\share\AssetScripts"
call Update-PC-CompleteAsset-Silent.bat

Network Considerations

Firewall Configuration

# Required outbound ports
HTTP: TCP 80   (Dashboard API communication)
HTTPS: TCP 443 (Secure dashboard API communication)
DNS: UDP 53    (Name resolution)

# Windows Firewall rule creation
New-NetFirewallRule -DisplayName "Asset Collection HTTP" -Direction Outbound -Protocol TCP -LocalPort 80 -Action Allow
New-NetFirewallRule -DisplayName "Asset Collection HTTPS" -Direction Outbound -Protocol TCP -LocalPort 443 -Action Allow

Proxy Server Configuration

If corporate proxy required:

# System proxy configuration
netsh winhttp set proxy proxy.corporate.com:8080

# PowerShell proxy configuration  
$proxy = New-Object System.Net.WebProxy("http://proxy.corporate.com:8080")
[System.Net.WebRequest]::DefaultWebProxy = $proxy

Monitoring and Logging

Execution Logging

Scripts provide comprehensive console output with color-coded status:

  • 🟢 Green: Successful operations
  • 🟡 Yellow: Warnings and informational messages
  • 🔴 Red: Errors and failures
  • Gray: Detailed debugging information

Log File Creation

# Redirect output to log file
.\Update-PC-CompleteAsset.ps1 | Tee-Object -FilePath "C:\Logs\AssetCollection-$(Get-Date -Format 'yyyyMMdd-HHmmss').log"

Centralized Monitoring

Dashboard provides centralized view of:

  • Asset collection success/failure rates
  • Last update timestamps per system
  • Missing or outdated inventory data
  • Manufacturing configuration changes

Troubleshooting Deployment Issues

Common Issues and Solutions

PowerShell Execution Policy

# Error: Execution of scripts is disabled on this system
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

# Verify change
Get-ExecutionPolicy -List

Network Connectivity

# Test dashboard connectivity
Test-NetConnection -ComputerName "10.48.130.197" -Port 80

# Test name resolution
Resolve-DnsName "dashboard.manufacturing.local"

# Manual connection test
Update-PC-CompleteAsset.ps1 -TestConnections

Permission Issues

# Check current user permissions
whoami /priv

# Run as administrator
Right-click  "Run as administrator"

# Service account configuration
# Configure service account with:
# - Log on as a service right
# - Local administrator membership
# - Network access permissions

Registry Access Issues

# Check registry permissions
# HKLM:\SOFTWARE\GE Aircraft Engines (Read access required)
# HKLM:\SOFTWARE\WOW6432Node\GE Aircraft Engines (Read access required)

# Error: Access denied reading registry
# Solution: Run with administrator privileges or adjust registry permissions

Deployment Validation

Success Verification

# Check dashboard API for recent data
Invoke-RestMethod -Uri "http://dashboard/api.php?action=getDashboardData" -Method Get

# Verify database entries
# Check pc table for recent lastupdated timestamps
# Check pc_dnc_config table for manufacturing data

Performance Monitoring

# Measure execution time
Measure-Command { .\Update-PC-CompleteAsset.ps1 }

# Typical execution times:
# Standard PC: 15-30 seconds
# Shopfloor PC: 45-90 seconds
# Engineer PC: 20-40 seconds

Best Practices

Deployment Staging

  1. Pilot Group: Deploy to 5-10 test systems first
  2. Validation: Verify data collection and dashboard integration
  3. Gradual Rollout: Deploy to 25% of systems, monitor, then expand
  4. Full Deployment: Complete rollout after successful validation

Maintenance Windows

  • Manufacturing Systems: Deploy during scheduled maintenance windows
  • Engineering Systems: Deploy during off-hours or lunch breaks
  • Standard Systems: Deploy during normal business hours

Change Management

  • Documentation: Maintain deployment logs and configuration changes
  • Version Control: Track script versions and configuration updates
  • Rollback Planning: Prepare rollback procedures for problematic deployments

Security Considerations

  • Script Integrity: Use digital signatures for script validation
  • Network Security: Encrypt API communications where possible
  • Access Control: Limit script modification to authorized personnel
  • Credential Management: Never store credentials in scripts

Deployment guide designed for reliable, scalable, and secure rollout across enterprise manufacturing environments.

Reference in New Issue View Git Blame Copy Permalink